Analysis
-
max time kernel
132s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-12-2024 23:10
Behavioral task
behavioral1
Sample
f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe
-
Size
133KB
-
MD5
f9363dd295295e152fb6e359da85b372
-
SHA1
48b44a67eadf0b87559baee69c900c8344f56c70
-
SHA256
f17e0413dec2114d7d138c75044084bcf3c4102e760e0032713c045200226a1a
-
SHA512
caeef28ae90275824881ea647ecfc802ae7f60c1a82101c3ae8e4cd4653a573b0798f3a86abf6668dde9fd218b49dbe97d1db5f7cac7c773988fb981ec37e04a
-
SSDEEP
1536:aOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:awV4OgSzBmh04eZFkz3Rr0gwGj9Tf8
Malware Config
Signatures
-
Ramnit family
-
resource yara_rule behavioral1/memory/2408-0-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2408-3-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2408-2-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2408-5-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2408-7-0x0000000000400000-0x000000000046C000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E872BA1-BCCC-11EF-AD58-7ED3796B1EC0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E898D01-BCCC-11EF-AD58-7ED3796B1EC0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440638901" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2720 iexplore.exe 2688 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2720 iexplore.exe 2720 iexplore.exe 2992 IEXPLORE.EXE 2992 IEXPLORE.EXE 2688 iexplore.exe 2688 iexplore.exe 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE 2716 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2408 wrote to memory of 2720 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 31 PID 2408 wrote to memory of 2720 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 31 PID 2408 wrote to memory of 2720 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 31 PID 2408 wrote to memory of 2720 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 31 PID 2408 wrote to memory of 2688 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 32 PID 2408 wrote to memory of 2688 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 32 PID 2408 wrote to memory of 2688 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 32 PID 2408 wrote to memory of 2688 2408 f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2992 2720 iexplore.exe 33 PID 2720 wrote to memory of 2992 2720 iexplore.exe 33 PID 2720 wrote to memory of 2992 2720 iexplore.exe 33 PID 2720 wrote to memory of 2992 2720 iexplore.exe 33 PID 2688 wrote to memory of 2716 2688 iexplore.exe 34 PID 2688 wrote to memory of 2716 2688 iexplore.exe 34 PID 2688 wrote to memory of 2716 2688 iexplore.exe 34 PID 2688 wrote to memory of 2716 2688 iexplore.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f9363dd295295e152fb6e359da85b372_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2992
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2716
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d32d3fad1046a44e684e22bff82946b8
SHA1d0f75ecf9f9226263b27cecfee8c5cf545648168
SHA25609e037d6e558130e6e939eb8d465855e405cc7b78d54ef7bfd49ca7e8e99de0a
SHA5120f3295f8b4d6ec028e5376dffbf3a223941513f1f5607e8d933b428e4d33d97316c552b76102885a7de1b6fc5fd874fd12c6f405fa125b5f23f0a6ea175ce797
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d916f164b469016654c4a615ca3a92e1
SHA151db5b6beafd0e839fed6bb868009d13e8ef3fd3
SHA2566222616ba30d12d3a78e71bf75c3ea0279c4b6b061e8e35c71639df4d9789ad3
SHA51251bf867d2a4c738672d4a55e1145ea3f8de0790983377427a83b9f61e5e4d0451020f09c7b0dc505f903059eb5ed84d3acc56f4c13a0f0f3e9d3e6cf69b53f80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd54256064c104cd95f7bbe78aa5f3da
SHA1b762dc13c23eb513fb59187d75b3caa0717d9fc5
SHA2565329c2c270874a5098a19194efcf1525e3086dacb47b60d4dcdbca3c41b33e18
SHA512fc72060dd0999dd70fa759b5fb59de8baa0347ee0ccc47722760a470760021c7c26df309d147553dd71a50c9eb52b731877261b40d37c3b6c8e4c480a1ab8b89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582e56ecc3dd2480d740851dd93e877e3
SHA1088717aad8f33170e47e634fadf70dc69afaedfd
SHA25632de0614fa4fbc65d4a1add1918bb057e19fdc4bf3666b088e6c4f497fda4c1d
SHA5128bc9a18e5623292944755da4a63eeea2c0a20f3aac50dca97ec87fe9dd701cc561b3d990d40fe05453e5ae915cf1223b0b4d1195d22cca9cebcfafdf3c2b0857
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55489ce9a4e4bb2b38bbb7113b8bcfcf0
SHA1f70bac713e4c02c6bebaf694a99f488bc8e22d8d
SHA256a97316779bddfe84ffb4c52275a27f0c1607548d3e93168397bdaaeea891e8d4
SHA51235eeeda68283db9221f7bb70c215984467ab1e0c84994ff5b7eaf658f6a6b2f380a35947a4e1edbcebdd6e79524a8636aa96fc9341524d077c19204013f34303
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f786ca29a43d708c356c93275fa22ec
SHA1b9a262e36ceaf482fea1d96a80ce178a3fa6f7c1
SHA2566057f2836cd08144a94a59f54027c53dfb11079f844039281b2998f3f3149e5b
SHA512f6a1ff3d847e252958b01bb9870e0bbc2984002f7a810c342f85972b0d974a0ca10efad1eb5e19c46287350db6711ad5281628eed77127a6330bc49322783dde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559ee05b3066b86899f610e441cbb750b
SHA14b905e6d0ed7e298c38a9860ac1cb03165b038d2
SHA256c1fe030f93086d77b069b60bd2170dec09de17af569f84f98a4a07582ffd72a1
SHA512147ce1ac9c80c196eb56a8ddfa7df32dd4387e199070a6f3684bf87fe87b28bbd5ea1063c6e3bdb0047210739b44ae1602556ae2036bf8224b155fd54b6fbd48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565bada6c62fe9825cb12d010cf467c33
SHA1363cebe66bbcdb4db5274380efbcfd9bc2bb961e
SHA2565e9467db0fb3ce4186607c7359a3f4053ae9c1079454e7e4637236beaff4c4a4
SHA51213c4c3af68cde798382b891570146707c28df1d1cb3cd05551652a675487c56f3e070ac297abc0312e20e7057cb6a65d055e2212979f65258c3dc6c633470faa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560508c34e66d8241b53e2c6ca4bbbe8a
SHA13928aaf375d92812b26207aa4b08023104fe8497
SHA256ce38416cde758cb83616e694d3ec0e0a12405a234bdc12f5064dd3214adfe006
SHA5125f32db6fd2e780206fb282d0c8b91c8679a0afb06844906d55a85d7f58acc6f7eb935a1a7a89f458e97ee86e976369e3bb22601239de5999ad237a3cd3b78b42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a249ce34dc656f5376a038ffa3100b24
SHA186c5bb963fab542deb7f3c209cc39d2a764f2efd
SHA256ce28bdbf5b960bdad9ea90466914fe11767f6afddbaafa88c2f453579020f1a4
SHA5122e8dd7bacb7b6ed8f4f03454c5ae8c37a57146cf20077a64fa77c202bc26c56bcf876b993f5afd33b3a8b6753216836898796ecd061426d8a24b16df03b7363d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519d1b5fa0f4500127f6cecbc1b608b12
SHA15e7b0560d2476d9bdb2fcb8c12121c9c6e17d51a
SHA2566bcc960b5e51318e9da24c0e382c8234c883c90d28e9244db181c390540f172a
SHA5123448eb3e2feabce03295b06f415dc19bcafebe3d0da5d2cebc46b9aa843ac20fbd5f0ad4d8d750b186a7eec38d7829a10c71cfdc18b353c4451f4e1689f9bda2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d54c31526b801519f71d999818b836f
SHA1cd50db2798f04ed73cfa4d58dae97e61e48b50be
SHA256a6e31b074973d33c5a403def5adc0bbd077325e30721666b8a8247f6a817d02f
SHA512dbe67b21972aa3e84260a63a29028c73e7c229b1d44c44e31ccf15f605ddadb0cc827a27f4cfb9c3373fd1c5a02186bf7e6b7974923b41b659df7b6679559c67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ad86a8dd46bba8689079a97fd3c92eb
SHA1fe787878d0b1df19593cd45c627920b6c13f85ff
SHA256a8f6628833d039271662eecba331b72396e77a23f1f1585f576a0ce5db7a8648
SHA512fb035d3fae00806016701cd0427fcc102450c342eaaad31db4230d4ec83de89871be1705c0ae48caf843d01d44635df1487984b3da91cd602a1dfcaa323bbb9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e04b2e0ae7e2f8e3e0b8ca3654b80092
SHA13d6b72b6f4b145f76feaf304a81ed94f368ff4ba
SHA256cd7a8c69d97461eb2bb5324fec946b1b44fec0dc902929399d6ba39d6ec79dc6
SHA512b59497ae8ecb148e70de3459dfbb9a1e8ed7d5af2331ab4792eacbc20e2c9ac3cc6ee70edb2a90698af14405702ba13e1c57a23c904307e6cfc9bc822d6ccbfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54911143e0e2a2e34be9c5e761a621ddb
SHA105222abafbda0770220fa86d6cd395da4dd3e3f9
SHA25658225051732bdfafc8140e5cc35441ee67bdc620098e72b704484349967f1242
SHA512758bc47a117eef0b31cc83b3a39b35f4c0f84509dda927be5f9dacef28aef190132daecd5006fbae429bd7b39b9ee41da4ce2aeb422d460418a269ae2cbfbe5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580c9221fa852ed28b8de7daaa4637530
SHA15b14feea22a5356cbfe2c896f7b15f00ea67f58a
SHA256e5b8d1bfce1cac8b02b2f8b894a3d062b5c762705e57de88ddec2ac0446eb2c5
SHA51237ccf2be45e6769272025d1bd8b1f371f1ba66b74f76f595c15410be7927ef284eb0094397673a4645ff57d47a8746703bce84eb1243004783dbdf63a54b6fff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5954939021667c8860fbb62ae746577ca
SHA1a08820d66261a454012419afbc2fa96bd104699b
SHA256fce8f2b4c70e49853319bfc50a9a77c6fcad003f92fd653a5ae54b7cbf301be6
SHA51224bd480c84be16163083adfd32727692ef4efd2bb176ef2d9e332e01a357b3c26b2f0f16d0306e891df909530ea939d6e0f898d173676ef92ebdd42ff8c3dd55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f728d642afee035f63653b27afb18afd
SHA1cf67890fa448a068a81392e5af0499755b6cd08a
SHA256635fa35454c5637ebdec057f1b4fe379732334ce26e7c3fad2d7ed83ad38d0b6
SHA512d4db2684bfba4047327602155d4a03a1bd5377fb0338d54fed9a6e95d1bddc9fa67f914bac9b32247d37f7bfae27cb94bf23a24b8919856301383aa3b09beee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fc686cd46dceb9a8c058d125a93d4b7
SHA1f11ba41adac9ceb84f3a2dea15c9d01c06b2eb55
SHA256f548a41e3fe5181e66e6d43f1aa3d99a7cfebc4b326da2d99edd7962450a6938
SHA5124cd575145a835fc69f2e1a0d2319e4ada0b27ccc95c5287f73a961141b27aae953d513e3a4bec01ff1142d22fab284c3d24dda3041ac8c5c33cafe770dc66563
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E898D01-BCCC-11EF-AD58-7ED3796B1EC0}.dat
Filesize5KB
MD5832fda993bcc651eb7350af5d296819e
SHA10a49828456b8241d03ccd4116d415eaedab784cd
SHA25686a0fb2f7fa4ba1c578058345478450926d10fb71e91265b3d6feeaa6968b9c9
SHA512ef75e8eff009b1c33e464a3bc917bfbcd471bfcfca3983a260b57d13d799bd20bde3c3f1dab352a3ccf770fcf43349593921ff3f13efab62363c8028ef2be900
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b