Analysis
-
max time kernel
128s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
17-12-2024 23:55
Static task
static1
Behavioral task
behavioral1
Sample
f94e6c97412b544a7a5346b318bad3b6_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
f94e6c97412b544a7a5346b318bad3b6_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f94e6c97412b544a7a5346b318bad3b6_JaffaCakes118.html
-
Size
158KB
-
MD5
f94e6c97412b544a7a5346b318bad3b6
-
SHA1
abdc0ea0231513ede6cd6709d0ec1f6b65f15cb8
-
SHA256
c7a06de6a04e968637bd4b041bc8c01681c62d8e049aa100e46d0a0ba54c0d8e
-
SHA512
b95f4b74a2bdae1627035227fc2793b540c7cf4431cb620a442f5be4f94f0b08d26e827e9eb5f175da1b94e95307d4fbec333624c930d191dfdb423016736407
-
SSDEEP
1536:iNRTaQQACt9dYkmfcyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:irWfykgcyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 1012 svchost.exe 1068 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2212 IEXPLORE.EXE 1012 svchost.exe -
resource yara_rule behavioral1/memory/1012-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/files/0x002d000000019230-436.dat upx behavioral1/memory/1012-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1012-441-0x0000000000240000-0x000000000026E000-memory.dmp upx behavioral1/memory/1068-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1068-445-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px92AE.tmp svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58EC5CB1-BCD2-11EF-A429-7A64CBF9805C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440641577" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1068 DesktopLayer.exe 1068 DesktopLayer.exe 1068 DesktopLayer.exe 1068 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1760 iexplore.exe 1760 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1760 iexplore.exe 1760 iexplore.exe 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 2212 IEXPLORE.EXE 1760 iexplore.exe 1760 iexplore.exe 2188 IEXPLORE.EXE 2188 IEXPLORE.EXE 2188 IEXPLORE.EXE 2188 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 1760 wrote to memory of 2212 1760 iexplore.exe 30 PID 1760 wrote to memory of 2212 1760 iexplore.exe 30 PID 1760 wrote to memory of 2212 1760 iexplore.exe 30 PID 1760 wrote to memory of 2212 1760 iexplore.exe 30 PID 2212 wrote to memory of 1012 2212 IEXPLORE.EXE 34 PID 2212 wrote to memory of 1012 2212 IEXPLORE.EXE 34 PID 2212 wrote to memory of 1012 2212 IEXPLORE.EXE 34 PID 2212 wrote to memory of 1012 2212 IEXPLORE.EXE 34 PID 1012 wrote to memory of 1068 1012 svchost.exe 35 PID 1012 wrote to memory of 1068 1012 svchost.exe 35 PID 1012 wrote to memory of 1068 1012 svchost.exe 35 PID 1012 wrote to memory of 1068 1012 svchost.exe 35 PID 1068 wrote to memory of 264 1068 DesktopLayer.exe 36 PID 1068 wrote to memory of 264 1068 DesktopLayer.exe 36 PID 1068 wrote to memory of 264 1068 DesktopLayer.exe 36 PID 1068 wrote to memory of 264 1068 DesktopLayer.exe 36 PID 1760 wrote to memory of 2188 1760 iexplore.exe 37 PID 1760 wrote to memory of 2188 1760 iexplore.exe 37 PID 1760 wrote to memory of 2188 1760 iexplore.exe 37 PID 1760 wrote to memory of 2188 1760 iexplore.exe 37
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f94e6c97412b544a7a5346b318bad3b6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1068 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:264
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:3290122 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2188
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595dfbe07c34e27a5c490c2da0327baad
SHA147e03c72c6dc8b404ddf5c2f4f1206a20631c58f
SHA256cb6b98532cb7708f5482c17baeb1d808e1606aa0e1f911a1baae79bbb4628b12
SHA5127231930393b0ae7cc29c2b82ca5111141ae12e5728ed2e867dbe44a845c713d43570798f1411362072b6e17d375c8e210a3602d96f807e1b07fffbe861ace3dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560d8af5df14ab56b915677c8a0f8e4e1
SHA10deecad5878732ccc4beaa57f9b9844b0d41f881
SHA2564f035070ba35e513445f324fe42550cd34727b517a5b852a4a44cba5a4fb96be
SHA5124386fd039eca41909dfe17b39924860e4b95be02b6b29b1c9420c3ee6e89656091622b97a01da736ba10fd4798a476cdd486ed7cef5a0598beec80a704fee846
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0e8d2b07df36a5fc471d8eabcf70b20
SHA1b7bc17ea5001da991a7041f9b96231a962cdd8cf
SHA256efe517c3cf796b5329e17d8ffc048fe31b542784be1ec293a9e943ae5fd93c82
SHA51285251e183715bc661aff672265310cfc198e419ba52d890b4321fc003f1fe4b99041946ab7933deb7bb8d4cbf8d3d2f838965293dab34a1d4ea3bd98e2241b1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561a55efb747dabaedd689a61e6ec09b1
SHA1c9d8a59dca3959b08ef77635cbe62d517bd2b418
SHA25653ee4ad08baeb979cfa3198d144f0b64e458debdf52c46a2223865f97bdd98d3
SHA51234580a759660d9e5148401d0e9b3494327f7c951d56e06ac63f525784aaeac86c9e269cd79b0e0154d952ec131123d5e659e13471bfff76dc4503d79aab6472e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57942db5ea0b1e313bb054d084c83247b
SHA1be805a65a675be73e2f9633a2680357ad573c379
SHA256bcd2375cee130ab0d8a40777e558a0c73b66d39003a288d75145bdca7e2bf461
SHA512cf0138d215a0dc6d446825a3dcb372bb8337cd76f4695bae78fcaeac143b7e9eabcb28013e634dbd64d78a810bf68a9f38a326a8dc5ec84ce299a864904eda6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bd44fb2a98697d8f1a70293f28e199c
SHA1974cfb98d0ed13aa827ee0a6de8f7bf96916698f
SHA256c8608037fce03202a953718717d974edf345b5bf95989abccf07c7301554c175
SHA5124a8f73c903a0f6612320a747a09878f0c50dcddf13fd2c54f897cbcfcd9695e5efb964b7afd149c1cf46914bbfce35ee5297a3b2c4202386a55caa17673c0d69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552cec046e8f63062183c54c67564c993
SHA18da7ff7bbdbfdcd60bf7ea597b7b140e899b81f8
SHA2560a1b9cb15b730a6b6184876ccfd51774e04ea66f6f5d818184deec36e9826082
SHA512c14578afb5846d5bc5e226e867cd4736862571bb113534c7793142298715c532ca2381456bbaa596a012ea5e415748d4c87a6e4206766d22beb178ee01636723
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515fd9d800c9cfa4926b7edbc6693755a
SHA19d43e47055f18fe75a8436fc579356bfafda5f79
SHA256a48dc29f96b99119da70d44eb8b1f82078d7db52a37d914fb17b0a899327a8d1
SHA512a2f4db0657705347807a08e4bb22eea8b1ad14969893f010f301f31fa62bc9dd520d0d1c8715f3b8694ecfe3760b568206e3256d51c90d947681b415e1718886
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54df1d5bc038b5488a8e9c33aac39feb3
SHA12b0dfbb0a490178a0ea194c6be23ddbab5408d16
SHA25614023e77a938702929c3e05f431350585e093114398da40c10659764f06efd4f
SHA5120e85713ccb7f8daa77c21893d3c6d5cddfa5a54094acd1e18cda1844bc98af53411a56b16aec3d889865798726b881d5af7edcacdc7ff1a1ceee01d6e3e21a78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fad749883bae9dda8a9871105561566
SHA1d9d326f568855c52dfcfe28b35fecfcb11478a62
SHA256bc597165bccc67f794193cb729e7eed6cdb71346cb1cb1fbc107aab2e280d02f
SHA512b3c117819a6f296d1de96299a2704c197a4247630c0c37b3d48e716069dafe9366874344877f7d5b6b89d5d236ab48cea52cfc30a8806ec915ff6088093a2b92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504c28288fec612db627ea3ee11c29699
SHA1f2d466926c1dcd54c6f63f107362974faa7a9da4
SHA25624b1074e6f1d870e95656cce8f68266eb5399c47dc438671eedd54e294e9e901
SHA51299fd22ba806dce8c100e7fcaeabc71b719be7f634ac16025d9739f33305df425bc5e95abfb7fa660fae090c0a52de3d38ba4a824d997087bbd7d24f88d78c7a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9b8cef5c86e374f445872edd6dc98b2
SHA12e5bbb8cb61b8467a5a3da20f6bac459e1be4e0f
SHA256eb5f9981a927117ef4573741f0740f26d24e4a58e01f4cd00efe21b20ac1b7e7
SHA512dacd482eb7c5019c072ab42adc72cdcc05a5ff25b9398ad52b76b1e91183d53d9b62f772b9b5c76484cdfcf5b0312a8abbd4f5ca2a66c81d4481e968385b99d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e94f1bdc5a791f316bb0e185e0995223
SHA1d3f2ea3c3d0b298e0b5fa0f7dd392216ffdd3c63
SHA25610ea0357b49300d123e2d5223d99263c0c68ce1fdf52d5845f8f64794d20a38d
SHA5129085a9d9b204ce33e9c6844c5b5494fe9e8572b907001dc9c58e29001c903677e7bb2fd62b0bba9b425bd4878e41d029244a712e2974aa914a2a8c117fbe003b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52bfac96b979b5bc2333fdc23cd6d7855
SHA1e03b39d01b8507b2c076ae1215013ffca071f50e
SHA2561fbff9288c4d0df708a544882a0474d532266fd4e89f5d8eeba52311e1cdf4b4
SHA512d4758a3be7211eab61f4422f382fc99b5308a14840fce9aaf248cbd1a1baa0075d0e1cdacc5b924a71562fbb32fac4c3969895c5ddac7e4c1061040bb690ff31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5272c148f31b383d315f2011eb86cb395
SHA183445a6136add38847e87eb4d3e03aab7455b07e
SHA2567600f579b2d858e847bd93e3042a2fef600ac2ecf546500ae406aaf2eeb9f1c8
SHA512f07f08caab07515f7db6542c86e25ca5b8997c79f8bc50ff1a751836b39aa890e28fd747f1f145c05e5a7b6d38872e5025a47ee914a5a9158a58687e6aca77af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52dc905ae7d8b614be22882f5bb1049d7
SHA11893f679dc7973b7e2c181a28f48a2c95038dcf8
SHA2565ac2421e42e0f00ff31240bd30b7dcd9b9e86ef2d00478b8d99ba605fdec2d8d
SHA512c5e792038d77ee3b19b6dd069cd9242c316476f5d09b4bfa23c08d97ccc88d58c7d7878d479772c26b7bcac6d9ff297391fa998f026ffb58db435b9eb5e8756d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c6fd6e23ba046838a1cf1a3de997644
SHA1e5b9bec6a677f00e5b0f16949434e6591fc897cd
SHA2565219213b5da0bc7c00ee668ca32bf6ccc045e391fc1c08ae9a511902fb6b2b4d
SHA5127046df03bcc65761d67b448854860f796f9f4ef53aadff7ac0a24f732962d3542ecb7aef088644ce2dc2b49b7bff182afb9070cc7876a38898a85aa2ef39bccc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b56110e01beb44501201ebfb41fdf2ef
SHA1617ef20c93b6e12a600e6db10dc3b008313b866b
SHA256bc775a12e62f0fb431827483229fba1ced6f8be84cf5a7a28d5056d6de4ca613
SHA51268247d32cee899af18ca80caf5fac7fe4664148f8c3c2ae663658abeb483e46e25ca64ff0b0e11bf31bbf8fc1cb9a76561c79ca4c23a5c70f0a4c106d205296d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e47e8ecb780ee40dd5ec3ead72d6163
SHA1acfb725272f9169db345fc211fb68a47a3f31255
SHA25616f382556463a3bbc2486c4301ae24186257cc2bf4b41d694caaa12bc83045f8
SHA5122d8bce2dbbaa485501e8cde5844ba6c35da76f4896ac188c783388ef85e95a93b454d2e216bb6e26e823ea9a6d0eb713d6263fb095aa6b579cb0acb7a7fffe2d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a