336508d558bf5347009448c4256d93013dd6f674f50601c3379f8696d1cc1768

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 02:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3d57a33ae4c28f82d2a5b59a30a3009a_JaffaCakes118.dll
Size

228KB
MD5

3d57a33ae4c28f82d2a5b59a30a3009a
SHA1

3f6e2acafadd337d289b2a39a1e5d739df2725b3
SHA256

336508d558bf5347009448c4256d93013dd6f674f50601c3379f8696d1cc1768
SHA512

37042f084390a6044ad3cdcdf22bcda4960f29838d32a5732f30ad5c1c2d68881faa008f12e66fb0c2fcad3c6ee4bddfa3b1149e3b9a7ceaec053de93c8b38ef
SSDEEP

3072:8ZKsXT/c9BFy+vmpKFpinT5rhcrqI9FU2b:EeZkKFonTghv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2836	lsass.exe

Loads dropped DLL 2 IoCs

pid	Process
2720	rundll32.exe
2836	lsass.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\PROGRA~3\811sekaCaffaJ_a9003a03a95b5a2d28f82c4ea33a75d3.pad	lsass.exe
File opened for modification	C:\PROGRA~3\811sekaCaffaJ_a9003a03a95b5a2d28f82c4ea33a75d3.pad	lsass.exe
File created	C:\PROGRA~3\lsass.exe	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	lsass.exe

Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1"	lsass.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	lsass.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63F8D741-890C-11EF-A0E3-4E0B11BE40FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434949045"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe
2836	lsass.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe
2180	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2180	iexplore.exe
2180	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2704 wrote to memory of 2720	2704	rundll32.exe	30
PID 2720 wrote to memory of 2836	2720	rundll32.exe	31
PID 2720 wrote to memory of 2836	2720	rundll32.exe	31
PID 2720 wrote to memory of 2836	2720	rundll32.exe	31
PID 2720 wrote to memory of 2836	2720	rundll32.exe	31
PID 2836 wrote to memory of 2180	2836	lsass.exe	32
PID 2836 wrote to memory of 2180	2836	lsass.exe	32
PID 2836 wrote to memory of 2180	2836	lsass.exe	32
PID 2836 wrote to memory of 2180	2836	lsass.exe	32
PID 2180 wrote to memory of 2844	2180	iexplore.exe	33
PID 2180 wrote to memory of 2844	2180	iexplore.exe	33
PID 2180 wrote to memory of 2844	2180	iexplore.exe	33
PID 2180 wrote to memory of 2844	2180	iexplore.exe	33
PID 2180 wrote to memory of 2676	2180	iexplore.exe	34
PID 2180 wrote to memory of 2676	2180	iexplore.exe	34
PID 2180 wrote to memory of 2676	2180	iexplore.exe	34
PID 2836 wrote to memory of 2180	2836	lsass.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d57a33ae4c28f82d2a5b59a30a3009a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d57a33ae4c28f82d2a5b59a30a3009a_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\PROGRA~3\lsass.exe
    C:\PROGRA~3\lsass.exe C:\Users\Admin\AppData\Local\Temp\3d57a33ae4c28f82d2a5b59a30a3009a_JaffaCakes118.dll,GOF1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer Protected Mode
    - Modifies Internet Explorer Protected Mode Banner
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2180
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2844
    - - C:\Windows\system32\ctfmon.exe
        
        ctfmon.exe
        5⤵
        
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
455e760f5d4eeb40ac5ea4d09f87d8ec

SHA1
8b224437722ab27e576e85f05653fa51df96cc81

SHA256
3a71017d5c5f472e1cb5c0d74e27b77a5bb5d37fa922842eda30152fe7b2f09f

SHA512
4b9b19dbb002666cf32593824edac76aca36abec4ec98baac78b3c5536c8a81d7771bc61d69f3deb9efe2ae9de6fff729e2994c09502b48b478c96633c9fb471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2a4504cc5721500462ee10a125a78d4

SHA1
01059968e0ac6df77db90db19a7e791c3aaf0521

SHA256
6c3f22170668913d7687b93078052587593ff63e806f0aa763cfad304723d4a0

SHA512
6a83383df5ff677601ac9be55b9f80d0c8bd803708ddf60437608b300be8b529a2874dcac9a3a789adb2b2cbd194da45818967f02e349941d39672e68d22e726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1656de96c528ce8c09d6dc581f9a8900

SHA1
fcac13fc45455a8e18cbafd84f55bcfb05493e05

SHA256
bc38ee642cf006f64857b79cd51ca422f5b2867d4314483236febc7236a9d0ac

SHA512
775c5b8b4af79ca0e20540a4434df7e7a1ec25db41505ce836be5dc83a4bed99c386d800a67275624652d9238315b9d48a8105d6db999a58968b25cb50a286ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c909ba7405caf6ddf88d6d3efe13a8d

SHA1
493693c794233eb0cccdded5e1450c2f9f136696

SHA256
f68ff4768687690a136188e6b834bf68a4c4293c6ae04bbd54bf0f6031ffbc41

SHA512
addf49a6915c761e0ab5c0cc34edd2cd62278e2eb1e7d5728d063ff31abe8ec3b7c518629cad56ec60261108fc28f7aaa6a6aeef5f24f51e6fd0372569bde226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c1629981724017309e9ada7439b4c9a

SHA1
3ee3496f6ff1d55f57090fd406d121c0fc0d829a

SHA256
f6283f4d7ffa03cc97cc0e5cd2b26a86304c4ab3eee5db4da374f451388c03eb

SHA512
406fcb7ac6c2426fe02078822542e0cccceba8dba6231d6bda73c0527f80db9c68994d472926b7c0226bc7d0f65a140187db18fc2a5da4c7641eb4b837da8a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6a93549dac2a3589c3af5c10d91b070

SHA1
0c6d13ee9b318b3a277f719d354294659ef77730

SHA256
06b7740d10d7da3f605e391665ff485d3af9196c5456c9aa8515a2df2fd716bd

SHA512
f7e7115b6e1e98af38879cf874ac38b36091d826958474ed47873a8891693de20a5e1b84e1009427ff915a30c094be549b000a7dbbf9d7b6bdc3235440e2d75f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23118bf47e4c3eb31d1ff444261e28a8

SHA1
65a359b1b52802fcc119c7a651e8dd4fe81d3288

SHA256
ebb13193ad15da52abf1d660fb01164be6278d0c44dd04de4d607c9bdea00832

SHA512
2a7b89de097ed5c54bdc69e75544610b6b495cf358e405e09b0bdb0ce7526ca51005033904d72dc6b7d4a57fe0b9dddc1610cd606320cc4b87333b6c8ce880b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40f5f05324f78530779350b94baa4634

SHA1
de40f0f14ae50cdd4752394880ae644cd69a8808

SHA256
e093a5004d2a7a5182c74ff545a52b82cc6173493be6e5174162dff30865c5fa

SHA512
0b6f8d31f2861dcf50d97aef2008bd68f7a75bda23a633debad3bd385079d2ed2c4c00fef64994e9787cc275ef09e88c5670d941935c8469a93b5b08e141ce7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
436b02f4d5c7a72719e3e76384433da1

SHA1
e932752027bba43398b0d176c071af40f6aea851

SHA256
ad2102712882f6695f8fd02f6e274dba052d5de5d7501c5e21ea4d94e590dbf3

SHA512
deae68865a3e82e13b88b3cd025828acdae34def7821a857b4485ef09124820611fc06cc4197630826a99938ca915dea1c101f517805cd33a6a0e15ef8ae5cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9beacc75aacefac3aaf5a1aea0541dda

SHA1
21755d980f3fd713c02cbd3f77a57655009a5d0d

SHA256
fee446fe56c5bc25f602d6ad2e1f77349b777f3c7301d9e456f5b4136573e8c1

SHA512
569a62390d4139d71241e8de7af1785b390817d9890105d6eba76022c9c50c47e3250f16a242d89cc5a42c6270a6dec82ced1d2441f7ef14bb48cb2b951b92cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f3708910e5aba097349005a684860db

SHA1
b4a18be3bd61158164c0054d9039b8df58ddc980

SHA256
62aea82f47295a7ac9595b266424f9fe54e328e7c04bbc35f28ba119f96778b1

SHA512
bcc5949a4a274ae2cec27a379036cf8aa3c016d800e907fef1be752821162f686e8d5a6859775ff7bd7fa89ecba2e3d0871e5a7249eeabc80a2d82d5f649b2d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09eee2f8a6076bc565ad3f79d93ddb9a

SHA1
888ca8031d03f92c14eb361fbe90a4a113c79da5

SHA256
11048c8f9c0db3e7bb7a34c6f10fd85422aa4d463c8e2af89a8e212f1f5c0f8b

SHA512
ee5175b1dd1e9d78db631c5e78efe74fd8214aafca2c73f2c76a3124f37a19fe54631c9f7591da804578244a6b3ba78db7f0f77a30c52b834f8199baf8d1c70c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9f58dd570861f63c4f751b24c68577

SHA1
f3f7924e1d9b0d4099ae5e9e648bdb37c3475a4d

SHA256
544daddf2676255a82da66bb83ae275be857424f3e28aeb3fbc9009ea0050d73

SHA512
c2452425ecb3284c0892b6f081064b3b29f65d24f348c82edce3ce16de39c1cfc068bb8ecea8c55a05573943d21d38645232f739e05bbf45a70b7b65324005fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d91a00617eda8d5f2662a6d0bff13d1

SHA1
7c82e8b4b82f3efaacc3548aac72588126ddd83b

SHA256
3e8613ce29dcfe9003dba22e6344452660662249bf24e53565dacc8411f79a8a

SHA512
faa18241a5e41d52ba16e5c6b630f9d7056b664872008324925bdc74845fd85e955dbb67187ea2936b84fe860d932ec70fe2d5b87aee7b9c98a81726b9092fcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64df51a2fedf210d9134ce5c969ac28d

SHA1
b6cc36469ba54dedfab4ec8ab1afae39e3a9888a

SHA256
d23f03a3a252cca80a1088c9c342cf260b9faaf973eb7a075395e61daa631434

SHA512
f3af71a25200a3bfd7f05733d8e7418b50fbacd68121c6b1348d43fe618d6c7503c90e9dd90d81d3400e0d744bf10c9f8bcdd589742c1d260bee98c8e9e5785b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f65de070a83998e75e1b0af149faf36

SHA1
ff22e9beb39dbef8660bb3b32f9fe0ee56275101

SHA256
b722c7b67f7266db849e597f0ae5488cce6c66265cae97231b9abe6e23cf4c7e

SHA512
2394f8a646426b5857be95e7d101849fa2c48a53d6729bf212e2cb238fdc3babf86c25201e8257bcd193a7fc32a328b871296232e46d22ae368faea2c38634b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b825901ce3b13c117064d5a909c900e

SHA1
b0677667fe97b41c7bfbd7efd9041d8f0c7f91da

SHA256
6e928a1fd7ef1b9083bb7deccdda865cb15aa618e407cb38d2217e6c6a29d9ac

SHA512
d03b54543ca78bc915a5c91b6e3d3bffc45bb687155f692df3221852336936b7ab9c3ad7492fb3416ae9c88165f49c878028175acea0daf5f54c8f1f5e7f7ab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28b6d62005eaa6df3c719953d60a2773

SHA1
c027907b6511604c146287456af23e98a9e867bf

SHA256
14794a3c02e37f9201fd98f51c68308185b76b5088332c0b3f5fb0324268c8e2

SHA512
bcffcb2393016a0bfa276aba967d2b30d96a76ff61c0cb82356c314024a59d414b37b62ffc630e199fc4c686932d53a3458c1de2a2e607c08c94e90bc7f1a478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c3c294430c7ce63ba114e4b68a94bc8

SHA1
9228f6caa7bda896801779d4beff791c3d4aa839

SHA256
4d8a01b4d9eb5c0997b9f7ecc2f7f794f56e79fe79c5949a06b893969bf4c8ed

SHA512
0f6071194a8cbcc7a34df5d24258d0edc8fb8d2f077ddffd8b823926836f743db3d03ff472f4b4ea251b73222a94491828a72394dfe1b715604d293dcf310e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58e163f3a8b30997cf80a42338cc3fa3

SHA1
0aa00df8bc282e07ef8295133f0cccf17896d7ed

SHA256
57bd2043216ffd17ffb921bce3a1e30e436534e88ad6bdb68a7fbc8c5dc7c25e

SHA512
e36dd47dbb5f0281bf55a28e08fe2a59bf93509691905f97dbfae7ddf23cefcb57fc7a6d827dcff68023ce7365c25bdb48ebdc77c967eded32d14ac2a461bce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c81a6740b41c2e14234ad75d898f09e3

SHA1
9ddcd092cbbf7d2fccd9c791dc905de764bc9558

SHA256
65d73b8d15397716c7685facf7cb70e322801193be95ca130d5803d36c7c2960

SHA512
4acbbf0fd0d389ee9c1dfe2090e27178502b6bf62f8b835df69d321c307a098f7bd03c0d49b44291da8912b6e2e14730361ccdbfc9dd368385c7d7e94c584bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA50.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\PROGRA~3\lsass.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/2720-0-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2720-1-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-562-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-454-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-455-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2836-543-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-521-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-499-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-477-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-8-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1016-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1038-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1059-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1080-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1102-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1124-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download
memory/2836-1143-0x0000000010000000-0x0000000010039000-memory.dmp

Filesize
228KB

Download