Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 22:08
Behavioral task
behavioral1
Sample
0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
-
Size
383KB
-
MD5
0fb4668739fff9075a4f596c307333d6
-
SHA1
45f81510b22b96fc06231d152743bd7fbe2ccb7d
-
SHA256
111a140240efe493aa5370b8587735b7b3ae9ecd6bd79adf372464ff8036bb96
-
SHA512
a74f233f9b8d6686efd1ce46973798d67d0bd48e1e356923e1a06b490229297918e893125fe3bd92e07249b9a0a17298dab92879028619b7c069842e551bf9b4
-
SSDEEP
3072:/k59fo2r2f0oJDib8iLws7ngPZwGj9Tf8sGrc4:/k7o2r2fj2P8sbgWGj9on
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1180-0-0x0000000000400000-0x0000000000462000-memory.dmp upx behavioral1/memory/1180-2-0x0000000000400000-0x0000000000462000-memory.dmp upx behavioral1/memory/1180-5-0x0000000000400000-0x0000000000462000-memory.dmp upx behavioral1/memory/1180-6-0x0000000000400000-0x0000000000462000-memory.dmp upx behavioral1/memory/1180-9-0x0000000000400000-0x0000000000462000-memory.dmp upx -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{808B6531-333F-11EF-A01D-D62A3499FE36} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425515198" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{808A53C1-333F-11EF-A01D-D62A3499FE36} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2428 iexplore.exe 2920 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2920 iexplore.exe 2920 iexplore.exe 2428 iexplore.exe 2428 iexplore.exe 2936 IEXPLORE.EXE 2936 IEXPLORE.EXE 2736 IEXPLORE.EXE 2736 IEXPLORE.EXE 2736 IEXPLORE.EXE 2736 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 1180 wrote to memory of 2428 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 28 PID 1180 wrote to memory of 2428 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 28 PID 1180 wrote to memory of 2428 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 28 PID 1180 wrote to memory of 2428 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 28 PID 1180 wrote to memory of 2920 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 29 PID 1180 wrote to memory of 2920 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 29 PID 1180 wrote to memory of 2920 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 29 PID 1180 wrote to memory of 2920 1180 0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe 29 PID 2920 wrote to memory of 2736 2920 iexplore.exe 30 PID 2920 wrote to memory of 2736 2920 iexplore.exe 30 PID 2920 wrote to memory of 2736 2920 iexplore.exe 30 PID 2920 wrote to memory of 2736 2920 iexplore.exe 30 PID 2428 wrote to memory of 2936 2428 iexplore.exe 31 PID 2428 wrote to memory of 2936 2428 iexplore.exe 31 PID 2428 wrote to memory of 2936 2428 iexplore.exe 31 PID 2428 wrote to memory of 2936 2428 iexplore.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2936
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2736
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c6e5e872c5eebf0430d853d9da0cf91
SHA14332344548250fbb75501139e4ef98be5186fb87
SHA256ae7eee7c87906ca5768e4d50cb509aee07525702f824871f2694622fad48ab57
SHA51248c90e11114e0f1fe4e87f119995230c975562b6afa67d82a5f960823e9e6ca4f95cd8753a56221347736661b069c265d1a4ef14061f62311ff236a2cfa8cafb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579b2d4b524003628bcce3a3740563945
SHA1e03f19b5f74e36b082848ce8dd4f6cadefaee432
SHA2565ff8bb727a2d1bd8b8e186ac8c5acad1e7885ff53f0223c254e5205aa4f6d63c
SHA51202e9bc23f5dbdc31f7475553f5adce2064a6f8bceb4f0ac687137fdbaf40a596013c5bf5e7361b2f2f49da3e1a03ef3a43bd59ed920b359d6da5b78dc7f21f22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f315dfb8c7a2f96e79d255331154dda
SHA16861e01c839ea9d1b4eb0f5943c81e6876e4c4f1
SHA256b58877a6a52239d7b01f9839d097c64374209267e116a38a2fc527138d6f5837
SHA5122f37367cf099ef4df53461aeec234de2feadf0065bdf14e353e227869d12fb0240ea095cd35901bc7d89fdeaad0e6e49f417b328f0b487d971215a8ee3b45424
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a3a0473acd419212af47067362d07ae
SHA1ee325e475fdcd5fcaa40940f46d04b52c8bb8e1d
SHA256a0f65cbe9041591607963f36e2760dad615ed1b860a79e8c600bad069e41add3
SHA512cb775e6f65a45f2c86d2550bff273c20550809c1df6586c09d25b871ed87869b7a3ee68603024990793b7a2981b68f235b38bf308fb3d1ba64bf59d18e2ff9a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d710813329cc1a895dd731697e1bff8
SHA14603bab0b0edd97c15f443dab72fa988744e388a
SHA256182b2061a8a38f256f31c1cc3ab4ab12f868effa79bca698c9f8dd827ec74611
SHA512b50f7f6e700ece2edff22fe8a6f93b44c7e2b267387e9b21c364075508ab146160057bd9c631e48bd3be795c1cc07585027dd70743722c4c86ad8c0388d961ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522facd947af35f7fffbd3b3998388143
SHA118a7f47a5eb0a0963758a67c7b234ef29e0a9abb
SHA256e17aca93a092640f5d61b63e39c50aae6b93fe317049fb66bb81761c9b641246
SHA512afb96d591862639037c4c5222ec05e3c598546b8fb0829a7f64286e4a3996504b545859289f5e2bd94b99c802039bbe36633b1ad515dd38241e1a0ea388522ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56eea9a8ca435cfe0447ed78e32b83a49
SHA1f72cfe415f7867da0cbd5162fcb292ba774842c2
SHA256d2b46fe48cc75fced44e5d621d833a502ad99d5d27a13905190002dd304a9dd0
SHA5128f6928622793a951732d13b491c436dddac7b5d72291d3af1aed2db63a0e995180d3427a1761aea2f60e89bc1fc028aa6d1ab93975d1c922079c8cf32db4aa3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3636f10653e7e1a5cc83ab38ea9310a
SHA11244016f060cf1cf01da79f89363a13070fad2a3
SHA256078a15cd890198768e8cadc698cae2e6d9053253c26f38d86fd4c295d567c082
SHA512d9c8e4138c0bf55d940c8a9390ecdcdc9957841ca8c5d168d504fd3f4d136fa445e655a251c609182eedd17b73509fe9ddbda1ee051ce71e76cbfc5ead1f83fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5515acc1dc0ac247a50848ed4001cde08
SHA1ffac0c8a0b031c0228ff426b0d03976f10ad0ef6
SHA256243dd8faeb5f71aa5664957a6eafdb2494b5c9b152293eb192b693723fd012cb
SHA512910359da2a24ce32838ba726eaf5378c9a53458a28208d77e773c085368e7bbe8e6dd372ebfac001604120f2eaba46089a68499f6b3a8b9e75fd8c520e212d52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5170fbd0aa12dfa7de981a9ebda2734
SHA1806f9e77991e7657f7e9dff48d5515c37b73dcb1
SHA256056938a319fb10157eef36cd835d8b910a1a62ecd09b8794c25e25ea35602d26
SHA512820598efb750c5bc0d4cb4d43d1e586677c3696a6de38f9a3ab176682fd94fd50d579fa2cb60a13713f68611d6919159269d4cdd2c3698f0084897ce91442bb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf1df69535f120d2e63036a76f664f4d
SHA1b45de42dae4f8f48deabd70866a6ac5ad4358c7d
SHA256333164b94922f24d05e8aaa3b17587a96e3bd8de2940c29233be76bc7dd7b15a
SHA5128e8eca13fe45b5d250d9a9cbac8336a963b6d29aeab6129fc3bbb57fab48e9ca6931e3bbf171b26d60a16ad55dbf1ba7015fe3dfcf56f60c5b33e13cf88b7939
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520dab6f8713a7ff5e4ea5f36904ad3a0
SHA1175f87fa540f295b62357a5271694c10cc0dbabb
SHA256412d70340719edb6e4d3bcbb773f3ba107b6bd120d04c4c186b956088d0cd230
SHA512e03ca5945ae7510611ac0a6b9460f6d620bb0a92a043deac0407e21a339aacc1e066b9c826462c795c32c6212fcaf4ab626e90a12f47688c7aa485550187c7f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd9db985759d6602940e1b778b9345d4
SHA155b3b912c218cb22343b9d41960ab4ad73ffbbeb
SHA25666ae8af5c83c18b279aa455abdad0ccd3a6f8a91ab9d2f38cd871f8ecc7948f6
SHA5121018dce8442ae2928aac2e08722b82a3186557d3f611740ae1181f9f4b4c25ad160b563ee0a0b8a07a3d9003e83ab04f829121c5eaed0e7a10c902e02f784703
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc9a6628e62838b57464de1f66a9cbf8
SHA189d7fefc2246f2aa7922a5190a594b052b72f802
SHA2560383664a34c80a5822a8a56477f64897adbb1dd9c2d03da66395b8467280550e
SHA5127e5f6cc1cfb08b612b184bc4725b2e34c8fe9a1421b9d30393911b265e5318028a5077972cbd1037ecbb8aafe771e0708559dabc1fe3dc2701843c2a3434c7eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53db2a15ba29a0d07032d6404977df89d
SHA1cd305bcc134ca051f2703b8780ce39b10a8b822d
SHA256f0858f9a6c2e7a543c33b3686122409656590e3e71f7a9738b4baf8c22dd6735
SHA512a9c909cc97d641ca64f74769bea53e3745ce2144555ad16a9d099ba60f02cf3d0dc3ec1e628f3451afe6c18e8dcb6547b00681353a23c3055b270cb76c0973f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f022fdcd61dd748fa86d3f81760ae8e4
SHA1562a8ef5be5aac40ce1264fd869c2a83c794e531
SHA2568ca3e7b4b6e5161d1c9fdbf06bcb55dea8011c31da580074e506e3eca4f331bf
SHA5126b6c4f7542741b3ffd6ab2baf1090b1983a66ade53e754b499b8b34e6ff203aa06d616435baeea8ce3126c22a5e71dbe504eafd42a194d051fc19cbc169bcda4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594e817f1140b7c8ac28aeadeb8a04f87
SHA101b15791eee13406414cc2675dbcb9e662261c7c
SHA2563540f3ac62a61ec46183572beff256eeeed7df1b823306953a9995cf63eca5dd
SHA5125c40618823b11c18ffca49fb644c60f01c0be111699c65d844916f85e7168641dc17204877f93ab93d455622a9c708613f81a5f5d20fdf7a2875661b1129ba86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1dbb05f2aef7fe89255edfac08c8e87
SHA1e2eb255c54854dd1e96617c02c9b1cd721a2f7aa
SHA256ae29b1c36e15b6bfeb2b7fe83836850d191fc0d948e0c1e0e26e88a1e136d0aa
SHA512705e09e30772b524759fe0fb229d75733f7f919a9577360c22420cd3288cf98ce8c9c417ea2d72918c06d12fa1327be1924b11e92e95d3fca260bcdcb2efac5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de0b549105ef0289f811bdd5ad001630
SHA1dc4ba559dfbbe2e1a3f83872a6bc47628661645b
SHA256deeef6e8f3bd5b064fd75fe0dd0853027adb8615d777ea1c68a5159adbcae44c
SHA512383adc6b0daa02ede88c30833e17d40dacb8e9733e49e7f9b6d2aa17cc496659b88262a96dfb17b700e3c2303f6477904d454d040a6161b1b8dabae6a57bbd34
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808A53C1-333F-11EF-A01D-D62A3499FE36}.dat
Filesize5KB
MD53795911bb104310171f7d354233d4507
SHA17b900e045e45ec64bab9d97fead681b591bd174e
SHA25628e5cb8e4621ae4581821ae49e61017f50748c3db0b955e3aeefa89981b53fb5
SHA5127d04811babd50b7b224f4325a8b0bbb7dad5546ceb5f64bb6260af045f36f455921c539d55e54489a34bfab56554973ca924e1f1794c255373fe7bcc56eb58b9
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808B6531-333F-11EF-A01D-D62A3499FE36}.dat
Filesize3KB
MD52304140dcedea9a67cc0870c745cd569
SHA19961f1cacdfe8184572d7df2db5143172f493ec2
SHA25621da432199c43b71f4de62bc6546bbc553b596f322755060ee7c560e6140ce86
SHA5125317b7a8ab21d064190815f0cc479095ba74a434b3103a13198c4c789804c9dc671d2b7b3f3d7a17ea12c68c7ebf408cb47d374f9e6cfc8435ea80263875f744
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b