Analysis
-
max time kernel
132s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 06:56
Static task
static1
Behavioral task
behavioral1
Sample
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
-
Size
82KB
-
MD5
1119e8ce501dac1c72ebd88286f14500
-
SHA1
ce34fa76676bea35a5fb78faf0725b1373f86da7
-
SHA256
2862543b053023f0dcd3b75a7e61f30705d2da01826c67fef66b55cc3b68dd5b
-
SHA512
3b9fb21796d9ed3c6856ae81b4bbaad33384d8fb22a54fba5264ad176dd74aea87c4bdf00612d7f34199755594bf4d66cb24f8fb8fbc937da06e852e91ab9e53
-
SSDEEP
1536:YLQmripssRZ3RM4I12NOheqjbjJ6/ECkagvDarXJCQes//dZ+M+DQzrSY4wprNTN:YeHI12NsF3YE+gLar4Ns//d9+DQzGY4M
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe -
Loads dropped DLL 2 IoCs
pid Process 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe -
resource yara_rule behavioral1/files/0x000700000001211e-2.dat upx behavioral1/memory/2864-11-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral1/memory/2864-14-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral1/memory/2864-16-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral1/memory/2864-2208-0x0000000000400000-0x0000000000446000-memory.dmp upx -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 Adobe AIR Updater.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Adobe AIR Updater.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45144091-3389-11EF-AD38-76E827BE66E5} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{451467A1-3389-11EF-AD38-76E827BE66E5} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425546880" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2600 iexplore.exe 2660 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2660 iexplore.exe 2660 iexplore.exe 2600 iexplore.exe 2600 iexplore.exe 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 27 IoCs
description pid Process procid_target PID 1860 wrote to memory of 2864 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 28 PID 1860 wrote to memory of 2864 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 28 PID 1860 wrote to memory of 2864 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 28 PID 1860 wrote to memory of 2864 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 28 PID 2864 wrote to memory of 2600 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 29 PID 2864 wrote to memory of 2600 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 29 PID 2864 wrote to memory of 2600 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 29 PID 2864 wrote to memory of 2600 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 29 PID 2864 wrote to memory of 2660 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 30 PID 2864 wrote to memory of 2660 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 30 PID 2864 wrote to memory of 2660 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 30 PID 2864 wrote to memory of 2660 2864 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe 30 PID 2660 wrote to memory of 2732 2660 iexplore.exe 31 PID 2660 wrote to memory of 2732 2660 iexplore.exe 31 PID 2660 wrote to memory of 2732 2660 iexplore.exe 31 PID 2660 wrote to memory of 2732 2660 iexplore.exe 31 PID 2600 wrote to memory of 2728 2600 iexplore.exe 32 PID 2600 wrote to memory of 2728 2600 iexplore.exe 32 PID 2600 wrote to memory of 2728 2600 iexplore.exe 32 PID 2600 wrote to memory of 2728 2600 iexplore.exe 32 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33 PID 1860 wrote to memory of 1228 1860 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exeC:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2728
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2732
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -eula2⤵
- Checks processor information in registry
PID:1228
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5603c4d7ac690db6eada43f640782fa73
SHA1178af4aeabbbf260a5740c9937d09a6bd6c66a61
SHA2564072a0019f9733fab14295d2e1b3552494b9cc4edbc35aa5b8711c2d9e00aa2f
SHA512a108b4a7e29e4b398c61746500dec74f1aa614aa558eb13014c3416480b730995bc3d7e325f04160c23fa4996f9810d3a90568a3f894a3177158fc63450f01b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ce4b91d6dfd3a606fc0bb4960d5978c
SHA124d441080e0ea190b48908ff64b53487e7d9da35
SHA256e854b22f56a098d54b99c86afc94ae26a355b5e7f1115e6b4ee3479984862c6f
SHA512eef4e8530ce6080c00c6f99ad1dcb423e1c45c0c125621820fb7639389c79b298fc7879fbc1b21606c2973a7f2c8fcc734187bde2399647dc3cf2a27170fa36b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccb4dccf270921c5191075222e4881ef
SHA1f85f700dcba289aae05ceda1fc70c18467ba9401
SHA2562861caba50eddcdd2b99c2cc76ada7a211a09b893ff47ae094eb62066f2ec433
SHA512eba6d827da69a50c7a4fc40bb7804ff0609c81f075fee346bc277d80a070ba0565604c27094987986521444cd58378814365428e7b375120a68f59b8e1e792f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5974a3d98b833956282fb32e31a51fb3a
SHA1bb1c3002531fa84584408c362c39fec248e315bf
SHA256592344d9bff18c4078d8af40075ac95bcbbbb62d8ee5663195f162a8f9dae90c
SHA512abc90b53cef52124f79561483afff08799246952ed41200d306a674afc2c94779cc823f5681475101212673941ac985da92142a90a2c81b0b6388cd10c021d68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d5ecff538c2df4a13c40b75acf4121c
SHA19bde300a1c4540f44142b2d10203ec2f0d677aad
SHA25636c4b1a5d9531c8bdda106c32d000b30342604fdd85081eb376483d7f441d241
SHA512f5314ee0c5de814bd029130968ff1a4c155f151717276397d84dc41a98aa43645a817e06a07d0a288bfd46d17640a03c2f0df4cf1438ca8d970280f300a927bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fa327fb53b161d2afcc49bf72ee6d68
SHA10310d7d0d528fb7167a7a4811fe8f0b387e5b3db
SHA256a3fb9a823dcba903965727a30bca375e8756855a0ec5deed9bca59372dc77ebe
SHA51229bd08714a72244d9d6d3a36859cf6b1dc90dd24f7d08f57f4a89155e56f3cb4bd997b6eb5405889039563bfd91ecdb4db2e0c7dec8ac288f137a2eccc0917b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4a8fb6238f75338a089d72d7acde3aa
SHA1b7a083633adeb880aa7fb6eec791a22ea9b39a4a
SHA256315c12948a2e3c8575fa71d017328367971b751c22fd151a16aebb139ae8d6f6
SHA512c21f960cf021419d766474dea9ca1afb053519413cbd91e689b47c1c2aff64f92dfe542dc46ee10325a98c86c5654d65a15e3cbea9ecd43e70161363fb58874f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a003761fcb66a775921a68bba3dfb458
SHA10b7bc7407ba7780fdfaba09b3e84d8ace0ee1e9c
SHA256dff2c636e1876be4a2062f83d1122aa7b6f3c16758cde5bf43a4d77d59b8088e
SHA512c48b4df2d443f7bf39a164ab9c8e10fc72079d88f1cd930ae9446436ab440c6080922e876288800ec913f50ed062a3a54d6286c3bea2e24df5c08db8a65e5671
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a44c5553fc9d175555829cf6900ecea9
SHA1588ffae5dc52ea10838f31cb2fcfe1c115edc32b
SHA2569964c5d514730c171406c31059d590bdb8bc29ea4c26e6e6cc3b8063c0c9c016
SHA512d64f3050b24025d57b7e2a6a24ea52efa68df28760add613e7431d534061fa92009c55718a24dcad3fe3122b4e9cd332089754e7ae31a1db2a100d70ffac171d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe06a827095ea87e2da904be7344531f
SHA17ca61e162e20021b0652f07bec94de13a6459416
SHA2567dac0d4c376aa99d5e2d83f075ae5531150a000ef78d6da063ab1a734997297c
SHA512e27e924374f594474cca3c18c20b028be89e946c346e50707b10a683a4b472c9a1944fbb5c9ff93e0a81a60f187c2a5c15bdb138555757f38c6ec6c21a2d0ab3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50834959b5c818e77eeeb4273ebe9726c
SHA1bb5179ce6865c084b3f6406a30a41086b3280cd3
SHA256c8a4c4b303de2ecd9b05468aca828d99592e5a76b7665daef3b47aa71b489278
SHA512a2e56ec5bb4dd0b48e45bfd4ddbd345af5d42aeec8b9e1c77bb9ecbd9e879800e9b26bda283cffb78da04b7c14bca31e27fc7c856b906f6d4c3336b1eca34bcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b3986a763a5d66b84626c4560614408
SHA13547ab8dfba4c32f72151253de252e5b6698c4e5
SHA2568ca2107cb661ca47914cfc713eca67cfe1ee26be5584a92e52f2f608986adaac
SHA5122bea695dac3290c21119c591fa79f46676d227855b5cebb8ca2a0f1beaee0701c28495664bf4d9aa2526248c2c4fa65a47847a434f44f8480fc1f09c1dffd778
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c012204cfe2ca8f4499dee39b9ccc70f
SHA13f17dbb9d0f5c532472c6ebf098533515070c682
SHA256dae634ba024b708e8b1cb679883ea18155aca6048e91a8b2207b26bdaa7bb2ad
SHA512d63675e27d39f78883824aa34a58019fbcca99c0f10f4072401c70cc1e53d6ede08aa46400778ce8064092e88ed0d1399d848cf78a1c1018cf93a462fded1720
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a52eef7196fdb7b55f211cb56577c303
SHA153922e0e082d09465217fe1c4606523587fa046a
SHA2565e8cc52e8785895cba1c29d87471e34a57d35768faece413b8a1da4a00da0c6b
SHA512b8fc00cc211247256731db8c272ab6b60e110b6b966b3d362cce148e8be14152c9e480d2c26177ed05dc0eebe5b0ee93e782af652ef50a6bafe4386daed74b35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de431aca913e804a68e77e0f62e3a36b
SHA103ab95239641bc56233b854a393aa0017a35767a
SHA256e3f9d2139b9fa40c3c419fc3292ba6080226b41db69d32a48c8168df0b86a47a
SHA5128dc45a872d8342ecada01fb3f3669d9065a1d841c8bf98499c4e7424d0fecea7d25e6689b0ba54f8d0bd348f735f106b3777b21e306bfd833da9245f278cb15e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5592aca85520e145bbf1b9aed7d1adc7b
SHA1a6ae121e658ee36daf34d41c65538cd01c2054d0
SHA2566ce0a03384ea18e4ea574ea9416604e92db37788f6633fb32c59428815461571
SHA512d1cead30db8eb6c2e5daeb76a7364d320e3206e6c31d891de91c46da4ebf09cc7d7efe966afe5ed795ddd5c49f436d2f6753abf3139dfd9c63dd24cc98ba85ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7b0267cb5bea7d865915c644051684a
SHA148e8418d4f58ff16256c7fdd68102d733ad9ee26
SHA2565dafc85cd0ebf14178a071beacb3337f4b8bb0b174af46f0b925d988bfd17375
SHA512b7df6fd2c5d533e39a9563fa5b963fa88534cb38faecd36c82eebf5b63249fea0bb0f2c566e1d85e5f7c69b10fdae3dd9217d28191d4791bd5a0a8ef351643dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b68e125c391d119043658ea287659fdd
SHA1c0afafc76be9c96b9a35501575df2a866d3413b1
SHA256aa10cee05902107dedb2647bb855699a0c034554099479a566ad2e989118db9a
SHA51213e927634e291e4f27702b48a8c5276fdbb7d6a935777c469e1f59d0f307be756643dbc16e11f2f596a827781b411b18b06cdcbbb48205ed33d38e6ac5c6158b
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45144091-3389-11EF-AD38-76E827BE66E5}.dat
Filesize3KB
MD51f0a47c8e8f711cceee3b044ad6bb8ee
SHA1490a28feb39c6b1dd58f7f1ba6a90196858a852d
SHA25692a06ec629ec3a61857aeb1eb898a70683bc1a2b6f60dd219d475c5e11fe7218
SHA512b23b58b948bb52296c66d629d966ca1a2d03cad617b1bf61074aec64174cd250835e5fccad070da6f8cc10870ffcb6266fd6c625ea67f39641109924cd64404b
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{451467A1-3389-11EF-AD38-76E827BE66E5}.dat
Filesize5KB
MD528a1ddb5cae103d36fdd815027c2589d
SHA18fecf62c8f16c9bf28e9bd9b84ec5870163b13ce
SHA2568b41db34e568358473aa4ca3f19415e4cb40e6b3458d0c96734c5c2223105e18
SHA5129cd6a194b19d0ddba49bb5da08e74458cd8e0a6090ae32bbd6c0c02ecd1372393908323621676a70f1d02c06723e4bfd3bc25eef846e01cae0e9c8257e075f6d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
73KB
MD523842802587d1c2570eec734a06cc188
SHA1aecd57ced1f79fa0dcc93076b3254216d08b907f
SHA256aa94699c1420a0a2c0d07a936fe2acc26cdbb410f7bc47552110504e91b4a8d8
SHA51280ebdf18eff5b25e4ce2dccb44d5b55a9e377b5b339da3a253679d0a4eb0e6fb57595aabb979014aa4e3d59f8622d4660df763d79d8a813365eff0538c05b1c7