05105b60f1a9809deed15a2f80411555dacd4afd0b4baf4160c8b48dc3d16ec7

Analysis

max time kernel
140s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
Size

118KB
MD5

83a414f3dda5e233ac687d9afd4fe54f
SHA1

25698595bb6c6bf3c3eaf4a89ad88f598365cf8e
SHA256

05105b60f1a9809deed15a2f80411555dacd4afd0b4baf4160c8b48dc3d16ec7
SHA512

ca46bec22c63202a4dece02ae9fbb444f0d318d35d6b6c3320f0c186520a49b1b02d21a5ebd67eb94067c6dfc4dbbf9e4a2178ceb4da757223f3f1ed3ac7fd42
SSDEEP

3072:EpLwyDfulTE32lmoy9QSpUJh7LII1VjlXChDoJWt8zzS3kgg4UOvgvFheYsGr:QS1VjlokPS3kgg9igN4Yl

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2720	acrotray.exe
3028	acrotray.exe
1520	acrotray .exe
2968	acrotray .exe

Loads dropped DLL 4 IoCs

pid	Process
2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
2720	acrotray.exe
2720	acrotray.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe"	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\acrotray .exe	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\acrotray.exe	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray .exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90058493a4eada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDA515D1-5697-11EF-987A-EE88FE214989} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000ef2e489e9bc9c9b01ef55133106298e69b44b84fd1652237e6096ad710a7ef48000000000e8000000002000020000000700c867e198a33da50f7121e30c4a95ea58b4e23eb73b9f8fc731a243151d00c20000000d73ec3d0c85b61c256139e533c13f448be1c2321f8c45f0197f8a6a78626b2f940000000f78204fcf68e95c577b6a579bb0839b30ef7fa59c1866b33672863d398d83e79e26699a200673c04937a5ca817c8367a8be8401124773f8eda767d74c7ebf99a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000067aa63d49f6fae69e2a495b9f22e7ad8ff4925e181c0d396011a4672315faaed000000000e8000000002000020000000a9802de3a8078e88b2b4f5638fb917b8066563bd846a01a66f0d5c508e48c80190000000edf901ad9a0b873eeabf08f963ace474d120f14139de59f75e1a52ed053c150118d3717d4a9f78c21a4f336b1d2d059249d7cd85f4161ebaf5e8c640eeab2e4644a51a676441b0ee49f3e264e3ac21d9d02619addffc8703d1a7056b0b7078963211ea602ec14b791cf505ac135c52999d6d27bad5e1d95794a3a97c04920f9162050b22d22f7897f6f34c6619d3ba2140000000b180f1880a50f6705051801e0093c5e5a125e6bb7018ce4642cca70f23db01d1042ce5d020cf5ec810390ff1e87a78f350ec9058e6d51245d48549303cb43f3f	iexplore.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
2720	acrotray.exe
2720	acrotray.exe
2720	acrotray.exe
3028	acrotray.exe
3028	acrotray.exe
1520	acrotray .exe
1520	acrotray .exe
1520	acrotray .exe
2968	acrotray .exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
3028	acrotray.exe
2968	acrotray .exe
2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
Token: SeDebugPrivilege	2700	83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
Token: SeDebugPrivilege	2720	acrotray.exe
Token: SeDebugPrivilege	3028	acrotray.exe
Token: SeDebugPrivilege	1520	acrotray .exe
Token: SeDebugPrivilege	2968	acrotray .exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2600	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2600	iexplore.exe
2600	iexplore.exe
1192	IEXPLORE.EXE
1192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2700	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2700	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2700	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2700	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	30
PID 2824 wrote to memory of 2720	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	31
PID 2824 wrote to memory of 2720	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	31
PID 2824 wrote to memory of 2720	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	31
PID 2824 wrote to memory of 2720	2824	83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe	31
PID 2720 wrote to memory of 3028	2720	acrotray.exe	33
PID 2720 wrote to memory of 3028	2720	acrotray.exe	33
PID 2720 wrote to memory of 3028	2720	acrotray.exe	33
PID 2720 wrote to memory of 3028	2720	acrotray.exe	33
PID 2720 wrote to memory of 1520	2720	acrotray.exe	34
PID 2720 wrote to memory of 1520	2720	acrotray.exe	34
PID 2720 wrote to memory of 1520	2720	acrotray.exe	34
PID 2720 wrote to memory of 1520	2720	acrotray.exe	34
PID 2600 wrote to memory of 1192	2600	iexplore.exe	35
PID 2600 wrote to memory of 1192	2600	iexplore.exe	35
PID 2600 wrote to memory of 1192	2600	iexplore.exe	35
PID 2600 wrote to memory of 1192	2600	iexplore.exe	35
PID 1520 wrote to memory of 2968	1520	acrotray .exe	36
PID 1520 wrote to memory of 2968	1520	acrotray .exe	36
PID 1520 wrote to memory of 2968	1520	acrotray .exe	36
PID 1520 wrote to memory of 2968	1520	acrotray .exe	36
PID 2600 wrote to memory of 2640	2600	iexplore.exe	38
PID 2600 wrote to memory of 2640	2600	iexplore.exe	38
PID 2600 wrote to memory of 2640	2600	iexplore.exe	38
PID 2600 wrote to memory of 2640	2600	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_jaffacakes118.exe" C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2700
- C:\Program Files (x86)\Adobe\acrotray.exe
  "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Program Files (x86)\Adobe\acrotray.exe
    "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3028
- - C:\Program Files (x86)\Adobe\acrotray .exe
    "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Program Files (x86)\Adobe\acrotray .exe
      "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\83a414f3dda5e233ac687d9afd4fe54f_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2968

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:406550 /prefetch:2
  2⤵
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\acrotray.exe

Filesize
127KB

MD5
fba880abebda39ea637cfc1d4b38bda6

SHA1
e52b530cb90387b0d2a7eb4e91a0251b0dd18c09

SHA256
9aedec7b2679a37515d199a3a5c657ac9e7dbd942bf2b2762d62c60aafa2b0d4

SHA512
9ec50f0ca886515d32171268d9be1c364a8be27d6d0e58d3d9cca64b853b11e62dfa1e4656c8f3b01f5f8393b1e413f2bb7c1ed2c455063dfb8f4b3083223a99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acea094f76b0312d3b9ea12206953f4c

SHA1
00c8756f8790e058c76b3bce876f6be2b7ce486b

SHA256
bde8c49c25beaae07d9b43793942cb0e49af3501b8cb6b3fb08ca7ce719a75c8

SHA512
5b9a28ebb9418778049e988c3087520abc8f17aff8c3a2f17633d13550ea46b96a54e6de6825af06945a2956c3dae09e045df899febfe138e6607d26120df4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07c9cb05a3bbcc37ae71d1e0bb5e8257

SHA1
c426a25cae269230939f0bb173050ba1f3288321

SHA256
d4b7f8c4a1794ea8bab884b64bbfd3404e4a2791b4a66d1f3c68bd0c78f9eaff

SHA512
ea17fcedb2bdd65422c02b2500be303d32144c8403069c55badbf8620abc6a67eb7e596168104c240e50e7cbaabe1008467860545622f4a878c6934fe8d59703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb07107498d54609c3390e9bdc47e433

SHA1
5f6c9a1628c726cfbf9c81ff608237793c1c0c3a

SHA256
b0f39ba4425d248d1015cf4c53b93ed59c5fdfb31d839d2f3a7f9336d9b02a27

SHA512
324af8e5ccbe3d56545dd8933f491b98c5ded756339067e0ef44516490ea31596e3018fa07dd18b14e051d5e0bcacb2a9b7f6ecc5d3021cf31da788a40ce857a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c00e55daaff2fcb9ea6fb51bb526ddc

SHA1
329db472cbf06e25b8901c0e70f511e4438d0655

SHA256
6a04784b944869b3ae50e8cd6f4b39b45f8b80c1c0186497f57868d08a8740c2

SHA512
29b366d718069e6330ec04449c8b9c1d32389c31948a06249068aeb5814b903d200ae040a49be6f75b27ad3896267b7c4d4549898cae6bd47c653b73347bedf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c400f4980c28128f4ccb4655209e331

SHA1
ed82c501fcf96866382ec4efc3e1a4b78350cb84

SHA256
85709ea1b292a24df2c46cd6a4bad92c957badcc44fedd3be55dfcd6a6e31cab

SHA512
c8a0226537bb70a47f7d793dc17f205c5ffb79140438ce9f19016bed12fbb1fe9e82621ec0e9f55ad952e3057f09cb3d63174f2dfe822e5e98fa41e4721e8cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a63cb4a07d44e7fbe0ae0699d12bdb26

SHA1
cb50efed0d4bed63bc69bea2322f45796dc5d1b9

SHA256
77d55b3a6c4726059c72aea29896a479cf7b6c4d7cdcf9c00adffb7b6ab3908e

SHA512
340caee52751bd501193cb5cd6893f5eeaae6aac5eb162dc49da541dcce8be6725ca3a002725bae7d8147974a0bc743ce8500ecba4c263912be5a958f7bd10e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85188dd9f8a496b12a1974407613c35a

SHA1
a6e984886d05ea55945cf7aced1df9a6654f307f

SHA256
f76dce3e5243a1d9b7b8acebcae9de2420d50a50cd67e211a1a3d7e9c77ccb3c

SHA512
341fe0d3cc9d57eb043d6dc9ce94988b4882d6f5997f91e94ee89eefa3a3a140e277a8463cc4a5a235d1ecb904898061c0ff1ccbf8c22ef403f09b6ad7e225fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca773f1a7f6fc5460a68ce13b6d01c2

SHA1
fbd294a22fcbdc194d4107b5531a403c4d71777e

SHA256
fde154b867ff1fcff035846a3e85ba51ee8908f45a453d884b53283f94301511

SHA512
f876cbc289e77b64246bd2749536783e2e8cf9581ce266ecabf4349336dc3a90eb83a75b58cce4e31b021ece33cff1c06c9b119ee7731fbabcba087918be5105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
560dd282ffc11736e15a8202332e0aa6

SHA1
a85e2d10aeca0036ead1bdb4a80783bc105504fb

SHA256
f8515f903d1e305129919059bbaf02d8169bb2e6c31c6acbff501f5f708b4a1a

SHA512
56b808c74beadf7851695fca8bf5e7f0caaeaaf90210392bfd1cfbe2dab3c661c6831f390dd3c926ebcdc432875a397c8579760b2f9eedd8622d7018411aefa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d8e9a19c8936528691bcb7afba063a7

SHA1
f7a83eea69919372b86da508688a6d906e2391bf

SHA256
88b22ed133f92e6eb3fbef96147cf037bdd33620e4df6187c015f9b7f4d655d2

SHA512
df231b3d9ee351eb24862da769fc794aabbddd6036286aa438be74aa7ab35998761631e57198ccacc714418e967d855222738e755775347b722304974175f6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fbe42c8974e4ef3972fbce610f5fc96

SHA1
42c9fb64bb8d80fee6a84b32dc5757fdb2a58184

SHA256
d62fca8395933ceda496531ee8d6af679c0ed63e21f74c8bed85d082ea0cff12

SHA512
59a388b0cf4f0e30c7d946afc0677b4c4c34e382625ad28e2b526688acd39fdba745a4f54d6cefb0d8e19a8cd30b31aa7c2a41a1019628ac89711000737569e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9290.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar92A3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\Adobe\acrotray .exe

Filesize
149KB

MD5
52080ee8473ac78faeceeb425fd20fcf

SHA1
0497a6d88a2216005e004efb47d5b8193a0cd20b

SHA256
a198dadb0917b2378132300788ef8c7bdfd9dfc48f8b1e6a77eee824cd9e4a06

SHA512
d3f60bfb25103baaef0f49887b308bd46326108a951cc5f13109be0d960d69308ce51dd85095e244741d9b36359c059dde75c2bfb2f72e08e9e1ae4208c7bc79

Download Submit
memory/2824-38-0x0000000002850000-0x0000000002852000-memory.dmp

Filesize
8KB

Download
memory/2824-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download