c96a2eaed1ab7f87117df0b556b67c4e4b8f0e694751494de32ea27701cb5a1e

Analysis

max time kernel
119s
max time network
141s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Size

842KB
MD5

b7754232eff25980b943f0597550a22c
SHA1

1cc1c1721fd352af483f7f074ac792f9a1109825
SHA256

c96a2eaed1ab7f87117df0b556b67c4e4b8f0e694751494de32ea27701cb5a1e
SHA512

6c790d2c826c51f2166af64e2d83fc54c73c2cf6f6769a818cdb33461cb91f50f054c5d124153591fe5f115ab4bcd38981b0f5b18b9de743fe9f91132104b665
SSDEEP

12288:6XYuKWK26jtpuHbsmZLEr/+QgwmmmFYGq6ZMVdkkjMk2WYewmUuke4L1/Oe1Iwcl:SKfXtpu7smZwL+8CYyZMV6mo5mUlpDy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1788	shawer.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shawer.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000033ee011d6b0cc8398a8b8147a541b5d793411ec606a92fad1bc7f22bab482ee2000000000e80000000020000200000001bf30c422072273ea550bf3c3282b3a554b5a6b8ebd47a22b6fad4a1f90957a5900000004c10d28ab4069e670c23b7c9202a21482825d2e4a17424423300c77e8d5625485aa7f1d1ff797a350811160442a17a254ac667d6e91aea25a2d585202c63634057270cf0b68f25f2fb0e578dec658ec57b837dd4293bbbe4437a1fb777eb6a2ee66bba61a1406ff834fc39ce54f2d4a53a5f477ae539d71972d2fdb1dcb385379e4b2462722b2d550f70b5e2c1a177ca400000001ad1d402fdf2183b703019cd177f4befb10789ec2ebdf4739f581a15ceff9233dc1cd8b68d7a90eb4f8ea7bdf6cd1ab5ff14110a26690dd998bb6e27f44d35b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0435d8f86f4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000007171ccc5cd312bbc6a5586fc3f94d4d23a9cf8673b7d8f92f9aab06fe9384c9d000000000e80000000020000200000001ff0706ec8ba3c5143381d8cd8e0517f005b7a4effc6de111c4104fbad0cca9d200000007222d96b4ae09e02a9ada489b5be8df0d7c16f970b0243606a4d77ec6643d4d8400000007f41f8b96673b19166fd834a8f1c10c9d5129a1b6b9dd4feb358586e2773b05de3395b1f1a2385bc4da063530806cc370f3edcf01711d9b808e773ff4f2f8de7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6C277D1-6079-11EF-913A-D61F2295B977} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430488005"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: 33	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: 33	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: 33	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: 33	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
Token: 33	1788	shawer.exe
Token: SeIncBasePriorityPrivilege	1788	shawer.exe
Token: 33	1788	shawer.exe
Token: SeIncBasePriorityPrivilege	1788	shawer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2820	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2820	iexplore.exe
2820	iexplore.exe
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 1788	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe	30
PID 2800 wrote to memory of 1788	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe	30
PID 2800 wrote to memory of 1788	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe	30
PID 2800 wrote to memory of 1788	2800	b7754232eff25980b943f0597550a22c_JaffaCakes118.exe	30
PID 1788 wrote to memory of 2820	1788	shawer.exe	31
PID 1788 wrote to memory of 2820	1788	shawer.exe	31
PID 1788 wrote to memory of 2820	1788	shawer.exe	31
PID 1788 wrote to memory of 2820	1788	shawer.exe	31
PID 2820 wrote to memory of 2860	2820	iexplore.exe	32
PID 2820 wrote to memory of 2860	2820	iexplore.exe	32
PID 2820 wrote to memory of 2860	2820	iexplore.exe	32
PID 2820 wrote to memory of 2860	2820	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\b7754232eff25980b943f0597550a22c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b7754232eff25980b943f0597550a22c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.01.12T09.10\Virtual\STUBEXE\@APPDATALOCAL@\Temp\shawer.exe
  "C:\Users\Admin\AppData\Local\Temp\shawer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=shawer.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
a35135aae87dee5d63b6d5cf3d21061c

SHA1
1754c6c5f47bd7efe434c08f8fa6facccc18260a

SHA256
1510d3a44a8a629384ca06950ef58b46ac9a4d2a4d44e29a6664b3c2c5352e9a

SHA512
50241b5f4a16a8b3067faa7bbb4623bf35ae45bb9ef5b42e664ea03d9316e54374f0cd4fc0f910d0ed8bc7fc7a0c62be9ed9ba03d88de90b78bb4c2fece8a933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd342addfeb08bcfaf31d902ed8fa9d5

SHA1
56fe24672ba1689ea509c023f2fb95ea7fc13c15

SHA256
f6b383f394bafdc5e87158ad4cbb44ad34a28c0d3ca72bd584eb7390c8ba037c

SHA512
c944396beeb4b67b2a5bc52eb7295891bcc2d83fea50f19075add95d78186fca93a33d74f35584e66c86187ef1e899fe2b28849f0912c4f0bea52e305a23727f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
068b6412b4062340fdba27cdca8a676e

SHA1
7ae7939f3a01827157b37a7643e913fb6a178b13

SHA256
371b31c52a70105403b05f07372e25c92bdb19df1997354dc897d461196028a2

SHA512
efc83de1e8eb5acb2f16e44732481e4467a7f6763288b996a6d05f06e0f6783c87fc1d725e5c638994c0c4f57d277f8b0a3cb1122715f454e4416b04db6091c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7637b62c391dc6c714353242f255cffb

SHA1
e86eebe82d4e56aae809664188be1a8a858beeed

SHA256
e2f110b023240263c8134a5729ebfe6842195e15bcbaf9afffd0f9a9d241e012

SHA512
d2eabc4e50713746ab9cde73fa3b1bd589bcf4c365fca04b9a589d7581fb3d275aab84d870ca275407ef7200f819f6d0f5552ae9ab35e40460de9dd4385238fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f24b20790e002e11ac715e8eb10c4ac8

SHA1
3d3ad65c9cf94e3ceea8c61a366475e8330579f0

SHA256
e935772424f9168498536fb6d4f7d07905d606eb687218753a50d89397a8772d

SHA512
009c02fe9bb1bcec643172f0529198969f733b0c027227e0c244583557aada352863e4d33a1c21e4806bbe1138035917721aea39802a3fb0e6bd2943d8c636a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df8d3c1816334ecfc4630afdcd185c62

SHA1
836c4d3ec8f1244f72f46dd0fa63a1a77dc89608

SHA256
1750635dd6c5fcfec38e0218ab2b1686fdfef31be2cfebf82428554da092207f

SHA512
b66262a239bcf5c0686daafb97b91f9102783fcd5bdca908147e9a6461fc7b8102fc9cb468b52784c264ae71fd3cee613996bfeec229df467718ffccb801e9e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd5ea1fca1120cf9e961d916db50921e

SHA1
ecb3353ac8833d5ab8d28c796fb653633810a1e6

SHA256
18bd6cc94118480df43825fd2399fa893ee9d02c59d5ac79a196f963b7b75477

SHA512
f98efc43a7fa0fc82b9bb46c4dc521951c09d41d40bf8162251be17ccf9246bd22963a2e71aaeb7d086ecec874dfb62ccbd49871f11d11a34736c0e52d6e4f27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ef4e78e57fa7a6574af632c43d2fcaa

SHA1
fd4d68ed274e607ac16f00db0aa44e8a0dbead49

SHA256
4b33dd419a7d031cf384b1353b7aeaa2ebfc248c47e4b20f2d8c3855fbe0830f

SHA512
facc3533bb4860928e4ada150e7e9490c682edecc051426174d587b71410cb7b16406cdf56360dfceaf8e6da1fb9f41e2c326320ebf3e77dd61df4a565937411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6073ae1b2dcf3defb89ac9a0cdd4388d

SHA1
6c44665395655fbdc12bec1b496f000725400a4f

SHA256
f82b7b0c0ab268a931af4e09a4f0ee89ec3c9e108af0da847e8d0dd9dd7460ca

SHA512
93d0f0518548b8d592cdc9d247b3c417cc9540078bfc1afe2d2a2312152326420ee67c9877092d1b6706e12b4138e321db89e46e5ad741e9f443584570f1faa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc1a4a85ebe6bacfe63cad9655e9ef6a

SHA1
834544e5d5b417b1ca8086c606c1047d61c77cdf

SHA256
371cba14a4dc1c591bd2054c6c04482aeef7914bd7b983e43067c3621f954294

SHA512
41d9c76c71bef6ce48ac6a0cdebd4b4f3dc95fedb2c31a2590fb0e605488d62f9ebbfe635c5a803980313aea7abc726ff78dee16af05195ea910c6df34d37b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f54bb120c4b8302e0f5fe7340fe50fd

SHA1
de61815cc4b1fe16e0e02ece68a367e1ae632e24

SHA256
8c7f2869eb54eccffdc8971cbfaff8e28c32a2d9c9cd05b2048291ad2e205a84

SHA512
b2ee5f2349013f3376f600cf075a027b1432dd9c767b7a43a53006744484bdee506adb4231d1a6a593be8664d49489397b96b18a46f0b1b8bda71bce98ec5433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd27d35fa7aee93a690fd859823b910c

SHA1
907672a4faa563d10ee7b46b21147acf16e84087

SHA256
1e69fdf1ff720de0d64feb9a832899d4e3bec044fca6d8b63b0132fb0eeb0b17

SHA512
c880f48a1c356c691739ad4196caf37540a7869d58c1d8f05c9b11891f2a96cd334c22c6f434759aa4f2cf6b46925a85a45ab0faae7c5de3b51e9c3de3cccb5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ea018abe8f58dfae1eed9a5110cc841

SHA1
b3277fa86ea934fe00a5513cd229ca30684a1610

SHA256
88d3229547f596a55261e475ca8298eb5b4d3f7c4a3f8c48460f2739e7b0248a

SHA512
2b1903482c55ccdb67f9623f304230204410b544d0490f79743465fce3877931c02e34dabadd72c53a2219bf645e6079f04e2693947fbd8c75b60ecd231b59e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba5d06f2148cbba80fbfa4869e3295b3

SHA1
d7f2b6e482532d6e529360162237299503bb823d

SHA256
54dc886ed5528f4dad3f5f899f9a83a19c8f9cbc1ceb506ca6d3303d2dceb838

SHA512
e04f3a7a21e341f09d93a9a3d5c23952282dfe156bd9077675a146452c89b4a4e03d0ac84385378d4441b232376d955ecba834c075de48764a0514c2b3a69878

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b5e857b1564f5d6f289946f0bcbce85

SHA1
ef263a0e78dd895ab3b6e2e9abd383e9a1c00655

SHA256
00f898a65bc35837f1e7077625a177bbdd139b7674e78cb285306f420a43d015

SHA512
2178542dfa323599c4ab61ac7f7bca11384cca9c835027b73844a25507988af265bea6891c20f2ddc9a9f0b4e005f8bdee916b623fc85319e0086374812c2f81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12bd6b28c53adf84945c34b021aa2a50

SHA1
fb1b12ab8255702e58c4c652e43b1f7d86e85d6d

SHA256
2bc29e0981b9f99cd0c1045387f01d99f8e1610810a02ae81c036cf7273ddebf

SHA512
1fa3453fba252973cfd7b3e2a8438958a447968cd0c1a43d6f6f8da434045dec831a0b0e8c6e52ab96009ad96680bd32bd468db09393287d30a5925d44fb2a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eb6b67b3cc822d28de98ca0f71b9a0a

SHA1
e3e44579d34f444e4845dc9ab1d3c2aba6d2467e

SHA256
30cf4da09f46ef9ef9392031dd485d20895a1695d100c832c653ab1b7bd220d3

SHA512
bfae3cf81cba4eb07ac192e380a054e312af8948065b69ecd247554372db4b631eabfa8133085f6d2c1d233c68c71bdf1136d452ab18f4bf74168bcfe09096b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbe5731d2385079f21e665c563d8bc13

SHA1
d24a760b77d5a65a50dc0345b039c7bd29821f61

SHA256
e5d03c126a2a35daeb9ab2f11e9e95c038170151318fbb412dd83d5f1b3bf975

SHA512
d47bcc833e5988760d879d4c340da9da9e7475ea06b597ed41ea0169ac6bf1b78ee61e6e98f80bd5728aff1e833bd904c22e0dc751db72d9f3698a99d5663ee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6e552235252e7e1e3035745747d1b60

SHA1
a53e35ac90b507e877265b53e7e1ecbf1d92365c

SHA256
a82699318152e6beae4b519bd74c7d5bf6c4e0b555903bdaedaab79945b4314a

SHA512
525e607ad77b7f34274d87fdf7812126414cc3bde3125aa1a0efc0b8caa4add5e7d1ebf13eb3b734f857cd42afccaf75c814688d008a295502d608c83be08ae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f965454a7cd4674725a63e167cdd5d9e

SHA1
5d4fb2cc36c046c1eed034352d96babe466966ce

SHA256
12db107f5338819ee92562c1687e32bbd23b1b5b8fda00b0027a5c262fded5be

SHA512
92a97742e5c8aeba442b00b2b23a80d176b46138665cc13635d2c74f54a7a611e7c36e7b12686ba6d37d653529e3546a33f5623dd4fbae7822784d7e5b980e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5907c4acb60df32620d6b25c236cde5e

SHA1
79723622c537b71101383678096ee62f5a99628b

SHA256
556b2842a9e8952d8058ce8aa0aaff00dc0dfd02a42a74cd3e0d64cf3168d623

SHA512
16b5b7411e3de5a1bf3e7493ea976c9b8ef4285f878291cf61537002e10f27b5215554729abed4879f87862346f80005635ca1e5dcb620a5e55a3a4690a3b781

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9224.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9246.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.01.12T09.10\Virtual\STUBEXE\@APPDATALOCAL@\Temp\shawer.exe

Filesize
17KB

MD5
97231de6fcaaf11dc51c3f97b3720bce

SHA1
978bd29e8fd73d313ad55199f35db372e81b07b5

SHA256
27666871e0acc74a8f4e04c04428c060d4f0d45589f0c55cba02dd4e8dcd11c4

SHA512
d7f814430c0397713c8ea86625eefbb95249cea8a7a588c037cb742758dccbb6fb1ca80050e2d94fc3609f422d80ec7515450360e8c59a0eee175093a8e6d45b

Download Submit
memory/2800-43-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-35-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-21-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-19-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-17-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-15-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-13-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-11-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-9-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-7-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-5-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-3-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-1-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-0-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-182-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-25-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-609-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-27-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-29-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-31-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-33-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-23-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-37-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-39-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-41-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-51-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-45-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-49-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-53-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-55-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-57-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-59-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-61-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-63-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-78-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-139-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-163-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-187-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-188-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-189-0x00000000002F0000-0x000000000035C000-memory.dmp

Filesize
432KB

Download
memory/2800-190-0x0000000077540000-0x0000000077541000-memory.dmp

Filesize
4KB

Download