Analysis

  • max time kernel
    87s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 19:31

General

  • Target

    JaffaCakes118_d0f36ba42fa306e6d1008212c8874078.exe

  • Size

    809KB

  • MD5

    d0f36ba42fa306e6d1008212c8874078

  • SHA1

    ca607f766c7a67916b3b5a5cbdeed2b72cea246c

  • SHA256

    78ba6b04fa45496aad0528ec07612c9d33150c9ce08085525401c7baf9152cd0

  • SHA512

    096cabce5678ab8b2fd90c74d6c1026af139a883093112d1361848b30a1abe4cef38cd1ceba34334cd5819000cf7a250671b242dc5ba9760e2012fa10fc7c0be

  • SSDEEP

    12288:wphm2SvseSwoDxUZTtrH+hdwzWq4hJcIe5E+bQ1fNXiw7lFsERTWd7E+:Oo7seSwoiH+hOynfzT5fs+l3RI7E

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 51 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 27 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d0f36ba42fa306e6d1008212c8874078.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d0f36ba42fa306e6d1008212c8874078.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4068
    • C:\ProgramData\privacy.exe
      C:\ProgramData\privacy.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4688
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\explorer.exe
      explorer.exe /LOADSAVEDWINDOWS
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1476
  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1900
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1112
  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:2140
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:4532
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Windows\explorer.exe
      explorer.exe /LOADSAVEDWINDOWS
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1080
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Windows\explorer.exe
      explorer.exe /LOADSAVEDWINDOWS
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4408
  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Windows\explorer.exe
      explorer.exe /LOADSAVEDWINDOWS
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3132
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1376
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Suspicious use of SendNotifyMessage
    PID:4896
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4084
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3612
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2424
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3984
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1548
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2524
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2528
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4268
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3100
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3220
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:4884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3124
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4576
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3484
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2328
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2316
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:4424
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1636
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:116
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:8
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3644
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4264
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2064
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3520
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:880
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1696
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3220
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4756
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3772
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3908
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2472
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1496
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:4752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3912
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4512
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:1988
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:3568
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:4496
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2248
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4336
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:536
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1684
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2072
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4556
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4680
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2832
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3984
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4944
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4736
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2332
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:4284
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3712
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3824
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:1128
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1640
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2484
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:1020
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2928
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:2272
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:4180
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2428
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2540
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4804
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1332
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:2348
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:3960
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2968
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:2996
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:736
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2864
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3852
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:1032
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1860
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:5064
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:4784
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4376
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3108
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2440
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3596
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4044
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3448
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3964
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:2560
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:2912
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4672
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:3920
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2152
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:752
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4748
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:5020
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3980
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:2876
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:1212
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3708
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:220
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:688
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:3968

                                                                                                                    Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\ProgramData\privacy.exe

                                                                                                                            Filesize

                                                                                                                            797KB

                                                                                                                            MD5

                                                                                                                            cc5838fd9bff840360847960458bd085

                                                                                                                            SHA1

                                                                                                                            678fc0c61cbde3beaa902c5ef28e293dfeb4c42f

                                                                                                                            SHA256

                                                                                                                            4fff9348a41e2861dc52a3ed76ae7333cd52e100890b2818349b111560e524b1

                                                                                                                            SHA512

                                                                                                                            5c37c2a1fe0d53c08cc998370bf490abbbb5828de7a05afccf64906d3729cb33ddb56f9197dc99c13c6c48190c15d6378cae73a545b891e6e4828a84a82d3966

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                            Filesize

                                                                                                                            471B

                                                                                                                            MD5

                                                                                                                            959d2a9c777132fe5498a165d5bbaaf7

                                                                                                                            SHA1

                                                                                                                            5cd8dd5a857fd362647a22ec0732207888f29bb9

                                                                                                                            SHA256

                                                                                                                            8bf88caa748bd496eb1290b073a40bc4d595a64ee5be59bd001826c5ec9befba

                                                                                                                            SHA512

                                                                                                                            66b2f65cb3ca7bf905aea846fc34ed6b818174438f4277114784162ed0b2e8bd18b54f195847ee765889750e8ddb903615367d71dbe0a12cc28cf1f07bcca923

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                            Filesize

                                                                                                                            412B

                                                                                                                            MD5

                                                                                                                            aa5bf2efd79829afbcd768cc03ba7159

                                                                                                                            SHA1

                                                                                                                            0a99c861b1cd4f9b19a040149f45329d5e36f7d9

                                                                                                                            SHA256

                                                                                                                            60355efbe47c699b1df1732533f9e70254e50cca3793792f9b421459d4d99cb2

                                                                                                                            SHA512

                                                                                                                            dfa8dd2c1b15c5a191a29944b50ade97e01397db55878e4b73fefe795b976b46fa0ca7080246ba968932d8420ae03c6a2f6822d2ecc54d6e96c40fef984c6c26

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                            Filesize

                                                                                                                            1022B

                                                                                                                            MD5

                                                                                                                            d6ca3ead4cd6a7bb9d3c59cd74ab4a29

                                                                                                                            SHA1

                                                                                                                            268ecc47735d0476553472a95a5e83dcc57e006c

                                                                                                                            SHA256

                                                                                                                            22f28f626014233f3d7661922005edebcfc7d6c1b555c2fb7d1ab73e9aca3c24

                                                                                                                            SHA512

                                                                                                                            7d4bd47bd9f54c3eed9589010549e4eeb0f02f37c4c2f76e537b00e80baea89302bc2fd5187f1347dda35bdea7e7de36638fdc682ba44d2ae0c65c73bd1224e5

                                                                                                                          • C:\Users\Public\Desktop\Privacy Protection.lnk

                                                                                                                            Filesize

                                                                                                                            672B

                                                                                                                            MD5

                                                                                                                            26f700a59d34bec3fc6cc9cbaf917bf1

                                                                                                                            SHA1

                                                                                                                            95dfac4aa77a293dfffbf120e334c6239d983a8c

                                                                                                                            SHA256

                                                                                                                            d596042d121405d14ab70ea38128a27b4b0ff7fb21eb557dc5e8690ead8d4a2b

                                                                                                                            SHA512

                                                                                                                            dafca41692a506cd0d60313f95dd8605c24f421efe4dfe39b4b5c9a6e75915dfbbde63797180949f70b28bd96033d3aebbc1c2cd7356f55367ff824b99d1bd0a

                                                                                                                          • memory/1476-34-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/4068-1-0x0000000000400000-0x00000000005E2000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1.9MB

                                                                                                                          • memory/4068-6-0x0000000000404000-0x0000000000405000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/4068-0-0x0000000002470000-0x0000000002479000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            36KB

                                                                                                                          • memory/4068-24-0x0000000000400000-0x00000000005E2000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1.9MB

                                                                                                                          • memory/4688-17-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-47-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-27-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-18-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-15-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-16-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-14-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-38-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-46-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-26-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-48-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-49-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-50-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-51-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-52-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-53-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-54-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-55-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-56-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB

                                                                                                                          • memory/4688-57-0x0000000000400000-0x0000000000B16000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            7.1MB