73bc98a5af8c8f67a34c28f89ea82fb77b7a3d950d7cfaa50c13e6081901a0b5

Analysis

max time kernel
140s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 21:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
Size

168KB
MD5

25e6c11cf994fb1196aa4ecc2ba71de7
SHA1

690a97422a8aa5d760bf33265354eb6252d9f2c0
SHA256

73bc98a5af8c8f67a34c28f89ea82fb77b7a3d950d7cfaa50c13e6081901a0b5
SHA512

45bb514b74bfe09e2fd34f01f38e4902d081f307e87b8f06e0c1f7be75d37903305e3e9e9a9386122b1b6c58d5971b844963b633df522536c50c3293da424c77
SSDEEP

3072:Cvqz89m+363/7AbwLYtcFkT7rF/1uhNrF/1uhZ9qXmMTcZi:g3Tfhsrhsj9q1cZi

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2848	acrotray.exe
2888	acrotray.exe
2628	acrotray .exe
1644	acrotray .exe

Loads dropped DLL 4 IoCs

pid	Process
2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
2848	acrotray.exe
2848	acrotray.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe"	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\acrotray.exe	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\acrotray .exe	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray .exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1ADE7621-85F4-11EF-B1BD-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434608762"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000ba8f51bd8782c2c570d38865826d165e40fa44cd65a97fed7f563d33fedc2378000000000e80000000020000200000007e32f1ffb93820d3a503ad5abedcf94e569ecee1a500557c180a23bf771a9bea200000006db7d1e59eff4d20c28945b0ca85bf02a8a411d7f634fbaa480186973b380b1f400000008e6f6b54bb2683261194d0a2c79b50105d2b1b3a5bab17457b9a9d7dfe9c3f9cb6320ee8783183f110480ddf64ed6cc17429c99ab48ba2a1c33f6d75065a3cb4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208a4ef1001adb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000bb226527e5036d1bfc5b4a30cec34cedcb94a473195ee6897863a41085084f5c000000000e8000000002000020000000851e478036725a5ced3310784ee21b761e2f221dd0585cefaab9a10e9f5e9ba490000000bb7df4b1ef47e833dc18d3f23c7464f33324a66f6628065f192d12f1b1bce627abb191011f6c5345ea5738dd4fcbf4a657e6e6b76800129a88f969cba6c6055a96fa65726654b0e746c8a05f4e7cf2363febe4edd23d88ef580d3c19cfb9a39bb7bdd5226ee47289fee32ccbb8be027f7217ad46ab8b76ed24804fdbdc0c2db4e597af0c2535ba987ec31c8038f4a1fc40000000713d451ef8899fd3a9fa6a9c0d5d0e01e7231f01b6a2168cf41781089719b991060c49d17991dfd5ba50f7e7199203e0aaf7732af9f8ae8473bf865f0c4201e6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2848	acrotray.exe
2848	acrotray.exe
2848	acrotray.exe
2888	acrotray.exe
2888	acrotray.exe
2628	acrotray .exe
2628	acrotray .exe
2628	acrotray .exe
1644	acrotray .exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
2888	acrotray.exe
1644	acrotray .exe
2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
Token: SeDebugPrivilege	2052	25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
Token: SeDebugPrivilege	2848	acrotray.exe
Token: SeDebugPrivilege	2888	acrotray.exe
Token: SeDebugPrivilege	2628	acrotray .exe
Token: SeDebugPrivilege	1644	acrotray .exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
2716	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
2716	iexplore.exe
2716	iexplore.exe
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE
2716	iexplore.exe
2716	iexplore.exe
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2052	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	30
PID 2060 wrote to memory of 2052	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	30
PID 2060 wrote to memory of 2052	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	30
PID 2060 wrote to memory of 2052	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	30
PID 2060 wrote to memory of 2848	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	32
PID 2060 wrote to memory of 2848	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	32
PID 2060 wrote to memory of 2848	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	32
PID 2060 wrote to memory of 2848	2060	25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe	32
PID 2716 wrote to memory of 2792	2716	iexplore.exe	34
PID 2716 wrote to memory of 2792	2716	iexplore.exe	34
PID 2716 wrote to memory of 2792	2716	iexplore.exe	34
PID 2716 wrote to memory of 2792	2716	iexplore.exe	34
PID 2848 wrote to memory of 2888	2848	acrotray.exe	35
PID 2848 wrote to memory of 2888	2848	acrotray.exe	35
PID 2848 wrote to memory of 2888	2848	acrotray.exe	35
PID 2848 wrote to memory of 2888	2848	acrotray.exe	35
PID 2848 wrote to memory of 2628	2848	acrotray.exe	36
PID 2848 wrote to memory of 2628	2848	acrotray.exe	36
PID 2848 wrote to memory of 2628	2848	acrotray.exe	36
PID 2848 wrote to memory of 2628	2848	acrotray.exe	36
PID 2628 wrote to memory of 1644	2628	acrotray .exe	37
PID 2628 wrote to memory of 1644	2628	acrotray .exe	37
PID 2628 wrote to memory of 1644	2628	acrotray .exe	37
PID 2628 wrote to memory of 1644	2628	acrotray .exe	37
PID 2716 wrote to memory of 1268	2716	iexplore.exe	39
PID 2716 wrote to memory of 1268	2716	iexplore.exe	39
PID 2716 wrote to memory of 1268	2716	iexplore.exe	39
PID 2716 wrote to memory of 1268	2716	iexplore.exe	39

C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_jaffacakes118.exe" C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2052
- C:\Program Files (x86)\Adobe\acrotray.exe
  "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Program Files (x86)\Adobe\acrotray.exe
    "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2888
- - C:\Program Files (x86)\Adobe\acrotray .exe
    "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Program Files (x86)\Adobe\acrotray .exe
      "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\25e6c11cf994fb1196aa4ecc2ba71de7_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:3748869 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\acrotray .exe

Filesize
171KB

MD5
7dcac32d55db1424addcc20c8ec4e868

SHA1
12f6da7283eec55647fb38d2038fcfaed70bd41c

SHA256
110f3584ee16265df2d6cbfd940d9b18b7587cfe78d050488773a511ab8f6002

SHA512
daf64272c629fb3d933af85f396779d58cfc5acd9a5f9dcf574544ca9cd5a83603b3b84d39d83a0e8a698fe78040189e44f21736cb37d6f33ac06d5f06c9e83f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
668ffc335bb1c655fd304a688b521a10

SHA1
d7bdad4b56d2d2e15c3b2d7efdeaacb10a29910d

SHA256
bc315bfc4dc3b20b954dba671707b2f8cc33aa9da421e1990465674978cefb97

SHA512
c5f554288a1db73101f1105ff1114207cbd60870cf7575a0db3df8456d3e6f9df4cfb7025afadd34a949c66351c800235247f7bb0ca0e1b932d2dde0e4997120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25e75e1b1d94d470cec9be6118b029b6

SHA1
02efa9e821ef1e4cca25652541d62f89d32dc83f

SHA256
5a4a4adf6dc65e1e17070a0329db81eed013062070a30cd29fabcd3ea757a4a2

SHA512
95ff9299098a95a40eedc1f4d81c354962043b25ed1551ef874504ef838192a599cf5367fe58ad766be19cc3a395f73fc5d4eeed9670c5811efa733ccb3fe614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26d2456c92365612af87d5d1495e1a6f

SHA1
8a0e5583a974d2e00ae9f1b8f0948948c5af089f

SHA256
d611aa430af7d3b692a94b79646ba58e46ad91fbebe8b1e87f7d31f4b9eb4890

SHA512
12f7f419f6a428d3aefce41acc9ca37a0cbaff52c783d44a1dc64bfe05ddb7c06a92b577a4ecb0ce7f5b86e8d88163aa68fa994b12e19087f711ca7c0e1d0631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d794616d2fae2e527ea3bdd7a08b3a5

SHA1
b032b5fd577f30621b521c0841dce6377b8ab008

SHA256
179c769efeeaf1f291c3b7065fa211d33bbcae893f533d6a385ec5faf09b6e39

SHA512
6fcdbac4f224cb208427f9a111c2e0f9d687e6f56b20f9909f785cf910ff0677dea9814d1b1a8c23544c11a35173739dc80bd60e67767d2c2cbaa1f5edb43dfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45365091013d8a6785cb8592abccb090

SHA1
45e2dbeea38cf5faddf220360b97a9fd97825c35

SHA256
4c964becf4ebf19e99e5aef6fdac484d759a6aab275e9531e849af2dbef883ee

SHA512
07c026e7c6122fc94830e2f5ae655b8f955eea1f486db8af8062f3f610b6e7e4e808b29bb23fd844d9f0008aeb316fd55f65658de8ea01d4236af85242bb99fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca7eba6c34d574e917663bca8e7bf200

SHA1
9e6062216a2f765b7e1cba098c73e00a2a89abcb

SHA256
0a72b4cc9a6304635c808f3fbff7adcfb7107677a748faa03bef5815af75da45

SHA512
d1b741354fea9ca576f07e67f171961de1469ab623db4b5c224ce221dffe1c984d1239897f8ec98da2dce3b88a5d3410438fc8cbdd89a896b6056d47520397ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5adad007f0e050d0b4aafff0cf819cc

SHA1
da3d4a59f126abc02e2a98783d53f811966ba4af

SHA256
1e4edf83aa6e5936599219d08571e0016fdced1b5549aec7e84fca1c3d8dab10

SHA512
3de79f527c9087b3e51e6ae44012592c3d0563390e5a28aedd47e204c8a9325a0dd928c42f1167203f4b2927fb64d307e6d81035b1a1f4ec4462b1fc3631ac95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87135015eebd301f7c0cefe814bcf85a

SHA1
d4de1bb27e3f28708fbb6636d2684b627a9ea17c

SHA256
a31cb4c5f5ee98a2cef6c1176cdae808fee4368d708431ef949a94ca84e80035

SHA512
d95c7a6ca9b231b30961b817cf6b6ff081fe0eaaeb28dc67674512d30ddf6d62bb058625b920f100a96a86ac1edefb7b29a4a4a143470310d8c5ab1eb8199b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26d133fc22ac0171d9169c133a4cd286

SHA1
531969a11603ff442a485cd483faee7085d8b288

SHA256
d0aa8cedfd97a2ed7713605ac3be03d2c5b82800b62ba2756e7e6ed4388f5f5c

SHA512
b01a672395a4e06bd5b3d62128311d9ace607a1ca1c03b1f2baab00f4993226fd324fa161ff9ada9271ab6816683454bb75d385653cfead48f7801d3e1300a42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac93cb0bb1ce01ce2b4c30f9c4fab4e0

SHA1
c2bbee6e8f371670dbd58370a1ecb27c17c65bad

SHA256
e711e2a9f0e0e45bafd07c9b09ef45def1157c486ca1806310db3d57dc5520c4

SHA512
015b7fdc9e54b6441efe9e1fe53c3bf4a7b69ce3a7fbe83f3eff3a677769a17a7a53eaa2ae08a645a8851e5db97bbdd413d9180f5053b67dc38300a5054d8dc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
802aa08797cf7cd96998b8d37f4044e7

SHA1
e37cd5e590d2283af05f08c262e2b350a9c15943

SHA256
67c7ae58a50b508edef5dc7276ce902088e0f7a2c7c2deced9cdd413334d50f3

SHA512
816f160b990cb6d8e05d8bf4d7b673161d8bb2037e79b3d0d18f4cc112578e5df3ec8e439073dd0090cfd4823d19072a70eadd9c413499996cce6a2b3bf3d5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9863a7c156c10b56d426b9019797ba33

SHA1
5f999ffe5a57872aa58b899c12470d236783d6ae

SHA256
79db334f806bfad1e0e50280fd1f6a6328021555815bd474f960d4154351cc9c

SHA512
abb3db5642b5ef779056437f4aba48b6c764ab2576aa04dc3421b2f1cdd7dfcd9057524fab90185f967ac2fbc3f8aef9e385f995f6c786b7ae2bd0edd8821755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2358b8173f7c1fb10056e1effa446c7

SHA1
68b5faf61df8f95817776ca3906c57f81427de28

SHA256
eb397439e8e684b7dd38738fd37efbe6e2c0cf4b974e847afa1b0d81bd4dac14

SHA512
e6ee7a60af12ac1b0e56957cd5c9c6f8dbb443f6872c4b1fb0f8670ee0dbb0ff2cabfebe79b976cda82adb927a825224d7cb074d4323e96e6899eec58b07ab4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8364ad8e3ca17843ae25b2197880a70e

SHA1
3289c576f10938ac274268aef007b1908455597d

SHA256
557d0df9854c363478560d954deb68c59e42f4cf89c5c00600cff6fc6d5748c2

SHA512
e9ea38832a9feca4517100b0cf6f72236153bb5481544016d306a27d7bc6a9a9b02450d7783bc57e8a43bfdce9191714db05116eb31c5da8eea4ff949b5ee4c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7892f5b10272e13b2c8bbc279edcadee

SHA1
2d2756f61162f401b9001e775fd11b052b7542b4

SHA256
ac4cd234d5b610b5b3357dcd38166deacb4354e5654761f3aef631410f00f108

SHA512
fe75c5ae3c5afa5f1dc84ee6cd6ac0654af547d92e98cf2b90563bd766f3daecb51af54a9dafbb3a94e03d848a5567be3e0d5f03f970c177237db579d2e467d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4feb518a3fa0a8540484556a331ed788

SHA1
9ae2bbdadfdb7eff44d7ff4c0656f1544cfd2553

SHA256
6168c8db15fc10780513fbd8adf08abad9e87171cce8689e5c4d7a785f42ebe2

SHA512
3fc57585fa26eeb12c99a27cc26f5e9fb3457a3737d99e36de525536b6ccf6dd3162e6a3caea843c19cd89f43b818eb9ef029532e6f411108dee415bf2891f93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a58af57ec0d9ae2e2b7cc754707ef9ac

SHA1
679dff4250c1820ceb2e1cc08e753e9e35fc213c

SHA256
3d020137b54283027bfd36223f4aa456bb06c71b60f2f64ccae29af8102cf7c9

SHA512
1bf5dc46cdaef607689d679399908ca3b644162af60917ee3ee1d88021daff0af1b2759ce306cfeb6980dc056f400b231f5316902f03182e1e002ad8d0cc67e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec49815e254a5d80e4b1c815ddd7e316

SHA1
8a30ecd671439f6ba05429b28919674270113e1f

SHA256
443bf5a4e9182f9c3a2f87c32290de160aea5f42bdc54436209833bc7a7ab3bd

SHA512
2f60abd253c150116038cc957e0c848833aad39cd93ac9ca63e49b150bc12bbd5195da95e400865f33801f850ae1fe2e43e06f188a6afbac0b53c6858e713088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88f5dc6597a3a7230af4f1afed686564

SHA1
5d610b6a97b699067fdeab7098cc82bb14134b95

SHA256
f8d2ee51e12bfd24b7c7fd237109f72a102eda44cba33a68cd89c6ceea7eb75c

SHA512
16a22a9663befde41d89767eaae2d031c5bd315afb88f8f1792c770a6823d5409992f4d4417c1a061f6fc3654c8242b206290875b8e25a3be13eb76861ecfd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDC7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE59.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\Adobe\acrotray.exe

Filesize
172KB

MD5
ef8fd9324055ce75095013067db8b2bf

SHA1
ba21ef8ea990589c439aa38140d3cd2a18cc9fac

SHA256
6034d192523a2e83b687b831ccedd3a7ea2c91574d28d2350da1c3270c3d01d7

SHA512
d5997aecf0f87ef77739ccb20352588b31cd8d255d674804ad096e7eda800a47bf63d6beade8f62853067fb207e30bf8396bc6be15cf1c6f350720f75f3ab331

Download Submit
memory/1644-44-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1644-926-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2052-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2052-482-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2060-922-0x00000000027B0000-0x00000000027DC000-memory.dmp

Filesize
176KB

Download
memory/2060-481-0x0000000002670000-0x000000000269C000-memory.dmp

Filesize
176KB

Download
memory/2060-4-0x0000000002670000-0x000000000269C000-memory.dmp

Filesize
176KB

Download
memory/2060-1-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2060-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2060-480-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2060-14-0x00000000027B0000-0x00000000027DC000-memory.dmp

Filesize
176KB

Download
memory/2060-42-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download
memory/2628-35-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2628-925-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2848-33-0x0000000002150000-0x000000000217C000-memory.dmp

Filesize
176KB

Download
memory/2848-34-0x0000000002150000-0x000000000217C000-memory.dmp

Filesize
176KB

Download
memory/2848-923-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2888-924-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2888-28-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download