c94f9a0f6735d8eb0b9b8fc4231c44b00cab90a0a9b5b67121b49ce17ac83c4f

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 16:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Size

3.1MB
MD5

0ebd6be212deb179e381d31721bc56dc
SHA1

84ecaa40258ce46bf5a677c9f7bc6516267aa3e1
SHA256

c94f9a0f6735d8eb0b9b8fc4231c44b00cab90a0a9b5b67121b49ce17ac83c4f
SHA512

3325caaa4f8c33764628f9d22127ddb901b06c6c3c2942fedbdac1b6dffb75f85930ddd67b0759c816c45ebd0ccfa8c22bbb78dbeb7f90a7549f99e6d8b03f8c
SSDEEP

49152:KD0pjGnq/1z2bM7txvL8QxLDt0Tp6y6ausMImEDxYC65TNlM4mbXs2bNERejYeh5:Xt/1/8QxKpz6aBTY/xNlQ34exoA/

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1988	FP_AX_CAB_INSTALLER64.exe

Loads dropped DLL 1 IoCs

pid	Process
2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2768-0-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral1/memory/2768-1439-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral1/memory/2768-1551-0x0000000000400000-0x00000000004A4000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
File opened for modification	C:\Windows\Downloaded Program Files\SET2674.tmp	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\SET2674.tmp	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
File opened for modification	C:\Windows\Downloaded Program Files\swflash64.inf	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b666291cc7da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc736445a2d95443b874c15f2d1a936300000000020000000000106600000001000020000000003e7b5fa8e18562af45736d292f817ab6180744b1cd576ec5edfb325a7a8b2b000000000e800000000200002000000084178059c16691ff509ace1f66cde296aac5a20f6b9a6d6d89bb03d4f668de119000000035a60bb4a56c720492aebe38980974a9db37be6ec385219d254464266a2b99b6a9910661d89a6fcddcce85e8fb278a4cf236202efcb7985d3540c588491ffa7526eddd80fc3ff728121917fc0db5b29223dff63085555386849fd8107907b2db9524d97419feb0f9e2dbd4156eb284affd2dbed86e68dcff25e809304b12f2dae47a276330736dbc5df09dc8e5fd7d44400000000bbb78ad0ca2519405dc75ccfb63d4881d9d9caa2df90739c7714b1452f64559f13efe4a8901f0404d26f2a1734d69eea8384dba039abd62c862bffd11ca3111	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc736445a2d95443b874c15f2d1a936300000000020000000000106600000001000020000000f6333f78fba5491e97aa7ff0579a38a57eea00b5085000fb497da3025f1dd202000000000e8000000002000020000000801d469a4b5ad103470a97dfeb1a4c4b234a4fefabb0c16083c764cd075fa07e200000006a8f5e2538077bb89ee0b4a6e9d3cd14c4c44df2c5ca957eab35bc8e59e95457400000000759fc99c3cbabf2bf5b1a74b30bccfc21bbac046f5d863029252fe0d8b2c8f594e3965a977f840a09484d15b3de5badcbc7897fb66ffde206f5aa2c44b5114d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425494519"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53EE2241-330F-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID\ = "0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.eProtocol"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.eProtocol\ = "eProtocol"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.eProtocol\Clsid\ = "{82184935-B894-4AB2-8590-603BA7D74B71}"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ = "eProtocol"	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.eProtocol	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.eProtocol\Clsid	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1988	FP_AX_CAB_INSTALLER64.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
Token: SeRestorePrivilege	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
2216	iexplore.exe
2216	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 2768 wrote to memory of 1988	2768	0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe	28
PID 1988 wrote to memory of 2216	1988	FP_AX_CAB_INSTALLER64.exe	29
PID 1988 wrote to memory of 2216	1988	FP_AX_CAB_INSTALLER64.exe	29
PID 1988 wrote to memory of 2216	1988	FP_AX_CAB_INSTALLER64.exe	29
PID 1988 wrote to memory of 2216	1988	FP_AX_CAB_INSTALLER64.exe	29
PID 2216 wrote to memory of 2696	2216	iexplore.exe	30
PID 2216 wrote to memory of 2696	2216	iexplore.exe	30
PID 2216 wrote to memory of 2696	2216	iexplore.exe	30
PID 2216 wrote to memory of 2696	2216	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ebd6be212deb179e381d31721bc56dc_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
  C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2216
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f516da4294e54bf0bb14cd784ce845f0

SHA1
3873ed3ef6ddf65c0e63e3700d82aac03dc05eb5

SHA256
9fda532edd95fde7a1f3d5f52b47339a1c1b30ae21dec4657a47a487e1b07ddd

SHA512
aed5034ddbb7b2abb10e4940950ff7d02de882a5b042ffb04b1e8f3e993c38559d71062c3d2b6b2e6a58bfc49c88d3601795df18e9bbe84cf39bf1ae6dd112d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b58fd1f829aef0d852ad00822a3eb07

SHA1
ea9ff422321262a240bf422d3688513193b17f4e

SHA256
03d2a02f68f2cba47ae2211ab2af83a08d55e4fd2e573359274080e3dc87f184

SHA512
ce165c06863601bac146e8bc16d7edf1de5bc0c25dafbbffd4e74e07ec2a2361b98e7284e7dab9b95913371dd8680da31e0f14ded944cb8bc1a9537cb64f9599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42437c22ed9ed6b1e717ec98e16b0eff

SHA1
2c635afaca5f48cd4d585d3a72e2c6a9d7479fc3

SHA256
78260c7602f4b3362ec0598461b81127ea492294b0db8a343e9453df20573e15

SHA512
8ce1f2deecd47a1e557a2209decd577ebe30137f418de89491dfea0db009bf02fcb0f7c504f2eb8af30bb0ec6a621d8162a7d77aa54fe26c46839c6316556a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad5c688158c8e2c81798beb5b77da745

SHA1
f1e0fce7804e049ccadedf3ce5940123e340081c

SHA256
c13fb196ece7884b99b01b6efe68bc00ce3c3a6343022e8d9d86012aaba999fb

SHA512
4e4a6c2425ab6248c1b4577bffc3bed069dfb171e6276deaabb0a844203c59aa622d3feb2a9130f95a68e5190793fa9a06423343d88f6bf9109f18706adbc3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eee7d4dd3f7f9e253e15d0830c2df4ab

SHA1
b943594d88a997affb494431a771f34c9831e29a

SHA256
829710f3c8d36b50023e889a33de8b35fdaa8fb02e48e4b3b5b5357be3835df8

SHA512
9bc5e6a9de515f4886c194ee2458c221aeb9ae598dd969acaf60c41ce589481a7c12f2052f3a3d382f131b8a20fea8bbcedaf20a108ad66bf195880c38d82627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8d0b7e4219a1d18699b74260028fbd4

SHA1
b906a1f383056e3c60deac6651d3516738f050fd

SHA256
8c279d01f467cf20746240417dc651e1152f6f9d2d0e67a33c24800b1b6d2d7e

SHA512
516841a02259748c46aecf5e5336a72607d628289fa85a95da10db220dfdace38416e6bfda263a6dac0360d6325dc9c37d197213646ad77a2ad836967f8da4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f15255e4134f5999cc3c54c86589d8f

SHA1
8a3f4159ab4f2f65290edfea127db99eac3eeaf4

SHA256
fa7c3ef26cca89b5d919246576b1ca86d13830b3bc6bf3b957e6a7a4ef373322

SHA512
28c73f8f9e20ddfb2a8447304245d7ec05cb1650de260ff9db59cbd172bfbd52f79cc17512a650863e6325ff6676108a8dcf48194952b836533199d35b9f949b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29e2e2bf0806579778f0ed8f3dbff1e9

SHA1
faff8361e5bfcdf19dce9ff20a3356112702e8e1

SHA256
90cb1f3f1d323b2c2a2c5b8fb85b58ecf13a8cdff763246daa42bd6698415762

SHA512
d865437a413e8704bcf0788bb6029803e7e6f641bceec621ade487d85ed3a739e8a503d8914d51eb9cc9e243bda81353bde32c63892c88795418f0e28c2d2bf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
734685c0dd0ba5a45c085518e465f070

SHA1
1af25e7a3156e8f2f6992cbcd67c8c05266adf14

SHA256
d1a401663bd9fe0cbcbcef151484a416b1e3b1aa266161c5f35d2d0ff0d43399

SHA512
d6302f881467ec69e28d4cc0d91cf7f2c6a47c6d733c49e1aa79b6a11ce9a618e1752bd1531a641cf2cd2e73439587719235ded8b0182fc77160e9cab2cfd9b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf8fd4914de3d2325a4d51355e258e7

SHA1
a60f7517088b2f8276d9bc931f5f718a942b2c90

SHA256
e5a53b57036a6ca978ad3ddaf376aeb3f749688f7659524ea017881cc1cf7c64

SHA512
14b2329998dd41975a786779049397c38ca7f433cda95aedbaa2a78978d2146ce1ef858377515f63f9ec682e17696da208a18b888fc193b44e89a897b64afc97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e975433f249752b48c9a45dd6c7576f

SHA1
ce995ff08691dcb563cc4414df34b29795ee92fd

SHA256
02fd479eaa580f4e4094a8fe715d9518c0bd9bc40340919a28c2a22fae96480c

SHA512
db1613b8e46450997796865728eebcfcd90fe7be5c8cb2f552a69c025d84b0f0083ee971a8de84b1a69edc462127e15fc6f3e5ac7ab74a5d3a2feac608d4508a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
987804894f4077e7a5e70589d618bc25

SHA1
754fb980a4336b3a5c30b0b9305b01434ab11221

SHA256
4a6976240015e6dd3bc6b17119d9ab555d5ff215b5d2078c920ed8544f9829b3

SHA512
2de9397dc20bb1b3a8f6fe49b184071e6ca9802cafaae838f4dcf9250dbbcff7179c29a6ef239cf42cedf3b125d7667d1511d9a6cccade2211a29198915a3ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
168aeb0b7a9e250fd0dc1ecc82e40da4

SHA1
dee6f4f9cce9262ade185d34c1a51ddbfe55ee9b

SHA256
c6e30e40d2756d4ddf6d71a3bd8ab7c4884ce53405c32ddad03b6bf3baae3c7a

SHA512
b3fc35f7bda7dab586a416588538f48dd7914d4ad4d746121b63f66b68e525b68a8dced4175e0a7a1542534002b8abc4fe6c8839a43d169d141f34e2ba36c96b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfd26e9c0e4184110bc547ad0a59d700

SHA1
a0e1c7825949dd5747320a9887d3724432fdd6b4

SHA256
883bc3f66e3fbe7e509282a78b4b74744dea6d61ab32c7e38c0d0ba88c8efab3

SHA512
d53cf9fa7295c7c86690c3876f578af827b4fdd9e2b6c182f1a49e6c6107edb96ea30c4012d226229004b041a92d03ebda6fe217086b45f763555a5961de5837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
510e9dfaec47b4a6bad590e7333941ed

SHA1
11fcfe97b6417a3c9bf6b95c1022440e6465fac5

SHA256
1ceee2043e9dbe2be02062d6c9521a0b54328c04e798d67f87d2636cb0c99da7

SHA512
3020a730e1cbf38e29e3afda3af3c2a32a3d61e05968c03b1da9f1abb1e4c849c3e04b753f8718a2edaff63b2ff8644d07f63b50ca8dba1fc1fc90ebbd9d4e4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16523789d2fefde4b8cfcec4117f39b5

SHA1
d87db028848ed0ebc7817f5b80cd4d5128c0ee66

SHA256
6bad470794b9ccedb26bab39b4213e209f3c117d29b7a315763ddff585eb4c3f

SHA512
5a96e8d24e51bcbab650c15b0a0718b75edb89e4561ea9ed0ad4bff6c592dab6b23ee7d5c4c04071ce5096ff7c28e26a056892c471c821b7433e6b9c5690c71e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae28c23a8165a0c14bfd12599acf5117

SHA1
d76968f6d6dbd543175e4e94fa62775637be645c

SHA256
63c957cd573806e2c7b181e29451767a73a89a58f8aced0baf060f63e33b6854

SHA512
60431c5a50fb086b13405f2f0061570c8748bb0bd73035b9f10b9b3d673617c23473e71fe0b666e6642545fe07f8d7d24c2915267442df867f6faff3a446dae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49b9b55cc396e45a6952e08258a381bd

SHA1
1e7902d55c50d379281207b9866615999ab99ca7

SHA256
274e50326b5cf5821cb91e252d4206c090118476903f509a63d817c4963d1af0

SHA512
b96cadb9281d89a37df793f59ef06b8ced1d0a9938f5bee896c47fcbf09917545cae84e815a42b3e99e76766900911609c7c59ddb25941bfd60ec62b46df37c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6059d41c27b601eb3699f7c69c5c184

SHA1
3d127a419991af2b71212320eff2ee3922d45c61

SHA256
0485d801c2486a4bf1bb7ca2d5452224398a5ead2392b7efe3b060db9efcf312

SHA512
0f174437464749e2b9ae1d47a9e9236be63b4d3d5aa0f6972e1509b74017fcb93eb81158f49f9fea17b4e22d46bdc35fc5f315adc6f0c81969565b8953907aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25b3babd1b08227f56e06d9bef775865

SHA1
4b11ad6f4099d8cef1f4c70750441c19362ac30a

SHA256
1c578642c9528936bba9d054f23a820267246a6cce52e14af48dff3438abf285

SHA512
995b723f6097f3650076bb444b5f87d86742c3923e672c180cbe71703422dd7c59a5939ba23b217232878052b504740a9629d12d3f6a0d97db52d1b086610ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4769656eeebd90f3810c10ae5b88c660

SHA1
dc224d081538715d44855d8b21fa8a8329f5b7ee

SHA256
bde813142188c3d751b8faf52891c49b9281e5073a7df11c179314812c0f8248

SHA512
840d92486e572f3773379f63428fa7e7084b06684ba73cecc2ccd36c70ac38559d0a2bfa510070b78b8b24dd581b013041697d735029eb6cd64b6bc297c6c147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2a242a876a0266650a35a0a28e434fc

SHA1
e336600bfe50beac03204390881fcdd5bf37d0ee

SHA256
739246096293a747d5d41c5190efe1945265c7b9f4ae48b773e732e8b1c935fa

SHA512
d6a256900c0a437f7836e7c252a5c749a5c8585f47ec3224e9ec08213d4913b79b6afac479a7693805bd85cf0eb8d23f36eb88d821c9c85f9c1dfbd8269e3bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a95ca0f3c20d76d8d97871e12bed87ce

SHA1
7b2e8ddd7f709a9a6a000cc6991962189cdffca8

SHA256
aec10e1043e925bb199494188a485a72040f32fd291ca4459403f3524c771f1c

SHA512
875396c91bb9248482c48b3084168f0b16e6e2a6a554bfe57815a36171da645ecb6bb3ee50fdd48d158c67882b9b8fbb851c1f056cf4d01cf632811dd6dd9269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1edd50808c39a52e9a257af837cf0f64

SHA1
ca68352bf1bb8dee40faf1fddb61cc3c1ebfbb72

SHA256
21cf5ce1e1ef2fcb7d35f12262a903a93f53730880c7d8b767ba1e14307cda54

SHA512
83f3248dc273a47e8f8e16234af2a9d8a3f039ebcfbe5977ae9d3cd8de5d68e9833a983b28ba52d47672814144c7aa0c688ce9b94232ff0a3f9771e2682a56f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ee2a82b470ee63395bc27445eb484c1

SHA1
f044505581fea4040139b6667ec124aa7e4d1676

SHA256
f0719f36f001d91db634abc93fdeda3b8207415adc44e71e87b90a1384788a14

SHA512
c6387d28867c2906af6ddeda89637f46b2e8e53aa9e2453f85367a3be7786b29ff46d526f225db9fd3d1bf625f3e9fd67b5dd1f0d3f61e2683a750fe606cb6df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e295b68808c62309966fb9443a082de9

SHA1
1dd8c765a2ba7e37f118b3e8e3cad9eec9fba6a8

SHA256
08d5071edda5649b2b0fa354fae7886cb14f5f25686a2276e890c9035b67b898

SHA512
fe2d84d47a656ea29d1222403b38d6030d455c8fb6e5dd4fa76bec2f580029a39946264e65fcd3d1bc5b7543169f022d66268e02891603a8cda194e82dd22a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2c68eb6c02cc93b98aacf002744c857

SHA1
ba8345c2f8c92b229f9b97e9f06433df23cc3c3b

SHA256
573a74129c54a1eeeb283b831b12234e56feffef9a7905d0628ba93cc3edaf05

SHA512
e59bd682528d3d5d517ef18944d0c5e136b17e75b6fc49c9fdfad3a66a604f09740ff1d6991c64c1dde272c723048dc78bdf6926ec00f6b19fbc2e7dc2216a97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ca2202cfc42c2ae4b1ecac68c89807a

SHA1
072e716dcf663e4a72d924ec9d0d208a3853c7f2

SHA256
b9a4ee5af1b8968fd9ad21c851092286520db9a369a10aaf37d1274b94724835

SHA512
f97a3899901816adf1ff13620ffaad1ce0fad479ac584a377cde9a6037686f1e85352e53eb42290d6e55a4a309e61e2e99ff5927965258e251dc2947132715da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b1ea778b81d04a82112a5154d6cb18a

SHA1
0c7be08aeaedbca3ad1f2fd82d7fca5f1954935f

SHA256
b3a8d1631600abd08b7bdb1bd9248e9eabfc643da36a59c45221b8fa88b75c25

SHA512
943c13366106c0352b401000a81037d15ac7f809d6592f69e6b14c7fe90ef966994ca35337277ff6d1ced3914afaf5b772493201bb2d7b2130a08d39f74be77d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c79b252a6a78bc7bb6b277f62d8451b

SHA1
36b06284c0a9d140cc29d74cb896779f27d6972e

SHA256
c41c287402a6aa5ad01b49f8e7b50357f52f187b81ce0c9d1a8fc8fd53fed1fa

SHA512
17cd4a2f0f328da5ca0dbf31ac64d07fbaeaf9b34f894c95717bf39d5c8a84f339708118309f3e1dae584fbc5f2233ec51b09186c879ea9e2a2c6a1a291ffff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63af85eaa98d61f13f4dd44dcc987b78

SHA1
fd7ac6179568d7503f4223d1b870e7f095320575

SHA256
4347b06d6d99f478f9722ac2a9f03ba929dd2d98beb65161ab8ac0f5ac4b8103

SHA512
c715fdf61f49a2c589de1f71ea9c14e5a8e322b38f540cbaa18b6713d80f2006f5c31967892a136144b731258e0d434d090ff786c6869d9f684741aec40f8f44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4082dcfb40673a7d56d7a6d18d961d1

SHA1
811dc604bb4c8a702c7ed8097719f74a823beb44

SHA256
2168010567b89dc17c56844f846d30c8f722d3a5145b7c25fb3d3be90b6e5e90

SHA512
cb06e5347556d31a6b42060ab9114a3080a5bbd5432e6864090054d3847c734c9a270cc3ebb15757fc99b2c05cce1d395795a2242f0955fc9bc758c0b4ab5d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fabb4fa3e057d213faa81513b6b2ec02

SHA1
1d158a24147aaeb507b26b38983533681126df13

SHA256
ddbd129f8df27c573a90173c8b26b1d560d830dbe5101542adcd25119e94a461

SHA512
eb71358e50b1991843cc215be13328eddc1ec264f645de3739fe46ca72875ce37fd27b29da4a3c26992162596f95971978d1127d7ef68f28dd0121e2b50c31a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fefd9644b9fb7af2b959fe8a73ead97

SHA1
03791fa566dab255c1012aab2eb378803a130df9

SHA256
f8430ffc6de96416e018676e72cfd1fc81ee6c0d98ff91122ac6c837985e4d69

SHA512
580175fbeabd87cf0ee3a2bffff2feb4ffce4b05cbb3296fd4cb1d75e22037847d7840757d63ccceddfbe5a1bdf499de99f11ea78ed1a895f7ca4851a2ca6061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
da93040f000f039704073cdb919428be

SHA1
6b9a9d67e654acf40d5541c2b0a05a2eb453f434

SHA256
ae7e6c1340417a0d3a5bd63df55950064a7eabb23925428721b5db0c5164f3b4

SHA512
4cbac7c3e5713a5f9dbb8db2c651f1c99886dcc03451133a0106ad1d5a8f81e7df9813e72cfb38d6869f68c89f4a27bafa5862da85e7164ce1cd88e16e11992f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\swflash[1].cab

Filesize
225KB

MD5
b3e138191eeca0adcc05cb90bb4c76ff

SHA1
2d83b50b5992540e2150dfcaddd10f7c67633d2c

SHA256
eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b

SHA512
82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

Filesize
218B

MD5
60c0b6143a14467a24e31e887954763f

SHA1
77644b4640740ac85fbb201dbc14e5dccdad33ed

SHA256
97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58

SHA512
7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20F0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

Filesize
757KB

MD5
47f240e7f969bc507334f79b42b3b718

SHA1
8ec5c3294b3854a32636529d73a5f070d5bcf627

SHA256
c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

SHA512
10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

Download Submit
memory/2768-0-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/2768-1439-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/2768-1552-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2768-1551-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/2768-1-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download