16538ee182d296f247a9a1d9c6b6f6ef8b0c098d68b14aeaa0c04727b34ed18f

Analysis

max time kernel
144s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 12:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WaFilterApp.exe
Size

14.4MB
MD5

a4d195ccd7822ad76ae51614207ff64c
SHA1

76e37dd3761693b27d4b3ed95b1f899d8fa73a6d
SHA256

16538ee182d296f247a9a1d9c6b6f6ef8b0c098d68b14aeaa0c04727b34ed18f
SHA512

961e35c9ed37150602361ef0bb78a4f7f8fab47293c8c34c5b8e50e2daf52f7319e35bdda57e646e8606ccd9ae4c3d8300f98ed0b6bf8b51ccd521e13b51c385
SSDEEP

196608:V1EXPC7hrKiqNpFExqlmEpGzSj6MqYFHSv4qKh3ogUU1CxFkQ52cD9ICRAz4SlmJ:jEfAhrQpWA9ql4qU3woEhIwAlw

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2984	WaFilterApp.tmp
2952	WaFilterNew.exe

Loads dropped DLL 3 IoCs

pid	Process
2100	WaFilterApp.exe
2984	WaFilterApp.tmp
2984	WaFilterApp.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 27 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WaFilter\is-L136L.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\Krypton.Toolkit.dll	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\Krypton.Navigator.dll	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\SuperFilter.Api.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-8R1LO.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-B2RG2.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-V4KPM.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\Newtonsoft.Json.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\unins000.dat	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\Licensing.Validator.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-3J4OL.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\WaFilterNew.exe	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\WebDriver.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-K6OPS.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\BouncyCastle.Cryptography.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-9SSPP.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\selenium-manager\windows\selenium-manager.exe	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-L1FO0.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-LSRQ9.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-FQT5E.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\selenium-manager\windows\is-1GHHC.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\Licensing.Common.dll	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-VKQBS.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-GR6FV.tmp	WaFilterApp.tmp
File created	C:\Program Files (x86)\WaFilter\is-FRK33.tmp	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\unins000.dat	WaFilterApp.tmp
File opened for modification	C:\Program Files (x86)\WaFilter\NUniqueHardwareID.dll	WaFilterApp.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421765569"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4082da0e32a5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000002dc25bedc4eed8e43cf6e05e7b5fbb768b5254379a58fd8cd8510a724018fd65000000000e8000000002000020000000f4bd89e74cc7f6867384cbd217d8aa02e67faeee50ccf5f0ee0651a5be5539852000000001c7477d4a31d725ac6de0536b0c5a725ef08d12b4aaadce2fb6f5eb6915a9894000000008c3542c04121b822df978bbc8809a590d43349f3f42adeeebba1db2d3455c3df4efe6b7667b9ea9a8b3761d1c03d35713f95c7acbfec43682119481f352bfcf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000868495412e2dbcf76773637ec64bc0aade94180fa03226f5dc7ae2b3e637024f000000000e8000000002000020000000dc69ce73e7356bf2251859d7a871183005059ab3d52a6ff12083003c379821899000000091b39b67693883a8cde5ee794540b3cb014c36e6bd1d4cbb28b5c96a532deb6dd776427fa95f1a8f50dfe62665c6906e4ca7822722edbfa41785c9de92e56f9598b7ebdd01159c6aaf6507dad013139b4abc7d8b4b08dd793f32526abbd3ed94d1835f431ab362841e5e1acb9fdfd7427bd16c9867b7c92ab3dba1c24e9788ef7926f0cfa8bc84e6c4070e741a3577f940000000937bd19243274f6ec58a53d4d0f3d5d23e68c67cb533ef1c8f6e81af3889f8df0b8f5bcd2bbdd2ea96f4f40f091f5064c0b49f4510f30836f10e751b8c76f7c4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37A99711-1125-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2984	WaFilterApp.tmp
2984	WaFilterApp.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2984	WaFilterApp.tmp
2368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2368	iexplore.exe
2368	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2100 wrote to memory of 2984	2100	WaFilterApp.exe	28
PID 2984 wrote to memory of 2952	2984	WaFilterApp.tmp	29
PID 2984 wrote to memory of 2952	2984	WaFilterApp.tmp	29
PID 2984 wrote to memory of 2952	2984	WaFilterApp.tmp	29
PID 2984 wrote to memory of 2952	2984	WaFilterApp.tmp	29
PID 2952 wrote to memory of 2368	2952	WaFilterNew.exe	30
PID 2952 wrote to memory of 2368	2952	WaFilterNew.exe	30
PID 2952 wrote to memory of 2368	2952	WaFilterNew.exe	30
PID 2952 wrote to memory of 2368	2952	WaFilterNew.exe	30
PID 2368 wrote to memory of 2668	2368	iexplore.exe	32
PID 2368 wrote to memory of 2668	2368	iexplore.exe	32
PID 2368 wrote to memory of 2668	2368	iexplore.exe	32
PID 2368 wrote to memory of 2668	2368	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\WaFilterApp.exe
"C:\Users\Admin\AppData\Local\Temp\WaFilterApp.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\is-IRG4H.tmp\WaFilterApp.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IRG4H.tmp\WaFilterApp.tmp" /SL5="$30144,14276700,844288,C:\Users\Admin\AppData\Local\Temp\WaFilterApp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Program Files (x86)\WaFilter\WaFilterNew.exe
    "C:\Program Files (x86)\WaFilter\WaFilterNew.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=WaFilterNew.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WaFilter\WaFilterNew.exe

Filesize
2.6MB

MD5
85ca772e58a46df23cfc12b854ba3d84

SHA1
23752a6772732a57da7e37b60248c54a139d49a3

SHA256
a8841c945f5d3117745fac3a64f7735a683eeff78e28a4754dbf75c2b09d3612

SHA512
768aa9186676cf174bd6d7ade1e67f982baf56e41f816d78984a312a36ed5d99a05a26e395c6acd3e51311b3180708c4b7be773e3b31cde8845bc4a6b0450525

Download Submit
C:\Program Files (x86)\WaFilter\WaFilterNew.exe.config

Filesize
518B

MD5
993a2af70831587d2f611c7efb141f96

SHA1
eda856d35705dad0dcecc49ae7367937b839eaa3

SHA256
856026e81cc0bc78d5096f532a40d1ccb7f97044028d37447fd454a9a1582b49

SHA512
005fe13d617bbd12ff57b77323cec187add8bf2322c56616df27ac0aa75bd86543d998e14a3a0b57719bc203de381e9add9d6fa4cd9dd42d0cd5ec6bb226751c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d18b8f84cd1536e505e86c36462117e9

SHA1
0890ca11d656d3c59f9eaa6833b05a933546926c

SHA256
a57960fc5e618c5ca9da5a91c4b0fa36e89609e59c3aa639e1af33402615c5ed

SHA512
20fc68516eee8ab7ada6c73ed3972f61da71323e2e418d2ee0f1ed483c7b7f405128b2e940af28ce95a4a3409e24c42703048e131317ee5133b4169cd97f9e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f47febefa4773f99e808067770826186

SHA1
0014ca1278578b63e072cdb3e5d97a1eb7d46237

SHA256
f05babd0bc114d316fd58ec66f39518c3b29fd40672ea309aaa9872a6a7eb571

SHA512
e1dbce13060488919ed1a9df57a9e73a31a14b6f385d471705ce5fa4f2e0ec5f8774e641d2990d6b0f6b76e70141e2c82f54abf688c5b8477aefb1c3396a1c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfa7858e7090f361cf6a580387d7059e

SHA1
de6173347819686b6c033d455fb2f30de61404ee

SHA256
4979564e807963ee0503bf3dbf2b9f2c13a76fe531f990f34aa0541737e555d1

SHA512
1d1b8e6e9ac9f9a7d17d19acd0a849cc1cf066bccc0a7480d4e6e83118932e8232197efce81790e88c735666cc4af0a2c5067f09a670c463163d07ea7e10f696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad7030ab8821f53cf1597446c2c68aee

SHA1
a17303ee0152802c7db4c6615a913b2d11ec87b8

SHA256
f19c679b0cd10482701cba5f362075c685d207d8ca0a06c8312093babcd412dd

SHA512
478c0fba891d62cd5eb84b18898d7efb2a775b750275b0f3bea919ea325159578ba98293606065d4c675ded6075eed2962c64877449c3475ca8f74eeb622aca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93240200581029f040b31887f3c88d1c

SHA1
6b9ef644ed804c7f28a719989eab5015e1344129

SHA256
f0904347436a322f57b85a26769aff4a9b9105e42d00660bb642926b8e1357ab

SHA512
93798b4f24ae4cc1bab6611ab0a49ec9faf2c224c493a0fc4a7c69552087d8a92c5887b22fc44281d055143b91ef608062a8267c906d00a31f8e1455dbf7c34f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3f3705e0d80f50f49dd71a79238f028

SHA1
cc248dc096ccd3bbe51ade2df3ae60b1443e35ec

SHA256
2b7e296fa59eff413443cb176b845b0b31929564864bdaab5f9f8bc7f9586aaa

SHA512
09e5e9d92a96fe79be578d9ed324158d276fc1007d69b167b92f16094820d8ecbdef3acbbfa6afad0b7d7502b7f9125c4db51732973d7051719f243c7f131671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfd3447db8965cbbe97409288630c7f7

SHA1
a2efb1da60b6e8ae2ce51e383250d5a528bbd32c

SHA256
597507cd5da20ecec1d5817bc2f77a481fb1e1b6df6f82aacf965aa97b62d312

SHA512
9e96a33d1e0247d050e4a8dc6baa875815b1d17e882d5fa0fe5bdf1c43ed6b1aa97a32bdc3e401eccf871bc8cfe9ed637bdd2de36c97309a27cb0a051a02e70e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa44fff011c14ec88cb19af50979e485

SHA1
cb9f114f6119d6603b2b952403c77d93d7993d51

SHA256
0f40b1f06a998482c6ea27bfac41bce343777b6103ade1990ed0b009b83d95da

SHA512
681c2144d61ddae661a16b5626a839fbd38197a5e4c75069b76bdbcc3073f0ad75f989dedbe4cc1ba5fc3934aa85f8471673a6aacc5f970de54eeff6d4686cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ee4f1fd9d6ccda59889bd98c62e4624

SHA1
6552d8ab3db78008c77da6d15f4bd9072f51f2d7

SHA256
c4b9624ee2a78362875514d5bacedd2789dc9765ff05a86f506dcafe375141c7

SHA512
7ff172780825ce5e5cff249b872415dd5d2293b48f2fdf088d7b383855f2cba923b31b3cc6f7712805b92d4fd034d05cfa1322fdd7d4c9bbf1c697466961ea2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f0259ec05ef9050392335b19a32f595

SHA1
881005a49994b8eadf96e3f9c58b010fc4d5e2a5

SHA256
315d095a1008814bd11b66441b5423024d992c2dfce0987a8693dd716e1cef16

SHA512
9fc5563655b9cff8ecd19f4ea7343f68521839a7f9a8ede8281f5b0456e69a33ae16472886e83ea2538ac7ece6d296e3ac51fde31f79b0f94654edfeaa51b1d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eae257f49672be910166dcc57a9ca32

SHA1
c6443b377e9eb573a2cb2325048a52f79f4546d6

SHA256
1bb0e39ecb8c82d4297a1019d676d8248b398560438dea16143a0e338322c27b

SHA512
aff6a3040f040e39099d8af30c89829a61e550d4f4adf542d5240b6f47849cea49c9d8afa97762adecae18bb057aa69a11c7cd2fa75726b71bc3624618e5ddc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7e343e345e7eb9b39473ec6ff689d16

SHA1
338719a8088b0e54e3f0fa60d4dfa610e27c6ef0

SHA256
32e35f4cbfa94ac3db1077375e6c8e521bfbd0379dcfebfaae05958f9eaea11f

SHA512
d3dea9c69c20a160585676da4e87499a68a43443a6b05ba9c7ea080ce916acbab74dfe1e8fb9fa33c410ed4c78d03597dd86941f729e66434d91fe968a2f104f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98e1a9d4aa517bec148d9cc957dd4aea

SHA1
2e68a504bfe74e1d87f117c46e83aa9f3890b781

SHA256
04fd66c249f9d52f3c1d4a06520e74d31429f2f558c7940ec788bdc9d1124283

SHA512
7f659fe052aeea303ad7f5339aa85654e6a9719f55fac77959a51e8a6b4ad8b1c4837eb7f3ab76e017b3954943f820b9b57d963d394bf82153191e871df4958c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e69d73035af465dd41a5bc8e5d6ff1e0

SHA1
efdef43df21e1ec06fc022f06c79f6e8e95e7404

SHA256
45c3fd7e2c44f2ab4df69099554debab84c5cc9b2c057ab943ad611fbe8613d8

SHA512
f3c480e693823ca398b8677822f48d5f011389d8c64959992669cc450bc676d82ffbe1b79db27a03dd0c9ee72ac5f85a1cd1b76fb70ecb03b42f7a877ff8a3eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe3ff86b721843d18c386821a493606c

SHA1
1642b6a0f3903b3e6bd5a669b8c3c4564eebc8ac

SHA256
20ddd17a54443eadb05bd8f73841eaeac34ae08e53e3af9d5e10ca5a255bc285

SHA512
c59f18cca37b03b09ed5826db0a29f237d4c6e86d3993c962fec2eba2c58ab6f62766785028cc3f9b8c0ec78a27072a1535983526e06a4ba167142800a9e5793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6af812dfb1c21583947163113d555c47

SHA1
ffe2724868919ae6e0204e095c24433139a2caeb

SHA256
462b55c618c055e720602fb73cfcc73681f0c55b2f062dc2b9f70bb5143ebe6a

SHA512
c95288c38ba4194af74bb7354709de15eb786120f43614a3c03164caa937da095689522eb12cbfb67a7b49e3b578f1476cc64e27d6ce19fb678982084757af9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a29fc8cab2079cdf7e5fd2b967a163b6

SHA1
925484882cf6c1d4227bc506adc5d18d23ba3427

SHA256
91f2a0f3755fd48b37703b23802d8c68950af7831248a95f50e67365786c12ba

SHA512
79d2765da56b5dc77b6accaecdc52b2ac3ca9b01d4685f733f368f4f612ab00e5f9bdf31b3de83e91fde0f015c6a53df69aaf1bf1e74a4415cb43130099618c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9248089a6d032793488cf3c3bc2c8b48

SHA1
3f3fc4744098a0b021d3f1087ee7fe0de7996849

SHA256
e74d3b918c204685ba7de3bbb7c59b578596889daf4ac190901bc6c6120d2414

SHA512
1e656723e59af3695faf1eff64df962c77a22603129df0bfcd22f9accefeae8c5353700550f47710c16d73a796d0832afdfb6af61f25989b9155b7581ce58589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bec77127e7df0c44c971045e0bc1c8a4

SHA1
d8318fe08d056527c931c6e8746a5a43527a2c40

SHA256
db60cb2a3c5fac69d5170ac5ed59011a2aef0b8e95f1055777b375176f6344ab

SHA512
368d0396bb9186494b9163f9285557372b2c1a3a2aa9d0aaa14add7946af8a30971393f1adaa54ba19f194f03bf5275fdc99788e531cf65c456706aa71014d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4CEF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\is-IRG4H.tmp\WaFilterApp.tmp

Filesize
3.0MB

MD5
050e34d6662fc104ddce974c90bf3511

SHA1
64e2332a244a8e94e71bb0def89b73ba1dd15839

SHA256
516af84c5ad10b4df6f663b7b3e28617ed42da60ecf1561f04b621071e3dde38

SHA512
75ff1ff4e8cfd25453b772646d8d81ee3670ff00d3b85dfb29e05e3ac5834a0000c776cdc2e7002bbaa7de14654e659cf39c22d93e470e5ebd643e8c97376e07

Download Submit
memory/2100-53-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2100-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2100-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2984-52-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/2984-9-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download