643ca07224e075e20fb81f4462bdbbca04c61891329e275544b5a117adfe0005

Analysis

max time kernel
74s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe
Size

921KB
MD5

3dc426881aefe72a44fa70879d615317
SHA1

520897c55fc8a25e834f7442243464d99d73c64b
SHA256

643ca07224e075e20fb81f4462bdbbca04c61891329e275544b5a117adfe0005
SHA512

8584c26b61824f29f09905d7aac20e3acabcfab160e2506dad8ef5d2bca632b225830d8c597ab8d61ed524054b696bfc8fe43d8758cf347a80d66c69166e1779
SSDEEP

24576:XaGo7wr6HAslncJgpy2PsaeF//s05pOsp:LqAQsCp4/T5p9

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Wine	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1740 set thread context of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3016af5068d4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000000102fa3281bb11f3d472b61779a87e2b2701dad83144f3d33badd7b41f94a5c5000000000e80000000020000200000005b66a6f8552ebe07e107d1d71657e339acf9f1bc29e7df9b158bb213718a8016900000001a479fda756517dbca7811a34ad24af47f4fe6bbd21135a13050611d605fd84e4fb33a515a4a54345eda1f603cd830600342835abb8fd40c61543b353599d8ccb6c3a20fa8bd435ccb6ac86e5388718b4b34af869665d2604b62192f5c1bbe643fbc0803cd1137475833acd50032c5fa7c8eabebc8652815ad8a201c5a8dfb5a71015290e472142406c24450bfa838ab40000000a55776ae61808ee49b6466fe363e8ed7e2b25b1fbcff4c205a3750c6f58308b1579834b225a16ead91fe9aa46c0066904dac08df27c8d815a8d55e3876a95ec3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426956579"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000ec29eb67eac88592bad2cd128a2d64a5b402e5e02f2f44b896b68f58ea359f20000000000e8000000002000020000000bdb5a875213824efe3bfb59106816c138e7df685f363389bcea04ee4a20c711e20000000f54927c82ea1e78946d49577b55ae4563ffc0669255172a9275c694cfef00a2a400000008b1d2b2b4ee92777799c8e1e24ac5be7f292f4b9cedb922968403deff52ae0c837b7adaa9a5329f36879353dc5f6890bb2f6f28e0d1c3433956ab7c08cd2e99e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A9E21C1-405B-11EF-B1CF-FA51B03C324C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe
1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe
2176	iexplore.exe
2176	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 1740 wrote to memory of 2924	1740	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	30
PID 2924 wrote to memory of 2176	2924	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	31
PID 2924 wrote to memory of 2176	2924	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	31
PID 2924 wrote to memory of 2176	2924	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	31
PID 2924 wrote to memory of 2176	2924	3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe	31
PID 2176 wrote to memory of 2720	2176	iexplore.exe	32
PID 2176 wrote to memory of 2720	2176	iexplore.exe	32
PID 2176 wrote to memory of 2720	2176	iexplore.exe	32
PID 2176 wrote to memory of 2720	2176	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Identifies Wine through registry keys
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3dc426881aefe72a44fa70879d615317_JaffaCakes118.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
9279abe5bfb6e0da140c9fc459bc01c6

SHA1
939aacbe2012b32e1cedbb788806342d582bdc2f

SHA256
9cff37c94ae6d0ebd836d8e6b428c88f69309f726128d628d5588de6c3f827c1

SHA512
ce10424b77a764819db658d59810a1951968f4233b24d95ca80c1f4a36431f29fdccee61e67261961200d1ffecf8c304d205bc8652153676f633fe02140f1b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ee058ca15e272c9bcb5ad16ffd421a8

SHA1
559a0012ca567aac455c054a020f445f722a0082

SHA256
ad86f82918dce5edfd4302ab6acea8d91383bbed3d4db64516a24ef95b382f58

SHA512
d62240f5f3408292e9f61aa831f422db6e9bfcbf2180ee8cf59665cae653b571d928ebb97355ffad0e1ec4bf4582c673943ab9bd78a4ae20635c4876e3d35f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df72a2125bbdc8773125338fe648f8f7

SHA1
e52548ac588408057f75aa5e39e12505400203d3

SHA256
e826458c567beb3096ecb8be7fd590a52235b9ca64bdff1b0ca8a63c5d17a64d

SHA512
c05aa74472c09cb6a49ca013b489030e32487ad5c6a6f7fa897de2fca06548f52e4549d0094631ed8bf19a9f7f6dff107178d35ecc36d826041b452555922763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a5a8b67664ec0562a02a480d5b1dd36

SHA1
35927c46b64d23aba56e8e4f4e0ffef674c99413

SHA256
c3ba7ba567480a9251c4fb18f7908d420653ddaf075a7d33e8334b6ae1bc9adb

SHA512
161ff4ac86df98410b663c88e58d3cd6686fd4dae379917502a711ad2a4054a4b5a5bd97264c961f00d03fff329aad17616e4c55d57ed1f1858fbf196c18ae15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47e7a2f8ecc8d3f7827cc9b77bfee467

SHA1
88fc6d703f302db57ef97c564b6aa3b67a6900a7

SHA256
865dc895e36b8336596d1e8f61b22f9abc12e906e36fdba1624ecce549928775

SHA512
fa7ec200b11db3dc1950c4783fd7cfde59f362372e2ccaabb3c64c6ddb11ae333986e4301108859c942a2ce4330f3f463fd895c14dfa08c1443ad6e4bf0920ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3367176aeeeaae443805d7e3ef711a97

SHA1
ff6780d925a04a4381c16d877515a667a00e5070

SHA256
623636851f1401430f7334b027758ef40a22d3f3d3ac310032f2a0fc37bc8fb7

SHA512
46a3b6e2fd1a2efe351de073b56b0577dba5c4db458cbb2599de5a46475f3d6654381172fe30b42b313b80518404a1fdfa997f917ba3c49c6a628037018cbcd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89792f99ad223e4ca035d8e1e2bb4e25

SHA1
034f25a31b76746fffc5da72ac6219f9d14ee610

SHA256
35d21c17ed805ddfc332e0096eac641efbf8314afd163aed17bd97a78322fa10

SHA512
184b2c6680917e7de766ab8feec0d65012cf1387e3602e84c6f58693546e59debcdf4c46341929eb45421e1c007fb0edb35deeedcb6e66774b7fbd315b7cb0ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc1ed28483227d475c53adcf175acc79

SHA1
ba68712343cc63286265cff7442e884bc13753c6

SHA256
65d7dbeac8ac36d89025e8056f70896b961a3f5d7149f4d6548072cab0973689

SHA512
509fd3ea6aaaba564b471f80f9bc11f8ff5a730dc2f17eed8338c42fda34c79799114249cbcd16332eb90ea07d756681d34d2963c3ba4d3e1074f8cf66d62ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2554cf52f4057f12616a27d2e98b4195

SHA1
5dcee66dd54758727594408a1612da6454ac7bc2

SHA256
e934b49090969f8b94bc288d84eeb8555e14ea20eaf90fe9135079ec6831b48b

SHA512
906e8515698ff147a2a6643e0ebca90fcac500786f7a96e026f77a988f97567c8b8ee52af75b9759f8280fe03252a4b8ee4ec1ac9749173e1981a6476f44239b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30378d6fccfb9c985dc1166d4d145bc7

SHA1
7df44fe587fb10116747861cc2ef162bd77da3a9

SHA256
62716ac6aa73cdc6c83cee03491544aa72a5e31d0c91ff253b1b70f83312088f

SHA512
50dd9f24c664220da94a14c420ac19cebb0501b72dea520cbe68fc7007f77ac117be7d37613a0b0e3cc5cb58f180fa87c2199866f8a72a2416ec2456c1257630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d186b47e8d84c903b59d5748025f3998

SHA1
57521db2ef4f87782e84e80fd37355a596d95d6c

SHA256
255e54bb3ae2d4cb361836c112f04bd795ae22b0aa9c2eec6abbc5d703616ef2

SHA512
5d26d0555f883c185d6e7f6dd2d2a97cadfacfdc7a369b31a913ef21346bc22ee1fe581e198eb5d9fde4fc71ccc9fb672a742075ef54f9b78c91e62602976b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19dc57a9c6ab07cc31725dde6ffcfc95

SHA1
6516f04282484816991477266955b605d956471e

SHA256
3743c3b9bf55e73f56cfde0b361952d65c78259cd5b050ff3c0fca7ba63d1e2e

SHA512
202090a0b2908bd14ac57b0c68c77ed5e9ef1df3d7e5f5ed71ccd0bce61a6c60c06fe8c7859173672d2dc8a10a7c918d60213ebca84c43b9cbb9154a99e67af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be779c75b2fa0066c6fae3da19bf3200

SHA1
99910988997807b824761ecd90c5673f669958ae

SHA256
a42a8789f36091cf51045e1e4cebe9b068f70c5aafc5c998ff37698ae308890e

SHA512
4b292ccf7716a4298b60c5a6c3db2ad1ba7605efbb4751d93e47cd4db3f07c888c38ebefe04c3825c7ec500fa5badf2cb46cd50bf450bc14b65b067a449f0720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
581221457bcbe6244297227968187938

SHA1
bdb1db30a19a8a3fc3d5fb95405b11696e97a1a6

SHA256
31ec8c2760240c5c9271fced567294c3f7f117400b6049a7d76deea9c326e70d

SHA512
0e33ba81edfbac77c6c32e60b5bc3dd5f30ed2265b198eb44c25de6e86d814b9ed60c3cb453365dd847bcc6676d219ba11cf678e7a9f44b5b263409812c4b1f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb3de9f307c18798cb22946c5938f9a2

SHA1
b18db87549fe90f32849c00666c468a7dc4146c9

SHA256
3d0d2fa563539ea0b44023c2f31fabb2b609db781ffb3821c7023036f1783f4b

SHA512
189f554d7dee311bc21931f180473e49f74db61af9af7ba62be9e08c2c15d43686368d63c2270697ce572a5c743be50b286955ca0b9e2ae08efacb93a9d21d0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2067adbe45b99fea55e3227f4ec4a31b

SHA1
45bb117fe537c5a54cb256fc7212db87dddd5495

SHA256
839836f7016d48dbc1d6707c3d0c1a10d4b73963dc5deb18dae5fcafc2a1df10

SHA512
512829b0001c5145da95f2b474c1e1fdb9541e12c6a6b40ce9f9217bca3547f0837cc43a1d5a646db781e44f90e1b1945cc2eefd17ffe24615eae0f5b768d609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653a20ee8ec336cf60fc34385563a58d

SHA1
d6f780dd480100d8787836063cdec7dc245abc7f

SHA256
62a2cedae0a50783e6eb366fb540b0ac792d62f2b76d04cc5bad65a8c7f3e9fb

SHA512
80acc35e734416009267cb5cbfd6b4ebf5d230d11e392c775f4d6f23dd681dfdec6001429a242bfe15d75e9244521c7267dc3bae3d81f48cf6bb4da5c7ed9540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27f5d6a04008ea1dd0ebd3d1b09a5740

SHA1
1ccbeb9894a83bcd3b60e2805dd05b73f59e458f

SHA256
e7b75e69e155d7c32a2bb96e3427ffe3ceaddef438a4a1823600106cde14ded6

SHA512
17f82d44cc87cbc4eee2cb2503c7f153ef0ce8a845df1b352d10efa01e0522f05a4e1675bc027b117ef26af0576a1a3f09436e3317a4df36b8e9c7f643804b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10a94547b63101848eef861e279ece9c

SHA1
518e3528f5ca881c35b3444b1e839bc8d98a6a68

SHA256
f8b303909d815b1a31b1984d8927ee2d5dddd65999a408cf2c7b45914098eefd

SHA512
4143f1651769c53397e5d9baf6a97db263524162ad31ed33e252a58f3975d831ffef47a5a4a7d5f92570ebaaee8246cc57c24689081cae96a07e61d461c453a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0a9d02d0baaa0878801e0386954c285

SHA1
be07a837f552aa725862aa78006cb34f00ba5ffb

SHA256
c74c178835ab3692c650c9136f8a25db6c4bff0fb05737ef32b042cd478a082d

SHA512
eaab996fd948bec7d85810cee16187c69db4843acd9c3043e2a4f02acca8a79ef3cb33b8134a255e850ace9320b0c2467190856f5a5759d69efe70136a250c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bfc51985d07391465a1c362f6eae4db

SHA1
856168ab535cd75705eaf10e21c7e8bf2523fe29

SHA256
8750bfa88b99b3010019f62eb4d97d6ca34f0f86a474914e50dc82e9bfb59c43

SHA512
0ddb6a114f4d2d184a6c2be617996c0d0a513da057f31b4d206c10d3803a47a142177e62615e7d09d5d5e592ff899eb890c1b83c92c43b8c23835d4a2c81b1d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcd85db3b64505944a696f687e816856

SHA1
7508110212da51f8995b9808b00b75008b875a96

SHA256
15eab7926309aab9034e7a9d948ed0bd2d258e34f9c36db73720150bb389bdba

SHA512
3ced76c31909dc4e1f1a6a1408bb36f167d7514928b43e3f0cdcd88379caed98c41c9d229efe372a0f46a5f643733a9c6f8f6640b526f2bc0bc764f0d4a510ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81cd0174eac3fd047bb0258c7326636e

SHA1
92b8bce5f328f4d487061caeca829f73b927b6cf

SHA256
d67e1d06da9decb0ea8a46bc096ceb78f946064a13a898ccabadc35f98a59883

SHA512
245d0e9e260d1f4be8465df60255fa80cd450efc737547b560db83efe835e9dcd9242495f3ee789fc29201223ea799203766a1cd6c135dc2fe4ef2cbcae9d90f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10222ade887cfc1c90a0652bb2bbd35a

SHA1
bf121761c7ffc19b33d00892e2a584131658db8b

SHA256
21980ebdb7f6bf9a669cb704e280bd4c8e0bf6a27e72cfc153834a55222aa614

SHA512
c0e805b5df31237864af02d363821091069aec20a54c5e7610a82a106c45f7b61c11540ad027592aca30197fec8a748fe33375395776f916fcf4e3415733eb1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00f199a24af00d848295c7c0da67fc6e

SHA1
bfa71bdb36e6527994d757851fe4e1430c9acd4f

SHA256
5b4f0ee0d88196a50161fd860cf7ea4aaa2d5ed5852edba8b9625348b33a7f8b

SHA512
f64afd313065f0e4eff2de65610e7215930f778ae1f629bd61152422af2064f83f2d597e17d58507eb34c753ef976e522806ad9b21a1b96790cf3852f39a18c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1331070dae52344939162553a0c6086

SHA1
c703da723a8829efc604c25d78ae1de0a59cdbb1

SHA256
cd83b379f2ff24921c3e63ed4fa98327ee0a386f1155999a0bcd0d95f5b74219

SHA512
b54f12f9aba4c96290547af56aff174a2ffbbe49d61ad456ff7d0ccdc47b9cab398179afebe3aa758a7baab5f1df9e1cd76541d9ef71fd8989e04b39dc07019b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39da86816748b5b5192e2f577bd5d495

SHA1
12a3f20d2997d9df7e0b9de14947a79ed212b3f3

SHA256
060c5fb5fc470662ce825c163d687cf75e72e3d738928ae5ae52a3348c85cf64

SHA512
c6c2f84fa7eafa258d7caae269833760e8ebfd4292cee155a2926dc6a5c84c44d3c979eec0cf4564f1eac81e583d9a83116c01cda970d9798eff30e1b085296e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4c577067c4ece001f71c6e39f7a37d

SHA1
84471edf489d1179440361aabc504f993bc8d5b3

SHA256
c67e90bfa8340b60a5dac19cc108f587465a079634189de8d8574b53b32ced6d

SHA512
d971ae8bc2675c62370348caaa6372de1cf8e6abc7c7852eb6c7639f32cae19fecc2143e8861039de744e35716bb35d2bff8009892d1e713030aa1336e7d1858

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e792cd85f8b34dae69de685cb6c73475

SHA1
bc02f81e12519762299225cce5984c16a1e1a407

SHA256
fa84f1f63c763d8d4d1f3e23dc6ed77d9fd1f4905542618d9db5615326242ee9

SHA512
c2afff29965c18f3cb1114364677814a6dcaa8439ff907513dc6abc2f90634eb9d779ed4e5e7a2274706810e24adead97c4d006efa487b48a66a077459c49d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccd01331989c0a5c36adc21bb922aeb4

SHA1
d13537e4913b49f6a44a7307357ec249a22ee9b4

SHA256
1c21a9ef36992c84176498f5d120c2d7533db345f14230e8c0b7927c16e3a843

SHA512
e0dc32960f56093b1afb6f8d3486ac0c17d6ddea9f8f2c5ee3685b64bfc8e3289ee3635fc062dc29eef43af756776bbb6a4499145776c154bb47f36108176a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19fe0e188aacb696fa607de4dd4f9917

SHA1
7aafea2ccb4051d12fdefe956382aadab02bb93d

SHA256
55020b9d31fa02820d47deb13c39b12306cc8a5ae66a4300f614b9761d4e8ddf

SHA512
a7c544aa4cd1269bb51564c43f188bf3b13cd4e6f60e254ccdca98d813ca6870bc720e596ba55cc4a192b20069f6e7132a7b00ec01526569482a7bac26b534c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b48b6c047ab758ad58b9d42d15a5450a

SHA1
de63459deb7d224f973ab14de3fd0ae594bd58e7

SHA256
c6181f82eccd36c234c2f6f50e973f019bf8aaf9b182bf9e4436d2c944c5a4dc

SHA512
a95d004cab4b18e2077e142c8e6413bffffed6fbe5f0a18320125e7cc05c947ae3124d47bcfa83f2f0d6167b2d75d1ba67038f04ccce4e7ac9677cf87fa61ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE447.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4F7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1740-21-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/1740-2-0x0000000076EF0000-0x0000000076EF2000-memory.dmp

Filesize
8KB

Download
memory/2924-6-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-22-0x0000000000450000-0x000000000052F000-memory.dmp

Filesize
892KB

Download
memory/2924-10-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-12-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2924-18-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-20-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-16-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-8-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2924-4-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download