Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 17:00
Static task
static1
Behavioral task
behavioral1
Sample
0fbf6aebb7abe0cf6397511870b68341_JaffaCakes118.dll
Resource
win7-20240903-en
General
-
Target
0fbf6aebb7abe0cf6397511870b68341_JaffaCakes118.dll
-
Size
264KB
-
MD5
0fbf6aebb7abe0cf6397511870b68341
-
SHA1
4ade45cb13aaff6812047d68bb6c4c9caa20694b
-
SHA256
b2f2278e08e7948fdadb10567269e42b9afe2922e650d5e5bee2990432386370
-
SHA512
a4a519b441bafd41c354cdd80d41ddacc9150325988628994943c0dde939c40c5410e4b3a4ffb3cac96e23da7e0771a668b7a17c62d28ba9a0065231c487fd6b
-
SSDEEP
3072:n4vRJRkTcZ7fcxdl5CTdBoEBClwrnfJMtZbzOPrLToxdv0/pMBLCAivV+8KjvYfC:nXHngrXV6L/0cPjMN/m+POz
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2696 rundll32mgr.exe -
Loads dropped DLL 2 IoCs
pid Process 2080 rundll32.exe 2080 rundll32.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
resource yara_rule behavioral1/files/0x000b000000012282-3.dat upx behavioral1/memory/2696-13-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2696-18-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2696-16-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2696-20-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2696-23-0x0000000000400000-0x000000000045B000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D5FB941-81A9-11EF-846E-46BBF83CD43C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D5D57E1-81A9-11EF-846E-46BBF83CD43C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434136722" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe 2696 rundll32mgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2696 rundll32mgr.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2672 iexplore.exe 2688 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2688 iexplore.exe 2688 iexplore.exe 2672 iexplore.exe 2672 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 1056 IEXPLORE.EXE 1056 IEXPLORE.EXE 1056 IEXPLORE.EXE 1056 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 27 IoCs
description pid Process procid_target PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2364 wrote to memory of 2080 2364 rundll32.exe 30 PID 2080 wrote to memory of 2696 2080 rundll32.exe 31 PID 2080 wrote to memory of 2696 2080 rundll32.exe 31 PID 2080 wrote to memory of 2696 2080 rundll32.exe 31 PID 2080 wrote to memory of 2696 2080 rundll32.exe 31 PID 2696 wrote to memory of 2688 2696 rundll32mgr.exe 32 PID 2696 wrote to memory of 2688 2696 rundll32mgr.exe 32 PID 2696 wrote to memory of 2688 2696 rundll32mgr.exe 32 PID 2696 wrote to memory of 2688 2696 rundll32mgr.exe 32 PID 2696 wrote to memory of 2672 2696 rundll32mgr.exe 33 PID 2696 wrote to memory of 2672 2696 rundll32mgr.exe 33 PID 2696 wrote to memory of 2672 2696 rundll32mgr.exe 33 PID 2696 wrote to memory of 2672 2696 rundll32mgr.exe 33 PID 2688 wrote to memory of 1056 2688 iexplore.exe 34 PID 2688 wrote to memory of 1056 2688 iexplore.exe 34 PID 2688 wrote to memory of 1056 2688 iexplore.exe 34 PID 2688 wrote to memory of 1056 2688 iexplore.exe 34 PID 2672 wrote to memory of 2548 2672 iexplore.exe 35 PID 2672 wrote to memory of 2548 2672 iexplore.exe 35 PID 2672 wrote to memory of 2548 2672 iexplore.exe 35 PID 2672 wrote to memory of 2548 2672 iexplore.exe 35
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fbf6aebb7abe0cf6397511870b68341_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fbf6aebb7abe0cf6397511870b68341_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1056
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d774856207913b8610616e239829e7b
SHA1cde6900caa24f688edee457e044a14153f507cef
SHA2563771fa7d61ca669f2faabe1784e1663061f1b14984dce864fb8c9cc7923f802c
SHA512ff00488a586419c69e84f1391160d7086d6f329a89bcd71d5e5014fb773fbfc08cd9dc9e7ad0758aef1852e8ebd0acd5894a864d584388a2280ffca6605ddcda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1b0349afeaf57cd638f77f92e5b12b6
SHA1a01d0d829b021f15a709078088fb2d664dab14a2
SHA256e76b0d0c24d69b1f1bb7e5047ee0fb586a2f51c7a70d99ebd94f2d2b6b124523
SHA512b84921a9825544e8073533fcc85e5f3f0158f71d1bec5c5a5a5ceeb399aea4e136c841b871a1f23535b319f9c2ce95670c7e1eb738f7bb85fdefa7b9d14c09f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9f486e4160e3fc8967c8d6d300ccb06
SHA132a86d7044dbb5865d0a1ea341a3b5c2e2e50f5d
SHA256033a44e9f239903143511f5a5e30208135cf3bafff7d453ac230c7fd2b736baa
SHA512abec50aba7e672d494fef2d115642652844f4b31bc4877a738a47d48ab03a717a44f588da0e2b2ec5c1b8570e7c8c43ce074bb886fcdcbc8d403e3d58a51f796
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a108d63bc312ec8674986e7431cf383
SHA1da04c698db44efa86ba4e85b4e1230ce6c056c31
SHA256c65ebea509b9d0401d216b1e6bbe7800e86343bf77549b0e985a1b87c153b792
SHA512be6a4eda04fefaa8d3c40d306df3a13313207355ffe03c43c0c7d150dacac65776f4d7a9d8029999bf8343986996fea296dd6dbabe39acff9b60a3b5a0bc1be4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53f1a67b8990b55e6fa10a3667d7beec1
SHA195481e3cb7a323e548bf727de79b3eeb6642650e
SHA256f40fa4fa29b09d5aa934c9305da9ba78ce1f341b506e67c1e8a9c5725287e358
SHA5127b5984b5c981a0136a7e9055abd077b8d4408c3f47e72d3d0c7a16ea5c2c6a4245d13babec3715ddc88b79609be775412c0618e3ef2d97173cf4b88dea7e6930
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d875baaca08e268821cd6e2961a511e9
SHA1d32289978c7ebf6b65f088433a9c8e625213a6af
SHA256de1935c0666759bece01103473083e4f05d2dfafd9bbf9bb847d2945c1ac9359
SHA512eb8b41caa0979837e2a78ddc97ae53a46101878143b1e9a438ac78b2b90845209a1feb65ba5bcd31f3925a3e13df37e420aabf0cb555491dad477c61d6340e9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1038a8e6b279f70121538ddb5ca62b1
SHA1808922c4a596afb49b78825638c11fe6b847b6a2
SHA256000a1bb2496d1e6ce8700a85ce285647ba1099728432afd094e332fb57f6e860
SHA51285ac8fc944c1e5b1775e29f22d1690ddbeadd6326c64512c8a0338901ecf0aa1369f5b9ba963a323efcce3fc57ed0b17925171c04b1637b3cd5daf77a62133f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5855873b7a985a97a141e25fc6b757e25
SHA1c40a6044bf1ae82c59bba31938b5920b48c2f341
SHA256191d6376a337396e9ca79f4ba318a75c04fc289ec230864d91cd4a9ccb407259
SHA512cb0d6f7d873cdd1c0268a227519b1d06d1f89ac4077c95ecffee44d0f7029b341e901b03990f4b2d66e83a4cd2a047748c75effe50915338127a3187f5948f05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5181b08c81536c069806f5078a4e31129
SHA19e5985b55fc4e037cc6799d1a2cea414d8c6cfbb
SHA256c9c42466a21a34a4a553f0ea27f612b72fd1ea7f50d9b07b4b9b28f654ccc6a8
SHA512edfb57d0292616a091456e73400e5ee60ceedcd6cf6fa7336a630b311fa424a40f0c3a226f1d3888c82fa1a0b5eb4866b3c8d668bb306847b3cd0e142cd3719c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5868d278cd59c30404a7aec1523b61e42
SHA163634f75f1070439c853e7b30de9056c69fbfd57
SHA2564503402354f1d9aa9e58d9d0aa789bf7fd9799c717a806d947e5e4acc21ff74e
SHA512aea4fe2fbf17f57224078101d78f548ad6754b9fb9bb46de03ce2af572b5917e3088ec36b9b8a00ee59cb652b1abe2043b7c2e679f43fd8e9da50d2ef5c5181f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb1df31d104d2ff16ce41cc16e40cf75
SHA12135ebb996644ef0fc9434c6fd62590c48262631
SHA256b748b04c5d9d9bbd6d590979842d74e9a4b57fdc6169a22d4706e4674b6fd667
SHA51249eb431fa8997bbc5f8a89976cf4a0571e20d2c6689ada2ed42770704c3309a655719362d293f457c0bd504c8a6b16c61b6ac476e286c959aa89f9fb5786e131
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3ee9f543fa9b58c0d689a5dffec8210
SHA10f4247a55b8525ca6cd54abc68d3ac0d6244e4b8
SHA2566d94c2951b1ad1943617c57a0e2875349567c470ab59c8cd4689bd009bd3fe72
SHA5129bdda7e279c40c4b68da9900b945c3bb79fe143ecf02e159ea3163efe204373e297292179a1c0fa663d6137df13a5a4526fd0b40539918cd256fd813ff26ffd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d9c2160a351ae1822af7dd7d9683e18
SHA1de6ee383bb9ce66fcc1f27c559025a03ee010bef
SHA25632f32cc53542f5d6aed2f2f825024471d16cfa2080ba623702af9975af830f9f
SHA512f827394d74fcef725edf67c017f7916317c973b18339f666ca3c07ac9227f7b286d14478b0e95165fac5ffa7cf0034e046112eae89f1f5489ba10ec875c033ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536d4f43d6614ef7e95e535a19dbd33c9
SHA1b0034a03939b827effaf500038c7be458f91b11c
SHA2561b8c3cbd6d93a7baf6d661b69fb21bc3c9ea1be2f67f64ae2535b5206d907337
SHA512c5f15b816fd6a431812c83d9ea8aed3ea9200bb57c727f8098d9c81168da2306c3e60e90f28a5a2715553f313655553f8e8b11845b872a16ab02484c302ff5ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac8312f1a35b3748d85b293602728a14
SHA1cf2b12f5226f9a6d237f88b8bb55f8a88fc04ec6
SHA25602f54086771fdeb66c8dbfda978288fbd700383a7df86731970381525ed89c9f
SHA512909eb1df2e04c05b561bd80db0b36fde29dc5fbe7ce59462e35b773f58b83f60eaeaef07a225466e18edf26fb9710697573e18e70149914be9395778a9b025d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b38e6ad741c2636e167bd6d57d588df3
SHA1978691fe95cc281c45db2c5c5629a63f4f711b25
SHA256d2cb1fa6b1ac3c1b916a2886e3104b0e1a1c042a64aeee69b7c684c2a46fe305
SHA512011673878a676b53658c9f675c75003a5d5b4eaf63751d6486e8726d99773bee248da6990cb80fd257d60cd2a6674ca1eaf83b4afc5c3e6e84f74057f629f56f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab32c52f650de65d1f798535d02581bc
SHA1560ff62490b04611d62856941ece4f6221855fef
SHA2565845fe10fa2daa884e507924876e3780b4985b7577ca00b44914ac2407453697
SHA51254e05b1b955e0532b6c19f0bd4fdce803291937b0aec7f2769e7098bc6ea4491a15dc74790e02aff24686c09059dd589f5f7000191ed8a27f11b4fb412b5dc65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58533753f57e87bf5f84c2989826ee620
SHA17e7f009c405a92da50f997f3a63bb71c178110d4
SHA256bed12e13208716643acf722de66696e6a086e8cd5a048018f1cb5bc4f6c07c79
SHA512e42cc885241bc1564ca71f2af8947c560523cc15607da4c254d7a1bf5365b1e36743c721aaa65853a53071dd500f7929b282fab3ac6e0451d8d84735b17ea2fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ee7fce5d04aeb70ec7ac289fe8fc740
SHA1b2ab06d334ff9a9fb6ce1a3b79f5d06dfeccbb74
SHA25691f07dad2b49179b6018889d9c523b46595613964662d57770958f340f5af6d7
SHA51281bf84e74950fa522c12205ffcd6dfe34274cadd9c0591afffbab87350bc1fc9c028f05bb1d955abe8042ab672d14d895b31b2f7d7b1da9b66fee7797e5d8c8d
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D5D57E1-81A9-11EF-846E-46BBF83CD43C}.dat
Filesize3KB
MD50ea7f9439bccad284264d0fbc6cb6b94
SHA136ecdbe89afd864212f73672870a168435025337
SHA2563b54081a0233e835db490c4431363ff50abdd47b64499b22b65925ebeef8ae0f
SHA5127fe8eccfd5d62a98503ee8192ca13352d4f4e71b4d2dd952edd9b9c16f506cec1d869e8e783974dc740bac8de816a7840f530dfcd43480d2e7512385a23876c4
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D5FB941-81A9-11EF-846E-46BBF83CD43C}.dat
Filesize5KB
MD52e9b818441aac3c64545cbc237aff351
SHA1a05bfc442bda12c3d1db995f49e208f38f47f282
SHA256e82195188b0ad494f006328e0284ded1da6f5a54dd599af200a50e369e40ed1b
SHA512a08df7d564badd4a649581251e8ad28068f1b759ab3a33a4783284f31c10c2ec8946c182d8deba41b4b5d88eb1de36577cf74bda91e3a870f57f8de8dd0e67d8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
105KB
MD51713dcea0892955ae4ad238bf4b9a34d
SHA1172c10720153e717402654f97ad56516f43705bf
SHA256e4cbc03a8bea10728e756b7187435b3675af2d45ace12e6b6641e44b25d54b23
SHA512e0a0a1ec9e9380bcc1692016dcadb6b794ef13e3a49b9709799c8b281401cd0faa0b63b0aa0fa750820cdec674f7c6e02e259e66cf843975fcbd49e9c1be021c