26b5cc9b1511b22eabc064dd1b7f3263d2d64395f33908b706f493032e1ac4f7

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e2dbe82b10644b8b3182b30bf1037c7_JaffaCakes118.dll
Size

240KB
MD5

3e2dbe82b10644b8b3182b30bf1037c7
SHA1

a39e74b94de9315f8a044fb7b9f51c6e5314f448
SHA256

26b5cc9b1511b22eabc064dd1b7f3263d2d64395f33908b706f493032e1ac4f7
SHA512

6a828a7299dcdec2c7a1411856ebe4979f9a207b8dee63bc9935924a159d4e13eaad4c5a4726aa896944e827c6a9e144d700804267f5259501d37b0fd163fdca
SSDEEP

3072:B8bpmMoKGW/TspUc13jN400urbwqw9oR9arFrqI9FU2b:DqTo13x407rbbz7ahv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3024	lsass.exe

Loads dropped DLL 2 IoCs

pid	Process
2348	rundll32.exe
3024	lsass.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\PROGRA~3\811sekaCaffaJ_7c7301fb03b2813b8b44601b28ebd2e3.pad	lsass.exe
File opened for modification	C:\PROGRA~3\811sekaCaffaJ_7c7301fb03b2813b8b44601b28ebd2e3.pad	lsass.exe
File created	C:\PROGRA~3\lsass.exe	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	lsass.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	lsass.exe

Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1"	lsass.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E052FE41-8927-11EF-9CB4-D238DC34531D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434960851"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	lsass.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe
3024	lsass.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe
2264	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2328 wrote to memory of 2348	2328	rundll32.exe	31
PID 2348 wrote to memory of 3024	2348	rundll32.exe	32
PID 2348 wrote to memory of 3024	2348	rundll32.exe	32
PID 2348 wrote to memory of 3024	2348	rundll32.exe	32
PID 2348 wrote to memory of 3024	2348	rundll32.exe	32
PID 3024 wrote to memory of 2264	3024	lsass.exe	33
PID 3024 wrote to memory of 2264	3024	lsass.exe	33
PID 3024 wrote to memory of 2264	3024	lsass.exe	33
PID 3024 wrote to memory of 2264	3024	lsass.exe	33
PID 2264 wrote to memory of 2768	2264	iexplore.exe	34
PID 2264 wrote to memory of 2768	2264	iexplore.exe	34
PID 2264 wrote to memory of 2768	2264	iexplore.exe	34
PID 2264 wrote to memory of 2768	2264	iexplore.exe	34
PID 2264 wrote to memory of 2704	2264	iexplore.exe	35
PID 2264 wrote to memory of 2704	2264	iexplore.exe	35
PID 2264 wrote to memory of 2704	2264	iexplore.exe	35
PID 3024 wrote to memory of 2264	3024	lsass.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2dbe82b10644b8b3182b30bf1037c7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2dbe82b10644b8b3182b30bf1037c7_JaffaCakes118.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\PROGRA~3\lsass.exe
    C:\PROGRA~3\lsass.exe C:\Users\Admin\AppData\Local\Temp\3e2dbe82b10644b8b3182b30bf1037c7_JaffaCakes118.dll,GOF1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer Protected Mode
    - Modifies Internet Explorer Protected Mode Banner
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2264
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2768
    - - C:\Windows\system32\ctfmon.exe
        
        ctfmon.exe
        5⤵
        
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8e58e621ddfb99282505a2d29dbb1ef

SHA1
afe81769c54c77b21e4dfc59a0f307df1d0ebff5

SHA256
584988d66b1e5a085521f34aab977a8b25bcb5ceb5335c062c37e1c54b3a93f9

SHA512
8fb0dffd288c0e26bd02bdc669cba3273c6bb211c690641561b2eed913c951dae290630174e1b5aebe1efd79ee77cece3e703b71061dba75141c2870d3607c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a5bd0e045628795536acf4801fd9596

SHA1
54eefc07ba81b7bac1dd7c33812b37f2a26c2ba0

SHA256
36f4a4355e14b450bd582bcc71aff6ee36b23b4f7aace79a76432900db954aa9

SHA512
8ad9ba2e24b2b6960d6a00c71801275c02f1d09f8b86b02035861d5857f1fe432b0404300cfd70e9c24bfa66ad7dbc407ddf4827e58a2d3c77822207c55599b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe0cbc1b2579d6a74eefe19a2338ace5

SHA1
53ee36afd984611ae78e82b505957aa81d538dcc

SHA256
c117c506d89c9e8bc8f40f108ce646cdf7316530f1c493dc63bd007972aeff77

SHA512
36a773dd003ff0b13ab76d0c2a4a12cfe6f9469e437cd3c5d87e6cf97878c5d44103567ac369f3e043d55dbb90ddb2200487bebe05c5a32654fb902991d03cff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4cd024dd167aebbd9769e4e6b86c777

SHA1
65f87440704ed431083ca22d59831c35b1376d0d

SHA256
ae77030f9e39acbaad9543fdcfe6f4f62fae973a897017bbe9b26710a64d494d

SHA512
115595ce66dd212cea79ea0729c1d2bb79e322ae83c3ea3378c4effc59c4a81aa9b6f2325bb86a9464278f1aff9ce85fedadb552f16e97be252aef442983e3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1135a7b525e6dc43478f586df312070a

SHA1
72a025f90f16540781f239dd12b811e1632fc478

SHA256
e879d0c0184f7a3e730fd7d56205966368d2285ccd421b650b77b632e7658629

SHA512
2dddfd4b47dd1f0da8eae0266f79e75d6744fb25a81215376315c4447e357c21257fb22b15630289bfe60d2f0651423093b77e9e5d3f21ee5833c7b966b46567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ae57101d89d9683efeb4850c234e138

SHA1
77710b9018e892ea9a41e84764fb61234de0ca53

SHA256
9a3d9005d8378e0db84513381a3bb844259f5a272a5200ce299036abf7437fbc

SHA512
2edf12dc7630495ba501b9a2787e49fbc75033a761346915b85e455a8eefbcbc70e4c16f0dd56a4e90358f01a95743fb8bf929ee50a25ef68ac9204504865ae6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59b1f82f52e4a645e784b482ce66a9e4

SHA1
f012f6551588e30dba870e4e579fc01e5ca94a7c

SHA256
66156cb8c11de2bb072e605a351e0cf74b9fd40a910e7db7c650c3dc95f70ddd

SHA512
ee4bd06e09324c3545e60c507caad07e1d607355b7a0be7f4ceabdcca334a92c4d69bb84cd68de08fe335361cfbf0a92fcc84c092756c1adbdf0889a45233fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53896e595d0fb968b48c35e9d3807e2c

SHA1
abdef55d169dee751e86aa2555a0ec8a5892a10c

SHA256
62a0b89596ace1acdfc7b7c1ffeefcf1e8cb449cd6a4608f1a5b15b87d80ba38

SHA512
a5130210f7884b0a967d5c575ba611175c562ed494c2ab5975d80884a7a02e5574a24d28672b579d90f74682fc6f7c94e701eab1f7c771db7da1fcbc4d722254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57064d5ce3df396c5973ee1c05f5e965

SHA1
e6ec199f3c47635a69e75c9c259fd3de40c86411

SHA256
3e46062528527dd2e925f8bbbdc3fd8a0a3873f3d2b28b081ee6d56a662cab76

SHA512
ed415e7a42431aab0fa61e32af4ac831c1fe95621daf3d966f6306b909c79379694e8e80c129ffb191ebfe636ffab912e0ba2abefffc34a920efa905aa49d7e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85b8bfcbf8ee792a48c035c99f9a7ab5

SHA1
4d1d6315e68aaca7c69d690b5ad2347263fd7584

SHA256
1d28203b921692fd481c65df0e6b554d0704a0a9d117e6b749450ad21785e767

SHA512
d229500213c5819f880d91ecb95733484b5ebdab81c18f640cce0a224ffd7549830f80055ce6b6934bc78f98eec1345f3983c78d67eece39d94084b2a294aab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0aa34bcce607019b393d40cf50dccec

SHA1
981e7adf19702e11df748119320bd9616287b354

SHA256
e7bba74a455ecbe6304ca9cc29dcfdd366bad7f9a49a78da5402fe0f8cdb361b

SHA512
65d8eff44206e816b8bc5eb474e706db59d3c6766e9b5c09806cc1dd11eff020504ecf0d84322a88b65dddf74a6cae76e9d75bcc93b2801381da3179c030d5f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bec8e9c74dc748abd99137243094918

SHA1
184fb77b9660eb1e63c88846cb199b57cf4d8b67

SHA256
b0b9e3610c33da9b73a0fd256699a56873f37d695a3e4e52f1820b0cc7725c82

SHA512
3309836bbddca2c462933ea89dc28290ec3262d9997ec1fba7a87a1c46d09e6ce8dda0164c33d960344420d32de588f1812a9754de6bc38d3da63a6814583655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f691b4b515dc2803eab53bab19b69bf

SHA1
f3ac65499a0097b17b203432671a1731ff4f5731

SHA256
36c40e4423b012578614ab7e2edeb6906ad2b62343d95bd456b020dfb08e19ee

SHA512
edb42ff6edfee756fa294b5745e81b0c2d272aba6a857589c5fe81d63fd4f4e611d7ed1489f8bdcbb342a4faf08be997dae1fbaf8d3a32fb6d1a86edb1fcebc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7280d80a4af5f9049acbc72bf2449d22

SHA1
2c4a25ca7f404a88e4b7d36f9ba707597b79ac6d

SHA256
8912603043f9763c876b87e16cdbf6f6afa07e0b9d80a6aedc1aa32c6b27b9ad

SHA512
17820c88719639e29075467e5edc402530a371ce1beae932b8b58e8cd42682b24a97633087ca161ec6d3264684973d558f4413701e5d9c5dcc2a6b27d0ead686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
606dc0bae797505d27b7617478be3cd1

SHA1
e93b0d14cb9ba2790e856a6a0efb2d51e05e673b

SHA256
6ee837ef783e4084c53fdb256968e410d1a728e97a44641a881e75a91056c4a6

SHA512
04df15f5973988c8c0dbf1544c8bda089f63d4f8d66865eaf1a916d9c3e3756115b1f8d0e10b2d22552e65287a4db29ccbada6a3039a29830c68c87a389e5703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4fccf540e9556135166aa91cb01784b

SHA1
ccf7df44c2472f4cba7c016efdaa63480aaeb144

SHA256
36b1357101b93d6a076ed30c36ab19f48f91f04c5544963d5a5a2bbc1cdddb1f

SHA512
a1cf1170db06beba46256428652ba893c2ae0bac4847a5b776764c1ee0869da7441bed50a524af6eb475771049124a8d873f7e519bbb15f0cccfcc1caba29d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9caa6d7df1e6bea7a4fd8ef9f6719667

SHA1
0d152726490e19b1a2f6fba36f08eb5708cc5aff

SHA256
eaeff8e8a1f05200e76ec1e6b8241f69561ebbb460daa35ff2ab2e873c8a33d5

SHA512
adfadb0696660dcb0127fbc889fcd619466eb51b9c443f6da44c08b1db84edbce00ac1f92355d886be22d216f97f42994e4d6c48e1e9a6c9ff8d10ccc00245dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f117efab3d5babed58c7abac37567de

SHA1
a0e7cb66bac36d6b82516f057b2638d2c695a7a1

SHA256
2e7d185ad973a1a40cbf509d985a1f899d22f8c8b190f3409acbdfe5b50fc78d

SHA512
e2408a7abcc2bf2698d118442284a620e2a25a2396542a2e9bb9f10b237a2678fc0bdc6c9f102f4bd8238cb1bfdfe2e222185b34e08c919c87e3b41c348814cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3af14ee6c3a3fa374ba425046abec0f6

SHA1
c41c8a58742519db8f7347608a2e4177a8589f2e

SHA256
3ab5339b1635b0210716c71783a4880068e5f32a210c251caa3d75b04fb6d4cd

SHA512
620b0eb1c7435078673885d1f8e12f9a59af6ad5883bddba11b857ca6cc6e847a828226ff76b40c22a143c38c71d6dbb687e895ee900ae6e7235ad572aabd09e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16DE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar178C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\PROGRA~3\lsass.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/2348-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2348-1-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-8-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-499-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-446-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/3024-477-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-562-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-543-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-521-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-445-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1016-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1038-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1059-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1080-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1102-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1124-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1143-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/3024-1165-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download