c659860cb5a943d47df9030580c36acfe89a47d55c7228b5892c6683f994277a

Analysis

max time kernel
135s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
Size

3.6MB
MD5

03115ddbed4500f571c7e1053c1b971c
SHA1

6e45d592887838bd6e841c6262bc3327e46afaba
SHA256

c659860cb5a943d47df9030580c36acfe89a47d55c7228b5892c6683f994277a
SHA512

9bdf94d6bd9655b3a629176c362033539319539f21ab3ce440c19f481ee2fde9a264dc6c7e80aebfe29235a6d1f4a983452b2423cff258443a2414975da0accc
SSDEEP

49152:iQSW6doFejw2qj4magWf2aUk35xr49wM3rKUPzT:iQS44Dqkmoe435xrabK0T

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

wmpscfgs.exewmpscfgs.exewmpscfgs.exewmpscfgs.exe

pid process

2892 wmpscfgs.exe
2688 wmpscfgs.exe
2780 wmpscfgs.exe
2192 wmpscfgs.exe

pid	process
2892	wmpscfgs.exe
2688	wmpscfgs.exe
2780	wmpscfgs.exe
2192	wmpscfgs.exe

Loads dropped DLL 14 IoCs

Processes:

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exeWerFault.exewmpscfgs.exeWerFault.exe

pid	process
2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2892	wmpscfgs.exe
2892	wmpscfgs.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exewmpscfgs.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe"	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe"	wmpscfgs.exe

Drops file in Program Files directory 9 IoCs

Processes:

wmpscfgs.exe03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe

description	ioc	process
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	wmpscfgs.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrotray.exe	wmpscfgs.exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	wmpscfgs.exe
File created	\??\c:\program files (x86)\adobe\acrotray .exe	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
File created	\??\c:\program files (x86)\adobe\acrotray.exe	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
File created	C:\Program Files (x86)\259454404.dat	wmpscfgs.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrotray .exe	wmpscfgs.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2500 2688 WerFault.exe wmpscfgs.exe
1032 2192 WerFault.exe wmpscfgs.exe

pid	pid_target	process	target process
2500	2688	WerFault.exe	wmpscfgs.exe
1032	2192	WerFault.exe	wmpscfgs.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000012f90ce164cdd2a606433ad4ab8dc86ecb2c929b0980328f654c1307a7525709000000000e80000000020000200000009dae8bc4ac3fc3e63235bb14269f2d5a817a69c7dabeacbd7c9e3cc42cd14916200000000069af5352df7d391933cda361b6c7bc1c8f3ca350577460f5bf209eec50238440000000f851f4d86bbceee0aba4d62512620ebae543d7167cb6b0cf8fa5b435c42e6c9bc7b18666d6ee7ca15b173029320e9229cd07144e519ede66cc2f8b943d1cbf3b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000003212a92f9b3dad45bcedc0b2bc154fa404c4d0c117c31b070d9b560a2d3ce06f000000000e8000000002000020000000e9d8fbf96a4ffaaf25f2bbc8d8762fc9846f31c060bad123e629c4b59f93025290000000b6f83062c926a5a76aa05aa7f5ba3dd33b2c50368a6d5d25d5939224a99fdbab31e90540b0df716ef3d88df1a742e1985dc1216d91eb63fcd7bf3cf13f5428ea9e6e5f7b0254f15fd65c52c3ebdfc1979154a1696dd3908a40face8202f2b5ca8f48719ee0a8fe9b1bba10fc727f05225626617e3392ba132f27710b01cba8ec9c4a050f6070c04860178c4818946fcb400000005a714b89241979bfbcf32721d6732726edf74f61fd3266b23610752fe03cbb645a9e3b0b2935f42a37787de68d6f14ee517282ce40e269e7397e0fd495e72651	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C82CC6E1-0482-11EF-9F01-52C7B7C5B073} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30aa189f8f98da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420376392"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exewmpscfgs.exewmpscfgs.exe

pid process

2768 03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
2892 wmpscfgs.exe
2892 wmpscfgs.exe
2780 wmpscfgs.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exewmpscfgs.exewmpscfgs.exe

description	pid	process
Token: SeDebugPrivilege	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
Token: SeDebugPrivilege	2892	wmpscfgs.exe
Token: SeDebugPrivilege	2780	wmpscfgs.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

iexplore.exe

pid process

2336 iexplore.exe
2336 iexplore.exe
2336 iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2336	iexplore.exe
2336	iexplore.exe
1460	IEXPLORE.EXE
1460	IEXPLORE.EXE
2336	iexplore.exe
2336	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2336	iexplore.exe
2336	iexplore.exe
1460	IEXPLORE.EXE
1460	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exewmpscfgs.exewmpscfgs.exewmpscfgs.exeiexplore.exe

description	pid	process	target process
PID 2768 wrote to memory of 2892	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2892	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2892	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2892	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2688	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2688	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2688	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2768 wrote to memory of 2688	2768	03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe	wmpscfgs.exe
PID 2688 wrote to memory of 2500	2688	wmpscfgs.exe	WerFault.exe
PID 2688 wrote to memory of 2500	2688	wmpscfgs.exe	WerFault.exe
PID 2688 wrote to memory of 2500	2688	wmpscfgs.exe	WerFault.exe
PID 2688 wrote to memory of 2500	2688	wmpscfgs.exe	WerFault.exe
PID 2892 wrote to memory of 2192	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2192	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2192	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2192	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2780	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2780	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2780	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2892 wrote to memory of 2780	2892	wmpscfgs.exe	wmpscfgs.exe
PID 2192 wrote to memory of 1032	2192	wmpscfgs.exe	WerFault.exe
PID 2192 wrote to memory of 1032	2192	wmpscfgs.exe	WerFault.exe
PID 2192 wrote to memory of 1032	2192	wmpscfgs.exe	WerFault.exe
PID 2192 wrote to memory of 1032	2192	wmpscfgs.exe	WerFault.exe
PID 2336 wrote to memory of 1460	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 1460	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 1460	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 1460	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 2320	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 2320	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 2320	2336	iexplore.exe	IEXPLORE.EXE
PID 2336 wrote to memory of 2320	2336	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03115ddbed4500f571c7e1053c1b971c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2768

\??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
c:\users\admin\appdata\local\temp\\wmpscfgs.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2892

\??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
c:\users\admin\appdata\local\temp\\wmpscfgs.exe
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 48
4⤵
- Loads dropped DLL
- Program crash
PID:1032

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2780

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 48
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:209939 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2320

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
Filesize
3.6MB

MD5
e68865dcf50b179de559a3d85918e62c

SHA1
22980efcc918d46bb429d51fe0bb91d4232abeb9

SHA256
96917fb7c6c82628b1a133adb20d3d164a5bdc4519c1b6fed7b7084b8433dae0

SHA512
1900a3433710e22979451fd9f3239c0a91e97093159254b8e9e647df263ef4e940ead475e5806e39e14e8d45012845d009d63cc5e9ea59e999e291cddb2620a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a8c14d889610cfa2588e48c3c32dd8af

SHA1
ba779e7f905936815014452c8c6912547af9ab73

SHA256
b373520c645ee9707daa8c3c1b3c018f56f736fb4544ee2994e696d89504c124

SHA512
c32c96ddca9a710a894b9bbee35b6c0ee6f525fff314406b82a3788e8295f867b702f1df7c208d25ab65e289432bffd7352683124a8e331e23d3b11f2dd61f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
85e1166b97adc336487a1c61def6f910

SHA1
2db2f720e7ad2b3089088fd13bceae2adafcee03

SHA256
d5cebdb38419252ecf0dee3c0e79395d756736f3c0cbb50d2e83271bb56b9355

SHA512
ac36ebeb20997e91c7b0aefdf46611025cd1c530884de4bfb37d6694620aad575d770abcc45861b2ad92eb560e85f8fca3db5b2f9c9f2778c11603e2a5e72976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
24e1f83ca7dbcaf5c9d9896a6379b959

SHA1
1385e9ef2abc0c91bbf9e7464974cfeef6d002c3

SHA256
f16766d3965cd203d28f2666cecc2477cbbe627c037ff85389358fbda24b66b7

SHA512
2dc29c1f6c3068f108940e29bd42231e723624109d2e507856d1d313e1f92e9d1e39bbc12ddff33d34a6cb4b14288084528c09c11934252cb58eff6d140de3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
85ec94c2a6404200a793e826b099db02

SHA1
872311223918357e2b0a31d679e370d12a5f35a7

SHA256
d338854fdc47021acb2e5422acd43faac429e89568851495688c284995a72c11

SHA512
ff044f949ca120dd3dccef21be9bcb1284d5e9b77de6176cb2f9182995121021447ad433a905085c76c0c9321713b7d2a5c24a3f03079f09ad258783245bc6b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e01620e7604b5f6be367286dffd94ca9

SHA1
81889bbeeea77cd4202592f20a689cf94a1ec325

SHA256
4a72b187d1b6195caf2eb5a1e4ecd39dc3a77c4e5ba99d725faf1f1966305f06

SHA512
ac9356bfcdf20fa58c469c76311b9850f5d94ecf8409e0dd27f3b9f21216fa9701635ee5b7e275d36c83f7abbabce5ddaa23971531f9b18d604c70e03d8ab84d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b9593096ec2fa630b3ae8912c4158e7

SHA1
e5a35ca52767cf0cef62776a3f5b251e028abdc0

SHA256
f9d3ad1d10450c60d0864751ab01cdb408a9014895b96f0cdb02a06a01b825a4

SHA512
81fdb871c75a1d190b5b573418d0b0e41ce08097ead76704511038668b2e6c40312acfead6aa9623fc69bacb69e81b390fb0427a1012a2ca527b8378261b06d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
00fbe9b283ca718497b7892cd4122180

SHA1
e40afa7331eecc5f16763d575ae074d5699bc01a

SHA256
23700007253d3d1154b051e21a998ff95e4964ec46a141c1bf2a71d192e6891f

SHA512
dc8c50fadef3e862222779a19bd53d0be6c806b7562ec2faf83e7c30cf87eafb9fb2b3ccc277603ced5873b5c2980c62beaeb2b75c62065ac9923b9045b6be43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ce8979020283e764eda64754c489f3a3

SHA1
0cc103d0185eb1ac1ff9c8bc157ec6c1278e6e99

SHA256
feb8d9591b9aa548cf12bbb17e02b808e21fe27ae201fcf79bac17fca290b1f7

SHA512
12cdcb4efbbef537b2f7372e550886b2c8887378e70c770f8edbef868770daba85090b73b771844904be789145a6f7bd894adab2b5aa00931935a7c0066ad378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d1fa52d967bfcd5e4922ca8b928ec026

SHA1
ce1b61ee762b19b32e234261548154724cc3ab2c

SHA256
53056772adfd86038876d88268ca59bb68d6807d853e5a2932359c84d41623ed

SHA512
009d7119a994d662136c24b05e78268bdc97d1d48eb08b37a01f29cae31ae71a98f3d321a82e128dcf75fe58726bd3442d57d3a19dfd0a59ab3c177a96a01f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
080bdb1c94d0229efb9533119678a6c6

SHA1
8794c5ec9c14ef570f74de57f45db4c4529ab49a

SHA256
29832facd64795c59d5ded6adb6a2cf0e63992d3c6c5c819b4bec1f8e3bb05a4

SHA512
3c9db66ac12f753f316b57b5f35602fccc41b6c7bce50eb1ffb2b02e05955079fe1183df4eeb731a7cb5570261124a9df42b9bc4bb8d4774680a415c47c36e30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1dd93eaebcc01f98f563398a775b5ebb

SHA1
3fc1a00dc4fb20fb48d9a9a3ddbc329479f9a9aa

SHA256
b63916d996f7f9496a2efc9e4568691ee4524dabb8503e405832d5c549877a05

SHA512
58a674d1130977bc018cc11d737c4fd0c8e9cf30e8676eeb48f7eb75a26144c1cac064a8c3dcd76fd516d7facc4bd936e823d623204821a18993196081a97c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
590382144721c3ff37a68735b7f83096

SHA1
0b65f482ff734b6413ae5851ff42f62d51fdb880

SHA256
3f6e2ec5b932417f31c258fcdb6929d0ecada297121c533ca84e63638d98d45e

SHA512
9ca3db29bdb2a223c762c5fb92c9471ddeac35d2e2bcb76fc558daaf959bb90f225ea4d8d22f1dd004da817d0fed7bbb5b81c28bed5bb6f26f5172f4600cc118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9e2fd4eb2d172b6d220901f4f198749e

SHA1
04467219f15f6308dbca99a607812917b2f0d816

SHA256
aae4b96fff4a31e4033c0729de1545ee203f2982d793cddd374984aa1e220728

SHA512
ce68d1d52eb7bbe1330c7fe5343d2b44b41cb3c9120e845a152d4e9cf6e5c3404e1a90e34d3df86d126ae4c10eed05af117e3af3483162b001d35ef129fa1f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b247f0ca7af3f50f4e54647efc312bfb

SHA1
f58ad98d152b798eaf97002835c6656de59df2eb

SHA256
4041e6720985f8022cf0e8db24f836c6524d820384dbbcd955bba6bb04a05589

SHA512
be32b29ca0f464518e2cf347b6c6c4367c252e4a8195635a54ce54718f01144291c5157ecccfcb5d801b6545f6225bc8cd32254078343cd507c46e1adaf9fd34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
502e99230924cbdd6778349860e644d3

SHA1
ca48c7715ac49337999a184190749a3495e45e8b

SHA256
c1d39a03a7cc9c4d16ca149a7daa78cf78984b46e0a16f82552aaf54bbd0d1d5

SHA512
5c0eb6212788629afbc9f4388b0637f9b01cc30034b4da38f1efeee3583bf2263a10be65bc269a8c52abfe452533f8bf4d9a64883ef421683b6c19ad21d5ee29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
91836682ef2fac7164776330e3f84471

SHA1
482d5e23a533c55eaa0c5a5be3af8a8618dbfa2a

SHA256
01aff1743e931fd480e72bb28760c12475551208be0c573dafc7f1775847cc57

SHA512
18ca1410c3bb3eb24e29cfb25d21e173516d232592a8f62fbc208436093ac59ec167b4c9aee4bca04145ca32a4c44efc0f480d55e4aa40ab89e0ab4c99a0a7a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c9d6099594ef7c95b922f56c5b80c04a

SHA1
73c1b1205eb351ef3d9c84407b7c04c53d5f2afe

SHA256
71f0c608579f4a1132d1606915699abfae00c3b6600ef4cef8c10d71c87e9b4b

SHA512
678d024918eff579824c2c7fb9715f3808a18309bc348db3d1a7f887ab605359e516e2ac34c9422902b91a6313c51d397298d74e1a122686512e9bf7beb69f87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d560e4c591648dd2f739f9dc7f3cc3d8

SHA1
f73acd1186baacb56bbd6cf1066a3b62175547fc

SHA256
6e6c451cc48eef001bd339112288cf38a453b465b00b270d89da0bb4b5efcd8c

SHA512
c0d926f95f0492e5359dd5c7f7e03bc5f7d3974ade53e845b4340ed042898305bfd770bcd956983cff1464ad56d319fde122094c8b4253c168032847f6d0fc85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
afe39834e70015ed3cffcc39202edab0

SHA1
0f22ec02cecf7ce260302dcdc1a83177a0992e0a

SHA256
3a7448a9bb5478aa80b2934da09e2879f3702fadc6c9cb4746aa3d14c2f5401b

SHA512
00eb1b486272e717ada275586aa5bbeebb4e7b6c7bb40798f91413f523b9310716eb57a9a51aacfb9f3320cf08da16c644c3093a4b037fdeedd9771d616050c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\bVYPtfdmV[1].js
Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3795.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3883.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar38A7.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
Filesize
3.6MB

MD5
530426fd5a39b32615dd65f5af6d165a

SHA1
53f6cfb0683d632cf4d96656e54d6550ac9ba6e5

SHA256
67bef558f9debbc14336437a983f9b15c5d975940d457bb92254ad2aadd4e474

SHA512
0a7891671c8ce073004c5b3e37fae42e985025d7f2eb46ce93abae2e69ea1b5896ad72483f590897cdf4f1f545b359529b06abed510df248e003a7ddd16e81f6

Download Submit
\??\c:\program files (x86)\adobe\acrotray .exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\c:\program files (x86)\microsoft office\office14\bcssync.exe
Filesize
3.6MB

MD5
e3f6101cb98082fae8c8feb72504568f

SHA1
6e766e6a67099f9662b15db7d2a6ea0cbe96fd6d

SHA256
c65790a00e510b2985acf8942a6fac74c61671202a24a940988c084606a580b0

SHA512
145f830ae6f83134e57cdcb973ed76428cbcc0365ea395b85b9622cef5de69cdf2f6aee6389fa8fe01968138f70031d492572a805cad55f845e4d85495a87fb3

Download Submit
memory/2768-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2892-25-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2892-53-0x00000000007D0000-0x00000000007D2000-memory.dmp

Filesize
8KB

Download