Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 06:17

General

  • Target

    167dd2e0f3e7ea8398eeb6e13e999d5f_JaffaCakes118.html

  • Size

    2.3MB

  • MD5

    167dd2e0f3e7ea8398eeb6e13e999d5f

  • SHA1

    8d6e297ec712ea313c7a22ad4fc408bafb02e410

  • SHA256

    bf454cf93f3c1017607e32bd4608b4c3732e300392133396c91b14e79a54bc6c

  • SHA512

    6669c3c371518a76e47dfa898c479e9fadce98c46e9406e6d81d1f806c8680c647b0a30d6f902ad21d2c20d019d94532c214dc120d5b4c9f51b140c2d38b31cd

  • SSDEEP

    24576:l+Wt9BJ+Wt9Bq+Wt9Bw+Wt9Bj+Wt9Bt+Wt9B1+Wt9B5+Wt9Bi+Wt9BX+Wt9Bz+W2:j

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 25 IoCs
  • Loads dropped DLL 17 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 29 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\167dd2e0f3e7ea8398eeb6e13e999d5f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2756
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2860
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2740
        • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
          C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2188
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
            4⤵
              PID:2056
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1104
            • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
              "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1912
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                5⤵
                  PID:1784
            • C:\Users\Admin\AppData\Local\Temp\svchost.exe
              "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
              3⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1272
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                4⤵
                  PID:1312
              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                3⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:624
                • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                  "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                  4⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1944
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    5⤵
                      PID:1604
                • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                  3⤵
                  • Executes dropped EXE
                  • Drops file in Program Files directory
                  • System Location Discovery: System Language Discovery
                  PID:2752
                  • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                    4⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2592
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      5⤵
                        PID:1488
                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                    3⤵
                    • Executes dropped EXE
                    • Drops file in Program Files directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2020
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      4⤵
                        PID:2820
                    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                      3⤵
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2804
                      • C:\Program Files\Internet Explorer\iexplore.exe
                        "C:\Program Files\Internet Explorer\iexplore.exe"
                        4⤵
                          PID:3068
                      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                        3⤵
                        • Executes dropped EXE
                        • Drops file in Program Files directory
                        • System Location Discovery: System Language Discovery
                        PID:1796
                        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                          4⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1976
                          • C:\Program Files\Internet Explorer\iexplore.exe
                            "C:\Program Files\Internet Explorer\iexplore.exe"
                            5⤵
                              PID:2936
                        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                          3⤵
                          • Executes dropped EXE
                          • Drops file in Program Files directory
                          • System Location Discovery: System Language Discovery
                          PID:852
                          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            4⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1384
                            • C:\Program Files\Internet Explorer\iexplore.exe
                              "C:\Program Files\Internet Explorer\iexplore.exe"
                              5⤵
                                PID:920
                          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                            3⤵
                            • Executes dropped EXE
                            • Drops file in Program Files directory
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1296
                            • C:\Program Files\Internet Explorer\iexplore.exe
                              "C:\Program Files\Internet Explorer\iexplore.exe"
                              4⤵
                                PID:2644
                            • C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
                              C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
                              3⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2036
                              • C:\Program Files\Internet Explorer\iexplore.exe
                                "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
                                4⤵
                                  PID:2428
                              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                3⤵
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                PID:1812
                                • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                  "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                  4⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:660
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                    5⤵
                                      PID:1952
                                • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                  3⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2184
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                    4⤵
                                      PID:908
                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                    3⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    • System Location Discovery: System Language Discovery
                                    PID:1276
                                    • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2688
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                        5⤵
                                          PID:1780
                                    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                      3⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      • System Location Discovery: System Language Discovery
                                      PID:2788
                                      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                        4⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2148
                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                          5⤵
                                            PID:1812
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:406533 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2768
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:209936 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2412
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:209941 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2116
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:734219 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2864
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:2634762 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1944
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:996368 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2548
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:2765837 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2352
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:14431235 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1496
                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:3027982 /prefetch:2
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies Internet Explorer settings
                                      • Suspicious use of SetWindowsHookEx
                                      PID:768

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

                                          Filesize

                                          914B

                                          MD5

                                          e4a68ac854ac5242460afd72481b2a44

                                          SHA1

                                          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

                                          SHA256

                                          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

                                          SHA512

                                          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                                          Filesize

                                          1KB

                                          MD5

                                          a266bb7dcc38a562631361bbf61dd11b

                                          SHA1

                                          3b1efd3a66ea28b16697394703a72ca340a05bd5

                                          SHA256

                                          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                          SHA512

                                          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

                                          Filesize

                                          252B

                                          MD5

                                          0a7bb1dee73992926a37538ec882f1bc

                                          SHA1

                                          cbf524ca2ef7400da8f469a4ae3aa8a42d49cda1

                                          SHA256

                                          d224b0258ef3815c83a383770a3915f488dfe68f9f57c5e0e80e7be6b85dbdd7

                                          SHA512

                                          6ed347392831b9e838a66977f3aece5041283dced0e5c16f0eb1007ad5bd68aad661e954e5b52b772cea9c6e6bea66e6f2837c0ef2adf1bfdc6cb3907b242d49

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          7e54a08a05778a5f0b6950bc4b3ec3c7

                                          SHA1

                                          7e065b7c00e7011564c03215e8c62fb1f0eaaf56

                                          SHA256

                                          3797fbba3143347507177f0b40a1e2e9cd484fe7b5981021b9ffc56b4609c587

                                          SHA512

                                          d2f5b55b95f7758fd5e9b1b798629cf4e23a41c03d8e01b8cb0a415b36950708bb106718edfa07961639f8a94db019783e13029990cd1af6405cbcb7c4a99709

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          21c57f1cc1c11d83e2a442259da4627d

                                          SHA1

                                          b4c3f981c6e4bf448023fa435cb56545d134f07a

                                          SHA256

                                          322fcb0baa70f6b8892ce10d3af798fc568609ba8493bce7410359b14560a192

                                          SHA512

                                          46034c0befe49fad2cd3a359a142354772c0a1689ac7af9edab6eef236ee2ba1ee225a337dd2ca174ed83e55042c9396d3be2f8bcba917724e61e91d0ecbe72d

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          0c0ade8c9270d998e5faad6084452615

                                          SHA1

                                          30cf37955634470c19e52f318f78b554cf12854a

                                          SHA256

                                          fb2db7bc338ee5f179c3172a8e62351efa65951e83b895a213b1df618c8330b4

                                          SHA512

                                          ce18285b39318bb338c2a1cde520926eb355b734423a61168dfb9250acc3d96aae0f7cb7694a2aabf6f826dc35cabf5048c63ca0fe88171e903ccef8c7cf048e

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          4afd4626cc858d4d7c20c1fbc5f19c6e

                                          SHA1

                                          9583a97acc29d9d7dc2036c1be69f71841a0a667

                                          SHA256

                                          0f1fc22b4e55562c8d80467c60ff2f94f094d17450abb32b27aa64a3540c4c8d

                                          SHA512

                                          92a0129636d3cd39887cea765fcdb0e3dbba9215b860874e8c5a2ea2eeebf0674641174a807017c986f46dc24499f56ae0b3a89e73f7193487c4cffa858328c4

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          f51168ac8d9c6be9fa9ed1e1dab41097

                                          SHA1

                                          a6309ab1732c08dde2cbd1484c8cb327a2f02777

                                          SHA256

                                          5fa6e50b149feeb7c08d2892a9ea02fe7b1d6133aec247cbab035fa48fbd0c0f

                                          SHA512

                                          9be9f62cdd2338af0ae9837c1faa52c48a6c47264ef74151142642d0e3f0a26fa0b569bb46c1bd344f8e5beb84e9bdeb44c26446db83bf6645c6356f1eabb86a

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          788db26ec7eb904aa9c6443b257722f7

                                          SHA1

                                          9ed622c5e35a1d9ffb2e53585a6b25c96105bde4

                                          SHA256

                                          98b9c4a6e9da73bc1c0217438fff5e308eec16092b1e521e57892df27153e937

                                          SHA512

                                          0d5273d8406516acf07dc6d974f4e81ba59f560dbf324bb5d2e1bf21080355c45ac9b67530d168cd10da678c0d021cb2f6b6755a9901789fb37089907c34c16b

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          7d52bf9904d877af2898fec282859b50

                                          SHA1

                                          e9470b96c8d2500354fb23ac7410921516693c21

                                          SHA256

                                          439d2f1b832402964907c1431fb9cf24dd907a0a9d24b3160575f44b9e366bf2

                                          SHA512

                                          adbd6d1c7bf372746b88b049fe17114477c3633f3c5f926814d406d73df252c8066f232d2717f1b7197a79e718be16d424e83d3dd40ee12028d1d5fd99f75573

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          c624d2f534974545c0918bcf64764cdc

                                          SHA1

                                          159835d964277950fd8af176eacbb38eec0cba63

                                          SHA256

                                          04b1abe6aca6aa1e5c10be9e4cc2ef8aa9a1ce70b4b5d4c59ce26bcacb3e7939

                                          SHA512

                                          553c585b86c36c706abc9f531c5deedb925d5a51480c8592326af4f1f30947d70dd0b890dd80fee1221cdcaac93f8007b7d9c758926ff6b7b43ffbfb9b894b0c

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          fcebf95bdec3473ff879092e28d4bd73

                                          SHA1

                                          967e34d16ba26502b2c75ba47f78acc13d593b5c

                                          SHA256

                                          1f9fb137ec53d050d290dbbf8efd9e58a5ec5339682776db02770b71068392ce

                                          SHA512

                                          06376f50364a745249d087a230f07c3d070a480b19fc7b79d72d01aa78591c82d75998302f14cd804bfa033668da21c4ee3052a327eae9f5382d511cb620eca6

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          42133c879583dee6e418d6c43e6a1e68

                                          SHA1

                                          6e65ba6ff376b53b87cb296eb9858ab5d54d3d78

                                          SHA256

                                          38e4da0f82bd8b81f37bc2ed4d0540f16f7d5c48c34d9e073f8b7d522277ac85

                                          SHA512

                                          e1018d9d2157fabb3e81837eacbaf36ac18a5a23f8cbc6abfb6a6b503595dd713f006120cea0205348d19f2de22d7c1cdf99ec9837b4e279f7dc8c1b8079bdfd

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          c27b271d363f437d39bef5e4ae32b775

                                          SHA1

                                          6f862e9ee5fe320b9f2436616b30da83b51ac65c

                                          SHA256

                                          5e10956a6dc0d88b4bda82844c0e9ee0a392e3e180898b8da2144134b7a54d1a

                                          SHA512

                                          f5de080af691b08602d1c50222438c0fca1569b0f64c06a30e4e887dfc31c330c1f0b3b0f2edf5a101ae417072e6556bbaec48366e471c69c626712397ca7930

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          f09a162b234b4b56dd04d1521ef17131

                                          SHA1

                                          a81a916e7ace28e45cc382d9ac983e78de01ff05

                                          SHA256

                                          78fe889240cca54459b9831833659c7215d45f10c2808c403215dc6f7d975ffb

                                          SHA512

                                          9fa89f818deb914196b50412d96d1073dcf14012c92adfee826a59877e333c227f4f02a69dd78bd658f7f76d3f10de2b1284d869be4456ef4293b3e1b4b9638d

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          31348d8125a6af5738d912f703a9e356

                                          SHA1

                                          18b10acdd92678111a62775a262e289eb0b31c5a

                                          SHA256

                                          467f8c859b8ffc8ad1008ee62f02f051e597ca43ec999c98d788f79c9dd266e1

                                          SHA512

                                          500e4d11b9593c6b7e9a9f22c879f34c669a7090ea6fff337ff115db169bd05c624673da0a41e5c35ff86651e18125f0bfc95b9600bc4da03f380a8a1f84ee13

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          e4709022031f4adf70ddf0faa468231c

                                          SHA1

                                          77c3f75779f268254ba4c7dbcbccec75e8b483bb

                                          SHA256

                                          ba08abcc01dbba55f14b7c62871c8e46bdbeb4ce70d3215620177a078000dd36

                                          SHA512

                                          72c495d6e8aa82887185d3cdad807324e2d4bd6ba42d5ad39bd7b16181671b2d21ddbb5a93c924551511961af18061d65b8413ddc3fc97fc3bf5e9f1ecf90310

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          dbdbc54454f04d6a8c012e519643edd6

                                          SHA1

                                          2f16f187f138568e0f83e4c81b3d599d87f5d97e

                                          SHA256

                                          30a95632121dab59e5f0702f1ede619b5fa8bd59d93c40e1c6120d60d14ddd2a

                                          SHA512

                                          618893448542266f56d1e99b43870ece573f1e43c0ed096fd5dd921e6274cbb0b64d0930e0d81c888cd4a824906912e694bf9a01aafe24267cb75c43305201f0

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          0d664709319165ffe65fe2f00ebc685f

                                          SHA1

                                          f713bd049947b97d7c2504772043dbf8401339a6

                                          SHA256

                                          66525363a0218bcf8ffc172595526e992c41169c2fa76201e3a5c2f518ad25e1

                                          SHA512

                                          62eb08c2b79e8d7b464c550d05408c61a55c54bad92aaa250458d12745cbf26a8df7f1643cc9d9da512caa14a32029faaf39b9d11698c21a601355e1af8fa00e

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          7621a3d2de1654146bf9c90e96d5f2c7

                                          SHA1

                                          779aeabf66dbb988fdd48685e1c7b9369c86a3f1

                                          SHA256

                                          1b642f97ce282b721fe4a7ed7daed57df3b59c8d99d862719ea99e254301a265

                                          SHA512

                                          440e172cf053a0a17887a6c2c4e951e565a601f62cced2378a65fb2f958010ff87a7a84a686f7794f06a5db9ad55d053f04aa1f5b8a119f04922039a5849eaca

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          ae54898accbf38bc76b5ce342ef08816

                                          SHA1

                                          8d7ffffb692bd23421b08448117ae6c71ba08974

                                          SHA256

                                          236dff55e5bd598e7ff48e3da3442d6160c301f9aa9ace2f1a126476f6ebf575

                                          SHA512

                                          fa47409a3bedf001abb7554a98e49df120a4456db8089582dfcb9f07f845519de90beee821aaa33d2c6afff7102deeecd5afdedacbe8713e7aa104ed16d1fc88

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          ee1955548f38ca303bc85c7b56ed0060

                                          SHA1

                                          6e2946621289b8dfa0222bb123d0eaa0654dc8ee

                                          SHA256

                                          0f1093ace7eb1861ffafedd114feef7007777daa79117a5827b2029430a36561

                                          SHA512

                                          876fa8e091bab618a64b2fc99652b9d9b482e5076e435d3f04100f3274a6b00be6c239a4d8d9c815f406ad059f4c2601651361b11edf90258d3166bd977686d1

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          09d68c710042f05619393db1ba0e035d

                                          SHA1

                                          8c7af2d84cccecf97eb12eae44c9a368eb32dc64

                                          SHA256

                                          773c6cbc585305f1025567e607b499dd2675212dcd67ec4e70246dba5f47b16d

                                          SHA512

                                          4b4797d78394b2d898866becb456bafd512d941c247094fb29623290e9b2351a32962e82a76f0b47bb41f11786c9044a9a56a50dc61637ad3eef802d719702a0

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          a6b2c0132201bcd8c87c243c10a8a9b7

                                          SHA1

                                          e6f5db357c2a5a8e7605ed6b93c63f2f7152fe89

                                          SHA256

                                          0d27c5e8f3facc63ce7769f7aad26a41b8245e673f59944dfa1316bb1c1172c8

                                          SHA512

                                          aa058633126ad3a691470a298d392d20a674cf892b55155574a747d081fabe53f0dbbbd48a71148fbb3e9cfbe3acb1b0459b24dc59c915890381feaefd669d5c

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                          Filesize

                                          242B

                                          MD5

                                          bc606c6b58f706273f23b98b87aabe48

                                          SHA1

                                          62cf92f4d414416a76a700bd28d6d88a7a48978e

                                          SHA256

                                          0d0985edb2a34a35be3c101613d4e1d1027ae9e1ca467812e3ff88298c1fcf00

                                          SHA512

                                          6d17394c617ba97a6a6e97221eff15018a032d342b34a0f6964811bc9dccfe3f4194e94be493dce24e088db953f352e6f37ae4a0a3f8236dcdb299e822db80f3

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\swflash[1].cab

                                          Filesize

                                          225KB

                                          MD5

                                          b3e138191eeca0adcc05cb90bb4c76ff

                                          SHA1

                                          2d83b50b5992540e2150dfcaddd10f7c67633d2c

                                          SHA256

                                          eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b

                                          SHA512

                                          82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

                                        • C:\Users\Admin\AppData\Local\Temp\CabAAE1.tmp

                                          Filesize

                                          70KB

                                          MD5

                                          49aebf8cbd62d92ac215b2923fb1b9f5

                                          SHA1

                                          1723be06719828dda65ad804298d0431f6aff976

                                          SHA256

                                          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                          SHA512

                                          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                        • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

                                          Filesize

                                          218B

                                          MD5

                                          60c0b6143a14467a24e31e887954763f

                                          SHA1

                                          77644b4640740ac85fbb201dbc14e5dccdad33ed

                                          SHA256

                                          97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58

                                          SHA512

                                          7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

                                        • C:\Users\Admin\AppData\Local\Temp\TarAB71.tmp

                                          Filesize

                                          181KB

                                          MD5

                                          4ea6026cf93ec6338144661bf1202cd1

                                          SHA1

                                          a1dec9044f750ad887935a01430bf49322fbdcb7

                                          SHA256

                                          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                          SHA512

                                          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                        • \Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

                                          Filesize

                                          757KB

                                          MD5

                                          47f240e7f969bc507334f79b42b3b718

                                          SHA1

                                          8ec5c3294b3854a32636529d73a5f070d5bcf627

                                          SHA256

                                          c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

                                          SHA512

                                          10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

                                        • \Users\Admin\AppData\Local\Temp\svchost.exe

                                          Filesize

                                          83KB

                                          MD5

                                          c5c99988728c550282ae76270b649ea1

                                          SHA1

                                          113e8ff0910f393a41d5e63d43ec3653984c63d6

                                          SHA256

                                          d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

                                          SHA512

                                          66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

                                        • memory/1272-151-0x00000000001D0000-0x00000000001D1000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/1272-172-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2688-717-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2752-249-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2756-7-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2756-8-0x00000000002B0000-0x00000000002BF000-memory.dmp

                                          Filesize

                                          60KB

                                        • memory/2860-22-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2860-19-0x0000000000240000-0x0000000000241000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/2860-20-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2860-15-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2860-18-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB

                                        • memory/2860-16-0x0000000000400000-0x0000000000435000-memory.dmp

                                          Filesize

                                          212KB