Overview

overview

10

Static

static

10

b78011a22c...18.exe

windows7-x64

10

b78011a22c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe

  • Size

    210KB

  • MD5

    b78011a22cc4226acf52abd21e62f47a

  • SHA1

    103729da12ada8d53c9bfb36096f73eb258e3683

  • SHA256

    f57655066ebcdaf2124891f3eb14cc6e0a03b82f49343a9ce342bb8d5727df44

  • SHA512

    00ed133830a37357eea70bef9c25f885f92cb4d29bbe8a47c2a543d6c8dc4fd8a9666b70b2a00e36e29cafe25105e8c4ceda16875217ec2bc20004a1c9c6df65

  • SSDEEP

    3072:sr85CEIHIjsTee3hYzmEG69rTeQ4yMx/gfytY0ss2pn7sW7tiosehb1:k9QspRYDZ9NHa6/0sTp7sWZ/h5

Score
10/10
neshtacredential_accessdiscoverypersistencespywarestealerupx

Malware Config

Signatures

  • Detect Neshta payload 59 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Drops file in Drivers directory 39 IoCs
  • Manipulates Digital Signatures 2 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe"
      2⤵
      • Drops file in Drivers directory
      • Manipulates Digital Signatures
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 448
      2⤵
      • Program crash
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

2
T1555

Credentials from Web Browsers

1
T1555.003

Windows Credential Manager

1
T1555.004

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
    Filesize

    547KB

    MD5

    d79d6c445af89ac11b0349afc5dcd74b

    SHA1

    b9f4828b300812402aa3fe9d30dd1358419989e9

    SHA256

    b5cea0ec1c56740e98fd97f9c5be552bcd878d8d5e4c489aa32372acf9c2e340

    SHA512

    7b777152c28252de2a85afb63f48b5660372af3ea53281cb8d5e478425a9a05f39baf2d5421456be5941d80d1c10b1d640ec2c728c971504f8332c362a190069

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    186KB

    MD5

    4b66df126311195e0d36b1e8d3161878

    SHA1

    7780c6b762d0f9b9d7b6e8e5586fef45931f3de7

    SHA256

    dfcafc6022b8f65983c03d6237e9b0b4184ea5b61fe75e2af9976371546d3cb7

    SHA512

    abcbda69d071913b245bf1bc6f3afcc8c1e9ca1df6a269decfe9270e576cf03194b14ea3a5945c32ef1820622c5c2edb3e611a5acb30a6e73c0eedcc19f94417

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
    Filesize

    1.1MB

    MD5

    c7e4cbd009acddc890d29b96b5953bf7

    SHA1

    3e2a40af26e6b33e02af11de13f3f22ec1a4b211

    SHA256

    44f9ff6e62e21ace676a816df221d130cffe8716bdab35b07656fd1c7a716943

    SHA512

    3bd9eb73d46d67a3807203d519986c8599677f5394a7c247de4ec65820d4422d0793ee7215cfe14ce13598e8d4af9a612d69cb74b256957fc7ac2d8fb02f3c37

    Download Submit

  • C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
    Filesize

    859KB

    MD5

    9770fac1282b50657224599ef070b545

    SHA1

    7444ac5c975e877c2f79de97a322bcaa3729fb26

    SHA256

    80196be731f59f543e6e1a0a0deb8b47f748dab8fc87673881478249920acf46

    SHA512

    731ce1db9c3501811989fb13443bdec07ee885494b36b75e472567ffc2cf39c924c6fde875a1c5621d879e90023c4dfbccc3d9dd39006f75f20903df4996d38e

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
    Filesize

    285KB

    MD5

    68006458b2f64f9303231059155329c5

    SHA1

    7cd9f61ae6d46cc52f297178b5257005769c8a72

    SHA256

    9d644ff12e251d89c6569915048dfa36cea621784a9345b58b3bf08aa687ab67

    SHA512

    8fcac5f5937a41040d0dcbdd4364be35cadd74bcb2801e0aab99c37bc0dc83febc0595810ef8e59e8ae736af9668b0cb48009dbdf375597041ae4d98b5330137

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
    Filesize

    313KB

    MD5

    24f5a7e2aacb0db55d935c6f51358c59

    SHA1

    c882dfd1b8b1aa58a948e03947dee7caa3b224bc

    SHA256

    5c281f45e143db725830c78316c08f78e66c0cb86ef8ce9a0a4b049e1cd5f875

    SHA512

    fba5fce3448fea1e755fe2e98c8711c3fa645590c9e3ddb65f67290705cf164248c6fabe2d9149592d8c6a24257a1ed306f31a96902e33cb71023027f190c991

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    Filesize

    381KB

    MD5

    80a099475ba2b630d24c4ba564d09a32

    SHA1

    cb2844a7de7376b3499055acac09de4b4b24f37a

    SHA256

    881a0f5f6d99f1bd22d8df3c75e9e2a98279a02823951daed957aa4b653ee621

    SHA512

    e7929189ca451d6af11ec2c57c80126db1885c08f49be2c5ecbe676bf94c89f969ab1cfe5fa7b20d6a8f14e37407eb97ebee4d97170bbfef8664ca0a84249c6c

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
    Filesize

    569KB

    MD5

    173cf087e4b5fb97a95a0773bc6889a8

    SHA1

    be497885397a64862639178bd8ab9a189321e6f0

    SHA256

    7b844ccf223f494a9e19370817cde40be56ef1ed6b2d1e1fd41517128e4cb333

    SHA512

    6527957adf2f34845bfd4e8c70f4bc940d0fbba405546130ff8829121832a44d8543f44bed395c923fdecebcb0de6b74a17d5d0500ef496ee6adffa8d13d66d4

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
    Filesize

    137KB

    MD5

    71904e840173157c8d5ec7eb9237713b

    SHA1

    df5e350c4cf300806c068cbde1a42f79684cb922

    SHA256

    e9e887906e67823090b2516186cc01285c9731d14ef55cbe657c481f19f7cbad

    SHA512

    d98a40277a7d148d2f5424407ee3d3668d873b7477f5f17b7d79eb5a36fe798299a0f542a0b38515d322eb3e87f034ff1b9c2c088ccadeb854f4cfa48d0f5d9b

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe
    Filesize

    373KB

    MD5

    a9550a5c0951535555b5852d787547a3

    SHA1

    18b2f96a164352217365d9b82d34d501fe174200

    SHA256

    0ebfecc87b6a6beb6488cb95a30db6f1f3b32b47cdcf01f89bdb37f2eefef60a

    SHA512

    df9eb8a797e672547a0006baa53c9e10f00e6379604d625bbe4e4a1bedbcb5e87414ee8c496b97f579682391627759518b8f70c507afced23d401801e2bdf658

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
    Filesize

    100KB

    MD5

    47071729423ec419dbb37fd718fcdca0

    SHA1

    4495e77484252ff6b795dcb5f2dbf7d07145558d

    SHA256

    11f67933c879552212c0f498ebc8c10e18c84f063aa56684d34dd776117b83b5

    SHA512

    497bb3d8837a1f4f178b05f35ccfd8e7812db0d95cca500883cb700802f3506226f88d57075d229def0a4e6ceca239ce326952bed564f7a00a9e0da664a496a8

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe
    Filesize

    130KB

    MD5

    60a9736a9535a41be23aa70b107f287d

    SHA1

    3fafa33071a82b1e979d44c9c692774e2488f8d0

    SHA256

    aa1fe5250e2f30044ad6bab5376dd07296c1c2424b01b114fe8ac49c2f69e427

    SHA512

    eb46dfe87aa42cba4898061d07233fe345df8e411298f6cf88e2a3c246237dcbf4458c3355991a2cfc9b6491fff136f8c3c8ad6c1441e6ae8eadf4d46d2e5010

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
    Filesize

    2.4MB

    MD5

    1d14ba9e3376e9ca85cbccb33c7cae5f

    SHA1

    c1e76097a5120bfe4b6a76d67615c1f342be2140

    SHA256

    54c1d1a71f0b3afb91e1b12600bba5b45031cad0aad15f9495406d3a5d736d4a

    SHA512

    14e85be594490fd9473d96d74c5ea2ea9f24bef041f8e809435ca194742b278e355dc0f4e7022f9727b3bce1cec4841c7593f034911cbb06374c0477e6357346

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
    Filesize

    571KB

    MD5

    20b2fcfe9da8f27e55e820438795d634

    SHA1

    3d94b14f83d70852d24c4a532ae69a71b0dcfbfa

    SHA256

    84b6c4cc1ac5b2f9521e664968b0ff7fb81779cb1b0f3d67eb39a4e26ef4edb5

    SHA512

    438c374bf5f5f4f422d9b49bebf25005429727e1af1b88e984778c3c40129c24ab88fac06e04221c29989425c0591bf9a33a8679d4ed0b4f17cfa3b08e7b0bec

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE
    Filesize

    157KB

    MD5

    fcd7bf8854b55fd727e45304b84e0e58

    SHA1

    df2140b38a122b3880f086081f5c3738183823b0

    SHA256

    82dc559c79c474ec2988392be55a08883b30e28c561ff19a874076836830b2c2

    SHA512

    ed7ae3b532db640e834c35361e66fe3a48bdcb52a81e023c4373929e25afa1514ce28c907bb1a141076712c71e90e3b2790c649bfd236652142d9cb052147e99

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE
    Filesize

    229KB

    MD5

    883be5072b8d3ea49cc36ff0085c893c

    SHA1

    1d40afaef4503bed550089e0cac4986846fc5192

    SHA256

    32d5f732e6844593eb3a601479f1a80f9b8382b0ae4d02c0b84a45af51ae970c

    SHA512

    ed4eb8b685be907338f39b4e4c64374703c8ff0b2d53827e6b87b884ea458c37d4f1118e1f8fe7c3c276dc9d7d4296cfd001ad0ac221fbb9296cd2adb65723ea

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE
    Filesize

    503KB

    MD5

    e2fa92a3a87d885c16cdb4e663c8ae29

    SHA1

    2db27f9269649783e1821af5d7ba8023383f0635

    SHA256

    b4e1d194fc193e10ac432444d107f48baa3f7c86b51bdd66e9b526267851ddda

    SHA512

    361e5ad562e079ab33b3b35847c1f26354d1c64ec927be9e492ec15ef5733a310a2091efc571545c256853c5928b3f078a19003e2ad14be8e2178c58b94d7ed0

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE
    Filesize

    153KB

    MD5

    a2a1e399da3bfac18711d45b02f4d229

    SHA1

    a16b36103dbdecde396d3d141dcda63eac7ae262

    SHA256

    b42a3848b561029782ff62b14d8c2fb687ff88e1581c17a656ef5eb9afcf6cf5

    SHA512

    413b3135c5f3b03d5e8785948984be32973a8802a130f2b20b43ad6befe2b7f7320d7fa1e4a0c9ba8585a6f5b994ee282cebc882d889b37e68f206ee5bc37b9f

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe
    Filesize

    205KB

    MD5

    4b7f07cafb01f0f58eaebaf88f91a930

    SHA1

    1be4e31333e140917d36eb84622015a107d2e503

    SHA256

    24ff0615292ad94c5b441c5fc65e012075c90e14860a23188eb2d64ce50df556

    SHA512

    b1b208e57ed6c309614eaa723efc50e0367743579660d43570cf3fe8ffe5b278928164fcd6b8dd121c7f5f7ab65b7091425a92fcb8faa5a51f47bc39d58d9893

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
    Filesize

    539KB

    MD5

    d18d8c274eb67b98a850eec801c38788

    SHA1

    973d1d91d195c2832bd49f5e2006b10141965b95

    SHA256

    de0a2138d48697cf69161fb6e0d9ab648468ae5437052285d4863fd08a38b0b6

    SHA512

    95ebffd6c83543beaa3e802b24d34bfc6cd0a3e72ab0333c3953b404c87a670bdae0d294fc6a8767b72cc76cf42ece890b018f5888010818e63166258a76684d

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe
    Filesize

    1.1MB

    MD5

    44a53ef0b61f785394a37ce18728c311

    SHA1

    f39f1c2dcdab2994b282644dbd876df2c0e55447

    SHA256

    0f17b79ee2052f2e6420db24237d638694f0f11e9d76c8d6165226527e484a9e

    SHA512

    4d64d2e8ed11474c0f9569dbed3b79fc4f3788f88e55e147b0efef808a8d4d8feaf38cfe87602cdf34d5c7fddb4e251e19a441607adc949614724ca817961a6b

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe
    Filesize

    1.2MB

    MD5

    ad03b52e7e67397b596f81a97fa523d9

    SHA1

    2df01a6a12f9dfdcaa277aa9be382e232c5909c3

    SHA256

    4e8efa974d296eac5a033d03d5c36d02fa17c5ed14543fc79c6c79d1108533d7

    SHA512

    b52d1b72c8deecbd6995b758e39f25aa8808d0d466ee50622cc3b6e019d01de97352be4686154a1186c433a29605f5df8189e98bf2f17b831fe67af8ba1f018e

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
    Filesize

    125KB

    MD5

    7152dc81329b21e884d4033ac985d589

    SHA1

    a871368c1eaeb405577c41efc809d6db24267fe7

    SHA256

    d76d9885ef2cc7210c69c2c9b9e8c73a6400de0ea0af422ee6f07a34cc0387a4

    SHA512

    4773d840dd705c80ed4f72d9a5b7da90a1c1078462527bad554db2bb89a8afdb763d21c465d96fdfbc27787d58556cf1d232026437c222a98796fff0af45892f

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
    Filesize

    342KB

    MD5

    f0e9aac48e0a90a15d41024de15a8563

    SHA1

    1fad89187d8c306b714de5a086b3d8de46b6dff3

    SHA256

    6176cccaddde57b5137e9b8677d5080e159559c2f1ec1bbf7efcc895c5643b87

    SHA512

    ed7b20fb83726e91dc5796b1b332c7ac59be80825d3b60048d3a8cd57477b33ace8b58c48ad3765ac77ee6ba24d0f9d1b75695bc2e4c6a9177199a884e725fc5

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
    Filesize

    439KB

    MD5

    1215ed14ba8c5280dd407f0fca75e3b4

    SHA1

    0f71dbd517215cc5a04adeb2cdb85906986e915b

    SHA256

    346c64cfb3787793736849e0c9b70d6b3739200bbc95d13607598ea4a6aa356c

    SHA512

    673d032a2686981e374437f4949ef6f91fbf672028eb15f85ba059b6d22eb9a529d81cab691f2f983f89dc293741bf431196f32ea0a1b0dff1ad9e7647620512

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
    Filesize

    207KB

    MD5

    199e776c3f5fdfd09bc0f3a08234eef0

    SHA1

    595169682c4ef5fb3a08c487c242d369d84aeb75

    SHA256

    2acb134ac93a78ed145aca86d43c6855adb56091787a2e14f7b5fb168449d6e8

    SHA512

    7688421679daee7921e7cc20ae42d851bd79c8f2113ce4591798be7e6aea3402b88b914508245c80ebb55e9dedc2cad1fc8cc3bb0de0ec55eb0587735ce47037

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
    Filesize

    155KB

    MD5

    fc1d1413c55b62f51fe5ec5f7596b718

    SHA1

    96d3a4d7cf18dfb715973b8156ff1f5fca2d6e28

    SHA256

    1b682fd31ae83cdb9fadcccd6672225cc44341f4ae4c6fc038000e79d9a893e4

    SHA512

    cf8c7a5f765b5a93b5599f53cf19ee019b8d24a860ced9d0c782808c5f0cbb3cb71c2d3ec0499c61f23ae828de728364aee5b44448760d5702303bd0898014d1

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
    Filesize

    230KB

    MD5

    290544f9208775a5d1cfaf57b4dc0885

    SHA1

    2df7762459bc9ed223e24a04b994af4dca2510d7

    SHA256

    b97d9a66fdbe8a0f4dd63a6f6beac37315fe63e5975128120595ad4d36319986

    SHA512

    a63b5a9c29663468822c6c113f107b1a9bbbcb6ada0ad7cd8ebd9316b93bc0124ff9e668ef3d98aea367383f2247416e4f24e771875d8acd5cfc212cbcd4bd05

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
    Filesize

    265KB

    MD5

    9c14707d332e37a1b11c0d48ebf8ee56

    SHA1

    259328eec3a2e8825d0a24163db26fae55f510f4

    SHA256

    ac4511ed7401002aca3d6657f0a5f9d8dc7784d421054278228bfada70029f3c

    SHA512

    82640c30e56150a21e3a4df53367354a1e3cd9a147a93e2b6b270c1844fa42a1c63f0097814cea9c3ca1a2c6460c8ccb093994d0128291d1900c5be9ca8cb1d4

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
    Filesize

    155KB

    MD5

    5c461c8216ad37222c4499cd45c0a12f

    SHA1

    bb9bcaeb06a134ec5ea0e6b4276ef8ef57ae1291

    SHA256

    e47edb92a07eac2b9621654f38296daba1e5e3c4766e3adab1834d380e7623e6

    SHA512

    7b4c4041e012572ede453e4c569bc817c31c9a69754eb6a0b4f8a4e08fbd20361268c80b4d2ec70697ee4f34ea5b38cabb92ef838fe83ce0b6a2ca966e47398f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE
    Filesize

    85KB

    MD5

    7273f0f4e9201cfcadb273b473d45c3a

    SHA1

    2a614a81cbc1aa7df365495a8c3a097bb6722170

    SHA256

    7f3537d4c608ae2d5625066cf2ff8ccb92aba3440c42a4235bf2fadfb89a6652

    SHA512

    4e581293361c2edf48bdc46a346354b4fc1f27929a41ec7ce82042c9c8a2e329b8a1b5ddac33ec3e6e91b67a148b919f339fafb173193a5214f050631b52a40a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE
    Filesize

    1.4MB

    MD5

    53e26c1e58e37486b0a8366b9115b27e

    SHA1

    2784d7dc7793d859052d5dfe22fc6b21b71bafee

    SHA256

    8724acb17e4fa8171faa36da83e0628eee9bbb6bf29a8af5a928e8b408287d35

    SHA512

    a7b67541693c4d532576f64dbdda0335d27eff960dfab7523032beebe3fb6db6f459b0576d4d610f331981f4aab9119410fda8aea6c57255d60de337086ba80e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
    Filesize

    129KB

    MD5

    283b66720d05e7d87759df33828466f5

    SHA1

    72fde8d4f61f3c623dc8df0a2eb39ed268cfe600

    SHA256

    6cd195269a5d01b450e56c713458f48bb2556207eeb5fe77414d3593a9c34373

    SHA512

    6691e7f725f01647977a89da02a06243dc5d956525f5e049a4508d5b20a5e3ef474aa29c535140f9f3b5a834704af0251a6a4712a74af877db405974559220d4

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE
    Filesize

    246KB

    MD5

    403542fc6659ee90130ccbcaf65c31d3

    SHA1

    efd66249845d8bc4af79c2ff918100ff2497e2d9

    SHA256

    cbb82fa04b542efcba2350c73a8a6e770ed02c05609272eec8fb37eb6a6f3c66

    SHA512

    61d74d6c74825fcbc8978535640bcf0be92f3d2f93ded4c9946b158c52d06f444ac17e6c17871d4b8320b4d0644591acca9745ccc4691c4582820fdebd47286d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE
    Filesize

    188KB

    MD5

    3c7c99b9bc470d4ff961a66240171d09

    SHA1

    77080bf786766ec40b4e2fb681d73c063d7612be

    SHA256

    946791def9e27f8027094d0fc537f69fa4198b9580d5405f8821ac47a39afe53

    SHA512

    9e41de7054585d0a1e73be5a915642847ed8c0c33e164dac0e63219d23462cfdc98c94fe8969df0e4f671d8b1335bdb41bad6ef23b19a708b83bbf425d6157f3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE
    Filesize

    4.1MB

    MD5

    de0441a154fc18a8351f5af22d9a1e86

    SHA1

    3ec732481d9e1160bf9d61de7895c35fa44677eb

    SHA256

    d28404c3276bb7eaec8ead6d1d031ff3d220f2a28e42dbe13d8732aadef295f3

    SHA512

    f5ae9a2b1572d4772d5acd6a67420fe10d64411683858d6835fe3ad8545274edf0451cf920dbcef3b1fb85f33a34c15272efdde5f34de08b7b9a35827d14570b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
    Filesize

    962KB

    MD5

    69a130e6cd9103a9b9da79bc64011bc0

    SHA1

    53182da7b70a0123db97f21f411dee82f0cace30

    SHA256

    cddf05d01b8ff3758dd6bd5803a8487e7f945cdde510eb295b7e378516ad1090

    SHA512

    b127ea6ac1d6fee9a3e7f77793e12ccdcbdcc7985c41b333899db8d5dc38ed8ba0119ccfaa42088aaa4d4273f5d2975406f9b57f72cbc30375970fab1a423c0a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe
    Filesize

    605KB

    MD5

    3b8b781ceb1dc92d9fd5fcfe5a2e32b1

    SHA1

    6706430ed60882e868c42438340ce3d67d47fca2

    SHA256

    70e6360b4e6b65fbbf23e2cc02add38f6246c9a3559b3e666c0ce6e7113657c7

    SHA512

    e64a33c2b009ff9e2c70b666c3641d13bf8185fe7d20901ba8f9040c3c96dc504348d12665ded8d258f74a422c6f19e89d937c016a2e552e0f1445595b411854

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE
    Filesize

    1.7MB

    MD5

    6c032d499ad04ce4b68d6678c8b283ab

    SHA1

    fd0fdb1deac95330bf098c8e3e6e996aceec6e82

    SHA256

    2f2d018cc0eaa82b3d21d4761c446b8d2cae6c223ada4eedecd9c4175b30a0f2

    SHA512

    b258a078a6313962d5134f7ec52726603fe8cb1d98f4f3715e6781eb02019ec9f4e013a9bd6baa470926473061422c17f9a63a8c5576392f4cfbe3f8db5c36de

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE
    Filesize

    109KB

    MD5

    c9eb150cb1ffddbfbb945431b01fa0bd

    SHA1

    9f1d399d9628a3dbee47b48cd00e3e1d168f8ee3

    SHA256

    11aa495e86e8e34f5319a68e3b3313aa22ab2583541dab7f8c57eb7e583b2734

    SHA512

    4ff6154c8a0244983aa03e15777e97c8cbc4d55986c161b5073ae2d911ed2e338db02257703c5348dbfa48196e7f8a9c03bc4868c7c97a46622ed959600f79fe

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    Filesize

    741KB

    MD5

    29c663ec1d2a78873abce01426db2450

    SHA1

    010c9f4c32f50b857ab39822dc34ba612c1e2e36

    SHA256

    d25fe496f045e883bf38cccffc96c8704539b7981deec33ce1a1443a2f9e8dcc

    SHA512

    3f9de19f3f6b0f86c8ed665c9a90a0c083db6071eb5a5e6ca32b248b85fdbb27fffaa160f439e891568251e1a4f064211a948e1f562d03d3d39e7a6ba69a86df

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE
    Filesize

    392KB

    MD5

    b8f3f5f610229dc7b10dc16d053b1883

    SHA1

    dc571ea99b2d071b64950cc51ab2cfdad1fb4c0a

    SHA256

    9d5cfb587528886cb7a5a3f1b97662af357e726ce1087176045b027ef54e359d

    SHA512

    b4c11a479f41b9d07076fb479987c384adde2efc99e81516385d4c74a3a6aa5d497cf77b286dac7907fad478715f0be93465094f7dd254b6be0df10e209976cd

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE
    Filesize

    694KB

    MD5

    274a141af2214a44ce69d2f9affa5a28

    SHA1

    6a4afe10386cd3a4951fc0194e1121ae183fee73

    SHA256

    5d7bfa30b792a280e5fbbb1437988a6dbd20bdd7aaeb2f1277f42bab461807ca

    SHA512

    a77baa028f10325c8801047fd21f299a324012c0aa94df8d1126db5722bee29143315c9a31b4cbb0ccbb731446444e1a9aff019202574f993399aa863bfaa7d7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE
    Filesize

    726KB

    MD5

    ab39765fd93058a20f7262fb7bb20b4d

    SHA1

    d14fa3302e82a5350fa7f33aec8ec4626527c090

    SHA256

    cc6d24bc0a33cfb557276fa9e99313a56ee26e422dd06805356919d5b4a825e9

    SHA512

    fb55fcb242c12098159fa30dbf4486f55d34261058115bb655f9ae77bbb0674211b49276579a0d0ed32ef096a7fe85ee1f0b35dff314181af32586ec8c7dd9f1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE
    Filesize

    144KB

    MD5

    e03487c42f0ff6ae05e9209734afe24e

    SHA1

    b3f3288eeeadf0af46b73730faab17fc7871030b

    SHA256

    c304ad2b43d27573de1245f309c45a7dec9386b9a8aeac42a173c55bbb0a9a50

    SHA512

    97b9f44e2f18a4347e8ed1d37443db51ff89f04bf8fe722d81236a76ccaaf7342004391ffc425555d35130691041d29651c14439442f1f0f95ddfba9f32fbf98

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
    Filesize

    127KB

    MD5

    cbfac8f980b7cb5b21bce348a0df731c

    SHA1

    51d0363c43cbc9d9a6711b177f700bad761ef1dd

    SHA256

    5e25c21d4470ee6fef81987e6cb7f5d74a781c526e0d76787ca57d4f48eca3d3

    SHA512

    9da7ecbd8e9a3009092c15e09252eeec5d40cbd86651d2d3bc4e51f374b23a6102d26acdd272b2a1bdf6ea954ad3d66cc147fc3eb37cf99ef93e444c7e6b505c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE
    Filesize

    308KB

    MD5

    94b8392ad89de62f704acdb045008d9f

    SHA1

    6f26d487e5a0f216ff60508f4163447a51c72e08

    SHA256

    10e571b94193f987c7f89b12d87e965a22d6373abe00838692abe49fc6d013de

    SHA512

    9d392e80cb61ff7bae5c4aba88316da24a9a746a1cfa9c1f8ba8702ffc81d6df06673b2c92deb80ed2551288ef53fc6c1e7f07ffd08de92d70a9d76c46d45074

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
    Filesize

    1.6MB

    MD5

    0c8a67befa289d17d6770fad5261154a

    SHA1

    6b8df8e2dbc0796953d8c179264cb8e7b0b5a529

    SHA256

    8d8e5f0ed38c805cd5395696c0475dbbdc1b20db9dcccdbbb673a04b9f414082

    SHA512

    5e4381474baf53d3f7ccb6d3a29e16ae60d6c08dd6e9e703669b285898c3287b5bff4471467bd721c54639d7ce1d9a937f0c3963cb9f10456cf8eafb9fe18bb8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    Filesize

    262KB

    MD5

    372f40eefc14ee2084c32f1b0073f277

    SHA1

    9bf8bfa4b5dc81aff2ca253a55fada7d41fda923

    SHA256

    49a39124c53fe1f2783a4ff4b85af4bf67cd68d7b489fb5f59cb3b82bb7a4319

    SHA512

    4f16d1449b652b1a0695f5e26f69025dabb0fd49770fef3d41daae6bf6df080be74709356421066d52b6e08bc853d23634fa7e34b48c59639aa629d2d953c888

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    Filesize

    2.1MB

    MD5

    00b2ca5a336592188232d2828ec60643

    SHA1

    ca9e0e7ae4aab10b2da635229a4e979e00a3cc61

    SHA256

    8abf21beaa27a68ccf6b1abbe2280a40dea69b878deb51d00bc248e959120543

    SHA512

    9e849088e4a0827ee889bcc4fc6ee9816238e7264f629fe5cbd7a05277d2b22ab3915f419a92f1b4a6d5f350be10e4e2f79beab849059f200e28d63f3acb9026

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE
    Filesize

    3.7MB

    MD5

    773f895427a6f6ffb052d4521a01ade8

    SHA1

    c4fc0f24c16e306f13f2b0baeadbff0c68e08005

    SHA256

    1534dd396b404787c9f25c934528a3c0d46d988d29f21a395d1a7cc604e2138d

    SHA512

    b2310f3273aea090bcd72d3507b42a10f7992dabcd03a154aa755b084e8e100cdf158a10f7f9e67ede8aa1fb71692ae3a564543ed87ea9294de2ac9f8e8920b4

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE
    Filesize

    549KB

    MD5

    ce0a3561357a20332a8c53c1a3122303

    SHA1

    2cd81eab1f860f31ff813987dc136f3824c862be

    SHA256

    a004428e8fc7ea0c289aebced280f745ead7c54d19f8ccc6a303b2b090b13427

    SHA512

    b1f540a17ffb9fdba1ee9453152119c815089b584cca2fdbe1626ea6e755b5ada7e67d202398614e7d85b5835a481bb33226f0379f0ed658e82527ee1830f049

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE
    Filesize

    606KB

    MD5

    3f164c4222eec45c894f3c4f495c1175

    SHA1

    eb048059585197a0a920be0a4e06b6c9fd85c171

    SHA256

    2d25ca71bc6f94b4504e99b3b31a94f8e51d6e58c261ed749c08d6081b02ac81

    SHA512

    bc120bed4f7e5e354150bffb3b87fe0cac672cfa4857d3484b8367df3c79afad4506aea30ebebe1c848234f831c2e2c002ba85d3ddcdf38f97ac7cbfa0d510a2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    Filesize

    1.4MB

    MD5

    35f05624442ae6b92c2a4a35315a4ca8

    SHA1

    863a128f04b4b6b79503c49f8f72874089e0e64b

    SHA256

    a5767504f0e41476cd8a26cb7bb29fbebe86de23f123105b9e3bd3458cb061da

    SHA512

    36ef2e98ce29312d771f26a1639722f0c3f205b93472eb25840053d61ef1939f8d55aa2637c2225dfb65fcde2b736fd4012ee7955ee4663f24291c04e3f9cc87

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE
    Filesize

    1.8MB

    MD5

    3019956b4747fad919eb95549494b6d7

    SHA1

    03f548c562ef6fa7014bab28f2e2f0791feededc

    SHA256

    53dbdc6b994bfdd90d34f84a016c6b380d80460a02b5c0ffbc64fb44fb9d3d4d

    SHA512

    b5f789c026fef1f34933c9e24a38cc32911ca42b46bb56896c93f7dac55b26a3c09cdadcc150d91f6782c2ddcfbf375b70661be013240cd354041fbae721b996

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\misc.exe
    Filesize

    598KB

    MD5

    193ef451fcd02d429e82bb5a87042c63

    SHA1

    b8647c1aa815c66c134a4c8438f2c35ed93331ae

    SHA256

    baf44048f30d0e1debdbe4bc95fd9216dae6cf2c7346914c7083b13764b3fdb1

    SHA512

    c11043b9c38233b2b915ed82295d85f47e1ee09ea1dd531f7a224314f0c6286c0171054169eaae518939e6024b751fee47f13d7a61de1a5882930a7ab02a7710

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
    Filesize

    169KB

    MD5

    5f7e6337df7c631ba010a3f82e83b0ef

    SHA1

    083abcfbb5e65631bcb43a3ef21bf0392cd1d319

    SHA256

    1abf499b1fb99a07d974340ad9049ab9f194f63e79bd75639e34cd72123b09bf

    SHA512

    331114f7b2b9ae27b9bfd33593f64ac0a3f3c80ae5b8702fad447543b98e7026b665e1043c8e9bcd45f35e957cf10434fa9f3a02e47cf6d9e541f4da4cf0b6a9

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • memory/1728-96-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-15-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-14-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-157-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-129-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-94-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-93-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-159-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-163-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-95-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-130-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-158-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-16-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-160-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-161-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-162-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-97-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-164-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-165-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-166-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-167-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-168-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-169-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-171-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download