Analysis

  • max time kernel
    121s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 09:14

General

  • Target

    a112e40270437a236bdd9dfcc948a571_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    a112e40270437a236bdd9dfcc948a571

  • SHA1

    8a986bdf5b0271e563879d322f4cb0cb9baba466

  • SHA256

    1558335060381a3a45cbd49ea18742a4d1f2bb7660905ba07fc01a215cc792d9

  • SHA512

    943099e0d4a2f13437eef1a7b0dcdf72a3b3a7c78d5daaf9882b0433f2b5a06e53964b470b47a0585c2999707cdb663a460515360bbc82af83cdb827f273b48e

  • SSDEEP

    24576:8RWbHmsmKbRL6lzZXgfWDzyMM65tkU3ytel:8AbHmsXRePXgfWDOMjkU3KQ

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

  • Ardamax family
  • Ardamax main executable 1 IoCs
  • Loads dropped DLL 18 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 45 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a112e40270437a236bdd9dfcc948a571_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a112e40270437a236bdd9dfcc948a571_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\CommuniComm Internet Toolbar\communicomm.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.communicomm.com/toolbar.php?action=installed
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\accent.tlx

    Filesize

    2KB

    MD5

    81e9319284bebf4a64a1ae1aa9297d30

    SHA1

    3c7b8bfb0340a138974dc96dd2a42488e908b3db

    SHA256

    0ac1ead0c74e500a0f78d3f4b2bad09385c02f962974ac77e26d5ae9c62d129e

    SHA512

    8ff8b1110a9480c8b3a3ec9321f183a8e2aff48f6889328a2656974d3944eba37ef6ee410a61040e2d4684d9f3fa17f094172b9a5527ba0057006c81757487c9

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\autofill.cfg

    Filesize

    18KB

    MD5

    3513969eb5048e2560c0116f09cc511e

    SHA1

    30a5e57f5cde04cbb5db6478922182787470ba17

    SHA256

    755a5d5165d43c17217795db944b0f01e03b96325bb83ddf6e50f909eab4e6b1

    SHA512

    9a03f3811b2d49f544d60b6cd27dc1c1e5570c7af2c7e4d3adb9b023289a1b51f98a38ed061c876b7a2f94265c730bbcf05b36f5110ac1518e1c2e9659737718

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\autofill_plugin.dll

    Filesize

    244KB

    MD5

    f43d684c3673aeb364e4549f62cf6a7e

    SHA1

    eb0448cf354d3b1abe767e80a115e1712734e967

    SHA256

    ebf969fec0e8c9ab5d2dd1b9a809615e5bbca0437cae20ea50b2925b17f72a97

    SHA512

    886cc9c778734b939faf9e3202ad8e120adafeba4f9937fc33bbadf723c65bc1c5e1b9070f7ac60d4a9639512282feb08c2d92425fb71e85ddb50ac78013a6df

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\basis.xml

    Filesize

    12KB

    MD5

    8ed64ed7d3927743920ff39c77e177e6

    SHA1

    e90c0fa21791d19a3cd23f51e19cb0fba57607bc

    SHA256

    f9629550f54d2229e6f734c1f5ba9c7b3b48ee94681b76ec3b6ef8d695641881

    SHA512

    014cc9c102bb575157274b3cbc9a6ec4267de2db2f7b92c92f0c22830df01d24d57b4fa57637585d10d15c2e0ca1e43f9f8f2f033763c8e01a51387b6ff33c65

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\communicomm.crc

    Filesize

    330B

    MD5

    61903c42486c2062581b0d227e62edd2

    SHA1

    98dbbee5c59df00fd20fffca031cd85222ef94f2

    SHA256

    5890aff1507448bc1d444fe56a7673d095accbbf52677d0173d485f6257318a0

    SHA512

    57222ce03c2ec7aa118476787a19c5aa256e73be00ccac584d51f8466fa7e4e1bd14085aaf15e3b3709ff718960556c3a97086803b33b4611b69ef2605da0d5d

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\correct.tlx

    Filesize

    21KB

    MD5

    92448b12999c1826957b714104d620ce

    SHA1

    657cd7e51326f2e0bc2514426948e76c25d9b82f

    SHA256

    1d3a8990fe7af3365acf9bdb78552a8508a2ecc553ccffd68a91e9e000b242b0

    SHA512

    2ce037025ef20f774acb68c40a53b65914443156ea86485ad58abfaeace13bd9e4aafb55f26e00f08be0536690e58dcf7e6d32cf88d4f562ec5d4f6761d5bfee

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\descdb.bin

    Filesize

    115KB

    MD5

    7bb096d53d9ca88388254afae9068995

    SHA1

    f877bbc27707547db79bc2a1fb05489104b05168

    SHA256

    c171108e3d59968b9de54565a732c5a87e90f83e079156b3c92386c192768e17

    SHA512

    901a05a0ba94ade6d9b90836bebd01c4af131457630cfd059ce6a1eba40c7b654c7b9f83079df6d08160e21e8a1842571bef6d077328fae097ac88cd9a6c5b97

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\fdb.bin

    Filesize

    496KB

    MD5

    20a6062a938e56319ecc28fcbf71c191

    SHA1

    da5096492160899b52a5a3414ec0829a38764600

    SHA256

    8718d1d8154d0e4fcd0e2c84d02f580af677b96dac589426b0ed7e327f550a58

    SHA512

    14bcec751dae012d35f25aae59dcec9dbaf0b8674035328cfa3a586228e40ffb6d2bbd3d4b068cae587f47f4f233ccea452ca016ecc4fc92b48a7a1a0baf3da4

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\icons.bmp

    Filesize

    60KB

    MD5

    0540c76a162cf8aea5b333a6e183bdbc

    SHA1

    10650aed77cafd0e0e10a98a67343157abe93652

    SHA256

    6f00271baba262330950c748e67f41f0d2c98d5e0a5ef7cf099d864d7d9891c0

    SHA512

    7acbe3537f07ef6dc4a2dff809b8cc74edbf7d02ee4a75d0f399725d2dda28c5fa1f407495a23301f322e1655cfef83271be05e8062aab022538fddd6b001ee4

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\regdb.bin

    Filesize

    717KB

    MD5

    a9ea14a1fd7dbd79e7fc81c73b97a1b8

    SHA1

    46351d7552860351cd5cfb66a5056de3eb616157

    SHA256

    9c2ab69190aeb45e65faf317cbb752beb43895a29eac69dba12b7d6fa035a582

    SHA512

    1d0a15b2d128679c8275dea4a371e7b669a80d4d3e2d8a4c2f52d9987a2c589a7179f2885dc330cb58962bdbebb454513fab532405234a418b65b46e01dc4949

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\spyrem.exe

    Filesize

    280KB

    MD5

    83d5b6f29c5686bce69aa6999f4e074d

    SHA1

    b98cc07896b1d313e85aa839447d679d86176aba

    SHA256

    ad5ad2fe1229db247dcdd5b64fe49a588cbdc58d53e840c540cfaf9da53ce0c7

    SHA512

    5a718249d27380fdb51e1a7b9dc077c4edc528ae4aea2ab12b1a9f8740e61febc8086174195fd2a849b55866a918bc08913fb70f516b286c86b103981772fb9d

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\ssceam.tlx

    Filesize

    7KB

    MD5

    77eed4b296856a919e68bc23c57580a6

    SHA1

    9800e40738eeada502730fcbf8e27e98e38da592

    SHA256

    924ef798579f1798b9ab6e7492fb3449b81c47b0af47c11c87be14e4dfab41fc

    SHA512

    37267059dd6232cd9b56333082b02f164b51cfa30296c1870367fad70bb0083848c7da600553de9e5e48536885ed9231fc75618388c460eeb9926307ede60f8b

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\ssceam2.clx

    Filesize

    407KB

    MD5

    3e7ff0511befe21dccdb0e92dce5ff75

    SHA1

    e175b61e4ea90730777c4ad3b457e7ae2e5d93e3

    SHA256

    f07f5f4c8d4fe3496748b5964fff157fc85d3fd8e57140e2c21ffdee1e554f32

    SHA512

    ca292aa364b035bed016f9c3324fd53f4627aa4ff6014f500b7875f9bd67e5c99267edf707e9405caaef4e3d5a4734406466bb14c4d87fd5b742305fc871c75e

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\sscebr.tlx

    Filesize

    7KB

    MD5

    ee5c480aa68de03df03d0c8ef20bbf49

    SHA1

    968a06ce6362b2611bea5d104148fefc70f64e6a

    SHA256

    029354cff3194df395eaf2c08d30b75c256c44716c65a12ba6abbdd0910edd15

    SHA512

    08192820d289e59d1b0b6895ed9cebdf25a62d0a9a689c26c883b83030578e841e785f3032eec6e691976c4a4360727220eae69054f69dd3a4953ce54c19d83f

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\sscebr2.clx

    Filesize

    317KB

    MD5

    05b9bf1427c773c90281dc839978b0f6

    SHA1

    5c718b18b03060c6b2be25be350bb6511a3d10b9

    SHA256

    9f4b3686e888aef337e35c2c9041cbfade51e3939ab16c487064795047ee5035

    SHA512

    9681a3792e9e6fcc4cf3a3aa8b13310581f39cc439de5c2be68d30e9cd7939565758c8592ff06d0c1e0d78b3b9f221de45c128e7049f57edbf74ff660eb48416

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\sñengine.ini

    Filesize

    730B

    MD5

    cc20ee690736984301a8b1e8ec2841e1

    SHA1

    dcdd623475a70594e10e30d52700990111b28717

    SHA256

    7d132a41263d8fe38c18a8ae80efb4745321ab7df8282d89195dc6dcd9d58c58

    SHA512

    a88f22bd6a336c8d79d3b5add2400b728150e2749a0f952956dc5a76e2be26f2ed6706528c0a5f098a8287a2451f5b345f5c662474db3c0d0e444fca76dbf306

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\tbhelper.dll

    Filesize

    372KB

    MD5

    c4407679a570bef1b0171c93abd61361

    SHA1

    629eb29ca00268704ee73be12ca281c93f6c5fd9

    SHA256

    bf07e43e9ac1f11c650235b32e0e048a4f2fcd95c7787b6f61f0028467a4a3a7

    SHA512

    ee1de941dd9b5574bf15eb80e9d0b5ef552e95bfac249d1240de5bbec70a0b8dde0526ac62286c6f89024ff0fc95d1735c980f6335375de6e58314cda8bdae05

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\tech.tlx

    Filesize

    3KB

    MD5

    45650425e248e3d5a68f7d1121235d6b

    SHA1

    1fb95004c991137a52523a33c85a488ce614c3fc

    SHA256

    60a37df177a6e6b7fe294aa394438cb6514bacd8201a3e18f4b914a6105a8555

    SHA512

    181a12c0fe19d276401bc74dd13ad6f6961bbc3fe5cde88b531a48832c96017ba3f0bab4f148bb3f22996bf3c94ed7c0037312bfb98490a64b8eb2c6c547895c

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\userdic.tlx

    Filesize

    135B

    MD5

    2e6979e2b3af0d3b1af0e7a266c13184

    SHA1

    22602b8d04c16cb21d3051a074957dbbbcaa43f5

    SHA256

    1d7336dc906ffba986f9c2e3cd2899153b2c2f68381e36976c7afd278f4190be

    SHA512

    e40726345300b9bec6d9897bff6d742937a3d26de256d080bf8745bb074381c12ea8bb52883be35ab18dbeca89c8e045b752c118c2f6776fa1cf18bb3d71787f

  • C:\Program Files (x86)\CommuniComm Internet Toolbar\version.txt

    Filesize

    60B

    MD5

    477918939d0d15ce41b8510f4a9dcdaa

    SHA1

    4b7376fd44a01f0d353872cb5dc3df825afb04f0

    SHA256

    098e8d90526bde71724bfd4369a0a96e2fcfbc5c60b7222779ea15bae0454b58

    SHA512

    b21b8f693b95fa75e03251c8208829604ef24c986a8e3e83e51ba4a9e980583c4c608e4904857d2be558ca1177b2ff40ea5a6ce91ca42deb8680b5c6c6a33b71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9888180e40f26c08c02140dd4f0b782

    SHA1

    1b5c4a2f2739d9c1d9065afa43abd73323de7f30

    SHA256

    a8fc4f88a199e32e5116d40e6df11d6d0fd7460d46a11d37cd02e6f34d31a4ee

    SHA512

    4c0b318ab66cab2f245330923fd2064488416cae70c0b49b491f80971dd394a6b4ae341f30b7f85fbe320b4c2b3ffdf101216754ad1f53c43239693e5a9e9481

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ecd81b9438f9a197318b7fb1e7830fb

    SHA1

    d6b117943ae36cb077264c8dc4fb7313c4e0b390

    SHA256

    e0d6a2b8df6888e2404ec0b6c794f8888d46887d8fc4998bdf0683d4b424a2b3

    SHA512

    07f9bcd1aea556bfa38dd5a6524c9046f4abe45459f90e4a6418a76f8df605328ca96f29dcb13e000984a85c1bef0c5b341205707b0aa21968a42a8d439e7ff7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f938ee9ed8eaa5d7c09b5c6fbf95c661

    SHA1

    c3ea6e6d981add8383af51b0bfbd3f700d0c8e96

    SHA256

    1c8376f04ffdcf2b1ca17e11e017395b94e8cd164372f1a42a3965d5d6b5f785

    SHA512

    a86c0ed8efdf1cce87aafdc422dcba0a7fdb346793c910dbb95404ca2ed769c61545d7eab43799574e7820a4b61304fff33120334a73a9e9ff3714a2689bad83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e5726169910706c68e7ad42e369478d2

    SHA1

    ca86e70a6154aefc53cdedbbb5c53c0832cd8e83

    SHA256

    8e989fac3bfc24b2365484f5ea773dbcffa41eae9ee8e3b11b8332c85d6796dd

    SHA512

    4b5d14434728e6d7a3ef65710adef1d07e962e77dfe90c8fb10746d566cd7a68cb35c70fe95d1ddb9a0e1d4aa6081b500519a232e29789e92feec7792da17f35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    66b1deb76c5b4d5670a6a897350e2275

    SHA1

    3c83ea0f16133c528e50e0b82fa2e96661ad79e9

    SHA256

    9dd101d7854348f04bac8ebe8a5102969ced8accd9ee9410c79ae7f75e30124e

    SHA512

    f0dcf877085b3cd0b8f268a4fb744cc061ad8cac5fbfaf8d4d7e16eef86fb72446cb3ce93249412d6a71cf56470d8d901cbac2474790783b18535540f166118f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7bb1d82e715c3ede03738637cbfc537

    SHA1

    52f33cd2b9b2c91f8aa72699432fb2584627804f

    SHA256

    17ddbebaf20ddb55acca91f9814781fdb4a93be95f8f4a8573e3cf325798b98f

    SHA512

    a817a8ab66a017090abf5c15a94f0ce24b3944b4687e6e14d3f27e62177d016f5fa6ff54e1851bc0df4e63c152495a9152f71806e7b431f0f5265d560bce8b5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c181460f2afde075354d8297bc3f2b9f

    SHA1

    18f953ca58ac4558131de6469aa6385543fa0b5f

    SHA256

    fe584c0126273010c764631f3fca778f990d5a2d21c09fea6d3215f7711c8ce4

    SHA512

    12070595418445123c9cb5e5dbb194933f80d9e1b639d2a2f10ca32b9eb4a3d39bd23cfed76e26d7404821ce1ebed66ce4d8bff6ca25776281bb28063e0b4052

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93dc766cf0db58c98cfcf9c59c6216f5

    SHA1

    1c1f1a20723556fb77c37e22872dea33b23b66e2

    SHA256

    f25a3129306e13a35e71623b11dc58fd648bd3b39dc6fa631f3098e3fa581232

    SHA512

    3ecbcdc5a9069c206e709cfee9d147882f70c0b6f712f17cc2b73a5ed983a15480e9950ae95991b7224613f30356e435be22fd4d228f6fd22939a364534c71e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d1b1c95ff8d4f84cd9b12088695add3f

    SHA1

    c6772c32e6ceb550b18992b982317b074b82cfa7

    SHA256

    024cda6906586cd57ea4f7df2a840baaeaca9f9fa6187080a7c112c3a343f9e6

    SHA512

    472f61cf4953e911cd95a09f53d1e162dfcd125bbfa23fdc19b0f70394966a1805ca29aaf136c1e4794c8e6918b77668bf7440ae90498a84d68e569bace0f372

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd58161bc9322bcfd57b38c3b9c0cb76

    SHA1

    30461a29cb17230e49c9e1b8f6565777d520d32c

    SHA256

    a737042e9075b70a2e6044ee856e800b42d98cfc6e9a13b6828898300e484fc6

    SHA512

    249d8e61e97e2e22ddfa739a69e0c0af41d1201ef7ed5927afc1ab8b367aa605d7850b2ecfece7afacdb12a147ce752256249e3ef3f6f771b454c64048bf3b25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c38ee9aac6c8075843db8187df2f09e

    SHA1

    3ff3533d0d08f300d8de61e06828abf0ae729832

    SHA256

    b6e6a077f17e644cae5ee452f2bdbf4bd9135a1246fd7194d99b17d44ede1fb7

    SHA512

    03b7da3e4f537b7b28c7c70e8eb72633a01d605fc4542410528e99627d773149c573fd42d64866356b0e3d84ef3c517cd9e396e42f0e5c93132c9df12a8fd2f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    30694ebb8ea32e20454e230a4a419e7b

    SHA1

    483dbc7b12c0192f650ba86d482490c68c68d958

    SHA256

    ec68060ebc2a35411cf28d9550179029043d59fd700e47b188db034e83831d49

    SHA512

    12df2425361f28f070824f1c584f58b41ec366551903312731339f3070519120f95cc82330158cf3cfdcd8f93c3a868a0b943b638ab5b034cfd60f78e42036bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67120080931ce2dbbdc3fc6621acef9a

    SHA1

    b769d6842a8835529b28de2c6de7f6b783bc7f32

    SHA256

    f6dfa1288da62cf664dd9003d5893535b5bbc20aada22a310133cdf19196b9f4

    SHA512

    64f0b83d85fcbd631c5e88f9c79d38df416f1705e445c63e306ee00db3e76211a32aaba606bb908d0153f1b566e2eafadc07d875631f048f839ca8d5b342d302

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    474b7141557308766ab3700b6ad2988f

    SHA1

    1602391ec723530a83a054dbbdc03fae69181da8

    SHA256

    f19bbd1fd657374b47d43941ab52158ed23199045e45a5c4ffe24f8d436ecfc2

    SHA512

    3bf90d590be79a6eabb524d6cd2ef8064d5e1650499fb2752c569de9bdd3125de4f8b6d934d2dee54431de5ad1fe01f85cb70134157182b82d67591b7f1497a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80e4605d53c9d402bf34a34f8cfda4ee

    SHA1

    8cb22d0a706b0e4ffb8da4ce4a748db4f2b86cf3

    SHA256

    cc5727ae9e67f1c8c633a99f300872b55ed30758b874c0a59a06b01dc43e8df0

    SHA512

    7b27d067bce613e5d86141216390eb8eb68c1c13f2f699301b32d092a59893bc6bd32c848b45679b1e6e2b29685b10fe99b45aa32209f9d475be1c9b9ebcc9b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5cceff96ead6a8bd8ee0d1bdfe98806a

    SHA1

    79628bb7cc221b22c705a99a2dff36b712ec4290

    SHA256

    0ce9a467a1ebf008fb39f692240deb40a66583c74472804d550b84f3497fdaa6

    SHA512

    3cfbb3e4554c1f2e78917a2eec68a85800d62efc0d15f68369f8d2c49898197d9567fdff0a1789b36e0008ff403044af376613fee466c9a99aaf70bafcfa45f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00eb0bd0c44363cc51a99722b922c212

    SHA1

    5f6afa37943737db7b7dab7de3d82f000049deb5

    SHA256

    362d1033c06dc52bc9edf090ad9ab91a5e8ad1166cf54c5144ecd7c15cc43dc5

    SHA512

    b1f2b03d7e90d1533c5321887ea2b1cd96575dc548b79b45080a0eb63f677342f860e49a8e63118508c00ce844484591f666f0bb459ef9251bc9daff1972caa9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c8e3125a16dfb3823dec780c4e7e30f

    SHA1

    728156f1f164505734f38df4977b25c78e7874ad

    SHA256

    ca41a8c2392287eeea1ddff89a8c668c251cad4734b0bdf1101554fe2e5a0d3d

    SHA512

    c4c4e20e22a03e0aba87f70eb7f9daf4d7b4991ecb4b37e48f098f01dfe71998e5912fd333991c4d085eb9759e4ca72ca88c5174c9a84c336d9f5bf260744f71

  • C:\Users\Admin\AppData\Local\Temp\Cab4608.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar46D6.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Program Files (x86)\CommuniComm Internet Toolbar\communicomm.dll

    Filesize

    1.2MB

    MD5

    c20c1fd1a46880d06736b43e5ff0062b

    SHA1

    10161a72c9f25270bc56c09f453e9d8fbb0a3849

    SHA256

    f711613ee8f75abf45cd3f3b20e57785e69fd709ab3db9890729e9791d4b6be0

    SHA512

    e47a4f88f1b23a46917eea788544254e45d1168a31f95ed09cbfa7a0b8f8201656bd203765706d4a8ee4616b4cdcc78a4c20485a5dd2f053a14b6ce58494922a

  • \Program Files (x86)\CommuniComm Internet Toolbar\scengine.dll

    Filesize

    208KB

    MD5

    6577a80ad844076a70603b44f44ba1e3

    SHA1

    b5b060fda75a6c95225644f137e1e65cbc10b77e

    SHA256

    244c821688564bcb683592bd84fbfdd8e8ce54be699d48648f164c029ec66035

    SHA512

    f4623dfa538fc72b4f739ed8eb054ec6618cfe46784df170c1d7186b3ca6eff6730aeb6bdbd6acf860625ec6a95e73db8164563d215492bd80d8454518bbeac0

  • \Program Files (x86)\CommuniComm Internet Toolbar\spellchecker_plugin.dll

    Filesize

    120KB

    MD5

    a7e0e5c28cdf9b0822fc33e073552a36

    SHA1

    0090f0be61ed98e24f5781686f73c5585e344fd8

    SHA256

    04165d906495ce8b1413cd22cd25aff21bf2b6f7f5ee3a197b24975edd8b073d

    SHA512

    0fa604a5b563a61ce52ee0d541e5fc9a25c7c4c891ebb4b23f0d3cb9a4c9a98fe0913a42718e744532fae03ee17c241262bcad3f76e386394b96c357c3984400

  • memory/2940-46-0x0000000000220000-0x000000000027F000-memory.dmp

    Filesize

    380KB

  • memory/2940-49-0x0000000000220000-0x000000000025F000-memory.dmp

    Filesize

    252KB

  • memory/2940-56-0x00000000001F0000-0x0000000000210000-memory.dmp

    Filesize

    128KB

  • memory/2940-53-0x0000000000220000-0x0000000000259000-memory.dmp

    Filesize

    228KB