41dc4f96a937570e19eeacff9f8e055f28e982f56ccf1776c8eb3c7e22168e6c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe
Size

72KB
MD5

b489f5983334ecc2668a141b475c9edf
SHA1

20e2256091b4645a64acfe803762dbfc74ee87b8
SHA256

41dc4f96a937570e19eeacff9f8e055f28e982f56ccf1776c8eb3c7e22168e6c
SHA512

78d1fd32382c33100970ad46fecc7a40ac0c4100caf847d79ad2bb054f3ac83f021357fef82855ea5a0c0954b56fa9de21134d4d0e188ed9882536a1a3f2cf8f
SSDEEP

1536:EBejSRIZGra0WvKS3MKJ3j5kLaT5+AUvI:1GIEhSKUZ3VHd+NI

Score

9^/10

credential_access discovery persistence stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\windows\\ipcfg.exe -LM"	reg.exe

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File created	C:\1\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xcopy.exe
File created	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Music\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	xcopy.exe
File created	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	xcopy.exe
File opened for modification	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	xcopy.exe
File created	C:\1\Public\Videos\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M720ATCO\desktop.ini	xcopy.exe
File created	C:\1\Admin\Contacts\desktop.ini	xcopy.exe
File created	C:\1\Admin\Pictures\desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Pictures\Sample Pictures\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\MN6S8FGK\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Desktop\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Favorites\Links for United States\desktop.ini	xcopy.exe
File opened for modification	C:\1\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	xcopy.exe
File opened for modification	C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xcopy.exe
File created	C:\1\Public\Music\Sample Music\desktop.ini	xcopy.exe
File created	C:\1\Admin\Favorites\Links\desktop.ini	xcopy.exe
File opened for modification	C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	xcopy.exe
File created	C:\1\Public\Recorded TV\Sample Media\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\C906A748\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	xcopy.exe
File created	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xcopy.exe
File created	C:\1\Public\Videos\Sample Videos\desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Videos\Sample Videos\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Favorites\Links\desktop.ini	xcopy.exe
File created	C:\1\Admin\Saved Games\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	xcopy.exe
File opened for modification	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Recorded TV\Sample Media\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JY8H21Z\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Downloads\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Pictures\desktop.ini	xcopy.exe
File created	C:\1\Public\Documents\desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Music\Sample Music\desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Pictures\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW9ZQM06\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xcopy.exe
File created	C:\1\Admin\Downloads\desktop.ini	xcopy.exe
File created	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Contacts\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\Documents\desktop.ini	xcopy.exe
File created	C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	xcopy.exe
File created	C:\1\Public\desktop.ini	xcopy.exe
File opened for modification	C:\1\Public\Music\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	xcopy.exe
File created	C:\1\Admin\Videos\desktop.ini	xcopy.exe
File opened for modification	C:\1\All Users\Microsoft\Windows\Start Menu\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\C906A748\desktop.ini	xcopy.exe
File created	C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\N7ZQRMOO\desktop.ini	xcopy.exe
File opened for modification	C:\1\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini	xcopy.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 1236	2524	b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe	30
PID 2524 wrote to memory of 1236	2524	b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe	30
PID 2524 wrote to memory of 1236	2524	b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe	30
PID 2524 wrote to memory of 1236	2524	b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe	30
PID 1236 wrote to memory of 2340	1236	cmd.exe	32
PID 1236 wrote to memory of 2340	1236	cmd.exe	32
PID 1236 wrote to memory of 2340	1236	cmd.exe	32
PID 1236 wrote to memory of 2340	1236	cmd.exe	32
PID 1236 wrote to memory of 2360	1236	cmd.exe	34
PID 1236 wrote to memory of 2360	1236	cmd.exe	34
PID 1236 wrote to memory of 2360	1236	cmd.exe	34
PID 1236 wrote to memory of 2360	1236	cmd.exe	34
PID 1236 wrote to memory of 2720	1236	cmd.exe	35
PID 1236 wrote to memory of 2720	1236	cmd.exe	35
PID 1236 wrote to memory of 2720	1236	cmd.exe	35
PID 1236 wrote to memory of 2720	1236	cmd.exe	35
PID 1236 wrote to memory of 3016	1236	cmd.exe	36
PID 1236 wrote to memory of 3016	1236	cmd.exe	36
PID 1236 wrote to memory of 3016	1236	cmd.exe	36
PID 1236 wrote to memory of 3016	1236	cmd.exe	36
PID 1236 wrote to memory of 1764	1236	cmd.exe	37
PID 1236 wrote to memory of 1764	1236	cmd.exe	37
PID 1236 wrote to memory of 1764	1236	cmd.exe	37
PID 1236 wrote to memory of 1764	1236	cmd.exe	37

C:\Users\Admin\AppData\Local\Temp\b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\a76213.BAT "C:\Users\Admin\AppData\Local\Temp\b489f5983334ecc2668a141b475c9edf_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Windows\SysWOW64\xcopy.exe
    xcopy c:\users/e/c/y/h \1\
    3⤵
    - Drops desktop.ini file(s)
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:2340
- - C:\Windows\SysWOW64\xcopy.exe
    xcopy c:\Documents and Settings /e/c/y/h 1\
    3⤵
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:2360
- - C:\Windows\SysWOW64\xcopy.exe
    xcopy sleep.exe C:\Windows\system32 /y /h
    3⤵
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:2720
- - C:\Windows\SysWOW64\xcopy.exe
    xcopy ipcfg.exe C:\Windows\ /y /h
    3⤵
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:3016
- - C:\Windows\SysWOW64\reg.exe
    REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Driver" /d "C:\windows\ipcfg.exe -LM" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_7A0EF9A6B71F8BD440FF79468695184C

Filesize
5B

MD5
4842e206e4cfff2954901467ad54169e

SHA1
80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

SHA256
2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

SHA512
ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

Download Submit
C:\1\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
d59032106b91260289ff1f40e26676b0

SHA1
e69f850677a769c6351931902d2cee05fe82982f

SHA256
8686b17d779c01003d01f3173e5f8ab720f0dce572f882f16d14bf118d20c153

SHA512
3a6f7ddfd5fcd0dd0d32eb461e7c6b002b5812bb9aabbdc8a6819806b2e70b4caad0120f23489753f75312ed348cd8401e0e04f8b19c57b9371b48eec4244cf4

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index

Filesize
256KB

MD5
c7b9c4d131c9626b6470a7d35a01dcd3

SHA1
c24ef77b8118aef7c9f11fa0e050c63ce4baea08

SHA256
0909c8e100b020dd33494ebcdf58fc1c98cdabeb5572327e156ddf5957bbf8ec

SHA512
f473e78c9749660b348c0d6373825af51d30d3d469d9994a7d23fda0c163241c29cde7c5c9300b008721db3bc3c173f132e626ee8c4c26028e65eb0e19eb2f98

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\1\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Feeds Cache\C906A748\desktop.ini

Filesize
67B

MD5
4a3deb274bb5f0212c2419d3d8d08612

SHA1
fa52f823b821155cf0ec527d52ce9b1390ec615e

SHA256
2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

SHA512
34d1a29c9142fc5a875733c49886ad52a077045831aaa79239712bcd0f312637ba86882a71d37d9d68789ef53e30be5d3470f56d03377cd1eeded98af898ff80

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

Filesize
28KB

MD5
ae1fce3943d625d3af44c52e36bc0732

SHA1
892661359912e9cf828343c9a67f2e0c71eb9d81

SHA256
71f7d8bd610e2093c5671fc254ed5e32124a00edc08e7dd17ee86a4a8f77d3c1

SHA512
6e8e84faae60010d6d55c7025b7f063993016c45a28f6fbf7f293e84007160ebdb66d8dc0da0d68d8e7bef6973ab48327d1a8b77b2ee191ddb8ff0de3a3818de

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat

Filesize
16KB

MD5
51e10a04a87155ed6b39bcbae59208c5

SHA1
206cb5ed9179812dd6b5ef2d6ee4299799f96578

SHA256
73f2f5647ed110defcb0f345bdde6c5f0f66e6a3e126f811e5b7c75d65305cdf

SHA512
5e312824012becbccf808556a5388072b5ffbde51bc337f908a9ceaaab4a4ef9a4888489e4375f924441799414b2902fadb25f2b695ec7043771ffb6000e754b

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log

Filesize
2.0MB

MD5
64e117ea3a1edbae6fb9be085df21897

SHA1
663e93d5e78e12cb116016651410a010f918cade

SHA256
96b073b2a74778596b4b2fa64893c52a615e4c34a9af4836b3b11d51a68b262b

SHA512
2418160b4f33cf0434285414f5aaacd35408ec5030ae114eec3f5bcbd5ab2c8aed0c3249197258d5c0c1c9db8e85492788f81d8ec15ec048ab1b08ad780e1f56

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg

Filesize
4KB

MD5
2c8e4b5c21697cc270c2024064c4eb93

SHA1
3a9b25c868cf0b2ce9503c802da78f22f689fc6b

SHA256
b5f9b106011e1d84aa5349ce86b76b46da8bf7c6b5c580b7da27fb97dd1688e8

SHA512
919b9ddf5f2b40083940e509bca9bb089919ab20d6ed1481bcd295ee0b270656c826b64c3364e2e147d6e825adcbbaa663ed23e38e897374e913cee4110b9c3d

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini

Filesize
145B

MD5
ba96961f5e22882527919e19daea510f

SHA1
e10e8bebbd0573e3a1494ea3f21682f7490c427b

SHA256
dace5ad59099429d8aed4ee279f1263efb65d64456931398465a396cf0e79bd7

SHA512
31d0095a3d9b165749365d6d9089188d879400f1fcaa8f50d52558e48de9c839e27184b90ee747e0d80ace5942bd168369d47bec66ed45e2700fae6beb0b934e

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{f1d3fb17-3d64-11ef-bfd7-f2a3cf4ad94f}.TMContainer00000000000000000002.regtrans-ms

Filesize
512KB

MD5
59071590099d21dd439896592338bf95

SHA1
6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c

SHA256
07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541

SHA512
eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668

Download Submit
C:\1\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs

Filesize
512KB

MD5
70c19455f580dd8a5ae98a491acd68a2

SHA1
f33b5900aab5ee066b2a7fed8d91ff0b839b4e7a

SHA256
fa00de3eafaee0a950c20568333d4e10f7207bc0bd3914c7985eda0cf2c18808

SHA512
8dcf5c1f7e9f04f9b834a361f8e5f176a7eef67dc65fecfab7b2bdc3d6c46c7c76742beecfa828f0becdda4ed69fe38dd57460946f3feefc4d40d12b3f4fcb0c

Download Submit
C:\1\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\1\Admin\AppData\Local\Temp\scoped_dir2408_1036094824\2646ae34-5ea4-45b2-ae41-30dfa78ce00b.tmp

Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
C:\1\Admin\AppData\Local\Temp\scoped_dir2408_1775355244\c84a0f10-8105-4b86-b428-9b5c137a7abc.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\1\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

Filesize
1KB

MD5
47b2e1c4ddd5fa161f4e7314222d7a29

SHA1
f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4

SHA256
20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772

SHA512
07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

Download Submit
C:\1\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813

Filesize
834B

MD5
7920c581fb2b78cd0e93bebc449e4a76

SHA1
bef5ba4177612d238984b7c623cf97f16b823980

SHA256
39ccbd57627d50a71f3726d77f841688a70dce8ca83f0b3b05b0bd8cb9030940

SHA512
b9dafc20ebe0497ba5dd9a5c062567e011c9196977ba57679f134f6203e329c5ae90cf29283da2ddab4ac256fa1da9995a0fa47b4dfbae9b1cad5d23faf8d6c6

Download Submit
C:\1\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
a077952867ccd379d936da5900959993

SHA1
d623fdc405302a9142714095964224e42f142904

SHA256
e60faf019617481589a0ccc196d10af8fcaa6023cf2779b3cd015989588ac157

SHA512
ba6e8cf892ffda9a6139f4641bc25fb8e91c42a33407b4b626cae9f8f8bbeda2ddb8f9834fd2225b7a3e784a0a60ee721ddab8026c55b8969724b3d86b8f74b4

Download Submit
C:\1\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\1\Admin\Desktop\WatchClear.xlsx

Filesize
10KB

MD5
35f756be04bf4f5436c4d3e65ebd9d0f

SHA1
b7410169ac36d2223855e26c163cea663469ed38

SHA256
de05d6fa103e2be5e40ab855f398838caa1facefda7fee09e69c9b64663d3c23

SHA512
409d50759719aa55d550e60c68d57c349b0aaf6c8f83963f5467b75fb68bceeda8c58f0e7ac7c089a4884b3c345d84fe3c92421197809b002233647837e4c44f

Download Submit
C:\1\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck

Filesize
4B

MD5
b485167c5b0e59d47009a16f90fe2659

SHA1
891ebccd5baa32daed16fb5a0825ca7a4464931f

SHA256
db44b8db4f05d720ef1a57abadeed0c164d47b17416c7dd7d136d8f10fba91c9

SHA512
665e3fcbd83b7876dd1dc7f34fadd8669debdfab8962bdce3b72b08139a75ef157c4f4c3b90ea9c1f20637bb4f2a29091d9186987d22c7d23428a2e7ccf80bd4

Download Submit
C:\1\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png

Filesize
126KB

MD5
9adaf3a844ce0ce36bfed07fa2d7ef66

SHA1
3a804355d5062a6d2ed9653d66e9e4aebaf90bc0

SHA256
d3e8d47e8c1622ec10adef672ca7a8992748c4f0a4e75f877462e7e661069698

SHA512
e6988737153a0996b14e6baa45e8010ff46714fe7679d05a2676cc18e1c653e99227e7507cdae4f2b6a99b3c31478630e7e1ae13d0f7c12525406d8cf9867ca5

Download Submit
C:\1\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png

Filesize
28KB

MD5
1f93b502e78190a2f496c2d9558e069d

SHA1
6ae6249493d36682270c0d5e3eb3c472fdd2766e

SHA256
5c5b0de42d55486ed61dd3a6e96ab09f467bb38ae39fced97adc51ba07426c0e

SHA512
cf07724c203a82c9f202d53f63ea00ab0df2f97484bd3b9abe1a001f2e531f505ddd4ff8f2d5a2769dd9d2d60e9c1d03dd3ab5143542688f944cfd35c6f1cdf3

Download Submit
C:\1\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml

Filesize
1KB

MD5
66963736ebb1e54dc596701206eaed3f

SHA1
18bc8dfc779d407398af193f3d265ff93f253bc2

SHA256
fd5f68b59aa2b3e80b1a3d97b1dc5028e0fb512d26003fffce146209fedc814b

SHA512
96aef899ecfb48d1df6e8c7655d59fb80b3c65f18857692894598b78c14b5587433d5f58a2d9bbd74d635956a9e6f1948916bd354e6d438450f37ec11cc3b598

Download Submit
C:\1\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico

Filesize
52KB

MD5
bbf9dbdc079c0cd95f78d728aa3912d4

SHA1
051f76cc8c6520768bac9559bb329abeebd70d7c

SHA256
bef53904908769ceeb60f8e0976c3194e73534f00f4afb65497c2091121b98b2

SHA512
af110c52c983f1cf55b3db7d375e03c8c9308e3cf9ee1c154c2b25cb3f8299f0c0ba87b47445f09f98659eb536184c245887a341733c11af713e9ecc15288b5d

Download Submit
C:\1\All Users\Microsoft\MF\Pending.GRL

Filesize
14KB

MD5
fffde3df0d91311b7fe3f9bc8642a9ec

SHA1
50987906817aab51e2cc29fbce47ac5f0936a44e

SHA256
bda9df3591bf7f67d4b31d23cffdcf927da6f00ae1b393f07aea69ba1c4344bc

SHA512
5e0766c25f54b03ca0325966ba059cbfb9cdb0aeae567106583fdff944d67522516acabb9b261e2fd434c1a5af5c5453a09c9dc494008253b0553a993c01d3d3

Download Submit
C:\1\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000

Filesize
240B

MD5
7ca2da6f1e7bca562d7d9376700a912f

SHA1
67feaa004013eee76282e3b3fc196279f2577dcb

SHA256
04fd7654331261ff9ec331c31b238ba7770f082abfb817d7881813ec02084a4e

SHA512
4f2f67dee86af03dae15145649f5eb65cd158686381d26005b91aab89f017b692289050f0b1def00f8c2e724aedba4025db0baa6b55f76d402ded8006c48b38d

Download Submit
C:\1\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Filesize
64KB

MD5
2f60c193e6ce21b3e9cf450c5bb0485b

SHA1
1b3239df5b8d373e01d831c60b19d5b0f7704415

SHA256
bf1e0f98e146e3e5829978b43ab9dafe2843525c7434bb289e830e3a27842bcf

SHA512
8aec4f32c7c9313e183fe85bf78739e770fe767059e191457c8cbfe2648501b230ee0eabe28f3b83bd1aa3ad78d037792577ab4c794a3cab6a8dbbb538c2c972

Download Submit
C:\1\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002

Filesize
64KB

MD5
00471bf1c1cffb2a8c70ac867a3b7ae0

SHA1
076e339815f55f6720048c2d6e5463f11562611e

SHA256
786e99d048f639323c0c1605a4df78181aa33cdf3fd6a5666bff92b39268e46a

SHA512
c6f0a90bff39ddb7dfdd9a02a1f984bff4652f7e241a559ffd5b950c3ce674785e5811f04b4a3e7947c2f2131bd042a2dc1b1720a29e5cd4da4c860b91910ca9

Download Submit
C:\1\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002

Filesize
64KB

MD5
ba7bbc225f80a5a2484ff46277c37173

SHA1
322f8c81351e20c2a5d616906fab1568287e9f90

SHA256
68f9f9e93bf38add60d80efd75ef4465a27ce486b420305dfbabe73da3725189

SHA512
bc5aa377b9e8a08b636816452b775cd2265bb1431d91de4d812ab6c06665e429348830c5960360d03883ec1396ea3f405bb426a3e086db3d25e10582b0f6c9bf

Download Submit
C:\1\All Users\Microsoft\User Account Pictures\user.bmp

Filesize
48KB

MD5
343fa15c150a516b20cc9f787cfd530e

SHA1
369e8ac39d762e531d961c58b8c5dc84d19ba989

SHA256
d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524

SHA512
7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

Download Submit
C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
2KB

MD5
d477eef1b01c8cfed5ee9ba819926626

SHA1
81ca792ddaf5b5b54dd23134426b7a98f92f633e

SHA256
2a6f9ba36f40eb3833aa031455542e4eab9afff7880ce9b7ef0b5f8fd56fb286

SHA512
7d28a18bd8b346aac552439e7e705fd7ce211bdcd3df7a5f0b07fb42bf64e0a68f88c2da1baa60bd4fd77d7b7540fa9301bd1e54415defdd5ae57fffe1caefc1

Download Submit
C:\1\All Users\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk

Filesize
2KB

MD5
1da2d73f6a86d23295393cb481dd85bb

SHA1
26f7173c02f189aa61af9b73d9ab13a2925a0a8a

SHA256
94c4284528cf46b7f575a4c29fbf0eb15b32a212310b527e56eb19ef95d5f271

SHA512
9cc78922c16b47613f9ab488c6f183979a2041ddffc40986e3028d1740202d240000ae2a27770df42240658df99752a59efd2eb8165d1decacf3d933a4f9e5cb

Download Submit
C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Filesize
174B

MD5
7f1698bab066b764a314a589d338daae

SHA1
524abe4db03afef220a2cc96bf0428fd1b704342

SHA256
cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76

SHA512
4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719

Download Submit
C:\1\All Users\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

Filesize
1KB

MD5
4d9a082254841950542f3d83659f511f

SHA1
caffd9907c872a1a2da5950b8c9a86e0f578e53f

SHA256
c9a54505877c1f534aec94d9af3ceb8a6d6920016394c0977cc5cf3386d96e36

SHA512
d3ad68d1d4157515c024997c919dcbcabd7f49db9ffcb94c06a4ecf0128780a1b53268896ef806e72cf584ca1e0118290b3259d64154cfdb26615f7aa5a1f028

Download Submit
C:\1\All Users\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

Filesize
140KB

MD5
717e432ede60df66369c93a9abc65a7b

SHA1
8bf256dc12829d24b5714d0677b986c2e480166b

SHA256
5ce205e7293f9dcad2b1486bef9324cf0ee29983b7b221b87ac6277456828c36

SHA512
063e55f3427b1c10c9c5591d31446c870f93903a4eae289e8bdcd6e1df9336c0714beb4714984fe57e89ffb7355f2802b6c1e670704d11feed2c514e0ab1d931

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
290B

MD5
9a79c9e1ad63ed2e7932536570775b9f

SHA1
db556bc8dc2e60d0a5aef1bfba930a6fdceb7cca

SHA256
20badd15197ef7f52351c378a6b9204863cc114dbe1034bf86180e7e74810f86

SHA512
1a03b9e4696ccad4ff23c4dcacc86d633ef3dbb7e1822552dd57da9bebde444dd30882849659f5e05547ff6acb880e8a3077275c860214c0bab1f4581dd7fde8

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
272B

MD5
e14f6ef5e8dc4c628fe28ac893e9309d

SHA1
f29803c16d3e11a196d62026279b72854c4d751f

SHA256
6142a68127514d4919f584a7541c242c9af5e471fcdb6065d40133439e8421a1

SHA512
94a23c241bd39bffc9a3eca5c9ddcf4099edbddfaafe997335ffd85825dc9e56884077768ef0cd7ae40c631489932529ea8c7d6dcfc0549c32d15d818589fb5a

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget

Filesize
3B

MD5
963ab0bbea32f1f9d19afb00d08be14d

SHA1
aec742c8cd57ac5fee0ad76b17e91c6d76608cb3

SHA256
7bc88ebb6d01d4dd3ef364010b10f0bba125bcd23f901f0137cd55d7f3fd4563

SHA512
d092b1cb946a128beddb75280e0525afe54248a466b3d9a8963afc46b03aac4ba8a7e4f15a069f9e64843f5ca638f300d65e7c8b3b58318bf02e0881e7bc8a7f

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

Filesize
7B

MD5
b2c79ad7dcf03ba266dc0885e1266675

SHA1
3b5a9f7948a58d58bd432360863a719c95485504

SHA256
68693d02ab4fbb2331b8cc39915322e48e61f06d4d1b31e7d19913202857bc8a

SHA512
8166dfcd0425297e3f9b38487b3e7730055fe34f31b52500c571040908369327c36e15ca8c124c9ea257fb8fd9699752bd784e7ebf0750b1b5eb1daad8ca0d9a

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini

Filesize
558B

MD5
10702225fd4f79c780cf4cdc815ee757

SHA1
6677d41e231034e78d2a0403b6b6912869074cae

SHA256
4388df4a35071b0a4dd8ad274310f3a4f272e6008ad4dbececcac12f0e96086a

SHA512
2076208e4e5fa7e96e52ad9e7d2adeb4921d0e91d583acb2b732b2fe75a9bb3485db5cb9b26c05cb56a41d2d15b54c620f08c2be2e191e16969698981b474022

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk

Filesize
1KB

MD5
b8729d4521304a80c9f51e498c6f859a

SHA1
e44edba07a94a4c0f040fbdfcce2317b8ae2d66c

SHA256
5d78eb581e6c890d0172a2805a4c6fc0677aa76cbe889cc53a4dfadafcaa892d

SHA512
8a3bb7fa3d6afbe5b64f102f2df761d9ebd7df0202b144b7d439bcaa404283dd7407ef34a099ec244ac5dd849dcd40d8d46a673065a23be9b73359f44c86c190

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail

Filesize
4B

MD5
4dfbb099eafd3c82e033bf92946d3ce6

SHA1
92379cbb8ecf696194b47b619a87e9e4f9a75db2

SHA256
07ed6ccf6bf6393d18684d1d4f774639d44c7d2d2895fd30491ccc50614ed4ea

SHA512
68424941d4065a0c5b9683ed55d313faed5dbe4a98f125a2534ddac597c0d725afbb83ce1dabb50d0566cc22241f0e06f5c1c696e4029bfa86e9d93a95686035

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini

Filesize
704B

MD5
6f254c82a0513b4d7e19dc34e28280da

SHA1
a8b18e5987d5768f369f388051061ec92bfa42ac

SHA256
d2bb224a86be552471bb359e9e8aaf3fde6859f6ebd84f48b121aa0f8961358b

SHA512
b420031e12b10fef1452d964f4d2a87b21307b78f489d2ecebffc0231ca41b249ea2e9587a5d96544b313dd3884ef96aacb3de527168f09f9ee231f9f73f4504

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk

Filesize
1KB

MD5
34a52ddc76a09d003765d09276b7720f

SHA1
3765465fad7cde7b48697ba33c414f109c1b6a6a

SHA256
439942456cadd72c8a50db1ad4258da91ad1235e55ccb9250a8db5692254717c

SHA512
9b4ef04a8bb9acf409cdb6f9cab2b354e0f9e2f1c992a8ed61849a944073085aeff4b5c1e21c5c0fba4d047db2325b75a328d103cb674b92ebdcd098e0417c14

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk

Filesize
1KB

MD5
af87d986ef018b88aade4a257b01865e

SHA1
fbe6ed4c60950b49991bc8ecffd86957cebbd2d1

SHA256
adc6a967238100d3630fb8040aec1481e29efecb0d947695c2606830b9dc09e4

SHA512
a18b9d3a4852db8e7d77c7bd1ce0bf3aaec290fd5b544b0a521b597cf22250122c7c7b877be88a4a6ba72a977ebc9146c2ed13cd8ff0ea3c439b02f20592bf54

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk

Filesize
1KB

MD5
ad86a82ae065094400492fe6354a303a

SHA1
c415d4f4ed271a596d2888e30e53ea36b6ed5d4a

SHA256
ca803351ea5e37da8096e63fe30ca42406351dc803a5f85e3c5d72b022a52a87

SHA512
26c4d823c9e634ba77eab754d568647dc9d206574c5e7fbfe99a4ad7ae2382f9d88ab95599a5de4dd53cac83b3bfc1d410887c693b776724a452f811870b969e

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cd6a30ed8419b84dd18437fd29b9d07f

SHA1
c40b1eeb78999f32f8f9ec867b116496bf227a8a

SHA256
ae24a0ebee300f003b92411633fe126f5afeac34303c215ba7fe5f04301c67a7

SHA512
125be2ee7234f7c5bdc0f47d4b6e8a645329dbbdf9493dcaa3ffc941af5e311f8c14584de73657b6985ddc4de1ddd17481c4d814a519247f6ad01a2cb4d0f699

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk

Filesize
1KB

MD5
11a856c7323ff0baf1669fb2346395b7

SHA1
a209391b9b2c9435c4a431b60be6eaddacf49f9a

SHA256
3ec21c18156557770a014933ce14f2d282b37d4c04109262fe81f7cea2064423

SHA512
971184fbd50775d1992edcc22bb2b930657238b05d5814ada4a10858e750e76cfd6692810f81454a6d94f84407359a52c51a3facd6e137291253f9c8dcdbbf3b

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

Filesize
678B

MD5
94f4f5600ec0596ecd43291b8a34aa45

SHA1
6e2f8c587750074142f6c5b6e532a312a5517e7a

SHA256
b6d940daffaeec2225743a4d2851a4ca287b5d847028b46fe3ae8fce1a3b8ea0

SHA512
3622989c0c4e274edf412a5c2733a77ec59e0314535cb90b1b3ea018233d101f1425bd5a3146583bc3a8bd855c6dc33111d45c30cc770c01f634fd440310e4ee

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk

Filesize
1KB

MD5
b314f70e2471b24836dc682425597f40

SHA1
a64b74e91ba9eae8e0d871c39da516e7d0b2a57f

SHA256
eacbfb78275cbea92a3fcb52e9ec2a60f22fd5bbd885899ba255dc1fe0ef6346

SHA512
761b0e639e0a8250e30e8037600520405fd07160459d1d77a95066a59bd911e402415e30b5b135a79e9e1cb7afbcfd6b6baf07e7b9d36d27b920729b25890672

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk

Filesize
262B

MD5
84fa65eb2b09c2b09cd0050731f37cf8

SHA1
51ffc6ad339b31707741dc94dc236bb7c75ef504

SHA256
284ec026fca0e384e68bd9b882b6fb06f3e2168e4d635c7eafc3c35c7854aabb

SHA512
57690861278cf4a16387b7fa4d560cd0f78f13532f1a970fdaf38853a1073b5d2340e8288ae57d7f05017264246f04dc065da67542fdd8bfa0ca5159c2de8b6c

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk

Filesize
262B

MD5
46078bd3cb2044421452d214d7473d50

SHA1
99fc97a44abb143a78468cfbfd4159cf3dc56ffa

SHA256
637b252cb21df410dcc729a3cbd57664d1d1065a65603b9f9c5a9c469adef1bd

SHA512
cffc6399de43909d9ce98ea6c32dbeeecde82ff36fcc5929e78475ca05a03bb4e9bc132cac5a4ac0e0819661eb84ed9b7e42d280c73e70188f8ac2f55f6807a9

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk

Filesize
1KB

MD5
d4eb12e61067c1236e5962399190ee6b

SHA1
7b3357f2343b9eb0f802ffaa53e2dc58944dc648

SHA256
1f2d5547f03b7e98ad48c39a68dfe0a289541dab3e2fd879f7ff9f48dd664080

SHA512
3880f21be641ef828059f2cffe151a8a4de2c36819912ed425d0fb54415b9dc2589c98622cfbb4d11b7c93655f58e43ec8128cf4a33bb1b8f9bf534b2408f796

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk

Filesize
262B

MD5
658d7adbddeb614463ca71663a644c25

SHA1
433037dd6227b27eb614d4fa41bb214e08b62a17

SHA256
e064c3187ac30780fd7792753c3f28c85a3b49b5c90f0fc55a00c9af926ae518

SHA512
d1a0f9d9cd6529e84bf0078fac697bfa32ea1fb94766e3c1c30611a2cb2baf846f2cb35b046c73431a526cc5d0e91d47f7006ebd90ba4dcad6e4db2421a2a1e9

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

Filesize
318B

MD5
75afaca653816a09d9dbfbf27722a4f1

SHA1
540718309bf55cd5c15eca0244843de15738ac77

SHA256
f8c213671e8396ef081532d00929a3d85c7561afbdd1c4bf4eeea45244f529fc

SHA512
70ecfa08662572e8abf595692870f4a0a0235d69924562c1af95bbfdf0a346f05559c73fa288f528e9081e70b83aac91b7d206ffff2f7e039bb3f9f454d3b05a

Download Submit
C:\1\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk

Filesize
262B

MD5
6f824d308d1ea6179653f60ce0329293

SHA1
0126f4865adad10a7dc1667c3bb43d16d024f8c2

SHA256
f2abad2fa9d21ffa1625fb923ebe4620f6690ad608a64f37ae9be99275a6fb99

SHA512
d44d48d892f543c5a7ca0390db2238441d4fed9239bc6022d4e5bb507cfa6c4e1ae750a8768efef480b2c53a6a69fe9928856336f48469215b5e069a6757d3d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a76213.BAT

Filesize
369B

MD5
6877517e3be959873ceb1af1dda3a8a3

SHA1
49168bc0ad25322cb782e08f55d22c05787f5855

SHA256
6f8fbe2887451a1ce921a604cfb6e6da955f36d2d83b343b4a28f61291ff00c1

SHA512
85458e00cd1e9db8d19f768d231e623bb87430e13cca5d9020e762d46b9755ee6ac857d181c7aea38031f91c93090b13681d9567df05a6e3ed1140911b90d139

Download Submit
memory/1236-3751-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2524-3756-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2524-3760-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads