Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2024 23:08

General

  • Target

    9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe

  • Size

    2.4MB

  • MD5

    9e70d5f3986851c9ff4a9cfed31fd9a5

  • SHA1

    3be690ce135b0835d374c8d0bb96be4c9faf483f

  • SHA256

    9274e1c3d9423ff83b6da773441148f487a9b4f5f54aa0f3d25266edad2e1219

  • SHA512

    50e4a22e56f37b4cbded882c70b37e6a4267fb8632dad97937cd58ed47fbc011f3e66409cfd85a23dd6d5cb650e3bc8364b14f5f4e844ffb3295640969d1f3a7

  • SSDEEP

    49152:aUax0MDAvfCWKsOOSWAVlPMvclqcvCQLKgAC0kX:XZMDAn0sHSWAVlUvcscvCQ/

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2010

C2

login.lycos.com

iunsyntoqprabhosao.net

178.32.27.3

Attributes
  • build

    250161

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

  • Gozi family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 820
      2⤵
      • Program crash
      PID:892
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4388 -ip 4388
    1⤵
      PID:4712
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3104 CREDAT:17410 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4996 CREDAT:17410 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5008
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:448 CREDAT:17410 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

      Filesize

      717B

      MD5

      822467b728b7a66b081c91795373789a

      SHA1

      d8f2f02e1eef62485a9feffd59ce837511749865

      SHA256

      af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

      SHA512

      bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACBA80A34A55A5C88835E6AED2350B98

      Filesize

      504B

      MD5

      5e3bf431abfcc003debce3023387fc68

      SHA1

      c27727a48d009d825ce33dc2eebe2182ae8de007

      SHA256

      537bbfbb0ffe9000c0da43eb19a0dd9866039f6085bf87db6157e4af500497b4

      SHA512

      6a468082bcef9dc254ab8d9d6fcaaf915a7c5ed74a25c1b60c1d524330aabd3a421a5901bced4f80cbc93a15f3fd3fc944d069ad1d7d96ef82bbc7b411f2dcb0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

      Filesize

      192B

      MD5

      a64df086720177b5a5b51d2aa7ea1535

      SHA1

      288ffd02221b25cf2e225ebc361a0488e7ed75d9

      SHA256

      f721e40590365a14412fc790972d14d8741e08b92edb6e0b03162e51574b81f6

      SHA512

      3d5b1c133c0a98df11b5225dc1a20b2d53f4bb440de92dfe05ee2fc0332b01d9e0414c0a4dd9f25d33f4d1401b3e3e54114ceae9cfbe92f9759c68bfa07cf6a1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACBA80A34A55A5C88835E6AED2350B98

      Filesize

      546B

      MD5

      493715abaffdd0197e8f8be0bf2b12f6

      SHA1

      1c7a29a2f1ba58d771444a89b088d58604024e40

      SHA256

      0d3a4e9a4525f84e5458587d04594792d3a6f9c7c3bfe5552c10f9f5ee902298

      SHA512

      068932e04db20de7b63e5aca3115603447e8440541239bb20b40d08a21e9368a758f52d4bbb9ee78f21e77a547a7aefa4151b350e95e0a7fa43760365ed8bc5f

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\vnm23y5\imagestore.dat

      Filesize

      1KB

      MD5

      93dad71f3c1f0df4e445cd1a4a6591cf

      SHA1

      c03355bc3d5ccfd97efeeb54fdfc1d77c37a1758

      SHA256

      9c3cd7e6c4b4633f56a2d9d2b374a9599311a3c1a34a3dedfcf03852c344668f

      SHA512

      94d3ced144c11ac7fe17f58b3cf832752f746837d0d2df0e62f1cf4936f9dbc74b3d34e3b45247c85eebf8325c00e3970d8c30de0ae478dde58e2019a0e0d852

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\vnm23y5\imagestore.dat

      Filesize

      1KB

      MD5

      880e8d49aaf3c16421397c2751e81120

      SHA1

      a56c3e90c4fe432b5fc59a028973c3feca39ba0c

      SHA256

      73fc795a3678a2e43852ed6ddf82ac5a8365a9e8d9ccd842c15c9cd1b85cc7b6

      SHA512

      8a4c43951dc4193c964203dfa9bb79298c4986c8f6b07abc6d1aa8e511e10b27f73fc2d51f548d8591860226161d82c18de5fb95f3a89f8dc1b14d98390bacdb

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\NJFQVJ2K.htm

      Filesize

      12KB

      MD5

      8878f11344d824cc8c9a6fb11aafdf85

      SHA1

      0f20aa0f940ff003b170bb026d1ba935ad0b68c7

      SHA256

      ce406b20cb1b412d01d3588c66002fa5149bb26c94f4aaf65243e56e09b7be0d

      SHA512

      df915fdde23bef1f2c4ee7bb63ef89a41ffa0adf8f77ff47a7c34363d9aa3bc0f1ddb146cc36816918705928b6bfea440cdf5d91a398513004bd73beddc3b02f

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\carousel[1].css

      Filesize

      2KB

      MD5

      34caffdac059db484fddc3a640900c88

      SHA1

      50df963674ac307a0edf941ff9bc4fbb190eddf6

      SHA256

      5cf1c50036b102b751daf51a696967b194bcfb4d21bfc2d46f39dffd94280b26

      SHA512

      1647b2bc5536275436ea0bdf1de8d7cbf908a9d71a3c0f8c3e83847cba3eaea954ed4a3c3f9f70ba4f747aecdbde5f4b24af8da840ae476097ca8acab189a1c0

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\custom[1].css

      Filesize

      9KB

      MD5

      024cd593b97d43c82d5f5cdab7d08091

      SHA1

      d5b573581c9e5e210f1fd72c55f1e6f3e9c46ddf

      SHA256

      b14a166cbfe85b0ac53f3c9028f0a39779b8c27c837cd2b4bb225881c9c6ad90

      SHA512

      acdcc1002a87e7904a636ea9ee6020999ebf38549c16901855aa7739cd565b0645f7cda181ead4997501dd772f907bfa2a8a74bf43709536d8da56add77e66be

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\dog_in[1].js

      Filesize

      1KB

      MD5

      6be90493a0c8eecfc606c70c06107ace

      SHA1

      2d2ca8a72ed0c925fa4ceb3744c48cda212218c5

      SHA256

      3ba54ce8ff0200abb5e9d55ba9ffd6cc83c28d8504d49c271bfba2e06efb284e

      SHA512

      8884aa037c396ce754ed4f9967873a01b1ad6d0091ad69a9ab83af83e6e30cdcb2c1e3b8a7299f376daf6d950811da9671cffb0dcfd2ef48c8057ccfb6f70931

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\favicon[1].ico

      Filesize

      1KB

      MD5

      b454396d84cf9bfcfc25f026fa2411dc

      SHA1

      684534de0e55b2769f28cf468064ccd6db01e21e

      SHA256

      de6d49b982cf9f818afbb11fd95a6cb9c85f777d2022727768e82f2c515cf223

      SHA512

      9ceda92cd02652224bfe3a05600777e2a79070988974f587600b304724538c5a4964ac2bf8546844c148bf39f6cf7750e72b9975a963ffdd8791b70a3159e931

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\js[1].js

      Filesize

      299KB

      MD5

      48518a589efa75c25058dbf78e931150

      SHA1

      8dc2ca17a8dc8d31a5cb3b2d5473f5066badbd45

      SHA256

      ed805085f72c45502d62331a3a5c7cf57bbca377bd5b20469e606d70a5046d3e

      SHA512

      565a5dd14ffe828652b385336ecc1c90f64e87156f54075f4719c88d7c2c65e652f54aa0edaf8d6dd2ac31f73f5767863b08c95af9286a7a96ba303c45394c89

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\lycos_swag_mug[1].png

      Filesize

      32KB

      MD5

      3b2b34ac900976c9598163b7555faa5e

      SHA1

      6845dbffa2ef17ac0a1b6615f7e1d45bb35402ab

      SHA256

      3798f5e4fdb86d88284150e0e3675d0b7f35b8e1d54fb71db5694bc5e214b6db

      SHA512

      35885410fd9d9ab06f64d5eff85fa4a7ab2e92f9cbc1a3a7d736b96733853c8e2e294ec6ca8d4442ab799a8f5fd9200b888d199b3537e69bebb61d103a67e919

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\prev_next[1].js

      Filesize

      53KB

      MD5

      e49092016f1775b5022a7dfdb9f496b2

      SHA1

      c34f42670f03b26cd1a277cf54a90a249185a306

      SHA256

      45a4add3d99198909995a010ce5bb28076fab8e6594942a6140cdfff1104cfd7

      SHA512

      7bed69b77e9a9237be77c27af19258ddb772bafabfd8df320b3faea0e76d7f4f646488d573db8b8c82c9bb54ad7f6329d1ee394efd9a608486a1a5280dc9966a

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BHOTC3C\search-icon[1].png

      Filesize

      2KB

      MD5

      1edd2de25e9cb2736d40c65cecdba77b

      SHA1

      50de96659c9a9982a52bbc360bd7a04ef25fa7b4

      SHA256

      d5c638978f58d910d11baa567cf1f394fc0cf6da2ee49a72c8f20d48a290dee4

      SHA512

      b92aea37f46509a25239255919c76ed99b9fec68dc225fd3e7533147adc3d9fa264d352ed83d0d9ac59fca02beb96be1d044ae6be661c60920b7189b8e3740e6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\7ZER3G5U.htm

      Filesize

      230B

      MD5

      fc15b3b8fa874c67f8de84b661157614

      SHA1

      d461c182d4f7e3b978957c4c88c2059009abc1a9

      SHA256

      ba5e35c84232b0bc93ed7e974aff02f56a35d4450d56fbbbc42fa11b3b8b4edd

      SHA512

      1bdb6baaeeb69b1ce46f744f4e4c08be8d123adc7567c4131e4f1fc42375f0a7cfb3c8f33b0769406519e87c86808b6be92ebfa9ff4ac19eb1d9879fb388167e

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\bootstrap.min[1].js

      Filesize

      36KB

      MD5

      5869c96cc8f19086aee625d670d741f9

      SHA1

      430a443d74830fe9be26efca431f448c1b3740f9

      SHA256

      53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

      SHA512

      8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\css[1].css

      Filesize

      1KB

      MD5

      4fd2c9e70c024271a3b73df063c4bab6

      SHA1

      e588054fbe32a859717d29bd9a271ef0d05bd273

      SHA256

      fd2c3711da0e381c121b36ab94584e237e2aa2596f7e0693cba34a206393436a

      SHA512

      ceebea2bda9fb03dcd69281dd6b9b172294cee04fb0102ea5c7d6b590e27aa70ad5579e9b59e7084da8b25f6062c40207a008627c516ade6a4f42d526d547ad2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\ie10-viewport-bug-workaround[1].js

      Filesize

      664B

      MD5

      186770c58c9bdb3faec9a4f32f582cd2

      SHA1

      823c4aa387f90353fc6a8933206387499426601d

      SHA256

      3a776234892e76fe2105236a8fa5f1ba40b18bb735fff77159f096f7a21aa350

      SHA512

      03a758bd85ec4ee9ac96d71c65504e44bad42e2e8fa88a8948801c9c168d6d109f3691e3acab4a909eac4d1254779603963e12c4ba1b81ac17282f03b28ee5da

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\jquery-1.10.1.min[1].js

      Filesize

      90KB

      MD5

      33d85132f0154466fc017dd05111873d

      SHA1

      161b78ec52f28657a835e4a5423f03782fd35806

      SHA256

      4837f7e1f1565ff667528cd75c41f401e07e229de1bd1b232f0a7a40d4c46f79

      SHA512

      5c73f7416de3af23384625ac9913eff11a8931ed8bf611bee49503354cb7de793d1997d309ed20e56fdb5bed4a3d52bdeeddef4ab09a10c20140137e4d68c00b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\jquery.autocomplete[1].js

      Filesize

      32KB

      MD5

      236e213a47daa4905c43cf6f52c93021

      SHA1

      82f76299cd6f55fc7f26a86a6626e7f101442c4c

      SHA256

      ccba6c99c4ad5d893e29f07cf4fcf75afb7641e9e5a44e435215217a84c7dc65

      SHA512

      3955e47687b7accafa6589b8f84bfdca15ee6579c810934474176f4a5c0547713b7a6d7d38b78d40020a09be633ed67db75ebd20a18ad00732f3e2353647928c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\lycosPopertyIcons-30[1].png

      Filesize

      24KB

      MD5

      701a44eab01c47af12d9fb33b3a4ba4b

      SHA1

      7cec6efc1c4304d5bb2eeaa4ce4c0a223f2048c4

      SHA256

      81294dc1f919060cd91a376d48b2795da882ec47b51ebe8dce457d111dec06fc

      SHA512

      663a8aba26ffd09e25646dcad7748db8da1c6908cf6d42fdcca00cdc9e011e2f3f04aefeb930d3aeea8b109ce99b685d66d88a8b6d27c0a3bfacd5254a6868f8

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\newadd[1].css

      Filesize

      759B

      MD5

      d28375238c3fa9b4d5ebb922b6106815

      SHA1

      0993adb301550cc472c7623d106030a51bb3aa0e

      SHA256

      284844d2f3496e97a0348a494626d4e2a7b41a469fa0ebea7c2129e0ca23c247

      SHA512

      21311a1dc71118351da1b64ea2c2d473e2cbb61fd2e3fc5254802e1f7138d5480b777e30db2f7ac55096d6ce73e4ea611cc95f85cce2bc5020453477598ddf41

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\twitter[1].png

      Filesize

      321B

      MD5

      4f3b32882b9812671765a63c62b71592

      SHA1

      fbb55a1bad56a1704dc48409290a26742c801cd6

      SHA256

      3e86aef81db5e3450f8cbec1dfdbe20d04ff79993fd476c39eb2ee81241f3306

      SHA512

      4e468469e13f92157a01b89b6ee36595f593994f15cbc687f4d83441caff4d7e0400c8f84bd1c95a68a215c1d2e1cc05330bf14387be2784d2932b391e8067a2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\fonts[1].css

      Filesize

      1KB

      MD5

      9127adb4fe43ff6c33017ba58751f26d

      SHA1

      c7851d2ed8f58e3e50d7fd6ccdd9819ae8ccbf2e

      SHA256

      47403a2c50cd114dbfd985ee5fca06f08a645321a12b767fb513981c2715e28f

      SHA512

      4ce59fc82bcf0e21f74d7a3b6fe8059b23a4c65e8d1b498dd8871857f0edeb8fd3519fc90867e811e1cf403188965b049e72b816b3c82b44a7baf0427be6b0d9

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\ie10-viewport-bug-workaround[1].css

      Filesize

      446B

      MD5

      3b9060cf62bfb4ddc5cf5e1e5204a579

      SHA1

      bb8c9bd6dc1947ebc51c510ba729b8f48cd5d2aa

      SHA256

      5c83d64fd31a699a81efd8430a7100f1aeb83024f88b252273c9f5de31309e13

      SHA512

      a1fe9190764a8e2abac6fc7e389d5fb6b5c6669ead738d657a008803ed738889564712ba0eecd2fdaf376d8f76540e3e961fa8367df5330fd5e5bd024d32e69d

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\lang-icon[1].png

      Filesize

      2KB

      MD5

      673106793cc8612c2dbbf74fd79fc5ce

      SHA1

      5268f72210bf4eaa362cac76cdfbf60780f7b193

      SHA256

      3ef033a928c3cb72a2ac2cf026a4c859690be9bc2e2db7d005dedfa552525a0f

      SHA512

      38f617273e39102ff972d8f503ad1dff58528c67b59aaae2c989b2bb1137b816cdc0ee1b98d2672b48a44c7eccf6adaa6637e7a60020e6e67862c650ed59ebd2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\lycos-menu-ss[1].png

      Filesize

      2KB

      MD5

      11d657ec865b3308d7c499388957134d

      SHA1

      41ec83bf9855dc4c3bba560a9ea2a94f71f7ffad

      SHA256

      c19b29e6cd270200f7f26a256d4dcad5847e33d08cd42dabe4aee4dbf2096cf8

      SHA512

      eece4d3cb2abdd557c9f2ba9058ef804eab61347400186b87d605ef0a89e690c9cc8bf243f504a0b8234895ffe4d1431f84c1beed88e37a73162af6df737b5fb

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\lycoslogo[1].png

      Filesize

      2KB

      MD5

      4f86a50c2dfb2715c6cd0a77ae71bdab

      SHA1

      becff13b76d1b8111fa6ddbbbcc22c9fb53302d6

      SHA256

      7e3ccaa29d1dfbbc6862a4e4be6b729d48defeec21a94089a8af7da7814c624f

      SHA512

      54a84c8c86633506f6276e1880c36231266535683fd7c3c3a219f77cf3e0efddffd313d191797bf912f71d3943d622a0745a60311da215856e3e9f475b5f988e

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\night_clear[1].png

      Filesize

      3KB

      MD5

      a7877a578fe321648a7063e0ec266c58

      SHA1

      2eb76230876c98f4d4abc8f27faa0a28274b1cb8

      SHA256

      5e1fb94ca0fd65738d7d179ea151c214d14428916ef86c45bbdf20e76294f919

      SHA512

      2a25e8527a77bea8004ab36aeb15d23f3ee4b76b8512e504636055245876af131fe990f715af966038eddea6f9314a68335e4d1e1aafa9a0db52ff303fd960fc

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\universal[1].js

      Filesize

      4KB

      MD5

      ad1e9e44eae65fecf5b829392035f4b6

      SHA1

      934beb0dd9f4b64ee8e7f51779cc9e6608fe59ce

      SHA256

      9b3cf14fb22139af01d95fc2bd251cd68955d7fbe6ef20532a4979a96cc933ad

      SHA512

      e4b0ee02bd094c0dc8370a8c8c057f652b91d2ef06e4e7671985369d4b617fcf018d7b1fcbe7fbf6add9c0df8759d412cacb27e4bad71ee4176baffa70c0d8b2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\uvtHamburger[1].css

      Filesize

      4KB

      MD5

      edb0d465f717b539c8b749189ff9bc77

      SHA1

      fb143f7e7ce851f205dde86dcb9110bb24c4ba02

      SHA256

      0b7e3d5083296df54e66bad2b38353be37f00879e0892c240dd3671c52d4409c

      SHA512

      883d860e171d75bba592569cedfff66efcfafbdf96e4820f1ebe037171d57e7048fcaafd42226eea0ab885da3a1266be36001e2a678f09f850c10c49e0768e74

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\bootstrap[1].css

      Filesize

      148KB

      MD5

      d92c4c206727f983fc800c5c6165b1df

      SHA1

      0e16edda4bca168c97506f4ede6341c5db5e40eb

      SHA256

      525f8ec811d3c17c7a043598adb643fa10a5b5de1a3dafbbcd2835d5833f2bd1

      SHA512

      b70ba379f5f087269c1ceeec29befca6545dc0982e969ecce8b57ffb5542145a3879ccb9095171c1d436be88a4efd991311337a15f56f6b66c28ad9935926d67

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\facebook[1].png

      Filesize

      248B

      MD5

      d603c0f0f5743483efff19726357f8bc

      SHA1

      cf522e93ad0521650c7d577f478ba92fc0751179

      SHA256

      c0aa31bc08ae3ccbf970617d703c57a9a974422cd4f56ca56b1cfc175fddb42f

      SHA512

      5df0ac8d630c4d04aa1b05ebea3c9da549816a52416b6958cf24492e5a8aed2e9a28a81449b35fa9fb1d05b848e86b821e73ea84c3a8f3a287d59523695c1475

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\font-awesome[1].css

      Filesize

      33KB

      MD5

      78b0d9b8ee049cc9abac995904b980f6

      SHA1

      2b6bf8acbbe2a14952f9c915d093496be5d73290

      SHA256

      04091bb4cc3295d2ae34ef26c5425dc3921e53783bd403bea08a3a51c386af0d

      SHA512

      b2b57d01b3b73541f2162471bf39c8a43783e904263dc5cde5baec3d4ffb9589b6ea72bec1485668ce09fc608a19494c5fb6b0cdedf3475b609e022836462d06

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\jquery.cookie-1.4.1[1].js

      Filesize

      3KB

      MD5

      d5528dde0006c78be04817327c2f9b6f

      SHA1

      31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8

      SHA256

      b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

      SHA512

      69484bdb1382ae92c4b860f97fab601db2d8117469619f06e720fe5a516b5eb3f2d88ad6065bba6e28790bd1faa86b20aa753a9a0c7a2ad53c4eb787a404a9af

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\js[1].js

      Filesize

      402KB

      MD5

      7a8dde4618b86ca2203f05429962da14

      SHA1

      d29f66f5a0021cc33b8e3edd39bd5d32c6aa1df2

      SHA256

      00f8780ffa451101877bdb70034cbad6b0ca4d46632e7ca7d3c14b3d57b04150

      SHA512

      f0cfa0dbbe1b7b901a0d099d9f18125e1d6e0bce1dc28817a20ebe937e99149e2663f2d8a170fd5531bd6d30c2dd840dfad099217fd6a9719ece83cb14186622

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\slider_prev[1].css

      Filesize

      1KB

      MD5

      4561fdb51bdb068af0251e05c4e0d2ef

      SHA1

      92a08eec89e3f5d23a9bfad9646bb63548acb5ae

      SHA256

      5907c59fe21b4231e8ca45dbe9f6ff3cf447f5516e2e5f7e8edf36342c1b765d

      SHA512

      77f2c126344ee3c1e72207dbe21f05adef5d375b37601d8dfeed91681201f49bab65610933691966d039c5fa9c76ae020962f00d903f596f5d3c7ffbd24d07d6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\slider_thanksgiving_us1[1].jpg

      Filesize

      46KB

      MD5

      17d6cc18f7eda2fbbb436f0f75e08e7c

      SHA1

      232bab9b880edbffe418efed5813413821610403

      SHA256

      569fe270871e876cae94508d6b041893149645046e736eab8f3dbbadc7184bf5

      SHA512

      e4121043c2f73b950f54ae7cab709d34e03296ea662510a91a1839cd38525502fd267974eb161062c15713108fe64ff4adc54e445260f72925baacc1418f8c37

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\slider_thanksgiving_us2[1].jpg

      Filesize

      110KB

      MD5

      17630c5e92bb7312bb38097610870a63

      SHA1

      03ca551ce64c4a28c254e9a76fbfb48fe2c6aa4e

      SHA256

      34c4f5b6f50dcd21341274fe1de175001a448642e3abc68456be462cbe484e4b

      SHA512

      f5063a39431f0b7feb909582d95cbff37cbdf6a1dcc7301e52a744d2635de85d5fa6903d465240aa6627e6086c42167ef10c67e9452c987d2f6151d067ea4870

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\slider_thanksgiving_us3[1].jpg

      Filesize

      72KB

      MD5

      27c2704306a8c8173be9b15775e55591

      SHA1

      f3bd73288b96beecbcb8a202e3fb90dc9df958f2

      SHA256

      454b27b4c9312eb1704a32526ba27df30a3906f7afce237c8c0aea6626220be1

      SHA512

      5088f607dbd0566926d028ec0a53f3744f851427c82cf62177fee6881d86768c16e0b16406c09339d826dc18a1074114a29132032a09658cbe6bbf4ed347979c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JAZ6MGFU\slider_thanksgiving_us4[1].jpg

      Filesize

      112KB

      MD5

      9ba1818e255ff4007bd83bf83eb8dbd2

      SHA1

      9d4a24a56b61694561701bf8444ac94bf9e25de0

      SHA256

      09bc5d86a124ff8bf603512f9f5e434034299d1dd9d160d3f938fccbe43b6383

      SHA512

      d345490b2a698bd82a6bf6148d3cee68f78de462dad284fac34d1ddd768b623fbf29283bcb77dc214e40c6be3a359fe6554a477ea440b2297d2fa362c5b333b8

    • C:\Users\Admin\AppData\Local\Temp\~DFBB881FEEA6349531.TMP

      Filesize

      16KB

      MD5

      9f22f378bf22282826ade1a7f32c558f

      SHA1

      63b3f11454cf3b4bd7c539ddf63027201290b477

      SHA256

      bbb9e339c8b4b129227cb085878943784ce8c07243f1e95bc414cf8f79f6e274

      SHA512

      9e442dac990eb62de7e29fff6249375a3206f57528e39380c3488eb6b2a2fe80a4ff51e12cf2cf129ac9b348305ec572eef95612e4fce1bdbf8d847a84b502e8

    • memory/4388-3-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

      Filesize

      64KB

    • memory/4388-2-0x0000000000DE0000-0x0000000001136000-memory.dmp

      Filesize

      3.3MB

    • memory/4388-112-0x0000000000DE0000-0x0000000001136000-memory.dmp

      Filesize

      3.3MB

    • memory/4388-116-0x0000000001004000-0x0000000001008000-memory.dmp

      Filesize

      16KB

    • memory/4388-0-0x0000000001004000-0x0000000001008000-memory.dmp

      Filesize

      16KB

    • memory/4388-1-0x0000000000DE0000-0x0000000001136000-memory.dmp

      Filesize

      3.3MB