4471cd6949a04788d85a46e39f4d3f7211a0709998f97a88f68e40bc7ac04223

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
Size

41KB
MD5

862fe98a58bb184ae03f32d57936acdc
SHA1

1e4c5e602b806fb97fb2751d5f56573cf7f7ed38
SHA256

4471cd6949a04788d85a46e39f4d3f7211a0709998f97a88f68e40bc7ac04223
SHA512

61f40ee802d48c650721478db4bccfa770afc6f0efdf91d0608771b04e1503cad1eec65e2351f49b8ca9efe36e995ddabbfd45981a3582a98c37b3e8659ba6ea
SSDEEP

768:XNcAv+ZGdbIAqoIHinxyZPijUqyVVXqfAVugjRCC4p1DQs8BDD+vWaQFTe1:2AG2kvoIHinxyZPwUqyTTFjREmPScTe1

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2896	acrotray.exe
2620	acrotray.exe
1744	acrotray .exe
2860	acrotray .exe

Loads dropped DLL 4 IoCs

pid	Process
2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
2896	acrotray.exe
2896	acrotray.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\program files (x86)\\adobe\\acrotray.exe"	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
File created	\??\c:\program files (x86)\adobe\acrotray .exe	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
File created	\??\c:\program files (x86)\adobe\acrotray.exe	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray .exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ec662e27ebda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000003513947eb4f0006f3bd36d85ec8e8ad3e1b5c5992bf35f1576c62eb8ced86b3d000000000e8000000002000020000000be4371f1f2b751b79bfa15686ef60e55dd8c09debb7e7bf863d166e115c4bc10900000009dbbb509a8397c43419c23f137652d69cd70097576319d9e586db211d6af5b3dde5ffb407db8171403010d8e2eea3d8c199e822a6a60285559f7999d7719f16f373e779ad12fc22a1138cc81508f4c6e206e0faeedd7a13e60e94093663fec42cbb17ed34b4cb6ef55b48d8d047f1a502f0b3500bb2123aa30cdbb7d605ff4dc0b07664272424eb57abe0913bc8704fc40000000d3cf21de56997cd348dbda7a5bb68fa609fb1c16fc553b5c92101cdc9aede7c416be3d934a59d20df50018f0cb53eb517925ca5893c5a1d291512ef8fb93b1f4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429457509"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000b50200b9c9caca0c8c77c3b6aad18f572e993e9a30e4afda99bedd63b97a19b1000000000e80000000020000200000009c2698cfbdcf71c2e424ee491d149d7aa28e85cc1a641fced01cdfcbd4eae374200000001e20306eb184136550a3c443cbd343534fde5cc1411a3a374d1462ca998f2b83400000003e4179d3270cd0c4fd1f11c2531510165f46a97627a8667cc86da7a30e93af50696bc9787b6438bf3bcb5aad08d3aa238ab9bbf10bbb0f6c49575c1e71147c7c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{696D1751-571A-11EF-82B5-E297BF49BD91} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2896	acrotray.exe
2896	acrotray.exe
2896	acrotray.exe
2620	acrotray.exe
2620	acrotray.exe
1744	acrotray .exe
1744	acrotray .exe
1744	acrotray .exe
2860	acrotray .exe
2860	acrotray .exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2620	acrotray.exe
2860	acrotray .exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2620	acrotray.exe
2860	acrotray .exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
2620	acrotray.exe
2860	acrotray .exe
2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
Token: SeDebugPrivilege	2764	862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
Token: SeDebugPrivilege	2896	acrotray.exe
Token: SeDebugPrivilege	2620	acrotray.exe
Token: SeDebugPrivilege	1744	acrotray .exe
Token: SeDebugPrivilege	2860	acrotray .exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
2088	iexplore.exe
2088	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2764	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	31
PID 2660 wrote to memory of 2764	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	31
PID 2660 wrote to memory of 2764	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	31
PID 2660 wrote to memory of 2764	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	31
PID 2660 wrote to memory of 2896	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	32
PID 2660 wrote to memory of 2896	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	32
PID 2660 wrote to memory of 2896	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	32
PID 2660 wrote to memory of 2896	2660	862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe	32
PID 2896 wrote to memory of 2620	2896	acrotray.exe	34
PID 2896 wrote to memory of 2620	2896	acrotray.exe	34
PID 2896 wrote to memory of 2620	2896	acrotray.exe	34
PID 2896 wrote to memory of 2620	2896	acrotray.exe	34
PID 2896 wrote to memory of 1744	2896	acrotray.exe	35
PID 2896 wrote to memory of 1744	2896	acrotray.exe	35
PID 2896 wrote to memory of 1744	2896	acrotray.exe	35
PID 2896 wrote to memory of 1744	2896	acrotray.exe	35
PID 2088 wrote to memory of 1680	2088	iexplore.exe	36
PID 2088 wrote to memory of 1680	2088	iexplore.exe	36
PID 2088 wrote to memory of 1680	2088	iexplore.exe	36
PID 2088 wrote to memory of 1680	2088	iexplore.exe	36
PID 1744 wrote to memory of 2860	1744	acrotray .exe	37
PID 1744 wrote to memory of 2860	1744	acrotray .exe	37
PID 1744 wrote to memory of 2860	1744	acrotray .exe	37
PID 1744 wrote to memory of 2860	1744	acrotray .exe	37
PID 2088 wrote to memory of 2272	2088	iexplore.exe	39
PID 2088 wrote to memory of 2272	2088	iexplore.exe	39
PID 2088 wrote to memory of 2272	2088	iexplore.exe	39
PID 2088 wrote to memory of 2272	2088	iexplore.exe	39

C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_jaffacakes118.exe" C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2764
- C:\program files (x86)\adobe\acrotray.exe
  "C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\program files (x86)\adobe\acrotray.exe
    "C:\program files (x86)\adobe\acrotray.exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2620
- - C:\program files (x86)\adobe\acrotray .exe
    "C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\program files (x86)\adobe\acrotray .exe
      "C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\862fe98a58bb184ae03f32d57936acdc_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2860

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:930829 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\acrotray.exe

Filesize
78KB

MD5
0fb5dde043ba51cce780bd62b13ac5b5

SHA1
934e16b1e02fe112e63e1a697ac3568b0d4e1022

SHA256
b2aae5046e2b39874b65127f1935f72fc589c101e6347ed2dbfdd5dcc436e033

SHA512
bb945c71c8e2b2de3b44f4d921c6d5844fb6942e29ae6b90396234d83c7ad0186673509afab1dfdd6844336fecef2f475e65fa01de6b99551d93b0a4bcc4d387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
86075a5aaa971ca3928597f7cf8f71d2

SHA1
4d81d07e5722969d04d20239acb6bc532dfffaf4

SHA256
d405a288fda7e49ea04bcd951384a7bed85a0561a7c3d59f542840fc33f76838

SHA512
385e581d11ff1e956608bf73faa71c3c6151104cf38de51288faaa438f7bf35a5787c44565e811cee9a40156b9047fb7ac9bd3debf866853f4906657458fc24a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
3216e826c561c4ae450148033c160f7e

SHA1
4ff2a8a9198765e03600ed38b97a863444edbcb6

SHA256
de22f1a82bf67a3783d636ab939f4b6dc0f24eb9f49d187a806574e0e5331c39

SHA512
437369c15f06842c30e34cf511f1cfd5f0d23efcf972ff2e381e4fbfb65d351cc0cec1d0d4da8c6a033330b049772f724d6a48fb02b9e241f290d75b502576b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cdf7ff12b5d8c3c4a17754f8a6de6ea

SHA1
7e45179dbea235eed5dd2f7083ee6a3b8b5d7bb3

SHA256
8309e349357fb0ed7135b043ab043223766ffbdd15f871653fd9c39474fef42b

SHA512
74682a52620eb9084bef525cfbb065f8b71e813c56431e5087bfa2575f167e064d082a1078683838fefbf53320c074d3f3d50e1da642fbf50603a98f5a1f9017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72a2a5293571025385d3277b8dd6c338

SHA1
bd99264f3a82d10f617b709a744df8f661245940

SHA256
4b0a7d67bcfc04b42fc6c3d2008e1cbc37a31825f63cd22e32b030f2ccd2a667

SHA512
99a80cbfbc9fbb49afb1efda7eb12519a69200efec740752fefd36d02e0a5909d17d53176887c1144ebd489346a6ae6dd88a31ee202b33e3d1eef7beb000fb04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c58b636f80ef527bbc2e69fe5228bb2b

SHA1
1886f4bfbf8a5a4ff16b89012a15e7dd4b030567

SHA256
4cbcf5dedf0fe27420749dff8736100bd05f4e7be0a80755ccedc6fa473b6905

SHA512
d0545f5481779644a1b712662d1bf3085c047e131cd61dbf0c379bfd879ad6e6e1f1f8569fc668d90e2645aafaf042f25eb677ade7615c6fe29a2e89fa12bf6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83231eeac88f8d03d51ec387ecbcb00a

SHA1
995da8550f3f2a006a0683c4175fd13bbf4f353b

SHA256
6881d9fd31b6c61c0f04cb0b6649664dac7e5bf97df84b7a8e7da72395cff020

SHA512
93eedc4a2084ed9a2e2a6ed7052c69d9569c47f393b4662d6b62b2a8b1e418dd0536af29c156b74c4cce2316af2d6ad2e8a249ed017c982c938b7c4824971ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b09e1a31610cb27d35c377d1ef82b6e5

SHA1
f64b399f8cdda0a99b9e02f489224ed95e9e6bff

SHA256
4e48e0c4dbaf4e9288ca93d04ebf1a22a56f969033c986d97e9dbc38d33c0bd8

SHA512
6a448b477be6e80cdcd462a7ed3a2e1b63514d35bd5b64432c51993d4bb918ad87919adfcf660499aa2bd588b31e561660db7d1a2125652f6cefe106e15d5ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85e50d90c2a4c87b3ecb69871196fbc1

SHA1
9b19876b3d020bc6b3152398686bf96722c8303c

SHA256
3c745226558bbbdd5a36462e1d77be1b935e7a8bcee0ca1e48af81051579eab0

SHA512
077a70696069521581c3195085a6af1bfce74b027bdd263e7ff30b69e55925a506c768d3fa37789e13c501aafb8f03b295ca88e60844b0aeaef3cb973bd3aef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eb063799e57757f17b69f953c6b833f

SHA1
3e7dca8bfb375678404e4c1113f21b5f90e6e2ee

SHA256
c1cae16ad446f0e1e8b8c7e195e335fd329046fd70f7952093b404b721477941

SHA512
7fb336f448642488358154233c0a0a522bb48b8cf5bdfadafb29ec335859754bc32cdc8989cda9a33bbbb0f3ae9651a1940f80d5322dcf7422feb09286521206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ec6b6935f551b2a57ad8090873e96d

SHA1
13afabedf542083176b94e7cb032da0e3a85309d

SHA256
c75bd9dfe3a25ba9c415065fbfc1eea6afcdc9e876e475880482b9dfca8da02d

SHA512
22646c38bb4c6d3a1e3f95a947cf863fcb0fd5041bae1f272cc91f56c572c0446dcefe57817f3fcee1a4ee069a10d48990936a20625e6fc3dbc1a56a0f14220b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
221d668cac64675f12b9cf40f165fa05

SHA1
e7a9f8f27705296936c0024efa60c27be0d5eaec

SHA256
804975a875fad279ec31531643d3e42efbb5032e7918491694f0c6e1896622d7

SHA512
355e7a4615c4932f4dcca59410401017bb48d99b7c53d69435cb5c5d462cb8d8be21a8a7c29830361ebd6f7aba1559e07e091b883d2b7a73cc7faa0b3af7c879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58f0af24a969ae92b69e3fb0e61067bc

SHA1
b58ef99704df6fa630059a6256edb37536f8eac7

SHA256
00e0c8bfcc06e8382fdb9a73d42b538bc8d512c65d36f3aaf3e2d130b6319a19

SHA512
382a4a1d2a244d33e93d83996c36d487079555716e71efb9642a9bfd6056b06ece8bf167f512c6046ac3182341eeef07fec41cfbe4f2da5621e8383399c29b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daf4128ffc9c59e39911d04b1aa20150

SHA1
5f1bbea48b2efa365c2d387e2284367c45e60b1c

SHA256
cb7ebe6375e20c8290c9862e50f38a5add0509d2c25f101c1ca63099a7f452d9

SHA512
0c166c152c3e381ad7f70308b029c1e59ca716600cf405da5477dac51c74e41b5d002d928dedf47dc246ef4aebdfe88c155ede4d6d6dbf15d0def748167943de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a29736a699d0c7a6b705176d1ed69b30

SHA1
e0a2f8acf6c03878f5cd0917910c77503af03872

SHA256
0fcb72aaff8ec8186b554090865c987f4e9f7f41bc9f763d1052d8e763e9c8d9

SHA512
9f2adac66d065f9f3dcfc5464fc3cc9d1dbb39eb0c13a2a7dae82698032527e87d2ed4ad89df41c5b02e7f987c8c43b4013c3015a62a8de10c43729cb6f21fc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f08b24241241778e777866d24513f9c

SHA1
f3639c3a7381f2b997f927c73c8ca27213ff745f

SHA256
a31900b8a31809adf0a9da65d49d10c95532d319352faef5fe0ea295ba1880cf

SHA512
6da0b370e6fe32f9dd77739f2f13a37fe24dc042d9ba8c4b4139d3eb9b4caa078d543fcc2a7f9ae956622e13ba30d96f4c0464580f255420de4ebde5ea58b99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33d466e3d1259b95868202cd25277c8c

SHA1
b83679286d264acd8177e63f870d975552fd0c89

SHA256
211b7012c48dcf86d16a733e843dd07c29b8c0bc5f1d994faa687ffef1577c07

SHA512
8c98e2bb80af22c8a582c0fc7fdeddfffdcd70a896f53471d8e593198bcb9034041175d9572f241a0fbe7f8cddc66e805b3d5fc281e15ce22bbbf351a912dfa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0937ae1bef2e7578a43133c7f664abfb

SHA1
b70a5a55d83e08e4d03184dbc9ee60294fde16ae

SHA256
e645910b0ba95ae575d294f7e4c2800ac1588bac6f1c4486732ff63761b86b69

SHA512
87ffb1774c77a1b1f89e66ef90d7eb93b62dde6989c2865870e969394100714da8637da91402bdef027b28eb56f30124281db7837751d6db4e99997c652da4e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45a331b62320a5ccb9ae67e562f133bf

SHA1
4b03ea58ffc156ec3318a1551be1797ef7fdaca9

SHA256
42fb9e5c7c0e202a2224278c40702ef8521827e4fe2f57149d5fc2aea8af01aa

SHA512
ce56092a0ace419882452e775a0d26bca2bb2eb77af681a3588990e97caad6f773ada9a597449159cfb41adb56492ab8a14bbda9faa4a96def72c51ab5171da1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
589d42d3398a346fc83dc8192b12b2e8

SHA1
906760d2130572961e4b4b2a55c310d2ef30e954

SHA256
7630a44bf9d80472b434bebfa589960094559342dcdba481f2579d573cac320c

SHA512
399b68ce02617d09c8c7d65467cdcb7d2972244e27deb9be612da859df2268d3a0065c54753ba738b4271e1a9a8e722b95d4f2e77890a2f6f9971784ecbe2693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8926c32e128ced77f646f10e0873ad5c

SHA1
2b9f0e71739ac748fcf70487f519e41f2570e12c

SHA256
7d1d799ce04c98fe91adc3e5c04bcb51eda4acc7b167e14068d87d24af148d11

SHA512
494186043f7c166893c221702c357c4ac515719936d4548753a91758d47bdb43d64e94ba5abfc326afab48c06c3de1fb81d9b074da107834cd73124bb815f9e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cba95b58ae7bdd19ec4d5ac7381c702

SHA1
73df421b87b012ddcef9d266a105a8914655367b

SHA256
8f7ca520d5010cb170afd4a85dceaea2c5deaf491b2635ae124b5f878465393e

SHA512
cf6592d617107709f404d54257fcdc2dd43d16e081f28b5022f0dd025e3ac7fe78fcfc0b4004fc15f95251e54f566b99c24a502db8de518f6440be1e2b195323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d2ee666d7fc62ba5f6473bc4c4bf742

SHA1
774979a0fe52cdfb4bd4005295050592d66c4671

SHA256
0aa5e8c20b516eed9cce510b1ccaa1864041ea30e3e44d85b975def6e1c0770b

SHA512
f46ad7e0179f8f08dc9d5d74e8eab7af4409eeb48a97fcf0d46f2d4fe7612a8b91995d85ee45ee101e55d32baca619994305c74755b4e650d2ffb274db436d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
790f7a55e92682f18c735e54888ca9e1

SHA1
bcb9e0b036226d408709f50a01e37d649ff25569

SHA256
6e1797a06b3669d04a5a4d277c454575d459eb6b7f043710fe0d224be4cdb2c7

SHA512
ff6e32402989445b80d3caa4394a501b21ac948298b90d9b9b69ae95af84ec04b66f332e164e5cfc20aa20732d1624c13c2d15e3176c70aad04d9b5a3b8b3661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac9d19f2ee92254bfcbe4f261748d036

SHA1
e1b517686e1e2d1f9f7b36c81c870453dff821c7

SHA256
c4b9c1519a9d7a6440402c5828e99af26e4b86121ecb52a742898450b17283d1

SHA512
4ece50cfb4756ec7a8830eeb8699ab181c5d53f43d31ce7d007ff7762b53d30085a38b3bab3aefeeff05da77e35507ba0c7695caafab7ea4b5d6436b8517c243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfce94711a4b5253caece91a6b734ab8

SHA1
e8c96362e3ba10f003cdbaf4f5d48b32a487ad3a

SHA256
f5e15188cac130fa78850a03b0090783e0ba2e46d136b5777b4776167ecefa98

SHA512
0dfcca061c1f1b340ccc27a51e55894c7fa37b3a4db6f1fc94c8416522a302f5dc911a6b68abe02449493acfd16051d1cfeb6c952f30801e289392ac6e0ef984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01a050b79221cbe794667eda6c69d0ac

SHA1
8af5bdfad844d55a0a02412b979cff0b7eb2132e

SHA256
d440808f94a7a247e9a16d71b3f47dc36755fa9ffec1faeceb942b61acf45b60

SHA512
d3823a6f43d076c2dbd680323153ae21db37116e03fd886dca18484d81d9ee9f660818d7c576d1f10473a49c19d5f14265748233bf87a47d96be6b714c0a9d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ab444576dc66ad8842460db73cca2d1

SHA1
e59afead6cb0185990c64385546e5dfdfb93db55

SHA256
8e1c58b04e2a3727c1699cf30f18b6cdf467910ed57607f9cacac09ec544af0b

SHA512
47aa638fd573ea939dac4e12d7fb91fe82b6a3500436e77eff0e5334245420aa75a5a662ee2117bb0224843f3c05ac1a709386ec32ae85aa91890049f42ca3db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc1f11caaa9ed6bb61d108baa3c3318a

SHA1
54d35182cd3248b61c9d9423308aaa2c397b9307

SHA256
9d6af936e817ddfc50e12471df022ea489744c3d7390ec2e69322c40b2f869f2

SHA512
574216dda90ab5f591effef8a52ee7656999f757eddd26ec90366e3ba9ed5d66ab06f0100be4cec034afebdcd404a74b93fd2a1b73001149bf7b0c0bf663ad7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3d8b34b8497614a1a07674847cb77266

SHA1
0e42c34cf0fdf97d8132c3aac3c5a4c1610a034a

SHA256
550f39f08846ab0e8ce89703c3f217fd3afeed4404613e46beed5d0e8140ff74

SHA512
cd7c8f4da7284d63fc10ee5dea1c4d1d2a8c097c755ada9a665bf81922373ce00fe686ef76c4b0ea8b1ef5dae6f68f6a909b8b78cc9e62e97a312c3202f6c0b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1832.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18B6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\program files (x86)\adobe\acrotray .exe

Filesize
49KB

MD5
2adb0b33ef764d0196e3637717e04b44

SHA1
54c3ea96e0c503f2f269acc3ba55f04df7e8c901

SHA256
5494e9ff3db09d5f30e9bdfab88c7947383d85effdc1e5af4b531357122d87bb

SHA512
d3d2ed0f391d077dbde33f7fb7b5f594935cca851cbb6b5ec86b3cf2f7c55d9da99887a29517840652e691cf3ab06b8c3953b73537916cfed00f95c138a890f8

Download Submit
memory/2660-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2660-38-0x00000000004F0000-0x00000000004F2000-memory.dmp

Filesize
8KB

Download