61a758e01fc8e3ceeeb25cedd70736a0cd9fbd47f5afc8e28bdba65556a1847d

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 23:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2744dc06d86d8edcd740cee66d4955d7_JaffaCakes118.dll
Size

123KB
MD5

2744dc06d86d8edcd740cee66d4955d7
SHA1

bf773c6212f62856ef8fa1d83bd3f12aded2a240
SHA256

61a758e01fc8e3ceeeb25cedd70736a0cd9fbd47f5afc8e28bdba65556a1847d
SHA512

58bf8a503a3f294a80a40943669dbb1c13de88371fc866918a5d31d15f0abcd8e36e4ee82ea61116c92a0e89acbf85f6141acb8636e9791b1f28cab057e99f05
SSDEEP

3072:Ek8p9PkIoUiB0iK2kP46jMeziEmve7ceJJQdRyEe4NSf5:EBpRkdB9K2kw6jMez3q4rQBe4NSf5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2196	lsass.exe

Loads dropped DLL 2 IoCs

pid	Process
2764	rundll32.exe
2196	lsass.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\PROGRA~3\811sekaCaffaJ_7d5594d66eec047dcde8d68d60cd4472.pad	lsass.exe
File created	C:\PROGRA~3\lsass.exe	rundll32.exe
File created	C:\PROGRA~3\811sekaCaffaJ_7d5594d66eec047dcde8d68d60cd4472.pad	lsass.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	lsass.exe

Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1"	lsass.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	lsass.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B04EA861-8608-11EF-80B1-FE6EB537C9A6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434617602"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe
2196	lsass.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2144 wrote to memory of 2764	2144	rundll32.exe	31
PID 2764 wrote to memory of 2196	2764	rundll32.exe	32
PID 2764 wrote to memory of 2196	2764	rundll32.exe	32
PID 2764 wrote to memory of 2196	2764	rundll32.exe	32
PID 2764 wrote to memory of 2196	2764	rundll32.exe	32
PID 2196 wrote to memory of 2692	2196	lsass.exe	33
PID 2196 wrote to memory of 2692	2196	lsass.exe	33
PID 2196 wrote to memory of 2692	2196	lsass.exe	33
PID 2196 wrote to memory of 2692	2196	lsass.exe	33
PID 2692 wrote to memory of 2828	2692	iexplore.exe	34
PID 2692 wrote to memory of 2828	2692	iexplore.exe	34
PID 2692 wrote to memory of 2828	2692	iexplore.exe	34
PID 2692 wrote to memory of 2828	2692	iexplore.exe	34
PID 2692 wrote to memory of 2588	2692	iexplore.exe	35
PID 2692 wrote to memory of 2588	2692	iexplore.exe	35
PID 2692 wrote to memory of 2588	2692	iexplore.exe	35
PID 2196 wrote to memory of 2692	2196	lsass.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2744dc06d86d8edcd740cee66d4955d7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2744dc06d86d8edcd740cee66d4955d7_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\PROGRA~3\lsass.exe
    C:\PROGRA~3\lsass.exe C:\Users\Admin\AppData\Local\Temp\2744dc06d86d8edcd740cee66d4955d7_JaffaCakes118.dll,GOF1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer Protected Mode
    - Modifies Internet Explorer Protected Mode Banner
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2828
    - - C:\Windows\system32\ctfmon.exe
        
        ctfmon.exe
        5⤵
        
        PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eede779d395b9c5cdf0150aa85bfa592

SHA1
75e9d53d879cad333e6e7d1fcf4619454f10aa86

SHA256
44e57376fce8ce794f02b1cdf3c89b3231f424e345fef1d817fd767b6eea3ab9

SHA512
57165c4bf4f1e07aa07c7dfba4143b24ab44e52b337465c751add31d156484fc73248b68d913f4d996983a55a73fb170af456bab278898287178aaf5913cd1a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f19854cc686df7e60796a6ea8628778

SHA1
2cf595909fe4b871a3eb01321fe32dc04d3e06dd

SHA256
2d33d918f10ad579d1dfc4cc7c6de5f4eed9ba03a155d9815d5114657dd4461d

SHA512
b2d7a3b3b6ad3a6ae220dbaf7f7c0ccde7fc0670e2fd4cb488913741e1d52cf53b9e059f535364d6688b9d9697242626582663241d8e4da09849e2766ff9643d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56de14c482603850100bea9ca2524e61

SHA1
8e8f4904c4b4ec7527bb2437a843b685ebe7de88

SHA256
644bc6bcb8c390e693798365cc28eff8579b6150487906e081fe05fa5e4f133f

SHA512
ef3ef7221b97f9d1f22b986ba2c99fa4a4452383528c3ac1e1300c30bfc401cebba192adc937c88aed2b04769b000dca740acc594881f4722f3a20e4f1e50478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1388a066b385a0dd85bb3573e06937d2

SHA1
7deac3d3b80cf5ab451ae8bfb5bae940ef3db470

SHA256
ee7a38157313eb43822a6b7aa23870b107c622f3d55245925fb68a9effdc4665

SHA512
f451682130e9ce0b839535fe1ba943549ff0440e811fe9be813e770199f95dce21b60aed3e4471468da50d54bb3d31045b88f7791dcb4c8934b79daebffdfb4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15ab1d16687f412a4161b047544c36f3

SHA1
d67c3aa280f55a8ad21c953e856f4561d976ec43

SHA256
be310a16ae35fd14e136e9c627f2c4d14eaa388bca92f929688bb6a390f35291

SHA512
deff5dc780595852cfd50e3c33bced3bbc78f50b97dda62bf6b67470a4556879bad0497a3dcdfd7f735d8852121ab8d2ff66a9e1a7bbd34472cd2447b018d8ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf31c44e1ab1dc75ea596996d6763dc9

SHA1
8224d413105585900aab03bde126b7eb5c916622

SHA256
91827eb26e5531a945b9903151df72f6d4c91d9cb871cd6b8441dbefb1525347

SHA512
cacd5a4f4cb50ece631397ae0f3dbf96089814deb24cab92b5a1fc89f6f24f928240d4c1f7b88e74eb2033e595cfc3b3228310d1fda7faf39b1e993ad961afbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e78945225a04487292bb3c36a8df3499

SHA1
f13ba8a808bcd2d4c45b85702dd5ad6119c51d53

SHA256
cdec87ff90c0a653c57b4db506ae49b28c68a94e3495edd1838ccdf5fabacb54

SHA512
81c1e4536e54b19e7b7566731816af5ca93d848357ddc8ef2ec6f388171760ed82e46a519fd849994f2c6b1441f3041b529c42e639e89d8d596ff20cceb9e3b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
486491a5e4cc75460c0f6ed31454d9a0

SHA1
741a0e2ee69bcae1d491eed3b541fde492d51bb9

SHA256
a7fc5b950b83251def1f0c6dfe0f5acdc612079bf1076fde9900ef864ea69b82

SHA512
254e2a5ead05799f36e2c00952a54b41b7fc3e2b891ba07699b0113e7e512a3a12b547cc58b0d8fe068a4acba8c3941481fb55bfbe8edc0bd4823c364cafc87c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e72619f2d293eed59606b72da631ba28

SHA1
5a7a2a86603c6d91c1229ea6989b2562a8d0cf63

SHA256
a61615c2a055184647996012e798d377b0b6fc9f5e7aa099d404f081262024a1

SHA512
04be1990cdf6cab3ee28f34be7d4bb84645b73f4f6cd3c57a1bd8ae71069eb95f091aa15f299abce8042bc35a5823cebb8b52c3b1310212d593026789de276e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
080e9d87dd21c788760a15b86959558d

SHA1
b378ef032b3d444aa2f51aacca5b2db4f04f53e6

SHA256
3a40652db062cbca5b32e1e59bb3e8e276ca912ad14bfc73d022b50e488fbb8c

SHA512
50aa87957270d0ddb433e8a3578998275b3ecad0a304ebfc70abdb0d393ab56bd8c1e510183a140e2432bb9bfaeb74357f1e862f424ab423171959c396ff6e87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc9dd7a13ee56ed21d58b79bd00d81c8

SHA1
8f97baf376a9b797309db4a8230ecffd353c8edd

SHA256
9e7b2b12643f19b9f0c24ca03d037645121b14c468d67e30f42baa1e912c1493

SHA512
96087da6ddf4f646f886ef99a8bafa44162e97ac750dbd14bad638ab4570a76c9e6a1dd0eb850bcd1bfc0020885443bd353099703db06a2f6adae39f32be993c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
253ee7f8ae19544d893000d95326128e

SHA1
7a7b0d9f7fe4d35f6454882ab882cdd2962a72b5

SHA256
6be9af0694a4efca3c35f5a05fbc133e515bc896ebba2a5218a6dfb726060271

SHA512
b510a18fcd38f7ffbf302991abc0e89a184d7d8676cfb1744190ca7b99e1ca17e9fcd33ec138580d0642226a55dc7af89ed317e82543cad0a40964fa8caf6451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9431a072afe568ddf4cbbc3610ff36b5

SHA1
203459c2490f19ab55ca40b31476c196c2908977

SHA256
96e34b582e4a41091418c2829d9ef1438aad005877376946d2cbd1fa4e944f5c

SHA512
4eeeb4e9f7783a2a1364f4ac270dbdb307554adebce7210003f785869e25926f6fdf9da4bef6252a32e2c1f60e7eb2170dc67d47646f4e3a74fd43e658cd7981

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29cae8a6e5afeaba1a4e0ff962a467c7

SHA1
50cf96d551284ffcad8ff950ccae57f612387c91

SHA256
88339c54a4ee874e84fa04022ebf29ed558d65819a16c1bdc8829a0300b25fec

SHA512
a21ae9c882055644ca47dbbaf4ce9203f2cc61fbf18cd7f78eb61cc55760e1c9bd7469f67f6cc55c8e952082504ce577648f6b9f58dfd7560196be06c6f4465c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7066897c5a5622281c1fb48a3cb5f281

SHA1
5884f1f4c54a273adfc7621da84f2c85b89b4007

SHA256
2a664a5914872c3365474340565efe81d1389c215b08d042c73ad0ade572e960

SHA512
46066e9ed6c717f90ffa23ca27af7061d4a682f703e428a7d43fadb5b0d8ab9f420725b99ae64f57f48b881b46e3a08e1c51c08ed17fb1c10ec883830dc4af5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35bdb9dbd328ebf6001c8e48161c17d6

SHA1
7455d3f1488191b9a209801abcce2f45de14148a

SHA256
6f72663b35cfe083be4eaa9179bd727bacbf44120d8e7d59e8f4275e6480dfb2

SHA512
6a738fc2a9cae7095dd8aa663aab42d26ee5f68bb736afc24d1b22fb3d1ca0486ad361f60788b7f9b7adec1b401bf5009dd7b404f3ed9948ddf7507e4c57a3e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a386bc02906bfcfe10249ef530c78d7

SHA1
898706c135a8367719d86ef5dba38e7a973edb6c

SHA256
733e76a20d1749308723089361365d1a598fda291eb8671e8b6e14330666833c

SHA512
4e3e95c739dc7b318ce85ec6ca593b61179bedb1d9458992f53a412932981da78e39dcb858187ebbced51d2698ed5a7d4175b549d8b72c2a94d7f73949040f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8a37d9e3ecd22ec27a7a3a622564dd3

SHA1
d04c77a047c79bfc949072744333f1a9063f536b

SHA256
ed2e368cd2e1a592ae6a62711dfdf73dc376ecb918f6b49104bd7e6b7f7420b8

SHA512
d7704e0a77f519952d9ec93aabb411011dad5330cc6adffe798a7bc58d9ad2216e4c6954244adcf00532df8bc3ab709d1a537d453c707acc7a515bdb7af8ba87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed67777f292c9aa9ba37ab22c8cfaae1

SHA1
e9af1b002871065b1970bfc5b9362154af48be82

SHA256
bde2860b442bbc6e72b0ae680db43ab6a74d54fb77501c8f5fe2db4e7540255e

SHA512
9b9775d6d4009172948db6802167c2cfe8f600954952c0897f989570e21431e1a57759e4f4ce74aece9eaa443dcfe1ee622241abfdbc8aaaf694532c68871db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar110.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\PROGRA~3\lsass.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/2196-23-0x0000000000660000-0x0000000000682000-memory.dmp

Filesize
136KB

Download
memory/2196-474-0x0000000000660000-0x0000000000682000-memory.dmp

Filesize
136KB

Download
memory/2196-20-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2196-21-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2196-22-0x00000000001A0000-0x00000000001C2000-memory.dmp

Filesize
136KB

Download
memory/2196-32-0x0000000000660000-0x0000000000682000-memory.dmp

Filesize
136KB

Download
memory/2196-31-0x0000000000660000-0x0000000000682000-memory.dmp

Filesize
136KB

Download
memory/2764-25-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2764-4-0x0000000000690000-0x00000000006B2000-memory.dmp

Filesize
136KB

Download
memory/2764-24-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-10-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-12-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-14-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-16-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-26-0x0000000000690000-0x00000000006B2000-memory.dmp

Filesize
136KB

Download
memory/2764-5-0x0000000000770000-0x0000000000792000-memory.dmp

Filesize
136KB

Download
memory/2764-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2764-1-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2764-2-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/2764-3-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download