563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-10-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Size

327KB
MD5

53ce3d6cd13d8f20b5130dc471c1193a
SHA1

f9ee3dd8777c69f2da388deb9e595127bea56975
SHA256

563cfe59e2d184267a940e1ea7dd84c7423b33d31da05dd0e93d50e098db34db
SHA512

83a3ad6b3fc4f2376651759b4ddb76c68100f0845576dda00b157ea1c35d48417b1394593195d1b7d2c3583c9361445928d2249b20598761c072400e322b4b29
SSDEEP

6144:H6MPJyaUMTgAUZjwK4DVVnQnsJqfxbEh9O12I/HCT0H+hGcZhrHJLqW6ZWI:aMPJ9gAQcK4BVQvEh42I/tH+hX3rHFqn

Score

8^/10

discovery evasion upx

Malware Config

Signatures

Downloads MZ/PE file

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Wine	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Wine	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1624 set thread context of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 2728 set thread context of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-4-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-14-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-15-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-16-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-13-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-12-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-7-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-1-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-17-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-19-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-18-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-21-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-22-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-23-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-24-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-44-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-41-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-45-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-47-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-46-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-48-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-49-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-50-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/1352-51-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-52-0x0000000000400000-0x00000000004B6000-memory.dmp	upx
behavioral1/memory/2612-53-0x0000000000400000-0x00000000004B6000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000007c68e401f30be9ff8b7d50fba0488c4264eb2b254773b9160a9ac7d3f86371e000000000e8000000002000020000000c9455e7494a6bd4459d3bb4ee754723198e468044b7d5d893459517f8be3abac90010000a34721ed39e902408fc858b508681bd82def01bfe647432a9588913714f41789d0778f1d27f4feb9599261a24220739b1655087d305a0355d0fa868916fa441052346bb89b8accc1345f983ff3f1b86008d2db1aab4088075d92d40d1e7521a0a33a559332b509db2669fd6c4beb155ef24aa7c40fa21dd815ed078d52bb63f1ec01821fd4a6eba28179285fb7d86d82bb4b182e5b1447a4993099f7cb8b655b42350edda01750772c091be5b595fcef4a0f3b8faaf9ced9e8bbca50d44e0fc565d4e10d90eb0bb08f5b556134f0d59d428deb3d7b3214563457226303e6520b66ba5ad1ca634b2617a64714edecab2defa797faf145e07aa3ddc993662f8a9570e1b5508516b4fcd4556ea07c1b31a7fe39ac1077ff75fcda15a4c683d2c3f09ba4438b6399e3c6f15c9be8deb9e144189d8a3c8160ca15eae79c2f3042399d334491d2d0bb1aeac08033a1e4aab1a1c7cb23cc3b0c44aa9bd6ea0b6783305fe934f40d257240e32dd168233d52b97a34e5735e5903ae515c5ff6c4631d0f685ad3c5d2a0ef40204866d2657930ea9640000000b5504e6871ec12c800f08240c55e23d150fde3bad9deeea074a7b48a39310ffc3a38c2b392f7ea70a593ea7f0abf06f17f37a67bb965cb42ab2df55261a584df	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D87D591-8CCE-11EF-9FA9-EA7747D117E6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d1cd46d37244659e29ad658638929d27882ab2cc33aa10b36df9dea0ae23a77e000000000e8000000002000020000000992cad752463b785a36e2adab91c1c63c1ba8f736234ad22474be19181cb8b689001000069fa1169206dd3ea1db4be5f5771114330c9c99df28b675020bd4d3c44f400766164781b02ee919b5dd3b9d0f4dde64b6a5394211cc9d638a2780c4c89a1e6df39df1576dfd651461905b9b80b27a4c31822429de5e96051d63266ed07e4e3e966578762758548526b4cb7e93e26ed8523e59419fdab517540bb0b62aed0b4fd230ec111791f6b0aef0032a8e532a421ccfff5cde9e66b72063369447d8778c272e8e953b0cdda00d2904cd04ea354c50b90d2c7ee3c8c9e7f2e7aa7e02a226587fe43ed0327cdbea42ec3957be5f2161e3bc9cc60b5ad4edc030416037a3d0122f4a3be27e75fe05c5ffef15c8800c58c0c3200d2e488c11eb6543fd8be953bb777181cb0889ef709d22000b58a490a4cbd7437a5c45aeb1f82e83b4610ec7cdf3e8b93e9d6e422d5ed0fab0ec1e15e3bda26832466f34cd8eabe57efa62ccbd8f9bffcea9e02e8edbed06a48edbb952bfa709f0753c2c739eec51f0d550865626a4c2d024d9d6e94aa9e9bbcdcc6431a829aa09afb18bc31d95f1b0211aa4297b0f051bee436724e53c28387644c6540000000dac15981bb7d3a86ba8d962bd1af2d4ec6653f77bc40db26107bc83c44c9e0a8e425508b70fe77400d638413eb378f9283d6ecc226a8a4404fcb5050da7ebd7d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d29c9d207147c0131fd268a712464641aae1a1b00d304c8b0d9e7fa6a9845b4a000000000e8000000002000020000000310b774c44a01354a2367c40cac92405d72a5244da399e660acede0a76dd48839001000015301f4f67cbba60fd12921e318ea90fae6bd7607545fae6a8e0481e5599abcaa812c9672d1d34402c0c63ff4e316f8983b52f4c1a6da3bcb2e220284153e02f1d0258b44b1970b51b0e14dc653ce0ed77b5a9500af6370fec4b94ad24c8594a790ccf26b665e6494897833192dd9d8399eaee65f59db5a81b7ed38ad31e993a02c0fa7063d360525e5f1af454fe6b3c8406591471d50a82e663641e1d31e6cc274a7313718215b63f68bd0b776a55a73b8abad8fe141b43c54672834ce165f64ef6c2b38d918b48bc08c0dd05d40de27fcfa7f0b09da3279a61cddcc2b38e95fdf87a36c277729078adaea7843712374d4b23e8e4981f33737b40157c26826eb5f220e4efb5d9771979fc88da770837304f20f9cf98eb559112f1cfa63626929d36b0aaec6eb0f5e62c652a005fdfed94fa03196d626a3b727e38473ca248146353d49d982d68c08844ab6d44b08a067fb759f7e1113427b43a506d6c1d054af0393865bb4393a0954c6acb7b01792ccbb82fe39c1dcb92dd3985ff8eb5fe1480dabbc0aeb7cd6efdfe888953bec1e540000000f9714dcb211e5ad6b8ed5a288a50ec9ab18e17862014f21887b60639052be3934e0a6f3050e260bdfdaa9f9dc8a8f25ca1555724bcff47f1f4c814fce7f68c40	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435362184"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000f92c5bdd098735c7c85fe05861290ee57cffcc23a96fbe03e6ad54d52f00c211000000000e8000000002000020000000f6e093a93bfe800856a1904d479421f5fb08f70635730f837610499c96f0368e9001000069792007a18d10b3d14efcd6eb7635b4b89f81542449728ad244c2dd4a321014580e938f5545254d5bef5dee28b83a2ca093f13ce7fb3562cd96d2fcc329810c7ee3d7c7a6cef2806c8e372d5ea8c164f9e55223660934d732ac8a726ce13855edc547a0481c41d946aabae40fad5c24ee746426a9dba5c51b5efedff47d8194d5d88e986c6969512692fded910f9c2bd818d7248cc3201ad978a7686d8e9e8a5d3c27bd8ede22b9a41f2673891dc1c649a67f140191ce4ad99afdfcda2ded861db58520678041605fbe6774ec4b8fe480216c7cc1fc8141965fd836984302e8748ca8df50b91cdbfd6041ad5bf333503071c3992daef2a61b0b15371aca2375fc5b80182628984830657017407e2815050e6e2fd9b47f02aeaaa1090687eb092a34f4cece85e6b82795bc0eb42633bbdaa606117d25c07b4114c0dd62c472b171013d3626a67ebceed757cf0608eaeb17718079088c39c3c5ba00c8d09eb35cc1c9b13caef7a01fe61eda48699839db78159be72cf0fc486f7e108c1262153ed4f182b1b31436f946469b845518efce40000000441258c915d3effd6257fb5f009c8fed5a2dd69a1ca29f1f1e75c4bcf2c79a476238d2369aef37939756e30c71a2426ab7be9615477a4ad5b09088ef889d6b8c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000009eb7520718065ebf22fc3267ea604fbf42bab81cff943504b9fe2e7929a05531000000000e8000000002000020000000371343f5d6c0b981aadac4f9baa7ee604ef420d66ea58f1025d51154eeecbb38900000001f041e7a1bcd87816ab4ab7ba7a4e11ecf46b93bcf1f6b31044811b664f2c9367000ddcf01b9c78a692680b6be1b3cf684c0f75d8d3de9681f62125c58d7ca054cdbed88cf3dcec60d07cdcd1a23b3b5bf3ddc9edd3fa9e70bb0526adbefbff0185620cf0bb5605cda771ae983e30dc19e165b6fd7023180afbdcaccca9eebb0f13152b35ee200abdcd981c1f712fb114000000002855f616fb3c47e72c606c05acd483349540f5b18cfa1a74b5c09aff5191f2b6a3ae759a3ba079b9cd70a99827f9a59d5356ee3df1b0f63381a514293cbd261	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000c0ddbb13f5ea3cfb0471aa7e0ed2200c3e4e0ccba69a16216f3455f3d8b4a4ed000000000e80000000020000200000007fe139ac7a5128f664029a5b87a81401e79eda44026bcfdcfbd0de134ee96ca090010000e629d46ed0c6e52b85739ea9039d046e9f8c9457ba5b65083d3640ad988e0de8d8478de6b241af2b1b964411714acc0ef4e40ca747fa6a49cd916453a44b124cdff4ef7d559b48aa57aa56ab8532675dc7c569b7877fb16e4ba9350125c61f2d25b49a2d740d0046771338c78695110ec6071037e77a68d4c3223bceb11c533b142bacc33df9ccf6b260347503fde6a91414474d2314f56126c7d559cd744103a4bbd50a50b93c463e3dc711955ad573a29d7056298ead0e037e031a0e14b3d4f229a0c2d88cfe915a09ffbe30528c7ab369f66b44d98d187f2d226bfc9153753469665ace13805c28df282e2aa0828092030a7978881e0c79a76dbd60ea75622239cd95598ebc08a10b2ff91ef48a8d8683ce8198d5f19da095ed17e29fd5834cee440b83cf54b5dfa370a9c44fa35f1033f4bfcd7e784f3627c9d79c5ef77a6c38d01d88ea8505ac69672439b42fb370536fbe62cc5b44e94326e888e8b62b83ddbd33b6639ccebbe8ae753996adbf34c2d1cc39bd80571204c753a72ce599acb71f4f74378405c7a5801123c9e56140000000f7851bbffa3da57ec05c50fa46acfbf4306b9bf4fee0d8519e33d9f2dd053c857716160e433cf95f9b9fae7fc1be1283e9df251e3cbe953fde527af3d860b0d3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000581c6b1f48efcf814445c40fc8d6faf2a6b7ad77c5376256745ff7055bd0b2c3000000000e80000000020000200000003f29bff24fda1d840f79bf98da9079a063ffc1e3305aaed6d833ec7ee9c300eb90010000a3a45215fd903e5372bb101f2e68a88dca4ca3976f59013ac3821193548e1f72b1df28baa7025ca98871192ac1eaa5a7bee717d0b299bb9bc785cd945f8e7def6420ec1959650175b4470d866d39afdd94e9773477608fae17b805f6002322a449d58f7132056d4d3e19a33b88972e7d90e61f3614efee6a475efdeb87f7a5875ef20cd2044d3fc7db59b7ae3dfa90d145e26340a6cf39fdb056361d65dba7a4b4b3583537847cf50c98282f848815f7f0cafad390180afdfbe498773d91ec17d908726bee9712fb9811482eaab25f4513c2933d50d3c9010bafefa4316db40ecbb6bfe6dad3264be11e899668404bb97806692729129166f8d912e6d7b230df1d8b88099e572b0ce593b0a9a32d3264ebc24cb2280f5d4a21c5c9fc745ca8c51f20e91ad57eabc942597d4e5b1cf539cb6ca92bf6226b0d8a0d8e5d6ccde335a08ccdebe0c7444111870267a391b204a6523b9aec2b3ff501f3c228c05fd27b1a9cf89793f798db4010ae864a41bbba045c3aaa67604e0cfc5a661a21e7d7b727342455882feb8303c6a3c14d1e7d7d400000000b1c76f39498a9463d9e5c099b0148ed54747f3239d1afc4160587a5d004dbcb2de94311325a16bf39d7f963b528181f97defdc87293241bf658b493032acdd4	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000002d9aae50f48645f5a4dee4498bdfdcc0660ba44a72c3f83502fc34e46115dc51000000000e80000000020000200000000809e5180103b6c5cc8c4a9b9db4a39fd460d572e7f81328f943e45c708ac5bc20000000db4332f0f387b8bbf645009701fe2b071153cb66725569afdb32bb218a4b84b040000000f35e08af7ffff06e74ef960796a83a1cda2c8683d723f9a3dfe308eccb1d8c8d53ce570a032703df09b848ae686bf17ac94ee1228093becefb58c438b20df328	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d5cb7ab0886613bcdc683f39cdb4accd06d8ea10952c81b9ea6375b5024c2823000000000e8000000002000020000000b5324be2e4997664b7638a3c3e01eb896166ee63ebfaabde5b7bbece47a7287d90010000385405df6f284d41d7c09597282733ac6dafdd55ca2c2b0d0dc614f8ed98212630393c04a93a440df37c56cb3297a431b21fb2ff623a8c91b421f9eb1500d3b08fb267e476b1da5d6175a887cbfd8f42d956e857d7c7e66e692a3ec422d5bb536ec47a47659c6ca2cce2566237a6a537c165985c1536acfc41d71430094315983c0041fdf0b9ccebccef29e3e0e25b70afd256e29b28fb217c292baf7531bb69ee2698417b4e4599b7e4175314f40989d21ed1e43c3c0b7542b1a07ed34feac1c9ada62f02674451d81aef2a23158985ea70cb76e9137a284e64c0428ac4eaacdbfadad256ab262957643e9fc6bed8af34c675ab52096d5e5f638b0ec696ec58ec47ddafa97383e2da6d25cbb77022de9cee645a91ec021d511bcb0d7604aff1ac8a5fdea07bbc8240bf048772be4cd89ee0e1634996095c7ff01f0c738b3b50b40d57bc87af02fea735c270c2e519778b235f61a4a1e80f48b636973247e5ed03052eac79f2aef4605674933bb6bc02edb3dbbd2100f708561913d7c448d5d153454a441d2c08513c8eba180857468540000000aec7060a76500ec9146edd3fe3b49f08348df82d64e21cea92c306d787c6330341554a19947404cfb9c6ebc0e198d67e8aa53574ab3d23e9413a5417233b040f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000007551e3eb285035392ae66fed347c702e8d4362943e430758e790cbeecea767f0000000000e8000000002000020000000a694781ddad709f77307a18b6f6b5ff0ff5063ef31b4101d97c67a752f92036a90010000fb3f564ca07563751fb7fdd489d72aa889315ec5e3c03fdecb4ed6e356cac00ebb08d8c0ea19650bc5ba98e6ee74502f31316327ba439c2fbf93391fad38274ef32cdfccd8b4183fedff5b68c72ab96b6dae81d64bf6bea4db79e2757a99c411ecf87d27e6b9dd30feb5c8d05662956de13e76a665975a90dae5e823953fb1f7ec3766fbe74c5c7ff941ffaa60ce8c0960f57d2947517cb402be515e7b846327614c90c6dc1d4c088cf0791b222ddf43d9cf04d62cc07fcd86bc4507f2c31dc8965e73411a21f1e7e679ecee8af0793218cf170db25ebc7bb99bba30a53ae036b519ea1b8978b5e24744b8cd9a07a692062cd667b1bc23a8c6df153b5fde802ed8b9f580426ac792827c3887a2c6bfce1059c99428b6345672fb96677066be430386546c4045c9a1da9840a085c016ebbdf162c92e58255c63152262d1d449cb9effbcbb07af893852c80de8be21a530f7a3e343df4bb75bbb1f9a781d87d4300b254e42477be3595ecedce67c4a26df72e462905e280b72e4119ebdc5d4c5767c6839b74a2b25d2fb1ea84f00f6f33540000000930d0ce1958188d5782620d3b06ded27c7cf345d0da7c8859821f646c8290b06f2b10e476598863221529b8bfe6db1809e240931ed9957a562e201c73bc23cb6	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\dslreports.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e39a1bf08fd9eca00e4bf99d6e35add6ed820458ce648fbfc2a5acea7dc4f8f5000000000e8000000002000020000000d15c9a62545aced6342d67fb0fa7ae7767abb5b9a065f21ee39bbfd5f9a4efd1900100005b63e061b91d3213122a71d13e6dfcb323c572cc1961f048707adc0728216becfb8c5a977c769e440520806f71e9ff80d205dea2bd0da384f79fe03b72389a8190ec5d00bd69ca5befee417a66f142be4caf7c8956f18b3dbf7183b40521687497efea33a2fd44c83305e3df4f381debdd3057d2523351ce3393c08ac270a174288aff406974538e3d5ea5c85faa60c23ef8e605d66280397bd21ee53cd8cf1aecd28ba765b8703f56680e8735707181eb4233f2e8ac659d35d0caf2cbdc665d526cf0b2b6822eaf0c2f9b4e3cc173c8e9524ae8ebafac82190c42cf25515c1437c88f79a14efbf8da5b521c51f4431f5546cdfe001fb58a28eae952b77a795316553b9b2d5db84d9f8cb98648b9b40a4c1a0cbdea3d9902314636145da2c08e1d2ffdd8dcb8ebe707b1b4660421d6df32420de292b98f27fd5781383f2bee5e4b3b80c579005e31ed714ce467ef149b687234ff659fb1856df6e1567dd51c4d180fe0f536e2aac483e0cf55fbdb88181c23bb05711ca1eb0f077279cf0c5f2c85a6e735358c51e52a2deb01bdb02326400000002043a086f5a8b665481b8b1883eeb8969238970b4e61d4f1ee78e22c73e1e0bd544c92409bc3b7b853ac1cb4371ee15d513ebae158adf364691e814f8354289e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000f778f2e17c93f207815de3937a90aca224f5b9774280d53fbb1eb06dee674504000000000e8000000002000020000000ce70c9ff2e2826a37400dc0d532a28f5c6a2f9662a2856cd74d5b3dfd06adf6b900100008656dc3eecd83299bbe8451d2ed4b9f85ee433d33e3b41fb35a79febd8e85fc9c32794fd5b5ccc0f4c8281e4847c9fdeb48c71eeb9ca92fde78dc9fe7f55b70baeba1c2867f76a9524fd9c358da6f27d2026325f204a637f6f9927c6ad4ae97a7378f53b6415fd15d5aa599fab93cc401ca70aa7844933dc4586e91f2030639b0670dac6e425bec32d8c4a8b3a93a5bb7e7d9abec092c25473294c2e64fa98c373840e8280d15df09f5390f1ef786135fdfa7eea77d9039e91c4e4296d05928b53de7b3ef717a2426c071ef998fcf94b93729be21df0243aedfe54ff2fcf862dbbdd52b51e110cf119b33b98d2c63e487d546c564d79de50615df0612df14e071ecddf34be39f7396fd94f6d4e70129ed8afb0c3fe0897eb2ef3c715ef37cfb86ba91f26af0d84ea1c51e3d709a3e3d90d9035b4ab2cd8b646b6c283d0965fd8fa7ab6f9101232795003ab16cd114a0fe5226cad47d93a5d84a61ac7b19bf0190a37e5bb5f6b9d78d150ffbbbbbb38d63ca6286c0aeb3535fca990b6e08aad2dcb2e07c03abfae72ffe9b18ab29ee708400000001f37bc460382df5e248b26e7fda8542369557dff774a7564c4e7947c8ca2a4da983345e4d2de8af0f02293d7d7c487f868c3eb0abe84f849dcb77fbe04149ff3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies registry class 38 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.btsearch	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\shell\open\command	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\DefaultIcon	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\",0"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.torrent\Content Type = "application/x-bittorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\shell\ = "open"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\Content Type	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\URL Protocol	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.torrent\ = "uTorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\shell\open	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\shell	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\Content Type\ = "application/x-bittorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.btsearch\ = "uTorrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.torrent	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\Content Type = "application/x-magnet"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\shell\ = "open"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\",0"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database\Content Type	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\" \"%1\""	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\shell	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\ = "Magnet URI"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\shell\open	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\DefaultIcon	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\.btsearch\Content Type = "application/x-bittorrentsearchdescription+xml"	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\shell\open\command	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Magnet\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe\" \"%1\""	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe
2524	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2612	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2524	iexplore.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2612	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
2524	iexplore.exe
2524	iexplore.exe
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
1508	IEXPLORE.EXE
1508	IEXPLORE.EXE
1508	IEXPLORE.EXE
1508	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
1796	IEXPLORE.EXE
1796	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1624 wrote to memory of 1352	1624	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	31
PID 1352 wrote to memory of 2728	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	33
PID 1352 wrote to memory of 2728	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	33
PID 1352 wrote to memory of 2728	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	33
PID 1352 wrote to memory of 2728	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	33
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 2728 wrote to memory of 2612	2728	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	34
PID 1352 wrote to memory of 2524	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	38
PID 1352 wrote to memory of 2524	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	38
PID 1352 wrote to memory of 2524	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	38
PID 1352 wrote to memory of 2524	1352	53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe	38
PID 2524 wrote to memory of 2200	2524	iexplore.exe	39
PID 2524 wrote to memory of 2200	2524	iexplore.exe	39
PID 2524 wrote to memory of 2200	2524	iexplore.exe	39
PID 2524 wrote to memory of 2200	2524	iexplore.exe	39
PID 2524 wrote to memory of 3024	2524	iexplore.exe	41
PID 2524 wrote to memory of 3024	2524	iexplore.exe	41
PID 2524 wrote to memory of 3024	2524	iexplore.exe	41
PID 2524 wrote to memory of 3024	2524	iexplore.exe	41
PID 2524 wrote to memory of 2112	2524	iexplore.exe	42
PID 2524 wrote to memory of 2112	2524	iexplore.exe	42
PID 2524 wrote to memory of 2112	2524	iexplore.exe	42
PID 2524 wrote to memory of 2112	2524	iexplore.exe	42
PID 2524 wrote to memory of 2316	2524	iexplore.exe	44
PID 2524 wrote to memory of 2316	2524	iexplore.exe	44
PID 2524 wrote to memory of 2316	2524	iexplore.exe	44
PID 2524 wrote to memory of 2316	2524	iexplore.exe	44
PID 2524 wrote to memory of 2576	2524	iexplore.exe	45
PID 2524 wrote to memory of 2576	2524	iexplore.exe	45
PID 2524 wrote to memory of 2576	2524	iexplore.exe	45
PID 2524 wrote to memory of 2576	2524	iexplore.exe	45
PID 2524 wrote to memory of 1508	2524	iexplore.exe	46
PID 2524 wrote to memory of 1508	2524	iexplore.exe	46
PID 2524 wrote to memory of 1508	2524	iexplore.exe	46
PID 2524 wrote to memory of 1508	2524	iexplore.exe	46
PID 2524 wrote to memory of 1796	2524	iexplore.exe	47
PID 2524 wrote to memory of 1796	2524	iexplore.exe	47
PID 2524 wrote to memory of 1796	2524	iexplore.exe	47
PID 2524 wrote to memory of 1796	2524	iexplore.exe	47
PID 2524 wrote to memory of 1812	2524	iexplore.exe	48
PID 2524 wrote to memory of 1812	2524	iexplore.exe	48
PID 2524 wrote to memory of 1812	2524	iexplore.exe	48
PID 2524 wrote to memory of 1812	2524	iexplore.exe	48
PID 2524 wrote to memory of 2940	2524	iexplore.exe	49
PID 2524 wrote to memory of 2940	2524	iexplore.exe	49
PID 2524 wrote to memory of 2940	2524	iexplore.exe	49
PID 2524 wrote to memory of 2940	2524	iexplore.exe	49

C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
  2⤵
  - Identifies Wine through registry keys
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1352
- - C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe" /PERFORMINSTALL 4545 "C:\Program Files (x86)\uTorrent" 2532113908
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\53ce3d6cd13d8f20b5130dc471c1193a_JaffaCakes118.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2612
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dslreports.com/speedtest
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2200
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275479 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3024
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:209940 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2112
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275517 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2316
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:1389593 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2576
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:799778 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1508
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:930865 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1796
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:537687 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1812
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:603247 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2940

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
- System Location Discovery: System Language Discovery
PID:2864

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
840bbd22c105ab0f25248c9221c7606a

SHA1
98f2697139dff478703ffe889059e89b8ef7c5d7

SHA256
4b52f76f55de070f9f54b5b7d76c56cf8291e19b8f57dffd3ef0026c6c510f5e

SHA512
93ac19ece0ce0c54a3fef20c90c7aed897f012fe5f8b7b290bedc54909249c02e5c4af6b460efa4abad4606866b20f200de53ee96cf7474c705c25e2e2217d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_D37FE0224BDF38FC70AC9AC77287E415

Filesize
472B

MD5
799088690b993df2797540414ade32ea

SHA1
a7e2a048e02efde43c3ccc010822b692b9b1e2de

SHA256
820c204ee432ef13bf38a1f24d9e80624ed4d2da18fe6673269eb644206c3860

SHA512
ebfbc11c97df89c6c118b2de2bf15c0414478156c40b5dd0fdb404f8c6d373dd890fc7b07e9660dd15469b05123c9ea824ec20793f54381bdf756a3f6a8334cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
453d5df8969e9ee8fcf3a9927ec682ba

SHA1
713b0141478988dd9ddae20f7a71fbe06a76bf31

SHA256
3497592597b5095b3e1b01daf967130b73f645bdfa7ae8b929ec2ddfa1c42be0

SHA512
b53ae5dab0885852ae2034a5ee93bd39b5edf482862db1afcaf1ca37ac8fbb25df561c3b84a8c50465c7089420ec1493443765c41e3ef04456e02caef19c2ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f78ef42e2ee43e1180f57a6622fc8eb8

SHA1
f35e3c478f89ec998b712d6ba2bade54cd41045d

SHA256
6aebb49bedc85a315b4c405af15b7097dff820a8dd6d676d316d7e5d95768770

SHA512
9b119287ab516f26f651b689679fa09ce01c071442de5e5225bf266d657b7247c7dd3f8fdaf1431206c0510bf99e835ac4ad176c8139553960c71b01404cc06f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c80ce05646cc96410dd51a50c08156ef

SHA1
fb339d43f83b85f2fa0cb4c66142e6852166b04e

SHA256
dbfee3c88412ff8b5425248245d20161dfa45bd616d1737d4dcec63e55e72bd3

SHA512
54f984df29b768d75588b34278ac212e9999d178daa7e56c608821cc6fd1b90edc0a4de45cd740d9256d64e0b08113806c7c9a5ed80e7397f1f5ae6b27f01ec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f46c281965c1e82bb25f0dc6ffe3f4b

SHA1
c57ff9e0ce61b18e7b14915a6b6cb3af7e389ba2

SHA256
87fd833e52a7cc863f48a95313fd94e591e44b8fb7c8a3d8b8f8f41460e90739

SHA512
fa526b68c2044cc78e81e368da380b884fc24e4d67719d78dd94d0d86ed31f47affa29219a05bc7a82cefccdc07ae487cf1f2836cf9eef786cef58b627c27ccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b2c361149f74805cbf031103956cd94

SHA1
0308823df9c41cf9b689c4aa4b147d5ee09f986c

SHA256
d7daee586a3b50d91ee81c555c07b5d9240cb44de3c0a38736d65cdee8e47092

SHA512
48dbc0f9d1cba4c468b9d1dea7cf165503cffd1391d67b1fbc72f841526889a22636724aaacb2a56f2cb14d792da8b351e4eed6e8e1a3853561a6536c3413a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd4c03c64088846b5b6d701b5b992fbc

SHA1
6a754b807ece843faaa9ecc9c8e5eac5b1b456fe

SHA256
d2fc029ea7303acfa49e52b82f34210bc7c235cd5fd13eccffd2a5f04866b4fc

SHA512
093d1271b6f759ec8df188ab51a0aedfd2fffb52ad46b50292d3af5f572db1bdad385ec07e6330611afa937a974918ddafbc007d01da88c96e55177839b89a1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00e063fe4e22c18b05113ec0239606be

SHA1
f37950c182c4f9544dffa2d1713017a09dc219ba

SHA256
96d6fbf4cc7844d8ff164108a814a1891937902a339de037dcc10519a0b7439c

SHA512
9eb2e1b460d6b082473742da40d2368987f657c34d38ef03e6649c5974c703bb9b2365f9e33b1f035b857a9de5383449a78e5c0e8df701a144b3f65997324793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba2eb26992c299ccfc2301fe5e27b1c4

SHA1
46108e9eb0c25305eae572e925d8277bb82a23e4

SHA256
f58fe7cf77870724b146e13c52a0b024e6d0f961379f96a7ae077393add852d7

SHA512
73b8c14a69048975b9a91f172dd599c2ea8772f8dc861edfa520b0d53c6c166d55ec8ca86cb8b1709652150a579b5de2073c7219f48ff51facd8ff8a90d9ee39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faf8f7f0d0b6a12fd4c6e97178b7325f

SHA1
858d7750615c5994d15b09b62c1dee58c845a6d3

SHA256
803ef02d8d60126428ae0ec808f535e8de683c554a22e1434a7c1f3f8e826874

SHA512
aad040654675e4d3ca2f1f6e8b41c37752739e02b6a881216ab19783a5fd639e708d9abd3eb6621a8c473c548f13999f1533db4d060a7e7b2eb2adfb920eceaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33271f69d11ce7c7a515e31e038fd69d

SHA1
187beae27c4aed0ac1b7bdb7a2e81aaa29f42e88

SHA256
487e33e2f1d936c90ce4b31581b2059ab9c022329e0f0c996054959e577fee86

SHA512
1be79f64062060bec8c2c74def62227c53aab23d6f7d94ea3a7662a7866f7f5ab047248d8f8b36f4bc2baae5f40bc9b1c2573d5ae53e03c14f231f538a641e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
211b1c60d8c5de8e75b90a1a6220af9a

SHA1
fa07d99cbe10fbc1d7b189c893b7bd3ef18ab28e

SHA256
9876b1ae85d8d632b672dddfef81729dcae306b2e579ec3533ba8626ad9761e2

SHA512
d58f96fc6581af9881fc8fc2741d79c170aa8d4f737b54f61b403b5c3806c931ae484dd6862ad29d7599c171030e70c4453093b8d8579ae74d9ae78513254898

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa68fc544a3c053ec8165f3f6b2606f4

SHA1
643783274344ebdbbf076df5ad6d46b1cc507bc0

SHA256
d55029c802c7ed8c867209865dfc957368d96bb621a73df7ec06d784c4448787

SHA512
ef98d4b2ae1d98f92f4c4413b8fc19b88f26dbad8a12c8304594d0a6c39a5d7731112e998e5e88ff19e7cb25b81917e242b8c000d5da015c03119d1ca0b77540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18948343297e69005b519aad701c2462

SHA1
1aaac5df5e5eecfefcaebbed10d18be60e422692

SHA256
922d04cfe22c8097579381de523b456ffb1fbd18896129d38c2cc54e9efdea1f

SHA512
3b12dd84d6ec7d5dde2cf5c21fead01d5f0823b5800824372fbe3dea8126de8de8cc6f1ecb2924e0197a5c7acc44b73afb6c5f1b026bcc10be489cb3caa65441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e3481ccc57522bcf29c76f247bfb780

SHA1
2adcf593d137b6363cdabcdad14532ea40a267b8

SHA256
98b085644364966268e31a503ee16029b8958b1d14cf2f2415c3a728e2f2f609

SHA512
176f305d6097e92a7ffe3d435a64277c2c8132ea8eff467449f2e3a3ed94373a7bb4d8da3c53937141c5dfb70e05987e67ca1d4c6bd0dc93bb9e59b6412a90db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f28b502720224f78e62567f51f1feea

SHA1
5e6c4bd55f9c7360c58bf3e951650d3486bf83cf

SHA256
2e1f9ec94f614b4f34679816709267c2d80aab7de6762209b8fac9c6b9377afd

SHA512
e8b2e41fdf29ad316d1faa477bbe6fab00f28fdf115a8b741bbe67337d81facd0d28581cd89537308484b576b8eb8ff15cc913ee3d232b2c518ab5fa37a8f1f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a8b724a084cb1cfdf7d6f76d953bcb

SHA1
b55f29322934ad54232286d0362b94867d8ce5dd

SHA256
bb393d5aaac5e93a204c854b5ee65c686749003fd7ed92e896fa0a5af03d4ab2

SHA512
922ff6eaf4600bc7d28b0ec3b72fd031a2634c732f10a1205e35e6a162cde9823f13f3b45c2eaf1bf25e81f72897c529353f080885ef9d071f39b1632ebe7ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cc529396c652f55b089b51b1fffead1

SHA1
dd6772437fe0249622fe27571a8fa2612156293a

SHA256
9cf2f3bd359bd8eec70e6da837e113f1f853f917662059a7072302d92782f154

SHA512
68b69b0003d3ff5c85a98ab566d881672c351e79097c44bc472526a22a6c401dbae87fbf0e7dbc040d0c18e45732292bb9aac2d6274a6d3403aa2ddfdc90899a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
439121a7d81c3249dbc950867da702b4

SHA1
5c8d81af34f9fb73a4e34bd6ce49a38800e3b7da

SHA256
2974ad7d94373c2452a9ee77af0dc5111187cae8ec506c62737f5741e2a181d6

SHA512
91dec97197d7e2044e1244945140557dc539de5bfa88fd9728ea4852cf65a8ea9818db15b5b541496265e282bf210cba351b066c35e8e6b0d7cec8e28c2076d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aaf3f5a02fc122217ea89de683ecf7c

SHA1
011468122408c7964a808270cf1f99fa220223dd

SHA256
297332450de8f679129fc34e38a0cc00e0e8e09800f44ef95b3388fc469cd798

SHA512
fe982af5e21cc539c692595ec4746e55fccd818d0726b5f0fcc0207e18cd46daccdffeb180cdd13bd89087c48d105e15515337fa8bc896a241eaccf60f235f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38ed619ed4bc640b3732823da1a8cafb

SHA1
086f9338b5631b0e6622709a7bd79b1f4d8d88f1

SHA256
ef6fe5fe1e167661524ba36ff39e8e1cb9a1d8d22bf9892baa3c4c02b71e26dc

SHA512
39f60978c8f6bc36f6ef18a92727447351150e6aea6297efc37a1ac93c54f4350e501e7e61bae782e5ba64384ebcaaad62467296278804b7ecd562f3d52fa2a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a824976c4de9aff6637ed59412e1daf

SHA1
ca5dcf041b37493e927698e43934c912cbe02c50

SHA256
751e6b9ec5e28f5b3736f1893e4924b54c2938d3828a42dd9116a9660212cc76

SHA512
b3c5cb643bb3477312b7e275bb8b2d4d20039ee1b1bce79b82040266242d9f104de8eb6738ac599f3db7ceb7dec2a317238165385c1bdae1ad04553fc41b537a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76d2e096f10e1261398db9d0bf5ea75f

SHA1
de6ec59b45810d503fbabb1ef44475e486fb6b49

SHA256
71a4a9b2b74b379534d1c2feb499b4399403c45593337ca1463309e861471696

SHA512
783a33339db4c7189b9bb472051ac1117fbc088f8acf74216ea50285506ae885c6280360401e2c224094463eeb5f3420b5e1a5764d2b3b9d29f9b4f5ce79a34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb1ccd99bed8ed0ef91316c348f9d727

SHA1
79a672c56799bc91e6023176c99e6cdfc2209ee2

SHA256
e4c5321c13885fa66281f13289aa033aa78b88d2409e832e78eb6086f72aeab8

SHA512
2b1bdca96e5d3a2eac2c7c56ad8b1f1d75f1c81840c0d85ecc7c55ff2d374a2d666cb57e5e18e6788c43ccf97cfe156b16efb0d8edb9bc248c69e4df23b43e92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47ea289cba4e8bb5932c30e73a5f3cce

SHA1
3b99c94eddbee76ee331e7c697543dc26471c884

SHA256
d89329bcf7787152e7224cc90774351e90502c4510a2cea9076c154806aa4e4c

SHA512
46ff4702599d9290e2ee043070bacf77f1550b5c11bd5665900d2e36706a7f82c586e9aea4c6d68b8e895ceeebca3671245cfccd41a369f5a17871a1ed987ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_D37FE0224BDF38FC70AC9AC77287E415

Filesize
398B

MD5
61e3db49a89f987ae2ca3cb439cc0b94

SHA1
c17b2353f8462532a0306dfbbe07fa86967d7d4d

SHA256
4bb74ccb860ec3b00046f5ea7b69ba16d914b8ff9f381b0a2fe81f73c6cfb290

SHA512
6224177e53da4eeb740de12e9aae22bc05d66dba8958c9148ca5edfcc4d18153ac8f07ec62bff6fe4bb8380333f1c4b6d2ffcbcf5a8bfdedc809a1d0526ad361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
59429535efa799b63231ad0d4ec77bcd

SHA1
bd40ee19de43b973ae53d9fa96cc71a2bdd3bc8d

SHA256
7ce2389895fe1efed6dc11a267a28654a0062dac54f1853a97b6e3639371b07f

SHA512
2233af68676a5cc5641ceb8f258845da1cfdb530dda5fb17ce1901dd7ce773c995063760d551a8654ecbfddf61036e3d5041ac775a3fcc194f34d62355e5da00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\C24M42UW\www.dslreports[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat

Filesize
1KB

MD5
dcdf4485b7f22658b73ba7100ee5ccd4

SHA1
f14830799fc7596295100760a797d6e806d1f4b8

SHA256
2768d08d85a1011c951d0c08a95b4c72bd3fee5237aa437c6e02fc7515209d57

SHA512
2d75e50fdc9c51d8393958a774d91555d0d540c5da2b641258d5813da87cd33bb2130d2fecc7f6c47b27f0a5aa1d5832d572af756b8c848360d5d9596cb2457e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\default.5dcb449c840317ced017303e3a4a9635[1].css

Filesize
84KB

MD5
865a04f3598dbe683e11610e6863fe43

SHA1
5a1d58008ff6f7569f29163aebe3b5da39db2a9b

SHA256
33656d27c93a046fd86bb43a68e687979d5898aaa29e74161ab7e9d1ee61099b

SHA512
6262d9f7b18d565473af48355bd0f41dad4614c9c033d6037a54fcb5786248dad5eff46ae817a96a05cc132a4b34a4a5f8081c918f90bcdd0f4ab3e65a52b34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\fade0-FFFFFF-50-2[1].gif

Filesize
321B

MD5
a0473826cbc1c79d9a0d9367086ca19c

SHA1
192f14d4f15fb774595aa35297ae6142d8f85630

SHA256
5a18250df2595fc0c2661235e42c270add4fdbdaa9b13a1b06f696a380dfb3de

SHA512
9471105716e991f49577468b9a43e7424889245f86bbe14a42c0c97c16bdd9760c69b8f21a0326271327c7a8b8ae5c427465557482a98fef86da542b0de5e959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\footer-glow3[1].jpg

Filesize
11KB

MD5
ef9f41a49d38b20e12bd0c154d1b3d07

SHA1
74b39de29c306e2b1bc84276d673e5dc119edbf4

SHA256
2e4635a2d3c915529dcdee4bdc2a53bd1434341fb2be31c50484f6b057e28486

SHA512
cba077cf293a6652a103baca3a7206cd0f5c738b4b14f782419386a7faa0ff088e01b0f826b015ee40dcde62fef0000365a3adbeee1656295ce980b5bfaddb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\hc1[1].js

Filesize
197KB

MD5
1b1fa5f868ee6b5791946dcf8ff5b06b

SHA1
7ddf05a1161e9c39f4cd436ee176da76b86f1b18

SHA256
c6faaeb9ff27502b62e5f436bfa47cb16c21fc952b3d0f65dad2bd096209ccb9

SHA512
e8a1d00ad80097c4be6cd5d3a5d38f3a3100299d7cd18cff2890df38d1df0b17d6b651cdb5e41fe485e814e41acf0cb9d957a502ab4f587c9322c823b9faa820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\jquery.bwlaccordion.min[1].js

Filesize
12KB

MD5
353c628a77ec1d04ab783e13433a434c

SHA1
84809f2408744c81c1859d5dbe2361800dc29063

SHA256
19067918e28ca1710dcf4990136445c6247d76d4c9fc58be5e09a713f2ffd41d

SHA512
3d15cbc560c54bb0cb31bc90de9e0873ac94baf88b2627077ef33cfb70864ad5264a34ec46e406c82e29051188b05b7381150461323deea1e683cb93b7ab0e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\zerofail[1].png

Filesize
10KB

MD5
9e8f45faa0b31900c36124aa584bfaff

SHA1
ebd41f98e30b976be673db96dd3ef16b12ab645b

SHA256
58217c3addbd2be0da6b9d7ba0d882709564d4c8bedc8de64bee2f6639803669

SHA512
ed10fbbe69e9b69fe06dcccbef8fc2803d693e5c488e6d58df3be89627a7c56f5f14c6c2e7430fb2d2d4b6e5a38e75961696f21aebe1bdaa451e02a7df8a0ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\Chart.min[1].js

Filesize
50KB

MD5
efc8f7a92d266821e01956592c93b3f5

SHA1
0151db925644f125c1c14615ad6517f6dfc03d9c

SHA256
c61e414d3e1b2de7fe118d26501908fc0e36b6bcda25704af823df01e14499c6

SHA512
b59199d35618e71f949707c69cf7e32136f9e00277d5695d405d123fa2eaaac51d7d073e2a58e146f7af46095e748a82bc667fa491d51d7723c0121b418471db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\animate[1].css

Filesize
8KB

MD5
4f4ac1f74bed48c4cd31cb96a446402c

SHA1
85c961d0a8353eb5a9d9d22b956f701e29119f3c

SHA256
bf73d4e2b1a5c72abe9fc7fa025585fee0d074046fa2d00442a33eb98ec8d4cc

SHA512
350fdd039926d53882471c12502087000a0d0c5957671150b61f0f92669cf20ea3400286fbad125b487d61d491a636e866e7d474be13adbdf93d964cb452af46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\datapacket[1].png

Filesize
13KB

MD5
bee076073dce5a46e0f26347d3dc6599

SHA1
a32dd52ea5c41bf616e778b6fcef2709ce038c20

SHA256
2a96c599b75c8af706298742d7b3330e0dd54f7ac8b3e9bf1bc43441f523c683

SHA512
0e2bdb4f0125d63fb9d2fe20c23da1810f053e6bf3e536dd5285aed53aec32d340b85633b3bafcfc710b4a110249394e461c2e7afba8789efdda3c260fee6e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\de[1].gif

Filesize
1003B

MD5
1f31389417402bf187e3276579adcfc1

SHA1
658045e62fa454a1903324b7fd6dba8ed8fbb10a

SHA256
66671616f880ade1bee6a9afbced9011f1fe1b179ff9860766f700825e8bc9ae

SHA512
a7479e8b943f8b27eb96a3a61db5f8a56b333e8d54d05e247f80f2a546def2b8b2a9c73f2e70185be7278c9f0117a5e8b63215b9a1ae648614ffed8d9b03a8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\html5_graph.min[1].js

Filesize
19KB

MD5
e522628a64f83b31ef50165e5efa744f

SHA1
5781b3f93c0a8666bf96e97f187d2660a8cc5d95

SHA256
3db57855ad9b03ac00b1ca2d09cd493d8e6ac3580ac8790040f7149aeeedb598

SHA512
a959e277027d3ce568ddb5a1acee4acc3959abdc1296ac9bfc7b3f7e7c0647c60b2f752b1e859c8470db2ffd3d6455b0337e510b0bd8e405c3403c192fa639f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\js[1].js

Filesize
291KB

MD5
84daf52f9e7fcf0db3ce588ead156f3d

SHA1
b04fe14fb2916a575054bff1cdf59b53db433f13

SHA256
f866cfe2374931fc09fe6f37712dbe8de23efa87f6c78747e2c5a6b66515e441

SHA512
16c716e1cc4f437551bb9feb194bc065a6b1f3c4a8b0ab1bd8d77b2c9ce8551f4437a90dd48935ab5c7635c22cb87c91c8ea1f1305070ec2710f72562dce57b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\webnx[1].png

Filesize
11KB

MD5
b47a95a163fdb43fbc6d3f5b8bc92cca

SHA1
a8c57b4ef3bf65609b1823506045c869083368ea

SHA256
1a5b105cb80b421bd26c22a38702c494c347b7d92d8c0c806b7ed23cd7bde1d3

SHA512
375fcad67bb81325ef7674c350dd7c188a13e64d9a985516dc2089aace74b6f420d9dd3d2d364585e16774bf6a5836e8da1fa9bb8dba17fc4a988cffc101f496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\ads[1].js

Filesize
95B

MD5
c169a2874ae45aba1899cb1245d9384b

SHA1
65edbc99acf9f11afb189e4e17f2ddda671fc15d

SHA256
bf12ae622888f9ee8cb58a154c97b7e52672cf2978b44c15eb27a2bc0e85ba5b

SHA512
7f5e49b7bb43f4da8e7b37a1c1a063576c55b7099ffca0384f7f7a16a6afc52dfc9548b6b3c9cfd285ff19ce1b8e248e59994e16b3398012ec4c76e5e66050af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\chart6[1].js

Filesize
145KB

MD5
72773d0d057ecc7b9d10429f1281f516

SHA1
0199a9a5e2387daac6481bb4dc52c21b197e4b3d

SHA256
cc187d5f09ee9b616942b3b04d41d6b95f2adf36b9a26cb2eac843d34aa766d3

SHA512
317434802da2a7bd3664304e22e8f137a37bc0877cb9ef162e88e75b49977f86b5fec85b506a68f2fa4e054f280ed4c2b299db61028510b0b2adba3e8bd2b615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\dslrjsbundle[1].js

Filesize
224KB

MD5
42fcb94766365f85ed7f60828644dbb0

SHA1
8d93c7fa32109dbe1518e4c2e581906713311150

SHA256
49657a0253b39127e21f483b98f0201b064293b6b3dfc870b660de02f2d29af0

SHA512
47af1f0502b9657ba9246f8cdc870973747498763a0a9c97bf9d86cb10005640623fbdbe49e4220007fd8eb77f81e333cdad166ebf25f393611a9c824abe911e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\rss[1].png

Filesize
1KB

MD5
d92b91dfe79e287e32ef1ea8685ec663

SHA1
180f0657e60783bb0fc6c7ff743c363dc436b769

SHA256
a5072e468f7e2e87e134585d68b4aafaf34872ff912506b16400981a04ef048d

SHA512
dbf0d671f1381dcecb24da2abb467a895e5730cbdb3b17e7208d189a7724b1c1958e7dad289d9b0da5b255cd084733592e165b7f17bdb9c43a39fd124f62207b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\search[1].png

Filesize
1KB

MD5
02e9af4f7884ff26ea81b7787d7f92d5

SHA1
9391099f987e7689e3ba201c58280560ac0a598b

SHA256
7eab5ce79c14e9aec7a67da9902f99004e29f2fbcc80c56c6bac04157d8e03c6

SHA512
87371bf7b4b3057e1766faedd4bfa30dbe487fc5da83f20ff27ea922a57ec227a7895dd17e40df043cc5a36e4c94e4c6c4a9789de7f18a13d637608ad9ec13ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest0CQULHH1.htm

Filesize
52KB

MD5
652186e1d08b275883635151c8ea7757

SHA1
aeb3d5b2ac49126f1c284e6a64fbdf3ff88c7869

SHA256
8bb40ca53aa8f9618af9b916993ab695ba456cb59a721a39e748b29ead38488a

SHA512
e01e5e68cc86d2d9f4309385cfdbebf4cd0a8027966aeff1941bf70b98102eb84087a006ed7be58351e9865a5906f13bcb4619ba5f94c3f5c98ea80af195d64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest4R9KOU7C.htm

Filesize
52KB

MD5
9ff8acc1b2eeb611015d247c0af1aa3a

SHA1
6c72d4a4802e723305f1a79e0ea262a540b556ef

SHA256
45a25653bd8c280e6f17636681a9e34babcc990fa8d4799481b1dc556fdda7e4

SHA512
00f1b15cedae65312cbfc200587818b900c15a9be4a93e73f6179f76f641c6050ce7528e94be6e301ed3ffd539ac788c0d7a3949752c77900638eb99e5cb9c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[10].htm

Filesize
52KB

MD5
f72068bf0879c599ed808146ed043667

SHA1
5753929b778f291879e40ac13861b7fc96e4152f

SHA256
5e30f9b48bcc248ef2fa37427b5e3806ab998941a68a4f828af13a489a58604e

SHA512
d22b3f0b40546180c1abf50082e3740a0ab9ae4f36c88eaf114e2ca1b806e4d70a2e4b3c29c65c2cf069271f3979790f1b8a3441deacb7380738578f3483fcbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[1].htm

Filesize
52KB

MD5
d4502eeb33c91e8ea0e2e2c5bd5ef9fe

SHA1
d681f08cf6d8e08ac880a4dd8ca4387014627f0a

SHA256
b189daefee171e6bbd3846507b029fcdf42e6f8c4f8afe84586bb6df3b6fd3a4

SHA512
427d6a359093d314a6f774cd39c82bf70ac218e2f7f331aef84f5f695ff1ea024364f0c74a663df8036bc9df181dc21e8f79fa9f343bb18cac628668420a2686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[2].htm

Filesize
52KB

MD5
8b7b6e303d2c765bafdfa09e2eaa1682

SHA1
57be663ff5260dac974774d36527d11f5df013df

SHA256
f96d58de4acd9d56915e8c5b95dac25a98264e12dc808c41328cd01619683761

SHA512
dd4d99e77f1ed6b55cafc8869a4d0b5dc96f608433347aa0bbae86b63a1e1851552d472083960a4af8ca7d07bac18a950df21cb79601c09252c09de93b4047ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[3].htm

Filesize
52KB

MD5
6f3127cdb97dbface2f6d55806d1502e

SHA1
47dde3959ee77ed300f6c6d340e600a20ba30d8a

SHA256
67f4caf39cc341cc52d4e175ab36f83346cccfa085832b6ef75eec812db122f6

SHA512
3bef243e216c663b800cd31feb47a71c1a2e81d29f8d95a2ae4a6245795266e8feeeaa654e81ff4fc4d12dcb1c730abba51a85cd1beb31733fe064b20bc4ad26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[4].htm

Filesize
52KB

MD5
5bbdd29b451431987703194c65f8556b

SHA1
68d1c95c49fbf20f27c95b20c4d3b143a60e4dba

SHA256
def9bf1757cd46b2bb6a929765c0fda6c6e3c0de6acc9c57d9e0fef3586eef0e

SHA512
c6971e814ecb05851ae02b9398a7f4009e208369267e6cff4d756b3554896b1623b0097e4aa669d9f7d8b6359866f1c1bdbdb1e593f1413bb9522aea3766830a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[5].htm

Filesize
52KB

MD5
09f31f92067b97958934d606ec2f1077

SHA1
719c1d0c2a7052cc33c08f69efd5b0148f07e3af

SHA256
601b8064bb624122d2512841d6645f87695c39e7438a3c35bba59077860bca2e

SHA512
912d919e7f933ff9ba12fb543c5abb33f6faba61e03c8d0432e9e88b32c0c86aaf38402813d37885824e71e8333d11846e14529a75be896ebcb94b4d0e2db03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[6].htm

Filesize
52KB

MD5
2b24704cd350288dc6c06cf31eb99f36

SHA1
b85192662804c1f899bea4f682c8f207c9e10e29

SHA256
ded500ef014897ed11a69503f530d8d39f00eb29c415836e84889bf1b551a030

SHA512
b224e590e26302e0e772ff4f2ef87b679680b49383b74b1ab9028d77d4476fbcee65b0503692857dc6e992897993082f656889b26bbdf1f8ed353ec633e30b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[7].htm

Filesize
52KB

MD5
96b2c79dcde598ad91ea1a6f2091b2f5

SHA1
4b191a952fc53608f207c3f669c94034b0a863f2

SHA256
77110def82c9ef73b7acc0ea3ac258b71a7f1eb7fbc391e58fa5d95e0fd101ca

SHA512
6ec5652b518bc354990e94e7299d80fab77c8f93dd1a705ce8678e2d3e63969f80195a824078b3ab95d867683db2a5df0786829292407812aa2b07d0e7447c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[8].htm

Filesize
52KB

MD5
d6e200502fd956e107c63e5643391c6d

SHA1
383d85d68ebd2225b977dc2e3a0e56539115d932

SHA256
25aacb124504a7f3af440600777170b6060f34ea9d49d5acf8d86e26c4f62bdb

SHA512
fdb7f1f222b2df84231fbfa8881bdca291f8830fda5a45d37d96e35dd4722f0a5b059d60d893d08813013c6d5339cfc8dc4c3e3ed7883ec20b1811b60eace59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\speedtest[9].htm

Filesize
52KB

MD5
fcb8587ab05f06c3c57a32ed936c28af

SHA1
37636f8275ca590964b0c2dca6b4aea1c4aff238

SHA256
42fa250c8ac1191a077b6779e7f577d40b1239fb78d871e88601d0833bae0142

SHA512
6b0b4c352c770cffe1b9b482c55d73fe8e8a2196358fe6b85c1f522e81ac1e169ff3b880a011e98e8a67a742481b7122f32a342c7e8f6a1dc07d0dc00f50995d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\us[1].gif

Filesize
1006B

MD5
a5a63b0486b82f067e8cfcbf254a989b

SHA1
c93c48406cfd5120b5576f22a18b4d01fd273577

SHA256
70157a609501350596583c265c25f3fd48485493a326d67b19ab2ba5d8a8446c

SHA512
82cd4d4d97938028e64035710e35551a1a565f48851ca847c4c999b9412ecfdb1833d7223120295727082ce0a0131b31a362e5ba9494899ebbbf437caa0104d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\bugsnag-3.min[1].js

Filesize
18KB

MD5
f0a0b8f2d15e71343cd122a04f45895e

SHA1
cec93fc25743e7f32a882a5a7ba47f692e3e6d38

SHA256
f8bb12279f88f982456dccb048a6d07db61b5858b5b1dd100ab4f8e90c17c6d0

SHA512
f39cfc580a4cb0b4e0122e88252c90cdfbe661e5aa628cb6ba6c5ead1f5a517ed2b1dee0c08b59a3e9c70d29c65de40339134b2e47704b273d30aa8a4f41ed05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\f[1].txt

Filesize
187KB

MD5
482b85c92d93e5ed9260937180ff0ae2

SHA1
2d5fab5e1882db2499dcc493f12a7be17534b563

SHA256
ac7eade488033a4626bf8fb1ecad45c580c27c8ae9c64e60bf68591ed9ca7939

SHA512
30ab33676ec27cbd98484373140aa3a74e111ce0beebe72dff827a16f4c98a41b9ac7cf42bde22e1c9e826e4f3137b4f54f5511f32cdc8469de6bde1fa030038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\favicon-32x32[1].png

Filesize
1KB

MD5
a59579ffb91f15477d32cce4fb4ff7f0

SHA1
1bcc84317ba882f13d6658be36c4a7d504f6a768

SHA256
35fccbc25c2b45747a47e10af931d7416db1092b5f8589459a28a8753e2d5fba

SHA512
67efc42b735c465ab5c595dd9c27242ee04751ecdfdc98b96ae60debe9a2abd8ec7d36337a870d8eaa5f4faeeeb84ef9aa91b3274e160afb6964a14f2833a410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\font-awesome.min[1].css

Filesize
24KB

MD5
a745a9ddac2d6c9ad1a26ae084b2a02d

SHA1
c4b3bd4d1c80d7ce2fe1469f708729c3cf4b5d5d

SHA256
9a6e244ea2dd3f565d21daf4f3e8645e9da9742701573fb01111bdd4a91c61b0

SHA512
f333696b89022fddae600ee6740635d4f34c7a23f47c359f1b0d330d2f082d61afa23f49307c66e85b6365159c9d19707ba5e38638bb1eb1907432dc9498e74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\ll-228[1].png

Filesize
10KB

MD5
63f6c4c3e308005aa666f6f02005b660

SHA1
7c824500f8430a04a49af5c55b57276a9544b078

SHA256
2e292cb1aff44935cef0ddbc6a1a76d05a03f7c5a68ab5dcdf52642feef59021

SHA512
f9cdcb1a3158da54fc7fa5591f51875009836007504be1b6b31a219fff273574a462b4d63c948557e9fe1ed0321f300ad8e7dbec9f6ad205fba6151cebe46b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\odometer-theme-default[1].css

Filesize
3KB

MD5
c530d921e6de4c6446f25fddd774c34e

SHA1
b484d6425fe7f57a931a8666e89a792a26bf7914

SHA256
0edd72dc43646e459ddf3378ecdcbe4527fb5a3e5a1732facec5669c4e46e952

SHA512
03fe5e9f344e3945b4ffba9b7bb75acbe9b1be068f784f96085394c33791a0a174592f972f8d72b15ea456eaa6b72284429b6b178d7b74daa34bf261051c6be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\odometer.min[1].js

Filesize
9KB

MD5
519a5777444f5965b6df23e26c69f037

SHA1
fe5beb60997c84ab2f91b54535c4221443cdd21f

SHA256
03c1e188b884240e56a79c39b6918e16e9cfdf9b4ed4e84d5d8efe71fef778ae

SHA512
3ee200bb01031ea959bad625e2294fdf810b5a3d667d8c69330780be938c2a07734cf3a6c42b942bc9b28142c1e1d2787a835c1afd16089eea2dc9dccda29f83

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD887.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD898.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat1A6.tmp

Filesize
13KB

MD5
4e787d71141e6f0fce764deaa5887792

SHA1
3a958827d0d4d40e96d594ff8c37fdd87bdad49f

SHA256
34506b60e878b63fff6b32c01d7f44c5b567dfcd439148f9b5d092cf9d15f86f

SHA512
cea77daa0326ef83d0b6e446b77c8e03d3fef761486075a7a419a009ea9b93f2178bb14c06b3a49c9cda8d8310d2bab9e70d64a03e513d10d84bcbc2fdb0e311

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1IU4JOKV.txt

Filesize
335B

MD5
3e49e8307122709b043ed5d1745c2ea7

SHA1
16d1b833037e0cce2a2a89c2b7211f61f785d753

SHA256
f47b0c2662f24f492924cebdba45458e9f94318ec5515a4ed74bfdda6d24aedb

SHA512
122d760256f56e8316d3d110d2013cfbde33d8a8da69c42fce101d40629e4647a32720df1f123a55cf4ab3f384ddbd4c8fca6a5378b927fa279b1879d7662553

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\689OG1WX.txt

Filesize
335B

MD5
0772c22f294116ab78a02181a06e3127

SHA1
4c54059d32753f362769edaa19b59753c5710c0d

SHA256
7cdf8df7e0feb590e43d27f98126ae131ee99ec223bee2fb83471bec29cf1cfd

SHA512
840580dcb08ff12ceaf423a4d3a26d55d5700e59f60863019871b32a3b77f81d0e32fc91b2c54475a850ab7223a48db35a27f674458235ae79ad80821ecbcafa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7R5CYCBJ.txt

Filesize
335B

MD5
c17be13520731905632bd22f89250c04

SHA1
62a1c6b6360502d710e604eb42344d654a12ec6f

SHA256
412f1b158f55dce5fc3c95376cc0946ea82da112fcd8d431f720d2396e34f911

SHA512
850267616f329639e1af46239763fe543069367e0c6e18ac843a416640206a56c23243c317480329c3b0f9d8d9252a793e9e056d28c1f32f8240b8fe4d9271a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BSECMUP5.txt

Filesize
335B

MD5
3be070422a2fe0aa64798a3a96f970c2

SHA1
0a3ecc9dc52d5c52ed89a3161543de37d69338ae

SHA256
d3c8e787d54a0e85fa45f7b23e02b51f7428c8f06b76d7397c59f7b755b6eed5

SHA512
b58fa00fe7b9cda059130c229d0a9e91ff564cee299c0e503272a92d147cff1429ee743dc0f7291fe1d4b2f3b1d234a8e1b6eee85c817c4e51b99e53071f7a4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CO05N06J.txt

Filesize
336B

MD5
145ea10ae8e970d7d7aca9de8cbbb3fb

SHA1
885115a64f4fee01a8ec0cf47e128ebb9c168547

SHA256
47b950065b8500d8750070a8f4842a396e40eb7cc434d9f557972fb14b34b137

SHA512
4c028a7b2ce6d667d5006f6581d73a322b59e6c745fbde1203ed899f6ba3254a948f6763ed2fd0bfe2463f8dfe44146e644678ed61bc2d0457d822869cd5365b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DR3KZ5O4.txt

Filesize
335B

MD5
59c87702c6fb673ce356d22774ca1066

SHA1
75078a3605e6eb1112ba4e53f35d54b1568e5312

SHA256
02a8d8820405c284d6dfa0a7674ab97b1272f1b9993c69f941003b5db2553d00

SHA512
fbc9bb2a96b140cbc4bbbda83632ee2cdd50d6752104a5692fbf4613d30839f943810c87f9c33ca08d08d6eadcf577d65a552bf00b2602592193669c0ecc78e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GKJW7XHO.txt

Filesize
336B

MD5
a35db4b1772d86a1525216402aec80ff

SHA1
07ed6a897fc392bc8079cdb61ed8e5e5c3698beb

SHA256
7dea27bddcf6fa35d774a7136a40ea73ad04701d409c56eb53a131d6ee1aabac

SHA512
e37e830025b56e70de23e21c24eb17038638abf02b5cb71987e6f0f3a1a8004502cfc6b22370686a36187a14e86542e55f78c82f89d53c091dd1173ca95d7d19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HVVSDDDG.txt

Filesize
333B

MD5
8f3c36969b8b98dfff62155e3eb2435d

SHA1
293f7af0653d82720934168dc44e2fca6103b003

SHA256
4991cf74685ebcba353ef08b9823f7ec5ba956e886d668a23208d09395635bcc

SHA512
7d09816b89afb28359cc669ad920ea2c8be0194d8abe33d1c30ef89689b5825c0550dd281ef4e229a1f27f1914e48d11e8925f0a95ded8421de06f1fcad9a995

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IY1GHKNA.txt

Filesize
335B

MD5
848ccebd173e4e176a656ae5c6c7100e

SHA1
1c98115aec3d425a2365e53be2046b2140aa7e5c

SHA256
77355fb5bb7b74e4eb96fbcd5c342d4179c3bb5c651621a3601b77809cc8b13b

SHA512
083a644d187215f84126d3fcb28bde3368036a8f6dd26089ce51a296a94447b5d38a6b7838397a79700c38c953b89a451c020d393cbdb378c56aa3e5e273ebdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MKBD116I.txt

Filesize
335B

MD5
62bf783042eb9d53162916631bf05f33

SHA1
a7b6ad22c6da7130cb6dd9de3f019cf257c0be3f

SHA256
286b462eeb83e02e095e92f2aabf1f2485ec2cad7854e7a3a3d96cb3f3439f72

SHA512
6f89f41178b09360169eb4cfb012c194acda36ae47e0d73594992078c0bad240972776be81e7803f0558986758b38497d672857c93c2ef107f091cc234458de2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NV243LBQ.txt

Filesize
335B

MD5
3a0c7a9fc7a8f0622d34c1911b653417

SHA1
ace5e4473ad6366137fe1213b5bbad96e9774dfb

SHA256
07ba40ad39949e51ee6e24370304eef58d1f1d13ef8b0a18a17da782986f9a7e

SHA512
7251423ecfa654577871b39467d9cba09b8eb1376e7982a85a114038c57084339a0547d92aeea7519899e126f9b86ed0b50849236e463f2dbdff0940df9f3c59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RHYRKBF4.txt

Filesize
338B

MD5
ffbeeb91cae7802aa4402e6cd0d6a2a4

SHA1
734b9738d55ab84580e112a298265042b21d7d69

SHA256
7f1894db0f3d6ad7fa365378eee30989870ca818cb2aa8b7564463ad5a5f7bc4

SHA512
3925a98b1da6a4ce03674e2ab4e0b3149305c0ab700ad19ffbc797f19520fbaca5372c53ff844d9d219a45411e960a8d800399df5a414201fc20ff0ccf863ab3

Download Submit
memory/1352-24-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-18-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-14-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-15-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-16-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-51-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-13-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-23-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-22-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-12-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-48-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-49-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-50-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-21-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-20-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1352-4-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-19-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-17-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-0-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-1-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-7-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1352-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1624-11-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2612-46-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-47-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-45-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-52-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-41-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-44-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2612-53-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2728-38-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download