630afea181b3cee4e3ad4ddc6f3e3d9bad277dadf75002a020529e553d45488a

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
Size

1.3MB
MD5

aafa209f2e54ede4c6b13969d852cf98
SHA1

9f001870f43fe2f107c11212b4d1b916d50cdd4b
SHA256

630afea181b3cee4e3ad4ddc6f3e3d9bad277dadf75002a020529e553d45488a
SHA512

b98908af30841d2b054b23a38fc8b646a8784c1d88df37722d730dafd687346b04eb4b4ae4f01320e15b554c3855a315adad04c25451316858c40fc0c4c34287
SSDEEP

24576:vK9mfgoKvASnt3LBDal8Xw00Rt8YpMgYtC:w2Intt+OEdMg

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2860	svhost.exe

Loads dropped DLL 2 IoCs

pid	Process
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rundll32 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rundll32 .exe"	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2320 set thread context of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000bd7a9bb1d33875642cba549b2c1483d8e1e9cf548bd83a04d2b8e91eeff0db41000000000e8000000002000020000000749aa4c6f2b3533d46601ffef7e1bcdd22ac6a996e1ae61604d9b837918f3ccd200000007c5aaac79e69c1d9a8d27aa16d3ff34ec031954bc2f7c7f8204dbb13573c114940000000c76252e49716a4936bd4ed523d3aa24b075218bdbbdd42f1d16303d3362fb2d18067428bc32d565f61d270113e102942e454744ec0653715c79b8b4912587092	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3007a25d31f2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{876641D1-5E24-11EF-BAAC-CEBD2182E735} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430231513"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000b5bfcbb93d721d8dc1e46208d1f555140ddc33791388846d746814e0d7ac491b000000000e80000000020000200000005b6ef438f9064e55429ed84d00afc2bb16769ad581a1732e64ede3dc9fb1474b90000000d0c2ad21e7eb3da23fcf6a6c6a6362c3572504e7890f02008375c4ea30a9a22f0ad0f97ff3aa081309fb587cde6d319ffdc278c8ce059d6b55f1ce9f6db8f915dd740840e08e1d389350aa6be89457d4ea92f1b8fd3986ed8a724e71c5d24d90af71dd94cc9980bcf33116a6c37c748553eb63e0b1f79695871ce03a8cca5ddb7551099bdd3b5bc732d9f28b00f3367e4000000071cb982910ce9cb1ec1c8cb199518b17ada4bf0c48aed7b232a18450b8de1af36dbd13ce8dc11e1847c94a8660554561530af5c7e6415a403ac34e3d22d67999	iexplore.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2004	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2004	iexplore.exe
2004	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2936	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	31
PID 2320 wrote to memory of 2936	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	31
PID 2320 wrote to memory of 2936	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	31
PID 2320 wrote to memory of 2936	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	31
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2320 wrote to memory of 2860	2320	aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe	32
PID 2860 wrote to memory of 2004	2860	svhost.exe	33
PID 2860 wrote to memory of 2004	2860	svhost.exe	33
PID 2860 wrote to memory of 2004	2860	svhost.exe	33
PID 2860 wrote to memory of 2004	2860	svhost.exe	33
PID 2004 wrote to memory of 2148	2004	iexplore.exe	34
PID 2004 wrote to memory of 2148	2004	iexplore.exe	34
PID 2004 wrote to memory of 2148	2004	iexplore.exe	34
PID 2004 wrote to memory of 2148	2004	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aafa209f2e54ede4c6b13969d852cf98_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\winamp\svhost.exe
  C:\Users\Admin\AppData\Local\Temp\\winamp\svhost.exe
  2⤵
  PID:2936
- C:\Users\Admin\AppData\Local\Temp\winamp\svhost.exe
  C:\Users\Admin\AppData\Local\Temp\\winamp\svhost.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svhost.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
31d6c100e49602fd84e4026b08d42320

SHA1
a96356e3ac2dbfb7b455bf732e9da9202f2d4315

SHA256
8f12cb4723697410c2d582d7a8919592eb0b30baf8d35dc22d21e255727e10dd

SHA512
cc8ac459d8e47b6f4fe7af0fac047a11f4981b1d75cf341a92648e38fd4fffd5e1776d284dfa0802aa600ceb1cfd9f11b1b682e429bebf9bc8715d79d75800e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f8a297bb82f44d5250cbe0f556dc3bb2

SHA1
9774ec3a6d3e90f7c74cc64d8338da9b396c2ff7

SHA256
1bbf2a0b144d306aa856a6cd4d6236c07c939b41a76db7f68609a0bbc8a89846

SHA512
0c0597b8f750cfa4e378d1f38e943b15906ae97d5e419462a51aae41cd411373f0346dda833f5517f1476fb898e584d549dcb5aaeb1730147d6cef8fa2158abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
984acb6a57c7bb2ddbe586a4382d5467

SHA1
104ad9e14ba60940ea1b2d83aa5a380ade27e1f5

SHA256
6b10cf68501d2e53579aacfb905239496a2aeb483b66a96be0937d807a83ada6

SHA512
b196a9449fc2529fe65419cfd90b8e48bb2a31b723579cf5b50a04a99eda6881cda5f26fe120261e342aeda8ffeb74cc1c8ab477f9e3139e32f8c281a23affb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
17b9fda46000cb8b784d4e7a9b5d0613

SHA1
af31870bb2092fae6479a2edca94c007abf3c52c

SHA256
b8fc56f99f3ef9264e79df060c557a7b2fe2e8826bd11cd57e3cd1f03409fe64

SHA512
a0496e112a21888c7abe0580e664af0ffdf86ba41c8ae5e3760c8d2b089ffeaadd641293864da81d6e6db7e9b2e0e2a3fb71fa13bd7adb45cd76e37bba6ed7c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b814218efa4a6d29cd8c4b04c8eb4515

SHA1
2d92402c81a7e3e96bdecbd23896de99bbde5703

SHA256
04365bc82d90eb918ff98a0ad5000ccf097c8864e1165356a301704b2407a214

SHA512
d176c5553dbc8f4becb2869c060257e49b1bcef59b85cd6329d770a28eebc13a8112ba4ad6b5a0d36d72b15660b2c0ecedabfc79bc0247196da5ef8db915766d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b1d37b08ff7cc02af567ec1ad6d32059

SHA1
b825dff5ee125704f8bb2eb5d356c3597fd973f7

SHA256
8401a148334c441e89e51bf553721a1fe2cdb35ad0f9e68c1fdb6309297abce7

SHA512
7fb015cf229bd73c9abd636f6f99304aa8864afd891241c6f8698b06372127df85ba9a9e1a7f98bffbb6cdafc9789a58ef04ff28babd78c137e5ddfed5d04073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ee1a8701a893f20f8b79b5a5b672c7de

SHA1
69ab1dc940e7be1a5569c8806b185d12d7bdb000

SHA256
e07af02baea2d33d23869ba2d6286801b7dc2c0ce26c663855f7ee6bebfa1d03

SHA512
c055e71b815e4598a0080c8b60f51130c8983cbe4136f1a6505e25d87f0b1e13de69b5f2c9ef69459929eec3ff2bdcbfbbc4813778d5200f2c507e77d81c6e95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c3cfde830d3bfecfb2dad2746a301476

SHA1
553e5919dc6878cfad7f9af2be1c33d89c9e1733

SHA256
9a7a37ce1fa59fde0ba885c52a2dee1ce7641ebb87d537b745043caf8e6fc8af

SHA512
9b3ab6a59e0f36d4109200b9403082154cc631f4a3eaee3e46eadb9bb9d7fa0d7bd415f0c04dde7b5019747a27baf0b1b3a76db07a384521588a385db30ac97a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c0819c0ee23bff37c781343120793ebc

SHA1
444bd2107f37f40f290cacae73acef168aa55708

SHA256
f681fe45f5a6751249a97f30151039920091ae77c6fe0caf759f7efa728cc9cf

SHA512
f617fbc5ed5e2ea82c0f88a6963316a72f59064efdbb30180f8ed7d435b6b99e51d4ef37d1f2004540e4af11592276d179b0360cd79bf35f318099cf22f50185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5ecd4c0115999e86739ae0bbd725b847

SHA1
b3e23ec94f6449e1ae6864c1e25f2cd8c7cf2e79

SHA256
0dff8ffce29dfca1b802df6bbb669c836dfb92450c67af0e804fc9bc263effad

SHA512
c506fe7468bc7110d0460f543f427411a528e00ebd027db56d66f6ffa2e6c4011fbcb6f28fdc31865f1a8162d9f9c448cb856cdd00738c0ef4045bfb83b0d0fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9cb3ca45419e10fb0fe3c3e864514e09

SHA1
75e9b699d419eba338e7e595e8776414aeb652d2

SHA256
4117fd7ba8beff146c66411107918ce15de95ff7605e4983ca53bf51f6cd96b2

SHA512
5eed8304a4dc6166a3028f53dc024aa8475370fe01fde25ebca05fb110aeeb380e0b52204a03732beee440e24f70bb232f158f6855540ca40325283c2a655175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b6b3477dbed2bc300fb76937c3839911

SHA1
821b1846408b381811ded458477f005985dcbf64

SHA256
15d1d353bae927e3ac77ea585ae63289af250ee4b35e4331ac38dc17a8df5e7b

SHA512
8fc027229f2458d5fedf869b5cf79db39c5d2dafe155e0e0939e0ab28225497e84fd03d3702d5abdf164de6e0c10906d0475650c43724cd1f5326998c15233b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
babbd52572659c2e2e46fa3405c3fe22

SHA1
5bace658b898cbee85afd6f01c4f696be9d30b51

SHA256
ffbd0e47a592e4879d7fb83b46f4f957a115ae40dcf53380764646ee3cf4b81d

SHA512
bf5729bfe750038ebc593c1e42490e9c7757cb08734b1743a69a222135d26c231a496afcd203e7c9def08711d368bece1521426645b584c37aefd57f06884408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
71ccf0e9083e68f4c621055de662a99b

SHA1
37e86341a5dc4ede225428a14de3f0d8bfd7b1a9

SHA256
fbba3342a08aa9b3f1f27e5444db5816cfb2aaf1969f104f36c323ae17028372

SHA512
7176c61a337c6c1ab8554c768045bdb945ec1bc2174009e50a369d48d3b13361fe2323132773fe4b4473df77dc31271f92fcda6fa2fddb5ad224358d1260b8ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0688b1f97d515e4103d7c7cabc49f489

SHA1
587ec4299ed145350baf05edf7193292a3764925

SHA256
e660634a812b25d041e164084790b358106f2fbf645b99072f485901fcd2025f

SHA512
ec9e2451b10806a57ada98cd0945461a15b9214c4e3f001009945743cb4d273b1ce05b9381312d07297d809cb50e25f813fd6c847104c2ed36b70d7333dd6dab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f156338a6c081c79473d2b7f7006c770

SHA1
10474ab7bfaec9c846b74472c00b418228accd48

SHA256
35d38c47fe4b717921afcf462679d29ac84408b3242bcfec4bc248b33e1dd2c0

SHA512
ba45a3501503dcdf126f02b09b6f10359ff05e4df3418dbef34370f9059ec8ea681b5f16caa92ca3168937decc00b54677567833b7a58dd7b9a9ffa329280db8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
283f126d205283106cdf27411afe449f

SHA1
77a3fa49301a1ae3453a47f84fe96dbc18a1f52f

SHA256
e07e9226ea7c2d3f76d7703e76edaf207a757178a21f06e502ec109a40b35464

SHA512
158c2472ebc0dbe787603554a843f7a82a8799a5221a72fd48edf41f452a79d5a5958b8d946aa445e9d7b9bca1ad56d59c5e0ada897104a21960feec1030d192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
726a61a0483c5bcf00a89d4e91cf777f

SHA1
7dfc0c1b29549fd2b743aa330918519a90a78b92

SHA256
b6774687f07a73a1cfc741401a494003ef83e32d867cdb0ba42a81b2b6f47023

SHA512
16e7ba0548ce1341a9d1bde3db99b698822a8b81858db3ad384c702dcb2aae9ef024bea52d1a6b080cb64d466b0af19cec8384a5eb45f9a107b9094988f437f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d1047f9e4c327a274ac1cb7ca8bc7ef0

SHA1
3f080e7a268e19c22d708f71031004bf031166d3

SHA256
e0ba19d78402e656285f5a747c58b7607a6e2b7e7d229b378f51a57505086751

SHA512
3a8d3cb8e293e90f8eacc453e4af18f79ac8eeb9c39d0f69d9aa8c5744e4fbf9278056d782abd42aa00502b1b86155482ebaaa97dda5e70e67b6371805ffeb0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7fec06cf6f25ba4b135b4655bf2c23a8

SHA1
8cf2895f693a0b04315fec3657f50db54136fadc

SHA256
92214e32b7fdba2799835baf90784da1448c388441222c6515cf4401c51539f4

SHA512
282a798c77f80514c386fb3066361a2b1cf64be1b5fbb288c1e836fbc787804e576cb143d79a7869bd1a45ebf3a93f531cc1f8dab81db8a825e0aed287e37739

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b6ce7334f328bebfd6aba647a841caed

SHA1
f5868a007842b80b76a8247eb304215d7ddd3e70

SHA256
710588140ef60ff590606655827f799f3d5142be250aa400208d00396313320b

SHA512
2f944168d78c6a498fef179c622b2b22fe8e7b0a9bada503c937cf825784b81adb932215b1cc59787807f29276f2d7dd784789d171659b63c83d3511b176237f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
78b098cb6a05362218774285e664ad98

SHA1
ccce6fee604bb4f525936750291cb5889f251f0b

SHA256
d01b4a6702750611e7f45b82c1891c7d0f6947d29775a612a1929bb2b3edb271

SHA512
2cccb4f84d2065ae7b0521e5e958c40a61dcabf3ee16eee7b909d5ca11bcf61787b141956f4bb40e811d14075c3bba6c1d3692e18280694ec1eaf9714a0a1a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1409ff02918f0e93b0cab5bbd409e7af

SHA1
3137ca7e9892b15971da59a66110178c27ef20bf

SHA256
b9358a2d5fb802fec16c5ee27561709870ff31f27c1fe8eff55b36b7c902bb8d

SHA512
631fb540ea5e45697b789c8c78d2dd7dffd45c1f4e7f271043063ce093e95053a41b0f98ce2044c219b810859907efbcabb9fb2265db5f7cea2b1d8cb9ba4f9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0205560580c48335fae7154faf8f3682

SHA1
cf9c8f1ac0956fe53263f49ed468a02ef2f5c2ad

SHA256
2f040e0fdc060c2ca122e4d07a725c3bf8764284beffabf0d24cd8c6e275b2e9

SHA512
15c87df6ef7b36b04d3e0731576ef1010c844f71da6a6e48e674b759bb56a9c4d37df874dd7fbbeaa543f61a09fe5c76caccfbfce4f0b71bc4a0fe18e236aa39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9dea651eebd3c54c3f30d16a61f37433

SHA1
acc5a35400d0f070ef23ba26b7824ab8cf624443

SHA256
c84fa1d3df64189ff1e73cd27b35a5a94f7193f7fe29d8bf78bb2e7546d246cb

SHA512
62972e95bef0e34d8ac148a9c39abdb0efc01889fe37850d50844b60293de239d283c1d6777ae264919b0dbfecfbabc9145d7433b245bf5290f4b2cc57bd2287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1811679e8f71357bfbd3b9269e679f97

SHA1
41090f2e992ad8b28c1b35baacd7baa865907bee

SHA256
ae1a1e5766ec889a51971c0e36d3a1df3dac185d6b4605d4e6c084b36c9adc38

SHA512
7a87175b9ab0d5d44408d4da807f0e9c3e09f9a68ed35ac4323fc11f4e8c41cee58f86e610cbc9b73d32c994c1f18eb23ed94c31870f0437c6113d088cec5c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8dd748be66d009661dd679ae0ab05f04

SHA1
f7280a5a02ce550dd29afa521109c48f567d1f41

SHA256
95452e746e27c7d3f49d34e6ae2b94297a8ebbdacc689dfa9710312324869e5e

SHA512
883c73bebc246b4bfc5dcf42d5a280554ad2b848b7461ebbc0803813eca7188b8fc9040bb33e20118d31a1d6c678aa5657de5348b2734a694025a83189b35605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c55481e43dd48a0135f302c94212faba

SHA1
2dea16c0c66ca41138a7292fe3fb10093c1cdee6

SHA256
567a01d95fc5751ba771490616b721bf54d4b421bc39d5f2e56617d374100069

SHA512
6490c64249a65f9c1c48340185f33ea20a187fd0326aab5f15cbeb0fc2e3e75836930803aba28d918b428f09e92a7d739288cf41100d1a9b7f13b8ffa58327b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
009d8e03712de3239d5e93e28ca3c724

SHA1
c9e92573da445c3c56b137e483fe29205036a094

SHA256
7fae360c9223605e09b4e52c8db4803f971b9923d6aad8d367d03f604a0b6289

SHA512
42d3a82f4d1d5764faf9ab419891a3759b2c59b40e83ff31c9422b109c2dd025362e89a79ee2de4b6be23be4ad2cda23bdfd4835339f4db382409c256da7eeba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9D0C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9DCB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\winamp\svhost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
memory/2320-1-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/2320-2-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/2320-31-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/2320-0-0x0000000074991000-0x0000000074992000-memory.dmp

Filesize
4KB

Download
memory/2860-20-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-24-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-28-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-29-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-14-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2860-18-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2860-16-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download