ecb1875ac31a1e5b3fd1fadb8d0e9c815598ce9112d013ed8814857028d12f66

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe
Size

93KB
MD5

42f14fc77f611d4cd6663b7edc665e64
SHA1

cc70339c19eabb8cf1cf99710d35adfdc7616940
SHA256

ecb1875ac31a1e5b3fd1fadb8d0e9c815598ce9112d013ed8814857028d12f66
SHA512

4f72a65875ce6e987e2929aa830f6b46e8d66fcd9f6e48b187da6b7ce603465dd72790d39a22f2d92afe44d0041921fd3df05db8d7f5f576e3b9a199335c59b4
SSDEEP

1536:mBF/vmz26WpkCdMuzng3met0j07zaNWHlTlMWd1m53/KCY3L3RiAfLiZaK+QKrmz:SF/uzspP9sHWj0THLMW23/VefLibsr8f

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\windows\avsgccs.scr	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000caca63cf77cd5c38dfdbff4e66472a5bd1d277c9dcebeda1fdfc8fdfec076712000000000e8000000002000020000000a6f66ce5db24e257165bb8aa551bdc8bc00f5a2293df563ee122f605b83dbeab20000000853f10f17a770a5ba91b934939fff25ad90d0f5de30152d7a715a23b82d5a6fe40000000ad33e2dd7ea83023a3d002f117ec42eee004520f65d4156735d3261834c0387038274d1b40796955b8ab954159f25954257bb3b781ac19e582c3b13e4f90a768	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000d71bc5ecc95062d70d285f2bd704f3b2556d685a1dfe5a3a3fb53a4b5ed69fda000000000e8000000002000020000000454645d5fd17bc16ee6635b89b07ca5a827543fc372794b127c8a7beed96b48e900000004f777b8eca203dc6aa81339f3b879a22c294141e65ba8b4078f5b5e1cbfec73c288265df12df221defd87aab9845ab6afaba0d36d045d24e001c42fa449b3f272c9bcf3c3ac828f2e5e840bdd10c20766e60faec5c64fba52cdcf00d04222798bcc65dea0c8c9e19d185f47e3cea2890a6362adf7a7daee0f5885ad45431b8ea84342f8568f338dd4286c4291eb0c1e0400000009cee81005333bad42b96451867aad5bf8ff3e3cbc8ccc5cfa4c570f47ab58d01c1a9eb58f6a1e9a9866e274d7c4e47ca0dd2680dc1ad37a4e8f3510714d6b51e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com\Total = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427059046"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7063f7e556d5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E78D541-414A-11EF-9337-EA452A02DA21} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\gatasgyn.com\Total = "18"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2664	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3048	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe
2664	iexplore.exe
2664	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2664	3048	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe	30
PID 3048 wrote to memory of 2664	3048	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe	30
PID 3048 wrote to memory of 2664	3048	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe	30
PID 3048 wrote to memory of 2664	3048	42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe	30
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31
PID 2664 wrote to memory of 2184	2664	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42f14fc77f611d4cd6663b7edc665e64_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gatasgyn.com/index.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29a0a15588ec441f839417f1a0cafc16

SHA1
ba480ae2e2a008fbb608675686314d3b77c2aaa8

SHA256
0662e840b81adaae51b165e40ca863b14839523d0794ea4a5340a03517a579a6

SHA512
6e8893e30b7bfeb2b31a6a44c1b31e47e43b74f95ae39b9c1863e18d959d94921e46db7b618156a423e6bec531dc5635595e9a7b5bc1d1f8c6c1079728feb912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f5d353ca1080f839702afc69dfd9f67

SHA1
fe52cdf26742e9db3d052dfa58345edde15d8dd4

SHA256
69aac97e977bcd07680456bdde93c5857fad0d04a3bc92fb68539963a964d8a3

SHA512
be834a9bb59f068ace73d6e0e392db19e157119a6b6fc7c5dc0901f4d346d220d9a1eaa8881ecc4dc896762ab26cb18a2a241e40600bed8300effb581a10a966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31b56c84c59a587e399e524d963d50f8

SHA1
00f8f0cd9dca5cd5a0e2eea3ddb8def434c148d5

SHA256
3b8cb5c8ad5550c9d0cb38c486a547a036abd16d859527f848580b1ba8f87d50

SHA512
fb0464b72fd9ee9b24e87c885a4c6932e93c241379429f6860f9578acd777e121298b8125b6282a0069907c2bbc71885ce2b4476c0fc7a98a9bd6630fbb714b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52addd8fdc724e2c39290a6f9feabbe4

SHA1
03fbfc9637a1b9c7170cf08b6c66c8e934d30367

SHA256
76dd642cbfbbb5a128456745f6305fc2b5b86acb39b26e68278ff9ffcfbb3826

SHA512
8422e7e65a24236eb39aaef3c4291ee36831d37475d7f911a50655aff9d9138a12c121b4e2c200ef3ddf7bbed1a5803b921ae42a06987e3981fcb3a805f43b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d923d7eb592893847281252b2672dca

SHA1
faae67c87381682c3db27bb4472ffe50ca151cc3

SHA256
be32fa06fe2d631d4255254e660711ed518840f98b5c316bb4d3555b2311eca5

SHA512
db29b9536fb32540ab795e1595fe473cf3304e610feb5185b8c276e202fd026eff18a9e81157112cb20090e91e8cfeebfb10eec439e86e00e1c7ae23f3e13c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe3bc7d6de9c5b545151508c3a82961d

SHA1
c9233eaaba2b205e5523f6235647656acfb97532

SHA256
e802f9f6ad8f5776c38f807ff65acaa15f085fe1cf9bd44449331bcca608f4bb

SHA512
810c800b0ee085ada2c28b735045696000dbe997e3c6d921cd5c022c4493ae2416363e401b50bcf755e41413b82f415a60d42b1256368af9ef985b1177b97d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9f7c773c8e4f7917924cf7ac7abcf80

SHA1
66a979b33b1286778dc72644ef8ccf989c85f468

SHA256
c3dbc68bac57699beae2db16f33045ef358308b172bd90bd323c2cae1d2f6a83

SHA512
3c81993bcc2d772e5a8a6cf80322afe87e28ef0b771b7810eebbcee65f04de39ef875d8eb69ce4bd2599769d1b366b63c1c418d35d739b8528482b4df45f7277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71c1b0d3550623314d0f39fbedf8ee59

SHA1
e9b76216a946eada5749f399eb4e2145ebc79eb8

SHA256
9bb099571346f2f70231f46ba0fa85eda82849074dcb0289125b6622c623a014

SHA512
4d9027172046352af22f9c85dd81d49fa12eeddfb0957d022e0dd34dd7f9ab1e1bb6db63be07efa55d093424c1476f71840b649e0e4f6e01a14aa2d3146cabca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d471f14c1292ec9a02453acbb8b9cbfe

SHA1
8ac75de945b22eed3a1c17ee5146fa01e9b3d24a

SHA256
73df765cc2eb584c10f0d02cd633fb9ecea8f2f724cb3b5c95d71e9df12a5a80

SHA512
4bdef4e701c860093370079425cb53e24a786342dcbb277caa3e4188be1a7d2b0197b797149b0818546cbb3a3cec66ebb3e917c4f78e8b972e6fad6d54ea3ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c2755536258460d5b571bcf72f76050

SHA1
a0fbc9952a2ca1e3a36bca4c04e6fedc257eec0c

SHA256
1db82d6aced21e13c5380832dd6dfe4539c8ac9135c434f339aafd383d34de55

SHA512
9363ffa4d9d1ede048e8a7a6ddb746c8191f0cc6623dd993ba8e700de1a3b873f64dbe3ae9cc0cc021e7e3a99e12c3d088f869b50819b064dac3bd40ff2b5b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14b98cf0736135d308ae9256d15a3d7c

SHA1
4183ca4cf4ac69fce8ec0de6281597c111d2f677

SHA256
b19e5760edfc8e624d778f1cb442f1e6b93a94e9b8d5cf8b02d02f2bd948ca00

SHA512
56d4b17372570c46862a99460223c080dff3dc9b3f5f56723776c9045bb5744aec62a7e61e2b25d2755f8f675f8329a7560e5398940e358a9505f5f0273b7790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23d22db2418e01af89b6848765df2b3f

SHA1
581ddfbb6682f87d7cbe362af8d7e191a2fcd8ec

SHA256
34c550070bbd0eb1000356da14c9eb0b1875165733b073e558222a96246c5ca1

SHA512
8ba990179a88422bfd642b9b25e439a311c2444926d95a82af4424874562d907b7e0dacd8321e3b9ecdfac5967f5f9fe02e83c97799c6d1276e87180f376a8a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a95635f55b0c6f95d2455aefdbf56b46

SHA1
aec0b56845f2d288eae8816e45ce1217e7924875

SHA256
9b559cc917c8f3bf8303b4a2c5dcdcbd5f3e787adf84d72ed8a76cb578acb288

SHA512
739ba1dfce976d779a3f83115e6aab77f0f20943f513d439fcf3d5d0af49c02769cd5e1eb2d92c71a0d5484d9cfac5686f8a9af34f399090479f1403452da339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ef3c358a9955f428104197baf9af6d5

SHA1
20beb5ce9ac5e9d2e8939eb9ec7142d06007e37b

SHA256
67e74b2af2506a3fba3fa52ab75c96701f1aeb094301398e6b008ae6246bda0c

SHA512
32f75043be65fcba3490c624f26af1b0cd6c9970f9a6167213a339878e1784703c122c625f58ae83e58ef16a09c85fc99dd7b78e5371c6a31408db6b173ad336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6066e8340b810ff43cefa39ac57b7d8a

SHA1
e4b7de3707f771feaefe39944f32f0beea3023a0

SHA256
b73cbbd5e6279bff9aacc7a715f9f680832c40dc6c9ca0cdc90dc4c9198f8980

SHA512
58042af899f59657538a5abc7e152b9a4dc2eb6ab1e7ef73e54a59558faac27c584b55f0ef0f8c014c02d1847b06e250cebecceb8aa3b9201f7beb78605f0185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0372ba1e40d9ec6b2d4866b33298ac0b

SHA1
067051b16316c5b3b4873db84a03c7f80061babb

SHA256
dc1807dddcad10b23914661ca5362e3c276461c126b46de44412f44298373c1b

SHA512
10f2c4db779284acada7e982f3a30dc071e6ebb986dbfa35aaa9d39ada6db51352112e9c30e24b05492d5093affd34dfe90265096858621561dab14f816fc9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a62616af3142db91c12fad4cbdc39a04

SHA1
fdbfa245196f3db3cc371478ba6a4fabfdefdb3d

SHA256
0b11e8567d1d04529d7a5673fb9e7c0e0d0671067879adbb348ee8bc2109d2e0

SHA512
f7f78a487c03331af4885614c0feca280d8553f739ca93304713054440f4c8e512f7b741574a8b4364f367c49330859314e984eafd0c4b4240ba519872407a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38efc8ae2dbb6048fee2d6bbb4310c7f

SHA1
e118957cf1c9aacfc2b410b602d547045a74afe1

SHA256
2eaa7600b6203f2e56ec214119c56e087944d4f93c481c67bdb4db76a95e0ff6

SHA512
63ce2cc9e0e1a3b02d055ab7c40f78b714aaee2f752b87760718eb55cc545281a7d52c42c23ac16e5d3d7fde57a3fe48af18a035a4e557ab5fca1bde0b06c79a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5589d406415fd7de05a1a7bebe74c37f

SHA1
7cdc846d3282406ab4ad1e955d4fdde303cf9f66

SHA256
b5bf4d29d3794ee5c2495e5e6754af9f10d8bbe552e1d717e8b5feb27df81c3e

SHA512
0968131cc3556d89439d2686421680aa28100f78c156371d5868e6f03851268ba1eca7f9b20e96b8581e6e9b21b9764586f30f4600f1a5b63de3f9119012fc66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dfe9560d0e59d1139caf56fe0a40f79

SHA1
448529f619316debd4bce7e1fbc8a74e0e586be5

SHA256
8f7dbf58d962df3974286cf513ef582ebf42414dbf624c5f70240a36b98b29ee

SHA512
d72c1cb403dfd129ebe3b2e3609d4286bc26cbf4ef9cafc9b04c70f8155551feec9d9bfe593b51a9c0f1fb46d0fd2ba5ce7a3d81ebd90618fb05af0f0b25d4c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2cad8c0a11df57ad553dc6afd794a08

SHA1
472f64197834aa6e86df0f4815558d1aee94ed97

SHA256
6f1c93f21fc2a8f4a84c757edf0e3c176027c45a66b7534ec765798f97687dad

SHA512
4095b6bbf22cf9979c764f023e26963b6d2336d8ef3b7cd2db757b8804f44e17a89a48c2bdb0b912856acf2a6b77e39b2be467114d6b6cfe13695bd054b1e7f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa9a5b34d0668fed2d1c8109a46ce61

SHA1
1c2d845e2336c49d7e37d84a224034e85d12caa2

SHA256
3d59ac8b682288b5635ec9322797b4193bcd6f1fcdeedc3f142184677b02b421

SHA512
1ad9da5c46d8df8db3999c5eec11671807c0b783db78444c73abe4046ab742fa1c44104abb153d74483233c48ab366d00f4b5f229eb61a0046728fdf596052b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c9420515437387c933bfc9e7a47c76b

SHA1
a43dc55fad1a97fdecb31a6b52095cb472fb5394

SHA256
7dee9d69e384091a484690f66ce221f9109109cf321af7490804238476abf4e1

SHA512
90bd935fc0ae861cc8e0f9846603e185678a55a6e93efd428ef706908ac13acd573de9caab2122a886d57a15e7e0226028132af5abcf1120849896a39c1006bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MA1370SE\gatasgyn[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mr225z1\imagestore.dat

Filesize
1KB

MD5
489f4597079afdba4cafbf06aaa38bb1

SHA1
633f9bc2ff105ac8a2b770a69036e5dbaa31529a

SHA256
114b72a53631cadddc5e6d1d02ea5b4347946bdbed9412bb92f364f673aaec31

SHA512
687f0033b3fdb0b963d70cee26b39bc5ace6cff5513ea7dba4500c0092135a182751e0c551a4611ecf1d42b2cd52b6f68588964ad768039d908b80b0172c1883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIUC9X25\favicon[1].ico

Filesize
1KB

MD5
ee2273385f93da7330463089d3241ee5

SHA1
cca117f8ea2ded5adc04f40554c42938a3db01a6

SHA256
fbfadbe1d5cc647d03f38fd5264d8fc006e6847bec563dc68f90bff5f6799d01

SHA512
0c7989d8d18d545acf0b56e7ae3e0062158045e918cba30ac0913507de086294ad117cc0d68e14048b3a0b7c3e84277147098a193dd16ffa7404820e9e3d70e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6E6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\avsgccs.scr

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
memory/3048-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3048-3-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/3048-12-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3048-2-0x0000000000290000-0x0000000000292000-memory.dmp

Filesize
8KB

Download
memory/3048-1-0x0000000000230000-0x000000000026E000-memory.dmp

Filesize
248KB

Download