48864977bf0aae7c051765af54145349180a9adfcbb0369c3f9d94174204e4b6

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
Size

940KB
MD5

2f37572900a70281fb1e0bb3a6843d2e
SHA1

192b8ed1e7b934535a0de9b519ce0c8208851dd8
SHA256

48864977bf0aae7c051765af54145349180a9adfcbb0369c3f9d94174204e4b6
SHA512

b87a4c8a440287c9cfd813ccf29a39e2243cc78e5f4e0ec7199287831b58afe8a9219c7417e2303c1355f5ba386c0f2b45905a34887f2abb2d47147d9a76e3cc
SSDEEP

12288:cADXwrALCFAO6zOAQbZr1onniXiafRddRpNfK/SMZoSM9ihV:cugr8Cd6AonniXhJdd1JMT

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2420	1.exe

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-15-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-69-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-68-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-67-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-66-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-63-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-60-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-58-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-56-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-54-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-51-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-48-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-46-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-41-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-42-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-39-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-36-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-34-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-30-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-28-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-26-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-24-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-22-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-20-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-19-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-18-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-17-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-99-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2820-528-0x0000000004460000-0x00000000044D3000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000004eac3b347ba5b2c7f282d8e2f41a319bcf604212437dde8a3e95ba3866ccf134000000000e8000000002000020000000fb4596f656366a6a90155071de8b4de7a6e2edd2357ab2320de333d33eab6b102000000073bc6954dd4a16c1072a806391b7732f9d44f83310c6e5d5ba3422f80513a4da4000000039b6ed69b69a86634e3918ec504f9d262f21b076552f394753b3504574c914b0dd8a75acf3a91c84dc90dad7f5f9802be243b31d75eb8de06e4d094bc611a3bd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426682167"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000007f4744c7aca6b47701b8513793c1e9b4e345c989ee0104614fdfc481df61316a000000000e80000000020000200000003d32d92907e77267e1ede8b14a921d0751a2ed731fc296d1caec3d10f877dbcb900000005b7b8bd95b156b4c09eaf1cc0f969fb380c95919c5f3486126e987add98ec5341942eed2d63b22cd1c8da79b46c3bd766df5f3b8a2e3d9d2f181c6a7ea7db8f4f247287c7432d6bd98854dc2ba07afb5b69dfa388847d6279f09ac79bf68e0ce27ec12b79805e24ec0f9c5758703d4b7d45092ef759c2d0a744399c262ff112e09d81823dcade0eefe8db178343abf9340000000b80b7a78a7f90cfe18e4cddd8adbb4deddc73590b8c488b0f5937d9c45bad735b1f2175f0bc789bebf47bddd77944063fdb3bc320d3011be1ac6afdfed8aa9cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90C7B7D1-3DDC-11EF-8470-C2007F0630F3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bdce6ae9d1da01	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
Token: SeDebugPrivilege	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
Token: 33	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2448	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
2420	1.exe
2448	iexplore.exe
2448	iexplore.exe
336	IEXPLORE.EXE
336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2448	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2448	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2448	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2448	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2420	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	31
PID 2820 wrote to memory of 2420	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	31
PID 2820 wrote to memory of 2420	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	31
PID 2820 wrote to memory of 2420	2820	2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe	31
PID 2448 wrote to memory of 336	2448	iexplore.exe	32
PID 2448 wrote to memory of 336	2448	iexplore.exe	32
PID 2448 wrote to memory of 336	2448	iexplore.exe	32
PID 2448 wrote to memory of 336	2448	iexplore.exe	32
PID 2420 wrote to memory of 1908	2420	1.exe	34
PID 2420 wrote to memory of 1908	2420	1.exe	34
PID 2420 wrote to memory of 1908	2420	1.exe	34
PID 2420 wrote to memory of 1908	2420	1.exe	34
PID 2420 wrote to memory of 2712	2420	1.exe	38
PID 2420 wrote to memory of 2712	2420	1.exe	38
PID 2420 wrote to memory of 2712	2420	1.exe	38
PID 2420 wrote to memory of 2712	2420	1.exe	38
PID 2420 wrote to memory of 2936	2420	1.exe	40
PID 2420 wrote to memory of 2936	2420	1.exe	40
PID 2420 wrote to memory of 2936	2420	1.exe	40
PID 2420 wrote to memory of 2936	2420	1.exe	40
PID 2420 wrote to memory of 2104	2420	1.exe	43
PID 2420 wrote to memory of 2104	2420	1.exe	43
PID 2420 wrote to memory of 2104	2420	1.exe	43
PID 2420 wrote to memory of 2104	2420	1.exe	43
PID 2420 wrote to memory of 1748	2420	1.exe	46
PID 2420 wrote to memory of 1748	2420	1.exe	46
PID 2420 wrote to memory of 1748	2420	1.exe	46
PID 2420 wrote to memory of 1748	2420	1.exe	46
PID 2420 wrote to memory of 2204	2420	1.exe	48
PID 2420 wrote to memory of 2204	2420	1.exe	48
PID 2420 wrote to memory of 2204	2420	1.exe	48
PID 2420 wrote to memory of 2204	2420	1.exe	48
PID 2420 wrote to memory of 2744	2420	1.exe	50
PID 2420 wrote to memory of 2744	2420	1.exe	50
PID 2420 wrote to memory of 2744	2420	1.exe	50
PID 2420 wrote to memory of 2744	2420	1.exe	50

C:\Users\Admin\AppData\Local\Temp\2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f37572900a70281fb1e0bb3a6843d2e_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" www.97tre.com
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:336
- C:\1.exe
  C:\1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:1908
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:2712
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:2936
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:2104
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:1748
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:2204
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c del "C:\Users\Admin\Cookies" /Q, vbHide
    3⤵
    PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1.exe

Filesize
133KB

MD5
1b558bc2bd124405d0100e3b46e3df05

SHA1
6784595e624cadd3cb969e3eb5dacbb75067f264

SHA256
9a32bfda680729ac82eecbe594d2af893826eadd58209c70f239457c374b42c5

SHA512
ba1b83b322331dc7fe56e1180cd66791d387845289894ee526f14f9533b069999697a5090563b6a46eb9380ab538c66f7d7b90e938aa97a7c57cd41f22a09710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a538a6eb99e9b6fc4e8d4f0bcaf4833

SHA1
2fe6517432f0a5c110dd3f19aea93caa6683fbf2

SHA256
217d0e802623b5e91b37e84292b176585d4c43d02fabc69701b4f934d1d4f33a

SHA512
bdf38cd8678295700dd51669a66cc29dd719db932b15f95308a399bbac3e1a206ef65f675e3baf67418fb786f4f47fe7533783c62ef46f395a6aa0102a27b2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
630fb7c9bfbcd60f769fc816be1db41c

SHA1
87ac4d0585279acf3380bf72ecd4ff58b85706ae

SHA256
08b34706952c9e8c304ecaf0caecd6a4a74aa423099a90387df08ff789b86bb3

SHA512
7b8e899f738f53cc87e7a629f922a45118f0c3c24c5104fd0ac7c347a54d4c385059c32e21a241c4b0d25028d73a9fce89e292c62a4563fbba8129417ca5a917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df00c3e0b3ad0c91a8267796dd23766b

SHA1
462ed7c427736f5dd94a1a292ceb6dc86347e5ac

SHA256
2e0829c2ff73c1be810a57e3633325d2495defad37ee615ad4f52b8ba7373e44

SHA512
77e170caa5f5ca3ac655bbf7491f20fad56a220d025a021aba593e66c7c191e81555556ae81d60dcda153050f97654c1a9346ac1e7669537395011276ec2282f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1eb8d8e4a9948de264b8b0d51514295

SHA1
3425e11dcdfae133cc609a1863a51169d17f0c32

SHA256
a181527edc4da595ec85df9ac4bd9bd52c54d5e91922e1b682e1186b4b7c3397

SHA512
a55f0e2f3277241d3ddd60bcfd45ffd2ecf661009a32f062ec0770901871b5bbca183959e9c37d4743b1c7fdb2737aef4c6a881cbe97b77f0a586b1c3886407f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76ce435cf335a4e2912b7246c4b7ca10

SHA1
cbeb90d32f9322c480f2de60d325a9b7b64a5a57

SHA256
ea570a3ba64955897fd5becc7265e257b4454781b67190e9d1636c3a6c262cc8

SHA512
f4b7802128c2b79f2a0da0d06619a386f4f30df7a3947a2fd4bdd093f5a82aa97428b3b04a27c8849bab396eff2d941c7d2ae0298332c8ea5379341bdad77566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77bc626a1509c59533251fe81023dbb6

SHA1
f62f57e6ded524ece544ac67973600a8a7b7de31

SHA256
d2ea21222adfb8d158f68d54c8acd093b081d5926ed4f5d71cd8f3f719f7154a

SHA512
08b0ad88082436be094a74d9662607b720ed8caa3abc167eac584c68d37855ae7f86d16440139cdf4b31253a464865898a5c776274f8b28946ca5575e5c38585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
600b4e4bcf217384b523b11b5f26986c

SHA1
56ff5ef75c774f7817ef48854709f23832de04e1

SHA256
1bd8896c21524ac1a63b59477c05cd3feddd04f481f46ff3a65ae8b588986074

SHA512
0df5c0659235e48c92694eee3572a4c48470699ca8e5dbcbd259da8ed12991fc070a09be97239e7b4d6414208a8ead0e388af16f450eef73ce03727d14762a99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f739cc0a0f708ebc96fba9fb7a2b6cb

SHA1
4fabc10ccce8ffaf7840119b6eb679a2a2415bb0

SHA256
dd85ef517243a35f0d3f4df21d45e15d3c6e15f64562306db25a319484be2a40

SHA512
44dd263f23dbee76b5248ebd75a23a9a185ba7f5d347ea84b0d8b6252dcd43473ee0d89529f9859e35540ecdde6dd0ca237fa9d47226413c3cc704691dd26ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a615173b407726a4ab614bc6d970fab

SHA1
7f03b7436ca886cd755da24857c4d777b2498cb5

SHA256
7bc0e27b947dc6cf919173fea9a2f8d9ff4c41165e8a078fedf9a66ec4952e2e

SHA512
2e361c2a390e959daf5b648b1e8c21f386c8e4cf6f7337cb73c2211821a5938474b4ddb40fcc4182ebe02a863c93725eb08f1583ae9722c8435b9d49672f66fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0108950cb30e7a910559657053825835

SHA1
d2f254f789f7c331ee926b63ebd2071f0554765e

SHA256
faaf74a152c94525655fb0cc2694c2fde881f2603024eeb12d77656bf33ace6c

SHA512
b70980f2222b16b727222061cf0e02a57bf330c158337341c6b7860732409ea450756015febb211f4f754a79e1fa04353ad01fd7540eb78b1f8f27b91671b10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77184c924c9b74c5599f5295d67808ee

SHA1
1698a2d8dd7351de21cf6e77d471f457b5fcb5a3

SHA256
03db800dd0649993c4c9f44a8cb0bec14d64c5a2b649b607d40989577bfe0b3b

SHA512
07c676bfa9102e2ba3535f757224db93388cd3dc9ffeb4dfd741002485e364b21a054f5990a89c9948a60234908fbe9de9bdff0d6240377843a413d984290275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e82d5fadc6a7c985dab8267ca400da20

SHA1
51a43488bab1ad6a2c4c3d671ad2e638f43168c0

SHA256
49033dbd41a045f59c29813d88ac854e58ed04504cf13d08ed268234311cf681

SHA512
2fba70daee322f565fcdab693cf6e0623f4a91872850e4bb67a558ebd4aa92f867dcae6518df94c3173e31460614d45da38697bcf525f1b2303d7d2c382f1c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eabd5d2a90bfda636ed11f541f933dd0

SHA1
11f8dc2a16c6ebb4998a8e20257adcdf8c79c7c1

SHA256
10c41ba7d4be0549bc3cec419b0c9e5d25844d27bc6c7774ce67218ae8c6c9a6

SHA512
06e529a5516ea9a331aeb50547cff8bd7df1bd730440c5ed22b6a9c5dc0b9b269eaa46e93e9cb55c02c858abd8cc29f6cb63cd2bf3abfb8249b5319e1b0a9975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7a870307b4a12b2f0d3df5bbcea17eb

SHA1
6eb3f765b81d04e4beb096d30b72ce00ce1d2323

SHA256
7284499cf52e74318eaf0dc7aab7f1791e63724f5e99daedf7009fda4bfc041d

SHA512
40ded6d0867a88790f489b7cc4eda3756ae7d387ee00966e6b195a1cafafda95bf3e0c5f97563ea1f68443a13073bad00406822242e8996a626bd5b071032a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6db9dc0612bcb01b170e8e2cb4164fe0

SHA1
faf09a40f49664e1c58899ecf12f4ce1a9957f44

SHA256
ec3da9600b2a29c80bf94eac63fb8d81f6b2ab49bc197ef9d230e6605b6d4ab1

SHA512
ab1a121dbefefcc094b8d62d69abc2a9f11a38bf32a05874822a597947c97a86babdca5a53de9bb386b73c49a4159328f8cae4a85d68fe2456cf28d08fe4103a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d739f713b50b35178c8cce97ff621d4e

SHA1
0a42d51c5a3eda6eb0ae89270a1c0bb25897d5fe

SHA256
ddc6397613d0fbd7aebe498e94d7997861f871ab817f0373d741810901b27b7b

SHA512
bd6d9d2510bb721a1a9e1fccf5174334d304dcea6fa8eda5dae86721ccdea3852ddc5279acd0fd788ddde42ec915d72a53c22c53c55a68b74f1c0be00703f63a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
875f05271a4dc28f1fe44b450c1e646f

SHA1
3de064e9afc3cc9aa810adf1d8bc02bfadc1a7c7

SHA256
90cffedb59697562013d94c3851ae7ad6f5513eead0ecb192939653cd287bf55

SHA512
6d22625f3edc1e996dc962ae294714c7a0ce0fb702781afc96dc077c00e13291f97ff882619bd1975358c5d1a4a1f50cf711e79d3251fcd0aba9f5fb52585f53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7458c4c208c80d99e2376ee55ec3a95

SHA1
d4ce5088e9c0fff68b889e333742043fec6f1ad7

SHA256
5a677622940323d6e64a934a36846f931627754aa981f752f5fdd29d4a4f129b

SHA512
9ca8dc95e176b427a59c9d1c78252e76d61f9d0885f760c6c2308dafb7334c9f457b90b0ba19f9e085c5b6da43cb13d833b8e757dd5d1ce59a50c06144d6e613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbf974a70eb29f4cec8a2ed8086249c7

SHA1
604a9ff2d77fb40666e7ba6eed0b7d3278a929b7

SHA256
ef6791d632a9ae027f1fa55131ddc0d662fb87d1fbe409fa6210a4bf1d4f58e2

SHA512
9aa50f982032cd8db7b0a6f70c18af0723bf3cb2297c87d2a066986f85b194acc392b6738b8fed038169ddbe75c626c861acb0c30c0f3d5c2869104967b5a71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4677f1ea4f1bc040137587e897c64fb4

SHA1
7ebe519bcd46286daa326fabc54101c6c142efd4

SHA256
bfa2f3ae6107b7d188ac778b03222740a2b3a494f390ece19b4c423bd2113623

SHA512
85f5093a2a59152cd58fb6c3d74744fbbab3b63ac93a560b5aa2d8b41eb253981e242b6fb58eaff144a9b3c9084ef0fdd23f0aee161e7e7af0ee5b1c2f5536f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99e26e8b3a053a3afa0a43298f260d30

SHA1
e596cff93534e5d79bf870267ca20ea618dcf3e1

SHA256
f74041b5c4cb2674f4dc37edfb185422abd8dbcbd92cef2cca222a53615e0f0f

SHA512
eb94eb0d2929d675070278a2bd0cd535117e1797669110817ac7a8811aea25f992286902e62919e0ac27b82161fd536ef0a93e3b28dee9dcd092a427fe133824

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E61.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url

Filesize
110B

MD5
7c8c531ff6a158742da186b1fad6e00e

SHA1
98d4551e0d6ac034838a17437640f3335edfaa86

SHA256
00ddbc71282fdbf74b8a02cc75b2c3d66529fe7664c148cc0ca79576a883c501

SHA512
1788173da6e9cf7e5421c02854ca9122d0825927f33fc64bafb76377ee80c0e1a8112c36ee40b1cbce86e121f864777e8ddf9aecd282f3cc82b70e12cc904805

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url

Filesize
115B

MD5
3c12b619f5b9575ba2944b7ca4678929

SHA1
fa6792387198c2d93de2619059efc5206341198d

SHA256
add35880f84004b1422166fe432267249036168ddcf0185481769021980b300a

SHA512
d1e370e03affc9acfa770edc5959bc8009d15d026e4f4cd45314c8e213e371b765828f7a4921169c62c6848dcdbda38311620f4b7af922479b923a6ef12a355d

Download Submit
memory/2420-78-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2420-531-0x0000000000220000-0x0000000000230000-memory.dmp

Filesize
64KB

Download
memory/2420-530-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2420-82-0x0000000000220000-0x0000000000230000-memory.dmp

Filesize
64KB

Download
memory/2420-79-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2820-41-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-39-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-75-0x0000000004460000-0x00000000044D3000-memory.dmp

Filesize
460KB

Download
memory/2820-17-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-99-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-18-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-19-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-20-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-22-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-24-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-26-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-28-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-30-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-34-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-36-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-76-0x0000000004460000-0x00000000044D3000-memory.dmp

Filesize
460KB

Download
memory/2820-528-0x0000000004460000-0x00000000044D3000-memory.dmp

Filesize
460KB

Download
memory/2820-529-0x0000000004460000-0x00000000044D3000-memory.dmp

Filesize
460KB

Download
memory/2820-42-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-46-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-48-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-51-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-54-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-56-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-58-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-60-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-63-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-66-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-67-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-68-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-69-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2820-15-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download