deb12f24f535d0eed66f468b271df61acbce2d44c0fcba5dd04221fc322508bf

Analysis

max time kernel
149s
max time network
138s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
Size

1.0MB
MD5

340503539a855a3966b10c89f4f841ff
SHA1

4d627ae83b935f50e6633e07e27512b61081a6e3
SHA256

deb12f24f535d0eed66f468b271df61acbce2d44c0fcba5dd04221fc322508bf
SHA512

c0f5bddce999d391dd96b5d24ed1aa742e68ca22ed30cb7dc8ae165c01bc13bc583f2aa04ce51b25d01737ec7a02361cdc1fe04fe4e960c9260d7e64d5b51bb4
SSDEEP

12288:Wga6G6stXT8RzMwlZHu2WyEMZK/W/5s8cvRMdxzJuntMq95KuxlltS:WaG6s9T8HZWVMQW3zzJOtMu

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426762850"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000c00c47ce6fff9adbd52dc1f44748debc3fce807da59450ae91e6a56d48a3d2d4000000000e8000000002000020000000060d0fca055a0e8309afb79512d8dc248ddbf47f1a05a8410df2457ed87c08b920000000ec312d212fe5ed1734a97f3454795fec31462bd459c244e69e5618a2ac0b586840000000f88dcc6feb045138401570cb252e00cfeac940864744c45326bc7ec4f17745b9e59f317f9da1fa419c17e81a3fc18f12ea179a3898f18d074cfb7b50d7ad4ba1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B2E53A1-3E98-11EF-8E5A-6EB28AAB65BF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000038db82d069a3ecde281c5593fd50e5f371f72a7a8bdd69df2c2598ebd4d9037d000000000e800000000200002000000047fe9070b5c37702d4cd448658ca97628403dc628c9d3cdd42900135a221973c90000000e4eab491a1c3188964fa7a450d4fbfd4db3d14a5971713a6b63aec48675132211fa625a36de0533b6edd94ec496c64000a9cafde30a92903425a813fd81710550fe4b954d32dde93ac844ae7ef84e50884b3cbf886bb19e87bf0c1a985c48977d0bf64c73c0c4395f788fe9f834f1f8af5d0c82906ee3de07e047f5db352d2c2159f2aa0f125eb67532a2af4fac50c9240000000dbbc44ad84321b413050657b2555890f36cce36ff14f6f2fbcf02209669af1802e02d3f12c0271d71cbd7a50d8bfbad2c5b5a5a2b317b9190217fcb1aa5724a0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50973741a5d2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
1292	340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
2080	iexplore.exe
2080	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2588	2080	iexplore.exe	30
PID 2080 wrote to memory of 2588	2080	iexplore.exe	30
PID 2080 wrote to memory of 2588	2080	iexplore.exe	30
PID 2080 wrote to memory of 2588	2080	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\340503539a855a3966b10c89f4f841ff_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B900EEA2BC1D2A0744E79F2E685737

Filesize
346B

MD5
1526421d7b5056362bebc88203b78466

SHA1
9d9379c6a6c2d2fc288daaf7e0eca07a5adf1eed

SHA256
5fe3837bc3b96ff510a909ea3b013c349ae4757ceaba565019e192f450be4458

SHA512
dd879ec075ece706c8647f2ffaa12d41e94575f67c5c2d7f10fe42a8ae4dfa9be7a70e31d54c4fdb75d72af804797837cebc2a17bc6435fc063c582b99402044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f7816a1994426cf440b63bfe5478d8a5

SHA1
74f4d06d4b2d822d6f392093f4d9b2d26f577c9b

SHA256
be296975a18646afb55c96cb6df42008dc872086de6a4276ed9a5b671e2ad80c

SHA512
7cd9f91b64b8fed20ed3e6d3e57458241f36f47769f978b154c406f7c4727ba6d7e2e762d1736b203b019987a8c5e5be3a8dd0e5605e4dcad6bd067045e947bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_925B71A3CCECE24AA0EFF09CD733A93C

Filesize
472B

MD5
1186c6a3f4acaf1257d276501dc3e057

SHA1
d173283a40732d762b6caa2f0d21412a2afd5f16

SHA256
448485eddb00b906f3742c40ac563e4887da23430003bc7988f23caf5827403f

SHA512
1bbdc162c3c7ad1e32f9d06cbc4fade0726d0767348b2239aa1caaa0013b382b8c5cfea3508b6dddcda968ea14f395af54209d2353cc19ff4dbf82721491a091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
0e5b1a57e371edf44a5b8d2fbb7c4697

SHA1
9ba5b4c6077ec0f2651e9fd099a78961b0d2527a

SHA256
90a944841fdd5089923c3736ea271bf9ebea2cd72cf2f9ca32d2f1d8f09e7d12

SHA512
4ba73a8b164b18978b522b55258be666c1893e4bb9612fdf24513f1cf6cd6d36785bbcdddf3dfafee299a17534eb7441386e4ff4876aba3cba519093208ec925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
81d27044aba0779917eba74e17719a8b

SHA1
7283675fa391db31817fee1a3d17ffa48cfd9741

SHA256
a5558e119857e55cfa5a297a77f8658b9e90e82bf3ce5452fb328be66fd9fa3c

SHA512
c01d5b8af1e3b2ecfbbd7cd2cbf0f4c5812e9bbffd8b7b8236c033d27003965b36eb63a952b71d27b863f907dd814917f17b628b063b62366bd57171bf080bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B900EEA2BC1D2A0744E79F2E685737

Filesize
544B

MD5
15e2d0808f11b49f4065ecf9f9d15d0f

SHA1
bd1b04bab92eb2f5f6b19bbc321e1714e2a63280

SHA256
8b87359d5efa561d767205c895e05056e3a79418a1a0b080cbd04a29d864306e

SHA512
df1587027200ae93eb6fc81b0cc98cf9f78820fff4c79b268adc04ffa7731782bb88dca710f37e26e18170be8907566b05dd24f4cfca4eadeca9e6e274c8038e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b7f849764ed7b6fc4b3379cee1ab2f44

SHA1
2590230380934be334f22afc59f7a533e411bbb4

SHA256
9fdd4570eba10ec898b664e9581026fb09a0996f42a273a170a0183a3e91087e

SHA512
35a4b6c48a500ab9f51d7ea87ef8bef1300a4cf5fd202e5b0831ad0c4db2bab3b4c9541a169609c6c6aa30c3c4c4adcace9798a4f8bc7ca0ea732a871a15c705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d40043a753e1245cca65790afc5cd89

SHA1
d17b638c89d27356a07d14b92b6998cfb64fbd10

SHA256
f0aa6d567692ef684178b553378ccf3a77cf75605f3a80bfd7e7db9f5f277c93

SHA512
b0fba0f662ccf0b6b56eac47a9c8d6f2983307d9f76755b9975ba28df173af9b03ca59dc470be502b84b9a4d1bd2946e33bbfea5a4f8f9770736bb5934a147c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2b8275c37cd87f7a182d2eb44b7dfe8

SHA1
578695c2c53c52e456154b3422cbdccb0f899013

SHA256
b8996ffe6d7e8ba3cc25a23b85f494000f9190c451398185be879994a2021f5e

SHA512
51effcf8fe68ac778875bd7aa70cc5d42b1c911d0ef3f0b05fa08bb7f611371490fb1731874c9ba0c4db24bcc675ede861248cc2a9512eb07f9431c0876a00f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49216a89fcb15e96d3815c9d055ab880

SHA1
8289dbe6fcf571ea6b8aa42968722251bb62fd75

SHA256
6c2891f1288a64c7adc59a66bf6f5c29c52cfe6145fb1ac355a2832444043499

SHA512
f0360139b537b7584fa5a754c1620ef3abd9b75f5de9647e46098cc7bcdbbfca593c6ab29aa06e700d8e970a65ec184090899e67ada6e0c760d6681c645df43b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9124d5cc26ed03828b089b864151fa88

SHA1
6cbf625d86565b0afa115addf91300e9bc877965

SHA256
9401a5f4cd6af56270cbe2084512e95ee7bc57d255136ab1dad2d9e050e819f1

SHA512
bba0635f1c032fea73e46469308d863a330636198d1af93ae2fc7b45ff0acfc63811884480b0cb8a5d767bb8df9052ec092b0c2d260d1f2143f04f64b4beed7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4d206155ce6504721f64b58e0aad8fc

SHA1
a3871f22ded3221b9b0f9ff231651509d8b0ce36

SHA256
00dc4dd9761d31fe50215ddec944cb3e2f45f33685d76598c46b977d0f9c368d

SHA512
dd553c01b10ae8eb642317fa1b2bde6b28d6b8f717dd0180ca5af43ee84c4d0fe87ec7a3f3b568a264af84803a66bf5691730813ae2dce7b9b283e3b41d9e01e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
821b46227d186d89275f2db34b599ef7

SHA1
0348a2aab65b27d0227ea366e52cf77017647712

SHA256
990a5e20a7edb2740cc770e858517b0ca5335fdbfd421b754455c794ccafff85

SHA512
5cdcc326f3e341d87c42c906d49dac1bc27c8ac41c087109eea753b355bd2515cc13634271972dcffe97cd158a63b024a7f5d65601b8c85cd19525f2c2b4bf44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
549a66067647bb0853216c6e1eba08e4

SHA1
9877cb8135c68a4b2ae5e6a43875f98354d6a40f

SHA256
a409b3428a7fd5490485395f0548f99fcf1048221183f516fb5b8dcd8a88e3f5

SHA512
bb748e72bdad7d6885f886e3973fbd9ca6b9fd3b8a417e99817842fe0f0bb2f79ddc965a8f97dbbd646563e3c900f007fc64d16419c8d444379c805a04d28f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cf5b10f933094a598f349406d9c8ba4

SHA1
7485287a5410413d4ca686f9b22e9638162abc0d

SHA256
d1f04b710ebc9ca4a848c21e9874f8467ef0f95c570f5c847115d856c66d6921

SHA512
f0aa71c883604a1c61a6720645839939cd7a773c466c1d635a75b2e48300a093bbad399115a776c16d696b813da4fd131afcc6c41b017a9b32ff774ee1eca6a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e1d34d9b98f0bd444f28c539c70c941

SHA1
0160d985a4658ff5b51e3ab22992c74303468191

SHA256
a4071138b0e4460aab01d92f84df45236c3014bd91717b260284aad024021967

SHA512
e799934ca70ad2e4c490dfb9f69619bb42aa7ba36a4ce5659d6a985ecb01817ab532cd0c85e8172fdbdc0ccbc2681f21862f4777d9fa1f5f113db315cdc88a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
739e23459bba77251a269f8a8d1cf386

SHA1
2e6ce1b8e3d62ee557132d9787298b39cb359d4b

SHA256
c6c8e00d81d1d2216f259262f7c1651bf6a596990622d3af2b36a6ebc4884e1e

SHA512
67effe7ccf7218610a4828906a4887df3bf374e3f9ebd2b975b77ed9d9c162564711a7d5460ccef3e562524cac25f65161997992682ba3cfcc0d97f77dac1f48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcefae92a6d694b14e38715c50a682d0

SHA1
c8bd2e4c73bb01ef08951308cdbb454c6165bc59

SHA256
3ad5bb5c0e4a66b9e97f69c3dc5ddeee9577bcc2dcff34b1c4105292aaccc25a

SHA512
4bf25867456c733f6f82ce7132128697b91652bddf7d72197d761603d2d4492dcce8327100a8a76799b995d55b348e038904fd2442f89f042a136cd1f3c6a42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e74733a6f88f2b0a9562fa8c3ca088eb

SHA1
e29402634466708cc291a350101f89c97f750fff

SHA256
1fefc49ccd8e2e20d3f27607878301b019089da047e1f1e1951aa084317f4142

SHA512
89e3ea38e2f7bac6ad77f5f39ddf2e28d48fc5e760f44bfbf7925faff7e770e801cc4303332050ec529345f5dae31735df1c36a8321f5b18c8f569e322f65f22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bbb649f38214d8f5f1c5af9018d1331

SHA1
94aba3856dbda218c4741c6fbce2018c927cde81

SHA256
7fac510fe9b3fd0d8cff6ec3da528946017b8eecf071b5ebc4463bcbebe14c90

SHA512
817826ed81766e53a78de11dc27f8b0e4547c9694729c06e865376dfa8b99762440fc2e15d771389d5f76fa32429533b053a1d5546a2466317b70bc4204a3ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a3836f4120f004eb4f11ee5c0ad5468

SHA1
ad66b731978e8e20b8d881f7d02d0884fecdd995

SHA256
0503711e17a1aaa861a0d23a7807bcf1f8247a7557ef3a7b1e5d50b5d424e129

SHA512
631ce52ce242f4c613118449851b7ae6196755bd64014251c0148ccf8c74237b1f9b72e6c9ca6045ceab1c87650a48770fcec8a6447c6a58b461dfb0d6add924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8fd724dc5068741b74181a6d928f1f0

SHA1
c0679f299d40c2f16dd28421a386cdb919379cc5

SHA256
c87ffa2cbe09759e8480baf748cd68111bb5d135c0dc655bccc8216956204ce6

SHA512
dd779124a2f1a0953fc8bc69ab95a16908a7be2378fa355db7b1da55ac5783fec88f9f30f91f49ce3414c123b1dd6f4e311b16b74f2412d7cd360df27b15dd6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f174f0008f16db3db0f79633cfea453e

SHA1
a83788cd4d7d5f955e449b76e6455c806817a8ee

SHA256
d01aabb3a72fea35e750b9998307778155b8082fcac285a8419b419d8cb62792

SHA512
2b83985da102846b61dd3bb35215b92703585b9276499010dc5e82c7fe2a6103aae19c0604a670a91c6e163da5a3e38c510b1d32142e983598b46fe34505089a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1068ee670b5e88a8b0028167c6b568f3

SHA1
43af8ebfefae9a8cfc24ec333937ead4f576ab2a

SHA256
8cdafd80f891bf65f7d1e359407102361de4b15049e77929b4ab86f7f320ba24

SHA512
c036135fe6b2f7af1b302a1bdb11f7d0a40858d6ce9bd28383f6b463900cb48a7fe4e1105806467699230dac875167bd21a5bfbe645e861fa23ee9768923e3dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3135dce80a74e75c7015a9ddd48d0a04

SHA1
b408ec5cdf744c21b238f0c2a432ead6d79a0504

SHA256
5f1d17d67f5bfe11f09bd0564406cdefe04bdb34e180d1f9672ed962adfa6bad

SHA512
fe5e6e6872c3e96cc45f86d351a23a08afbb90c5607ddbc314a5d2e450849cfa2217d61b077f980c1532cf82c97abda3edc1ff1716ac29d43c7e612f536a65fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24867b0cf8aab8629d786822370bff4f

SHA1
9a8091c229cba4e8aeb72bb21019f30401227d56

SHA256
1050a692f7f55febcca5963743087f9dae7f3392a618f8dbcf9f0ceb1c5f6772

SHA512
3e4936513eb8c6530b87de6de86395f7c30724370d768ac66639a26be776fc93ea5a32c02c55e2777e67eec5cab8acf5655af23a98c43d1d43c7a58c1e37f16d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_925B71A3CCECE24AA0EFF09CD733A93C

Filesize
402B

MD5
2b17bfd0e0c70dccfbb4db5ad4d98c7f

SHA1
a6e74dcb0403c06615863df6b77c31f3d9425723

SHA256
a06a82205148ab8c9705345ed561965a23aef8a300652aee9475e147aa7933f4

SHA512
701a8ea09d6db00c24e83fb98ef9c2384d5b7bfbbdf0ab3e2d83eb16be8b261c73adf4ef53e52d8d8bb0a3fc70fcb91b841e8e7c951609f24e1ce490236e9ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

Filesize
1KB

MD5
d2dac333f1ae705c277280b8accf0dfa

SHA1
aa4307b7916df6b11c3d610d82e53230408306a8

SHA256
db1d5496a82152a2232d41ab0b9eb1277a835543f1ecd2ebbc40df2adc578005

SHA512
7fa71804abb05c9a6543f20eeab16d8bf1b13e27b01d0fc6746b5e599b5714c4b6157da6ec6e8519d2895319724d5afd9d06ae9df2e131623f0b6a6ecb35f06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\favicon[1].png

Filesize
1KB

MD5
1c1d347c68bd5810d765514fb85d1938

SHA1
cf7bb8af4e9ecb6fdca7126686f68f9edc80ccfb

SHA256
be3dc9556fc0be573c0f25a0b9c5c8848cd2c416089abaae521a97bbfd284b36

SHA512
52fd7f967d40495dfb7a57807f62240b4b474fb27a2b6cb315e90589e47f898842154f93e8b255b5f9217ac68e90eab335cc6cfad98e5112bf7a32a9721d0080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\js[2].js

Filesize
306KB

MD5
406998a789bd90d46fde10057ff143ea

SHA1
205c653d4b6683ce7a6f57775c10e81ec3bcfd18

SHA256
0443c3cb0ff42133e12f8c07e08734414f38bc5dda0ea21a27486d2b82696194

SHA512
8727cc4a67603ed5a1c5a58b519ae596b5591cbd00e279060df3346a99f7e9c56782cfda932e3fd083d3580f587bcd9661e8086aef3985ead003411464abb43a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC4E5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDC4E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3VZA4N86.txt

Filesize
194B

MD5
063c42ee09754cf363f1b8b6cd0152cc

SHA1
84c5127b518bdbfa71b332d71d34f0cd97565c4f

SHA256
0167e0eb6b0cc1000961f61c4ce71c2b3430df043b2b7dd861dec7df00fd82e2

SHA512
284f2e414a249029e1047e0e229682187043a9bedca0663b088b0d3d9a553beb1ae4cc89872245a6898a71f53b4fd934daa18b5ca5259a5f6e2f199d6b25f24e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L5W8RHGV.txt

Filesize
82B

MD5
78e6424cfcdebe20e18ac0c6047c61d6

SHA1
4b8adb311ddbc07726410f80c2e13b1720a2e3b5

SHA256
57fe7406a6bc3f0a0ebe0b186eeefbe67840f1a64cc4d000ab3e3172e06b6f63

SHA512
2fb176e83cd64abf3d43eeddd7ba945b35050f767a974864188760aa1153dbc3ba66ef37efce902466585c005b32258ee33bacbb3ec104c3c5721499592726ed

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url

Filesize
110B

MD5
7c8c531ff6a158742da186b1fad6e00e

SHA1
98d4551e0d6ac034838a17437640f3335edfaa86

SHA256
00ddbc71282fdbf74b8a02cc75b2c3d66529fe7664c148cc0ca79576a883c501

SHA512
1788173da6e9cf7e5421c02854ca9122d0825927f33fc64bafb76377ee80c0e1a8112c36ee40b1cbce86e121f864777e8ddf9aecd282f3cc82b70e12cc904805

Download Submit
memory/1292-596-0x0000000005FC0000-0x0000000005FE0000-memory.dmp

Filesize
128KB

Download
memory/1292-151-0x0000000005FC0000-0x0000000005FE0000-memory.dmp

Filesize
128KB

Download
memory/1292-150-0x0000000005FC0000-0x0000000005FE0000-memory.dmp

Filesize
128KB

Download
memory/1292-15-0x0000000002310000-0x0000000002312000-memory.dmp

Filesize
8KB

Download