Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 00:49
Static task
static1
Behavioral task
behavioral1
Sample
102608b8523ba1b517f92ba97fcae12e_JaffaCakes118.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
102608b8523ba1b517f92ba97fcae12e_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
102608b8523ba1b517f92ba97fcae12e_JaffaCakes118.dll
-
Size
576KB
-
MD5
102608b8523ba1b517f92ba97fcae12e
-
SHA1
4283e402fb0bc7e02a5152d2a3e1893f0a8cad26
-
SHA256
2ebeeba37fa2b5d420fa2227cd932f511da532cc52ca54647612beb9bb79bf14
-
SHA512
8e93f1a23c0367f4b2f0b2c48794fa58be95d4594ffecce311573d320c98a81994fc2d7e4afdcafa197e1556275f6df59fea49a7716df15f8b8925738d010832
-
SSDEEP
6144:7ZLT3A5Dp0HvFIc5vBlcQGSgS62iiiiiSySYSGS+8c8c8AAANA/AA0fMGrgPhcl5:7ZL7A5l0711g8onrOcWAqVvgkclx
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2824 rundll32mgr.exe -
Loads dropped DLL 2 IoCs
pid Process 280 rundll32.exe 280 rundll32.exe -
resource yara_rule behavioral1/files/0x000b000000012301-2.dat upx behavioral1/memory/2824-12-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/2824-14-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/2824-16-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/2824-18-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/2824-21-0x0000000000400000-0x0000000000473000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2344 280 WerFault.exe 28 -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE56D701-3355-11EF-B082-427DDB91FD53} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE56AFF1-3355-11EF-B082-427DDB91FD53} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425524831" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe 2824 rundll32mgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2824 rundll32mgr.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2716 iexplore.exe 2368 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2716 iexplore.exe 2716 iexplore.exe 2368 iexplore.exe 2368 iexplore.exe 2820 IEXPLORE.EXE 2820 IEXPLORE.EXE 1288 IEXPLORE.EXE 1288 IEXPLORE.EXE 1288 IEXPLORE.EXE 1288 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 31 IoCs
description pid Process procid_target PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 2288 wrote to memory of 280 2288 rundll32.exe 28 PID 280 wrote to memory of 2824 280 rundll32.exe 29 PID 280 wrote to memory of 2824 280 rundll32.exe 29 PID 280 wrote to memory of 2824 280 rundll32.exe 29 PID 280 wrote to memory of 2824 280 rundll32.exe 29 PID 280 wrote to memory of 2344 280 rundll32.exe 30 PID 280 wrote to memory of 2344 280 rundll32.exe 30 PID 280 wrote to memory of 2344 280 rundll32.exe 30 PID 280 wrote to memory of 2344 280 rundll32.exe 30 PID 2824 wrote to memory of 2368 2824 rundll32mgr.exe 31 PID 2824 wrote to memory of 2368 2824 rundll32mgr.exe 31 PID 2824 wrote to memory of 2368 2824 rundll32mgr.exe 31 PID 2824 wrote to memory of 2368 2824 rundll32mgr.exe 31 PID 2824 wrote to memory of 2716 2824 rundll32mgr.exe 32 PID 2824 wrote to memory of 2716 2824 rundll32mgr.exe 32 PID 2824 wrote to memory of 2716 2824 rundll32mgr.exe 32 PID 2824 wrote to memory of 2716 2824 rundll32mgr.exe 32 PID 2716 wrote to memory of 2820 2716 iexplore.exe 33 PID 2716 wrote to memory of 2820 2716 iexplore.exe 33 PID 2716 wrote to memory of 2820 2716 iexplore.exe 33 PID 2716 wrote to memory of 2820 2716 iexplore.exe 33 PID 2368 wrote to memory of 1288 2368 iexplore.exe 34 PID 2368 wrote to memory of 1288 2368 iexplore.exe 34 PID 2368 wrote to memory of 1288 2368 iexplore.exe 34 PID 2368 wrote to memory of 1288 2368 iexplore.exe 34
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\102608b8523ba1b517f92ba97fcae12e_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\102608b8523ba1b517f92ba97fcae12e_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:280 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1288
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2820
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 2283⤵
- Program crash
PID:2344
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f62c1549ea2047416705d27d8ee37fc2
SHA14aaf9d3445248f40d734a4076e6fa5ab6fb64e1f
SHA25696475fea751540abad1385b4c5e1e05750c41d7909786a4a1d20f125045d7d8e
SHA51219621fd6e552e7ac90807556c32b91d54da0a35cb16f2db332852184f044d2cf8097821274a235a6761296a7ab9c8d1b4844a5f5665732b0c44ca075151b583e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522b2d28ddaaa8fd56ec927c80c8dccf7
SHA1bfb1f6b954d2a34f8b30b9c150ba3a2edb8bda33
SHA2568bb1e22c3ce1f31a357597d20fbd3832cead0cef26574702e4a1d59ec3659696
SHA512aeeff77cf0e1ee072f6c5bbc8b2e588a8ea469a950e6e6b55e696c114e9ab55fd923a178bf65b857462df0de837cc9eea6dc2bb1b654709ec1bebd7995ae6c77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8bfb3c22453e5d6a518408edfee477a
SHA1ca83ec23a68f2e47ef790886184b602e1c396134
SHA256f2fc273b9c03ca7a7c7d1529b4e04ac981d05d1a8b3ef87720574dca07568483
SHA5128a513f9220842b466fdc578c85c48d493c64b45a6b286a97edf50fa224fb7bb6e59d23259f7ef3a9ce5d205158d172ac852477bbdeb610f96ece1e17ada25bfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0fef639a677d86808d4f017eacdee8d
SHA183ca8a401caae241ea48a265fada04e850e0cef9
SHA2568501cb7b0fac4509671aeafd271aac57817f924c928b0bb44c5c91b81ef79a23
SHA51234394207c98ffa5defd699e82421e809c82fe5aeb05a3fe26c79ea5783c29124f942fdcd719ee521d2537a11e6f508db2160cd8cd75c5c1d2b0c474a2aa6b692
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599062d58b764e6f88fe8407bb7bb3032
SHA192e52f781d50300c36fbb622c0969eaa6581ac9d
SHA2568333d613bb322c5bc811edcfa4f40bbc5de10eec72c308828475dd10f779975c
SHA5126a25157d514d54db5273e8213d2aa7db31c448cc57b667a9ed051f5999c88ea0a5a1944c334db200c6e4eba9c5af8ec1624468d306d2b28ed459b1f165c65841
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570df0c44db27bdae27008add607a1ed7
SHA1cbcd41dd2c4e33aa89c0a6d331cbec0e0c587e6c
SHA25601033cbd8b343d86ae9169bc6d2f0ca7d6b5c366b7f4bf04ea5362f13b6438ce
SHA51296954d43d913dd026f3f6c1481ad0c6ba9b5bbf034ef607f9c61a8b101944ed7f382ce5d23e2a48f09a2c59e2dc5500bfe2f20aab3429134efc5fb3a4b138ea1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d66926afb89fce4733a5bf4c7c02ee7e
SHA12b0888e06a41d999a580f9f4c5975d8247ff0ced
SHA256d8e37720778fe9994bfe8796d9ad0ac6292b7584eeae2c06c93475d5ee5c272c
SHA5129bef90828a4e977a38fdfda851cba44064d3681da67575a5868561c639d89e7a067cfe68ba1bfa5c04e75b448e92695a1d85d3ed8e65869fbc6cc46c28b61a79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5becc0cec6c0f702551cc8e50dbe01b0d
SHA17109f8b03b44de16338071d8b4ba7dcaea553a4c
SHA25617cbc058485da041feceb8982ef9b38b31c6913f74c42a566beb9aab8fd82b71
SHA5128d2239b48788cf1eb2d7367fb451a10c1abab054aa27f1c17b297b276277979f05c088395009f97a626443bdc88c5988a97ac02b0dff87659e14a4f2e2e749b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aee7303ec421d2886600ec52d728f849
SHA16ca4ef58d59eb3e6ad4c67366e05e3a0f5b85cc1
SHA256c729ad515ef46691c175d61c83de22e6d667f1f2656a9452024f144d29d59f64
SHA5129b52d7adbe8aeb833a7d3f174a9a660c8453fd75e7c863143007ee50622d63a60916f3eafc564003c12d1ee9b8309a7617fc5e1ca8eca9e88475c1f50f893a14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f142835e68855f2e91541f66666e0ec
SHA1fd80fbe4c5be8f7a4ab0c8df905f798941092545
SHA2565a700722dccf4fa2bf09d89b58dcbf6a437a06d7f8d30f2a00ee7d35ab3e8746
SHA512d96c30aefe9deb05827ad81c30c32516c55c87a58724645dffe5a950e71698c2f7cfacb3c7d5498a5758ecda55be59c15cb1dc7f3ef708f643682ab8153fb621
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5115fed75ef3aa4ae5900a727b6cc5a71
SHA1bda7a3fda56934fbbb5384f23c912fab2dbc4995
SHA256e535b85ee78d6105cbe3792559d34863dd65374a0d0694043c225874ad8960e5
SHA512a43a65287059126915b2af35e432913013eb82856dfe6e609b9ce08a372d7f55fd98c6cbcb1a95c34c5d949f8e1c6850ed0229805b46214989bc016afecd1edd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5562d00ac4e4b48dad5111e5dc68b391b
SHA156c4da6046e24cd8981f472644443cf65e7e0736
SHA2564f444545ffeed0b1b362dea6b98d71fa3ed7f7217c21f1dc4c23e3f30403d88f
SHA512a0da8dd3b9e3587b007c1c0bc3dd701cbff9ab91e146b1c4ceb36b20edfb9a7d8e001e7529c9c78c5fa22da754bcaac5902510e6b50a4dda2beb5331292676f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595ffd4fdb2a681c2d61c4c46d5611c2b
SHA1399b6ca7524d640b4f5400a1ccc1f2fca4c83946
SHA25617471d29fc06e1ef383cc3f606e4a53644708ed4956ea2b9c392bfd58ad53d1f
SHA512114d5d939540b0b3db43067fbc7eef55cba3484879c0b1fbd6c9926be05e160ea9104002b6b890a765137e6dee978a84b3aca687ec7327a11346922af2565de6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534e2e9b06028113bb50e06500d9cacbe
SHA120faea4709e00dbc570a6356a6b71dca61961aa8
SHA256787c4ebee526522cfb569d1767d7afe4356273febe949850b68b0fa12bbf1aaa
SHA51229d9b75dd3bcb25d6c710e826a66ffb75824e1a9a0da8f61d8fa2324d5f4fab2368db693d4cd5e09e821a741ea979be25561098b494b44f188c0313e42ab4ff3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c59b9bc1367f4c88c1c71eebd146e417
SHA1a9038e611a00f268d63325619b8baaeb19c44b8c
SHA2563ece3a97648b9b7d4e898f2e5c242a884ef3bd5ebfd5141471415d60a9705787
SHA512209f0d74616740e523117690f558896645537f9535f144e3ec4b31239afe2b2dd4f2b53dfa589b6d65663f32b69da937994b7381868049c847ec1a77a07b699e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa09991e5ba0fc32b21073b420875109
SHA16b610b715b7f0ab2a3024731bc68e8bd26601c82
SHA256d4b0caf869d7479565a56d633f600654cfcc5d040f610f35ac6ea8c076c121c9
SHA5127da1d34e1d9864073e599a69301b949f00401b0295c87d4b14c785e33f256907125794404b8508c9201495860f9a5347f50bc754bbe3ef9faeab493d9ba6f290
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c0982ad899c045e9314f05d48bac72f
SHA10ce210ff11349bce303a5dd7548b217191fd7ffe
SHA25613582c5883ec1c8fc9bd9d123d5e1f12aa02ccc1a938908aef446a7841db2467
SHA51213446dc39bbe4262423934f30d474192eb49f17fcfa2b9bd34567e69086bcd0b534dd4c188899093ad4ee4300492d3459d6e97aa5ce8b7fb7e6903c70b8e941d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bfb3a087446ce4fefd972cc61e785510
SHA15ce995eb400532d581be5da2fe3653e735cd557a
SHA2566cb0c81718bfb33ca799cf5189275265c298fbada63ac0ea6afb4ea44fd6fe6a
SHA51253bd5663f92ac112db1f96b9d93f091b923d5fd4d52b24ef79e991261ad91c63a66cee558434132fd48d7abf43d391ee0dfe502cf29729a6ee23879012886ced
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c607c4a1974966c82b8f22082c98ec8f
SHA19a81e815062ff0a323ac49b25e9eaf70309bfd9d
SHA256cffe8b55027dbee13a6a9a14d97420e02cff8484897c3c0a17ce232bab61ca64
SHA5121ea8c75bbbad6f02bdf863fd1f7f8857d4d25538c5ccaaba4ce0020386d8912a400d45af05464d118b3c1a519fbf1aaccdce8af323e0cc0b06c02ffc8b308463
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE56AFF1-3355-11EF-B082-427DDB91FD53}.dat
Filesize4KB
MD5ce70289135885317699db3177546bcc9
SHA1f12e960c677241005c68461a5eb51c731856dabd
SHA256118dcce6a425ac4f0c56b18500e08b92ca2e36a84eb032c18c69133420f6b0d0
SHA512359ce19af298170763471e69584e1960974de0ac7fefe3a53bfd8a612ba85243622c41bc1894c5ac91cfe0cef6895fe749d5fefd7619333bd2ec2b4f2a1285ed
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE56D701-3355-11EF-B082-427DDB91FD53}.dat
Filesize5KB
MD52f16ded811b6f3c57240634be26f34c5
SHA1869bc8b869f47a7cb174a2506653d86269f7a48b
SHA256af00b361e31c80c613bf1d8c1f22059449d86fdb6a3e20addd53e2d4eb5ebfc0
SHA5120e73bf22cfb057986b59e0790fcae3ed802f3b4eb8763b6c8cb0358df9076eaa144d9d074dea92c0366bc710d378ddabf55fa208a6684d6bd9faa380554ca8eb
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
105KB
MD548327ee6dec8ae239eff2ffb30403028
SHA145e4e5014944e1229c49f9e7ad4d0925d93a55bb
SHA256aa3d7c9d4576ca5b9848306ec5f1e3331d1227c9d1e20d2ea80ba611084bad6a
SHA5121c20199e6726237c47f9bd958e9a135778280a8c0e0a86f8bed05f98d199e1502bb54605b036c6a2a54fbc5c48407afaab1e08730e84f1a18d56f5ad3cb89316