Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
16-12-2024 05:14
Behavioral task
behavioral1
Sample
f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe
Resource
win7-20240729-en
General
-
Target
f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe
-
Size
106KB
-
MD5
f7794eb2956b63c251a9e04f01a353fe
-
SHA1
dca1a5b3b43feebbb5c53d4b9e2d499d326b7ced
-
SHA256
b936816df3b31e7cb746c1d9bcd33321ef046fb7ef10088eed11b4ddc64e0bda
-
SHA512
a30ff8e92c1ea762d7332b2b8b277425f38982310fab56733f49d56f314962758826945552c319e45781ae92857924ced6fc24220c9bcb4790afeb64559e5ba6
-
SSDEEP
1536:tOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB5:twV4OgSzBmh04eZFkz3Rr0gwGj9Tf8C
Malware Config
Signatures
-
Ramnit family
-
resource yara_rule behavioral1/memory/2004-0-0x0000000000400000-0x000000000046E000-memory.dmp upx behavioral1/memory/2004-2-0x0000000000400000-0x000000000046E000-memory.dmp upx behavioral1/memory/2004-5-0x0000000000400000-0x000000000046E000-memory.dmp upx behavioral1/memory/2004-8-0x0000000000400000-0x000000000046E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D7325B1-BB6C-11EF-A641-5E10E05FA61A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440487931" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D764A61-BB6C-11EF-A641-5E10E05FA61A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2536 iexplore.exe 2892 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2536 iexplore.exe 2536 iexplore.exe 2892 iexplore.exe 2892 iexplore.exe 2980 IEXPLORE.EXE 2980 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE 2848 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2536 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 30 PID 2004 wrote to memory of 2536 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 30 PID 2004 wrote to memory of 2536 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 30 PID 2004 wrote to memory of 2536 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 30 PID 2004 wrote to memory of 2892 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 31 PID 2004 wrote to memory of 2892 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 31 PID 2004 wrote to memory of 2892 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 31 PID 2004 wrote to memory of 2892 2004 f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe 31 PID 2536 wrote to memory of 2980 2536 iexplore.exe 32 PID 2536 wrote to memory of 2980 2536 iexplore.exe 32 PID 2536 wrote to memory of 2980 2536 iexplore.exe 32 PID 2536 wrote to memory of 2980 2536 iexplore.exe 32 PID 2892 wrote to memory of 2848 2892 iexplore.exe 33 PID 2892 wrote to memory of 2848 2892 iexplore.exe 33 PID 2892 wrote to memory of 2848 2892 iexplore.exe 33 PID 2892 wrote to memory of 2848 2892 iexplore.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f7794eb2956b63c251a9e04f01a353fe_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2980
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2848
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6b99e73f904bafe2379556eb2948403
SHA1c709e17a52ca50c189dfcac44a3c5ba2f2d3be75
SHA256829b8b5afc3dbf836e84d667ad0047674abb42a8d17e515eb6fa3dc1308d183a
SHA512bd35482fc6cc11682631d097ace9fcec2fc4dde0c9ac172f4b9cbc011dd1278f9ddd1e53d2f5d164f2684445adbc2e380fb4c735021e0994edbb0b1f3975f1a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52eb9e5073feb92503259e1675daa286c
SHA107c4c084b9e8b6b1614c854e75077c98654df789
SHA2562fab3a4e7ad4d744bfe2db3ee0ca98a7eacba44c28a3d6dc9ab1c770d3e4d5a8
SHA5123fac4985466cef49df5169d50bf4506026cac26517c5211c3149bf114c28cfb9f19914ffa959a88b335d0f5aae0628b7f23295541b05719667a67e93432bd17a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ccf5c171f5545d16404d3db376f4d0d
SHA19e3ed47f47e22b5c1be68417c7e0679ae1440bb6
SHA256d481bc2df2bd7059c173fc850ce7778dea3b294ad5fbc52e36e53ff8d68ace9a
SHA5127f5d7b4cd5aeb787cde945ae242ea8fd5b0b72ba64fae85e1eee2e67c6f1b138916d858a58d18a3bb49a14bbbd40b42524bf2306517540173fe7c86d062ced67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5254f551a80f3fde57adc3be7186878dd
SHA14380605828a9f137e424a9a268a5d0756aaa755b
SHA256d869b812fdceb7962f153f97b2126ad53ecbf018b0a10932484dc6e1cfbb89d4
SHA512bc912a589fae4e86d3ce8786edef4843bdfa251f4c50d1449d61ef696399f76c817f95fb397583601cc75615eeb9c87c29203d20d3d6f95ac7bab522bb211814
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5b55326e2967ef12687d58fb1a8ea41
SHA1d3563379c5a0ef40662163b0b32ceb9e62af5cb6
SHA256c12790588519ff8b7b61be3ddfa63d25747c44a449565cd8287cf0375f94a300
SHA512cba8231c7508c522e5d4bc1624568b899a5ff2f98947c1e3480c76ccb233eb775e1b70629022277912216a1d4fb5949483fd8a57b282d1e75e98497ae4d741f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518cb4e408bb34e2a76db154f72b0a950
SHA1d6b423054ac9d8a2788b113e95947c9c53d5632b
SHA2564b4d0a6d3077e5f18494b89eaa76ed95759447fe206fd4aa1d420e2bbb0e1b22
SHA512986babebc480030ea17ce945a42039da9a51a641fa7dcb523fc27083ecfae415950f04a0e79b907346635e52b396559fecd71dc0f7d70d411eda6321014f9845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e7897fd18cca0e5ef774dbad276074e
SHA1e5d5c0e44e95af1e536b2ca8df60539d7e08e942
SHA2565eddbbef9a38e594e567341b6998c07c9477c58693e8db5c773f246ff1c675f4
SHA512d45f6718a015a06b32abdeb2616b1fc9baebca2b6c10a3baa7fa69ae1a2d292a4dc120109170d9fb42ace9e63332dd002c98f2e1ebec697933be17f98f16015b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ab0935eefb7ac9643f32616b462e628
SHA164bafa3d0cec417c26e9e80f2f210210e7f08ae5
SHA25624635bd5752fd65c768c3f4cec1ba0ea23c364184409755c1ce279b675ac7e4b
SHA512fae8a706864ea97b5ce533fdf381c99f203e675ed6ea9f853b0547cc4ead9ee1588e98d2c074dd17547474842391f3b94b2e23c04c94cf16a407c1a813134e06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d44d3ecb3350ed94b31df7d626ae7e13
SHA1e2593fa860c9e0975404ceda08a4905f76e469ab
SHA256ecb5e12cbb0ffa8f55b49f97343d572b60045f67449d0989a7e62f6198e14278
SHA512b94f1184c575ede1c8c07f0120fd1b89d617e04e0cf935bd0dba071f02c83a287d34014c17ac1cb9e0587a9e479957dbf539c3f0fd1ee306f6d15f981ac4d2b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf9e344a9ecbd72d76d243228a0d0d61
SHA17d1ad0c74e0d3a9758858abc112036216ad4f702
SHA2567fd280e14bc50fd49f71912ac81b017aa4aac7ca819750bd541efc002e1ca58e
SHA512bc240645c7eb797e98842bad2f7328ca5f4339c55f1e143c72d9edfff0336290067a94c8fd90b7acf6568b826d38cb71389bd600f358b88094c0fa1bee7f9f58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c11fa8ca786e5684b0ffa4732fcbee5b
SHA177b165afcfc2e5ddcab3c969285af9296e211e61
SHA2569a349ba590591954a27c36681311b1406b1b43a333ebc56ff03d3e3a4e4555c6
SHA5120d54383d6c5d94c90f29654a35ebcf59851c6b14a766a9938124ff68ae8bf5b24fb7427cbe0a5fef12c87f9448f50425fdfc1e94cad947f28d2218011c016ca8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d597a2e118f6baa5e36524782006b657
SHA1e8fe332c25200721e6a352d38581223cc1d2927b
SHA25659dc8dfa38942103fef9c819c1e6a806bbe46b51692a11a1d76978d80450abaa
SHA512b50c66b720a2377d33eb564e71d76b1be3f953f7e988213fa9f1e4d2be197d2db431fe0ae5df3bb59ea66ed1479a1a1c9ac97836a991e87a5e4e013bbb80801a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537df889b703d1c69127600d08becb7c2
SHA177526a763b7ba5d88ceddb620aba146b80a6cd97
SHA2569f99981cb23ed2bf86a602fa88e1167129e32665ba4b118b93d183a33dcd0cac
SHA512ebb80fe89c95cdec60df945551c140287806702d7c9e5f6fd657f223ebe832f05083889983fb53783484454c4b36eaede197ed946ffc8294d504c72460eea5fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f9652709b29b6a68df48e07e1318e9d
SHA10eec93abb6a0a935652f301f7945034470ce2499
SHA2565861df610a1034b87a6e87e2e7bbf21a35d55ab52e5212230c914855827ff0de
SHA51223f654a9b883e53821ab734604a6de4ba57ce5a7f882c3102eedf95b225f5293f84cb9465610c855052e1d81c8b24d28067d5ecca50d54bc78d0f3745d37d20e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea32d3d622aa97c6f8edc5cf5f414e3f
SHA1a971f7ce7c54a0ee4a4dfa16af788478f2d76d6e
SHA25662cea401c4c4cf287703e511929f85f46b312c1b7bdc2d3da899a6b4055ec912
SHA5123b6b4789e1443fd0910cde452c0359faad6a4e5c7975144f4c06ccbd9d4bea9b55bdbeb940635407cf48635a67dba10b107ac6485833982e641fc4f1e9954935
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6f628e15044e25a8e4f401624e188b3
SHA15cd2104883feffa56cf45c5ad5dc5a2de182c0d6
SHA256ccd685a7763a02f7388a754ee9a0d1c75a8ca23f603545b7c8cdc18bb528a8b0
SHA512239d1013bc35dd44d657e8e8d8a2c543185aff695c79daf5f3187621f08a6d8ba7e03703f86742172ecdc4a2c6933766f6cf579649ed8065cb5f44d080e5914d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d5ee164935c6504c146e57146282453
SHA1dfd8950fb107a91e4a0cca15259c0e4277dd5f4f
SHA256e1523d7c29717fbc8f511c9a240dec461a8bd0408d766029090bebfdbceb8570
SHA512757323f7a276092dadf3956abe018a72d7a3cbed38f21d06b00cd6a4e43cdeeaf27497df765f78a6be116625f879a1a95c94eee52e2348a6389569ea11b0a37b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aad1d454f119e30272c03608ad39d4cd
SHA15195cb33caa77716ceb2a7113a0967049deb931e
SHA256568f8cc3b4112deac86f97ee2f638153b3e29b0edcfd170d3bc3fb17878948d5
SHA512456b400b282fee7c51f743513688ef8030f589bf3d2958dbbd8bc3e6a81e948e81b44d24165788ffb9daba34cf66a2890313b664ec0421ffb3f9006d18a4d0cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530929e2f08d203480196cbc5a98ca3ce
SHA1bebc299b0b04bcc7ce5283895b51f9de12b0bc4d
SHA256815e666d99fc9d6220003ac333e86c67667b7171b25a0d7fc2962b84ccfe75d3
SHA51243cf6f852c9c39fb0a45c5a0f5910a5412acfe7616284f906f7986c75e6ebdd52ed327b917ffc33690c7cb9a850f510bed518de5f891201a0a3dbd7cab5e1206
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D7325B1-BB6C-11EF-A641-5E10E05FA61A}.dat
Filesize5KB
MD5dcbefdd7a5dc3ddbcb77fce449971979
SHA1d0b1c5b63970a93cc3527f78e9bec1abf76db913
SHA25618aa8be96b3a34a9bfa2347eddedbfa0889eed0b60958beb7753c62201e14a55
SHA512b08c0e4ce97a473a5dc3bc5e6d7c993d5c0adc26542c3a1f1aead499f14fd154e61e1f36595deff7a142c34f98686101e8bbc90ce9f776f93b3a44ef8e1dea92
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D764A61-BB6C-11EF-A641-5E10E05FA61A}.dat
Filesize4KB
MD51d44d8b45b16875a36881b7f6808b6f7
SHA174ae65845114ee35836199c7500a6f5e4c19a946
SHA256f86100a55e5408cd2015983f84d5dbe8fa434064f362eb067fc5861d9fb5fcf9
SHA512322899db77dcc9a568a37ea752cea99ee9520ca65b3e4e0932847d25e7e5715c10a27d9edc719c33880daedc44f493ab60efc77ac0856befc9d55e60fa2b62ef
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b