e4a84cf6725ac0a3f58496f86445c6b051d44a8be73989ff80383eee5c35f398

Analysis

max time kernel
143s
max time network
141s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe
Size

124KB
MD5

1ad9938e611931ccdd8717f61d1c4850
SHA1

2b3d2d11fa9d4e24f80bb7154a5d107734795592
SHA256

e4a84cf6725ac0a3f58496f86445c6b051d44a8be73989ff80383eee5c35f398
SHA512

688c6bb572bfd1eb3c5a97213a81f1b6719ff89531612bb13d11564c8d4f611341cdbb4ef1f4c77e2d82ab092723427f360669b1299fae13462c2bd099236129
SSDEEP

1536:5CC54MLohMBkP8R3w+z0q7uIMeH0jM12/XXBThQs/RxeZg9fV2mdTh8:w5MLohwJPPBMTM12/5L/beZws

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2208	Wsdkdg.exe
2688	Wsdkdg.exe

Loads dropped DLL 2 IoCs

pid	Process
2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe
2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Wsdkdg = "C:\\Users\\Admin\\AppData\\Roaming\\Wsdkdg.exe"	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2208 set thread context of 2688	2208	Wsdkdg.exe	30

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{362FCF81-3790-11EF-9BF3-52E878ACFAD8} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425989667"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2688	Wsdkdg.exe
Token: SeDebugPrivilege	2552	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2220 wrote to memory of 2496	2220	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	28
PID 2496 wrote to memory of 2208	2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	29
PID 2496 wrote to memory of 2208	2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	29
PID 2496 wrote to memory of 2208	2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	29
PID 2496 wrote to memory of 2208	2496	1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe	29
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2208 wrote to memory of 2688	2208	Wsdkdg.exe	30
PID 2688 wrote to memory of 2692	2688	Wsdkdg.exe	31
PID 2688 wrote to memory of 2692	2688	Wsdkdg.exe	31
PID 2688 wrote to memory of 2692	2688	Wsdkdg.exe	31
PID 2688 wrote to memory of 2692	2688	Wsdkdg.exe	31
PID 2692 wrote to memory of 2672	2692	iexplore.exe	32
PID 2692 wrote to memory of 2672	2692	iexplore.exe	32
PID 2692 wrote to memory of 2672	2692	iexplore.exe	32
PID 2692 wrote to memory of 2672	2692	iexplore.exe	32
PID 2672 wrote to memory of 2552	2672	IEXPLORE.EXE	34
PID 2672 wrote to memory of 2552	2672	IEXPLORE.EXE	34
PID 2672 wrote to memory of 2552	2672	IEXPLORE.EXE	34
PID 2672 wrote to memory of 2552	2672	IEXPLORE.EXE	34
PID 2688 wrote to memory of 2552	2688	Wsdkdg.exe	34
PID 2688 wrote to memory of 2552	2688	Wsdkdg.exe	34

C:\Users\Admin\AppData\Local\Temp\1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\1ad9938e611931ccdd8717f61d1c4850_JaffaCakes118.exe
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Roaming\Wsdkdg.exe
    "C:\Users\Admin\AppData\Roaming\Wsdkdg.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Users\Admin\AppData\Roaming\Wsdkdg.exe
      C:\Users\Admin\AppData\Roaming\Wsdkdg.exe
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2692
      - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
        7⤵
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27a52e4e4660de77e903c2eebef2de8

SHA1
b83625ee6ddb58e27af9329f20f149014e891104

SHA256
68a1ee2088026703ec83353a231c95dd62c11528d7dfc938d240191a2df471bb

SHA512
a0e9d4a039d8de3cb702ac381a75bfdba0f5ba55cfa8a07315084120ef02d72ac7db92bb3de5a4d8907d26f7a7f8a26eab957ec49eaebd15d25e23cb94425162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d6d481ff4739bbf502d5197bd7e76a2

SHA1
7284e715987bd3af7b9994c12c523147cc120c31

SHA256
23f4e329a2bf5f6324fb2dbddf202ddf714b3532b15cd3b0c973d9eecbe55846

SHA512
787e168e0f27d040c72a53395da1719a214a6827417b2214fd235ac3aaefd28aa882e905e068ce61a576d67ba6107a9b466fc93a40068a3d4291f9f2a1969360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
559c8bccc1a1462ba05c211cc809de75

SHA1
0770697533847c5ac4c19698e4279581b8348c36

SHA256
81e8eb51303a0d464057f4fd580136772a361666af43d6ab961e5b50a7aca95c

SHA512
8195e0869064fe880930c13655c137f56c201be005b8c509fe2ebc28b3d6c6d1fdbedef3bfcc834c900511235cdedef52b5d65f29c14566f4d3f79947e31cb49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6988980abd9f7b77e7af4b6aa7fbe39c

SHA1
a65836f41fc97c830377821dbce784ff95d53e85

SHA256
5615a5564f68ceef871404a543369e1b1951aa1eae96a120364116f35e97a59d

SHA512
a2125698196ecf9e965c34ebb4a45128a6d4ca74b026508828f93f5dc7c65a4aa22e620d6df4afde6d22ffa881232413fa90553f947801af465263f58376bc28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c500914441a844d2767a80444cb46db2

SHA1
f9821f0146ec9f27d6250cf262208ae8e019a3e0

SHA256
054e495d31f6dda4a12de054b612ddfa03743ef466f8bc1ae73d9cd6a25e0acb

SHA512
3fdb5192dbdd633fffd05a739eae3de9f54f70eacf70d21aa3f5812105632ccaebf79af6977361adaf5a22a5baa4fb0c7708ba5628dc283d0451d82591e6af92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e35b82e4a17c2e79da209d8050588d

SHA1
086a6f4735ea8f66c2654602c5134275a0da4705

SHA256
f3e5afab3704d7991f2f3dad4e6ea2e381dae79f376a3120a144dce96adadbc8

SHA512
e4ea797bbae00509a9725af44639fcade008463139bb4707bbce5200c1e5fb4a2bec42b8f26f5da2a310eaac672bc262fc2f151938e82600deb3d896f04c054c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e716e63244ee1a1e2213ea28133c4ed

SHA1
92f555ededc7689c921aadb8e6271ec5e8594b96

SHA256
28c3eec9bb0eafa6161d83ec483733c8023523eb52a61393a047d583a70c440e

SHA512
a6213485e5a8163bcd5f307442ef7788816a926b272e1d08cd5b87bc72eb18ee9f6fdf1d441778f37de7370251e920528afd787d640540c645b5cf2b8a681029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05fc1b082d55cbe54ad7f9b08507cdc3

SHA1
45fb4736724811293fb2b44322598f9ba091f4e9

SHA256
c0013a33dc7c64d55a579a6520ab89c902f78d6e656ed71d620c4c3231580e56

SHA512
b5fc159973412f8af29e073f5781bea316f4c6aca9eb46ef992fccffc309c677652ed8d55598287de31562eb7cea26c7fa9db15737b7470f8c449bb7bb2bdaf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50bc2544ef16b49e10586986afe0b4c1

SHA1
a4aee416e1c1e2e9ac00043d3029050090cd910e

SHA256
82610e86a90308dcb403f208646fe955c37e6d35b89e5a0eb5af0bdd1d46de3f

SHA512
648e16184f513756f2df3484490dbd40eab48ec182838eca65205bb18fbfeea564e15aec25867ef7c0bd815d8acb66716968a90c244b2fcec2d6bb035e0105f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e203da8813f9ed02e4e8528afedd473

SHA1
2348b97390ef3336fe9968bb5e21632add1807a1

SHA256
8a7becfad918c4aa71621098020a217aac88fb9b77e4910e7ce84d7721224b0a

SHA512
8b198474351eb9c594356aa8a41a7c9ac64cc7246eef45919ddca80704104298b810f0ac744655d6e1e37211ea4abac48af8b25d67791da0944660d338e0bdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce91ba70cabc889b7093de5234a95da2

SHA1
25e7dca0d8b19b1865b665e9398350c1198c3903

SHA256
ae9a8028216e595044bf0c6a11fb633724e9c3fbb6b92a3d287d872a4e964d0a

SHA512
c3dd4f954878180a073c9a84e05160cf1b5fdc6690aee1a132b5402fe3bcc28dd054b7b2b9938850cde0983ecbcab78c6a4a8d4e14e9a789cfe4dd443953275e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e400b5b71de52c6cfc1c3251cf617493

SHA1
e799b003e3253d122e57803f0745403bb89c3c8e

SHA256
28e6bb520c97564d0fdf522a43fc6b985ceb8666f4dd7dcfb47d0efb15220b9a

SHA512
ac168e3837d82b3e7c677b36f10fb7116fd92986532f2f7b368cee3e9e6d1b2a26ffdea2aeb9d984795d1c59f1d32c50b949972f5c9b6f6b3640f286e952a8e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
777d4e446bcb3850d4a3bda9f1c20c26

SHA1
20a1d87799d6f1d2dcf37f5b5b252632e66d546d

SHA256
0c1d95f73e8f2662d96ab3f7654d860fe533d432cc5d0fddc397db7440633146

SHA512
ec94b4e12e502eb5045dab1a55027224e3f55f46bc8e320f72e136fe024728562c022c3328300c2161dbf94478d3290bc0a55ae23dc3389fae99cf776980f9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60569a7dad9a44865c646696d3231f75

SHA1
5fd79c0bd10bd8d23630dec17e8d8dfc59ecd9bf

SHA256
9e995ef4f20dac119a02ef490f75306a5dee06bc45b7eede13239b634a6a2912

SHA512
82c9fd6aa8cfca6fe0fbdc602ae8a15b0bd41b1d4418720cbd02fc0c9f875c188d679a159cd6fc1b118e12debe80a7a125cd8f3259244dff8280ecf5b780c6d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8be0aba2444ec0ddfe6e1a3760efa72

SHA1
e781a565501483e4d7b47c67a275b2978654bd88

SHA256
70c93244aa76972ac3d51d081f19b08ee7be05605617541e05025512cbbb3fda

SHA512
e59f956e6f2ce29c740d8796708b3e590f9ae5ddc96a758ae3ee4e12d1d6269cdaceff8a8728b6bbe20f94e4864068c072b91a913f60556cb3c040aac1462172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
026c334722daf8a401b739f85c7f9c48

SHA1
c63073f648bd0cfd9e02d25697670663fb22f431

SHA256
0c77711092b31fe102eaea0b9597dedfb1d0dc298a699de47bb9d7b9cca02e19

SHA512
e134ce856adef619b646ddb849a521a79189c3a870b638d05fdd926f0c54156757ef3ebdeeff4d57de7091cfda509115e13b7e45636de068a9c97d4736cd42ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c3396ae060e9f654232ab33910cdeef

SHA1
0179e49fa34b1b5d37a54f3e21a5e8a594fd3188

SHA256
a8a20ee9348f001c89aa2191caba6dd899ee1a2281a11900c53070ed5a7d3671

SHA512
3d76c68d2ce5df749d339efc33036ef76a8a32b2e88ff29e6a69e70c6b2c235507f57847cece1db0deee91fdd5c0350f9d589749ff23a2947bc1d848423d08fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
807620007ed6a13a540b07803815f4ef

SHA1
e06e74b8a70e9a9cb91c9a6a31613c6b70834265

SHA256
3c963feb73eb6755e2e0ae6102466c1a0716b8dab6279becf3a83d6c32b4a299

SHA512
8bd8d84ed7d89262abc0d44c57b2c59e82490e59a852bf00bfe3faf14991367524d4c74aa8cace10effbc3f8980a6cfa0af539b04d43854db0d3b5627f90b5ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4434.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab44B5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar44B8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Roaming\Wsdkdg.exe

Filesize
124KB

MD5
1ad9938e611931ccdd8717f61d1c4850

SHA1
2b3d2d11fa9d4e24f80bb7154a5d107734795592

SHA256
e4a84cf6725ac0a3f58496f86445c6b051d44a8be73989ff80383eee5c35f398

SHA512
688c6bb572bfd1eb3c5a97213a81f1b6719ff89531612bb13d11564c8d4f611341cdbb4ef1f4c77e2d82ab092723427f360669b1299fae13462c2bd099236129

Download Submit
memory/2208-23-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2208-18-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2220-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2220-4-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2496-5-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2496-3-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2496-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2496-16-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2688-25-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2688-26-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download