Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b78011a22c...18.exe

windows7-x64

10

b78011a22c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2024, 07:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe

  • Size

    210KB

  • MD5

    b78011a22cc4226acf52abd21e62f47a

  • SHA1

    103729da12ada8d53c9bfb36096f73eb258e3683

  • SHA256

    f57655066ebcdaf2124891f3eb14cc6e0a03b82f49343a9ce342bb8d5727df44

  • SHA512

    00ed133830a37357eea70bef9c25f885f92cb4d29bbe8a47c2a543d6c8dc4fd8a9666b70b2a00e36e29cafe25105e8c4ceda16875217ec2bc20004a1c9c6df65

  • SSDEEP

    3072:sr85CEIHIjsTee3hYzmEG69rTeQ4yMx/gfytY0ss2pn7sW7tiosehb1:k9QspRYDZ9NHa6/0sTp7sWZ/h5

Score
10/10
neshtacredential_accessdiscoverypersistencespywarestealerupx

Malware Config

Signatures

  • Detect Neshta payload 59 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Drops file in Drivers directory 39 IoCs
  • Manipulates Digital Signatures 2 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe"
      2⤵
      • Drops file in Drivers directory
      • Manipulates Digital Signatures
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 448
      2⤵
      • Program crash
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

2
T1555

Credentials from Web Browsers

1
T1555.003

Windows Credential Manager

1
T1555.004

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
    Filesize

    547KB

    MD5

    d79d6c445af89ac11b0349afc5dcd74b

    SHA1

    b9f4828b300812402aa3fe9d30dd1358419989e9

    SHA256

    b5cea0ec1c56740e98fd97f9c5be552bcd878d8d5e4c489aa32372acf9c2e340

    SHA512

    7b777152c28252de2a85afb63f48b5660372af3ea53281cb8d5e478425a9a05f39baf2d5421456be5941d80d1c10b1d640ec2c728c971504f8332c362a190069

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    186KB

    MD5

    4b66df126311195e0d36b1e8d3161878

    SHA1

    7780c6b762d0f9b9d7b6e8e5586fef45931f3de7

    SHA256

    dfcafc6022b8f65983c03d6237e9b0b4184ea5b61fe75e2af9976371546d3cb7

    SHA512

    abcbda69d071913b245bf1bc6f3afcc8c1e9ca1df6a269decfe9270e576cf03194b14ea3a5945c32ef1820622c5c2edb3e611a5acb30a6e73c0eedcc19f94417

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
    Filesize

    1.1MB

    MD5

    c7e4cbd009acddc890d29b96b5953bf7

    SHA1

    3e2a40af26e6b33e02af11de13f3f22ec1a4b211

    SHA256

    44f9ff6e62e21ace676a816df221d130cffe8716bdab35b07656fd1c7a716943

    SHA512

    3bd9eb73d46d67a3807203d519986c8599677f5394a7c247de4ec65820d4422d0793ee7215cfe14ce13598e8d4af9a612d69cb74b256957fc7ac2d8fb02f3c37

    Download Submit

  • C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
    Filesize

    859KB

    MD5

    9770fac1282b50657224599ef070b545

    SHA1

    7444ac5c975e877c2f79de97a322bcaa3729fb26

    SHA256

    80196be731f59f543e6e1a0a0deb8b47f748dab8fc87673881478249920acf46

    SHA512

    731ce1db9c3501811989fb13443bdec07ee885494b36b75e472567ffc2cf39c924c6fde875a1c5621d879e90023c4dfbccc3d9dd39006f75f20903df4996d38e

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
    Filesize

    285KB

    MD5

    68006458b2f64f9303231059155329c5

    SHA1

    7cd9f61ae6d46cc52f297178b5257005769c8a72

    SHA256

    9d644ff12e251d89c6569915048dfa36cea621784a9345b58b3bf08aa687ab67

    SHA512

    8fcac5f5937a41040d0dcbdd4364be35cadd74bcb2801e0aab99c37bc0dc83febc0595810ef8e59e8ae736af9668b0cb48009dbdf375597041ae4d98b5330137

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
    Filesize

    313KB

    MD5

    24f5a7e2aacb0db55d935c6f51358c59

    SHA1

    c882dfd1b8b1aa58a948e03947dee7caa3b224bc

    SHA256

    5c281f45e143db725830c78316c08f78e66c0cb86ef8ce9a0a4b049e1cd5f875

    SHA512

    fba5fce3448fea1e755fe2e98c8711c3fa645590c9e3ddb65f67290705cf164248c6fabe2d9149592d8c6a24257a1ed306f31a96902e33cb71023027f190c991

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    Filesize

    381KB

    MD5

    80a099475ba2b630d24c4ba564d09a32

    SHA1

    cb2844a7de7376b3499055acac09de4b4b24f37a

    SHA256

    881a0f5f6d99f1bd22d8df3c75e9e2a98279a02823951daed957aa4b653ee621

    SHA512

    e7929189ca451d6af11ec2c57c80126db1885c08f49be2c5ecbe676bf94c89f969ab1cfe5fa7b20d6a8f14e37407eb97ebee4d97170bbfef8664ca0a84249c6c

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
    Filesize

    569KB

    MD5

    173cf087e4b5fb97a95a0773bc6889a8

    SHA1

    be497885397a64862639178bd8ab9a189321e6f0

    SHA256

    7b844ccf223f494a9e19370817cde40be56ef1ed6b2d1e1fd41517128e4cb333

    SHA512

    6527957adf2f34845bfd4e8c70f4bc940d0fbba405546130ff8829121832a44d8543f44bed395c923fdecebcb0de6b74a17d5d0500ef496ee6adffa8d13d66d4

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
    Filesize

    137KB

    MD5

    71904e840173157c8d5ec7eb9237713b

    SHA1

    df5e350c4cf300806c068cbde1a42f79684cb922

    SHA256

    e9e887906e67823090b2516186cc01285c9731d14ef55cbe657c481f19f7cbad

    SHA512

    d98a40277a7d148d2f5424407ee3d3668d873b7477f5f17b7d79eb5a36fe798299a0f542a0b38515d322eb3e87f034ff1b9c2c088ccadeb854f4cfa48d0f5d9b

    Download Submit

  • C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe
    Filesize

    373KB

    MD5

    a9550a5c0951535555b5852d787547a3

    SHA1

    18b2f96a164352217365d9b82d34d501fe174200

    SHA256

    0ebfecc87b6a6beb6488cb95a30db6f1f3b32b47cdcf01f89bdb37f2eefef60a

    SHA512

    df9eb8a797e672547a0006baa53c9e10f00e6379604d625bbe4e4a1bedbcb5e87414ee8c496b97f579682391627759518b8f70c507afced23d401801e2bdf658

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
    Filesize

    100KB

    MD5

    47071729423ec419dbb37fd718fcdca0

    SHA1

    4495e77484252ff6b795dcb5f2dbf7d07145558d

    SHA256

    11f67933c879552212c0f498ebc8c10e18c84f063aa56684d34dd776117b83b5

    SHA512

    497bb3d8837a1f4f178b05f35ccfd8e7812db0d95cca500883cb700802f3506226f88d57075d229def0a4e6ceca239ce326952bed564f7a00a9e0da664a496a8

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe
    Filesize

    130KB

    MD5

    60a9736a9535a41be23aa70b107f287d

    SHA1

    3fafa33071a82b1e979d44c9c692774e2488f8d0

    SHA256

    aa1fe5250e2f30044ad6bab5376dd07296c1c2424b01b114fe8ac49c2f69e427

    SHA512

    eb46dfe87aa42cba4898061d07233fe345df8e411298f6cf88e2a3c246237dcbf4458c3355991a2cfc9b6491fff136f8c3c8ad6c1441e6ae8eadf4d46d2e5010

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
    Filesize

    2.4MB

    MD5

    1d14ba9e3376e9ca85cbccb33c7cae5f

    SHA1

    c1e76097a5120bfe4b6a76d67615c1f342be2140

    SHA256

    54c1d1a71f0b3afb91e1b12600bba5b45031cad0aad15f9495406d3a5d736d4a

    SHA512

    14e85be594490fd9473d96d74c5ea2ea9f24bef041f8e809435ca194742b278e355dc0f4e7022f9727b3bce1cec4841c7593f034911cbb06374c0477e6357346

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
    Filesize

    571KB

    MD5

    20b2fcfe9da8f27e55e820438795d634

    SHA1

    3d94b14f83d70852d24c4a532ae69a71b0dcfbfa

    SHA256

    84b6c4cc1ac5b2f9521e664968b0ff7fb81779cb1b0f3d67eb39a4e26ef4edb5

    SHA512

    438c374bf5f5f4f422d9b49bebf25005429727e1af1b88e984778c3c40129c24ab88fac06e04221c29989425c0591bf9a33a8679d4ed0b4f17cfa3b08e7b0bec

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE
    Filesize

    157KB

    MD5

    fcd7bf8854b55fd727e45304b84e0e58

    SHA1

    df2140b38a122b3880f086081f5c3738183823b0

    SHA256

    82dc559c79c474ec2988392be55a08883b30e28c561ff19a874076836830b2c2

    SHA512

    ed7ae3b532db640e834c35361e66fe3a48bdcb52a81e023c4373929e25afa1514ce28c907bb1a141076712c71e90e3b2790c649bfd236652142d9cb052147e99

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE
    Filesize

    229KB

    MD5

    883be5072b8d3ea49cc36ff0085c893c

    SHA1

    1d40afaef4503bed550089e0cac4986846fc5192

    SHA256

    32d5f732e6844593eb3a601479f1a80f9b8382b0ae4d02c0b84a45af51ae970c

    SHA512

    ed4eb8b685be907338f39b4e4c64374703c8ff0b2d53827e6b87b884ea458c37d4f1118e1f8fe7c3c276dc9d7d4296cfd001ad0ac221fbb9296cd2adb65723ea

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE
    Filesize

    503KB

    MD5

    e2fa92a3a87d885c16cdb4e663c8ae29

    SHA1

    2db27f9269649783e1821af5d7ba8023383f0635

    SHA256

    b4e1d194fc193e10ac432444d107f48baa3f7c86b51bdd66e9b526267851ddda

    SHA512

    361e5ad562e079ab33b3b35847c1f26354d1c64ec927be9e492ec15ef5733a310a2091efc571545c256853c5928b3f078a19003e2ad14be8e2178c58b94d7ed0

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE
    Filesize

    153KB

    MD5

    a2a1e399da3bfac18711d45b02f4d229

    SHA1

    a16b36103dbdecde396d3d141dcda63eac7ae262

    SHA256

    b42a3848b561029782ff62b14d8c2fb687ff88e1581c17a656ef5eb9afcf6cf5

    SHA512

    413b3135c5f3b03d5e8785948984be32973a8802a130f2b20b43ad6befe2b7f7320d7fa1e4a0c9ba8585a6f5b994ee282cebc882d889b37e68f206ee5bc37b9f

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe
    Filesize

    205KB

    MD5

    4b7f07cafb01f0f58eaebaf88f91a930

    SHA1

    1be4e31333e140917d36eb84622015a107d2e503

    SHA256

    24ff0615292ad94c5b441c5fc65e012075c90e14860a23188eb2d64ce50df556

    SHA512

    b1b208e57ed6c309614eaa723efc50e0367743579660d43570cf3fe8ffe5b278928164fcd6b8dd121c7f5f7ab65b7091425a92fcb8faa5a51f47bc39d58d9893

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
    Filesize

    539KB

    MD5

    d18d8c274eb67b98a850eec801c38788

    SHA1

    973d1d91d195c2832bd49f5e2006b10141965b95

    SHA256

    de0a2138d48697cf69161fb6e0d9ab648468ae5437052285d4863fd08a38b0b6

    SHA512

    95ebffd6c83543beaa3e802b24d34bfc6cd0a3e72ab0333c3953b404c87a670bdae0d294fc6a8767b72cc76cf42ece890b018f5888010818e63166258a76684d

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe
    Filesize

    1.1MB

    MD5

    44a53ef0b61f785394a37ce18728c311

    SHA1

    f39f1c2dcdab2994b282644dbd876df2c0e55447

    SHA256

    0f17b79ee2052f2e6420db24237d638694f0f11e9d76c8d6165226527e484a9e

    SHA512

    4d64d2e8ed11474c0f9569dbed3b79fc4f3788f88e55e147b0efef808a8d4d8feaf38cfe87602cdf34d5c7fddb4e251e19a441607adc949614724ca817961a6b

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe
    Filesize

    1.2MB

    MD5

    ad03b52e7e67397b596f81a97fa523d9

    SHA1

    2df01a6a12f9dfdcaa277aa9be382e232c5909c3

    SHA256

    4e8efa974d296eac5a033d03d5c36d02fa17c5ed14543fc79c6c79d1108533d7

    SHA512

    b52d1b72c8deecbd6995b758e39f25aa8808d0d466ee50622cc3b6e019d01de97352be4686154a1186c433a29605f5df8189e98bf2f17b831fe67af8ba1f018e

    Download Submit

  • C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
    Filesize

    125KB

    MD5

    7152dc81329b21e884d4033ac985d589

    SHA1

    a871368c1eaeb405577c41efc809d6db24267fe7

    SHA256

    d76d9885ef2cc7210c69c2c9b9e8c73a6400de0ea0af422ee6f07a34cc0387a4

    SHA512

    4773d840dd705c80ed4f72d9a5b7da90a1c1078462527bad554db2bb89a8afdb763d21c465d96fdfbc27787d58556cf1d232026437c222a98796fff0af45892f

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
    Filesize

    342KB

    MD5

    f0e9aac48e0a90a15d41024de15a8563

    SHA1

    1fad89187d8c306b714de5a086b3d8de46b6dff3

    SHA256

    6176cccaddde57b5137e9b8677d5080e159559c2f1ec1bbf7efcc895c5643b87

    SHA512

    ed7b20fb83726e91dc5796b1b332c7ac59be80825d3b60048d3a8cd57477b33ace8b58c48ad3765ac77ee6ba24d0f9d1b75695bc2e4c6a9177199a884e725fc5

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
    Filesize

    439KB

    MD5

    1215ed14ba8c5280dd407f0fca75e3b4

    SHA1

    0f71dbd517215cc5a04adeb2cdb85906986e915b

    SHA256

    346c64cfb3787793736849e0c9b70d6b3739200bbc95d13607598ea4a6aa356c

    SHA512

    673d032a2686981e374437f4949ef6f91fbf672028eb15f85ba059b6d22eb9a529d81cab691f2f983f89dc293741bf431196f32ea0a1b0dff1ad9e7647620512

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
    Filesize

    207KB

    MD5

    199e776c3f5fdfd09bc0f3a08234eef0

    SHA1

    595169682c4ef5fb3a08c487c242d369d84aeb75

    SHA256

    2acb134ac93a78ed145aca86d43c6855adb56091787a2e14f7b5fb168449d6e8

    SHA512

    7688421679daee7921e7cc20ae42d851bd79c8f2113ce4591798be7e6aea3402b88b914508245c80ebb55e9dedc2cad1fc8cc3bb0de0ec55eb0587735ce47037

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
    Filesize

    155KB

    MD5

    fc1d1413c55b62f51fe5ec5f7596b718

    SHA1

    96d3a4d7cf18dfb715973b8156ff1f5fca2d6e28

    SHA256

    1b682fd31ae83cdb9fadcccd6672225cc44341f4ae4c6fc038000e79d9a893e4

    SHA512

    cf8c7a5f765b5a93b5599f53cf19ee019b8d24a860ced9d0c782808c5f0cbb3cb71c2d3ec0499c61f23ae828de728364aee5b44448760d5702303bd0898014d1

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
    Filesize

    230KB

    MD5

    290544f9208775a5d1cfaf57b4dc0885

    SHA1

    2df7762459bc9ed223e24a04b994af4dca2510d7

    SHA256

    b97d9a66fdbe8a0f4dd63a6f6beac37315fe63e5975128120595ad4d36319986

    SHA512

    a63b5a9c29663468822c6c113f107b1a9bbbcb6ada0ad7cd8ebd9316b93bc0124ff9e668ef3d98aea367383f2247416e4f24e771875d8acd5cfc212cbcd4bd05

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
    Filesize

    265KB

    MD5

    9c14707d332e37a1b11c0d48ebf8ee56

    SHA1

    259328eec3a2e8825d0a24163db26fae55f510f4

    SHA256

    ac4511ed7401002aca3d6657f0a5f9d8dc7784d421054278228bfada70029f3c

    SHA512

    82640c30e56150a21e3a4df53367354a1e3cd9a147a93e2b6b270c1844fa42a1c63f0097814cea9c3ca1a2c6460c8ccb093994d0128291d1900c5be9ca8cb1d4

    Download Submit

  • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
    Filesize

    155KB

    MD5

    5c461c8216ad37222c4499cd45c0a12f

    SHA1

    bb9bcaeb06a134ec5ea0e6b4276ef8ef57ae1291

    SHA256

    e47edb92a07eac2b9621654f38296daba1e5e3c4766e3adab1834d380e7623e6

    SHA512

    7b4c4041e012572ede453e4c569bc817c31c9a69754eb6a0b4f8a4e08fbd20361268c80b4d2ec70697ee4f34ea5b38cabb92ef838fe83ce0b6a2ca966e47398f

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE
    Filesize

    85KB

    MD5

    7273f0f4e9201cfcadb273b473d45c3a

    SHA1

    2a614a81cbc1aa7df365495a8c3a097bb6722170

    SHA256

    7f3537d4c608ae2d5625066cf2ff8ccb92aba3440c42a4235bf2fadfb89a6652

    SHA512

    4e581293361c2edf48bdc46a346354b4fc1f27929a41ec7ce82042c9c8a2e329b8a1b5ddac33ec3e6e91b67a148b919f339fafb173193a5214f050631b52a40a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE
    Filesize

    1.4MB

    MD5

    53e26c1e58e37486b0a8366b9115b27e

    SHA1

    2784d7dc7793d859052d5dfe22fc6b21b71bafee

    SHA256

    8724acb17e4fa8171faa36da83e0628eee9bbb6bf29a8af5a928e8b408287d35

    SHA512

    a7b67541693c4d532576f64dbdda0335d27eff960dfab7523032beebe3fb6db6f459b0576d4d610f331981f4aab9119410fda8aea6c57255d60de337086ba80e

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
    Filesize

    129KB

    MD5

    283b66720d05e7d87759df33828466f5

    SHA1

    72fde8d4f61f3c623dc8df0a2eb39ed268cfe600

    SHA256

    6cd195269a5d01b450e56c713458f48bb2556207eeb5fe77414d3593a9c34373

    SHA512

    6691e7f725f01647977a89da02a06243dc5d956525f5e049a4508d5b20a5e3ef474aa29c535140f9f3b5a834704af0251a6a4712a74af877db405974559220d4

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE
    Filesize

    246KB

    MD5

    403542fc6659ee90130ccbcaf65c31d3

    SHA1

    efd66249845d8bc4af79c2ff918100ff2497e2d9

    SHA256

    cbb82fa04b542efcba2350c73a8a6e770ed02c05609272eec8fb37eb6a6f3c66

    SHA512

    61d74d6c74825fcbc8978535640bcf0be92f3d2f93ded4c9946b158c52d06f444ac17e6c17871d4b8320b4d0644591acca9745ccc4691c4582820fdebd47286d

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE
    Filesize

    188KB

    MD5

    3c7c99b9bc470d4ff961a66240171d09

    SHA1

    77080bf786766ec40b4e2fb681d73c063d7612be

    SHA256

    946791def9e27f8027094d0fc537f69fa4198b9580d5405f8821ac47a39afe53

    SHA512

    9e41de7054585d0a1e73be5a915642847ed8c0c33e164dac0e63219d23462cfdc98c94fe8969df0e4f671d8b1335bdb41bad6ef23b19a708b83bbf425d6157f3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE
    Filesize

    4.1MB

    MD5

    de0441a154fc18a8351f5af22d9a1e86

    SHA1

    3ec732481d9e1160bf9d61de7895c35fa44677eb

    SHA256

    d28404c3276bb7eaec8ead6d1d031ff3d220f2a28e42dbe13d8732aadef295f3

    SHA512

    f5ae9a2b1572d4772d5acd6a67420fe10d64411683858d6835fe3ad8545274edf0451cf920dbcef3b1fb85f33a34c15272efdde5f34de08b7b9a35827d14570b

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
    Filesize

    962KB

    MD5

    69a130e6cd9103a9b9da79bc64011bc0

    SHA1

    53182da7b70a0123db97f21f411dee82f0cace30

    SHA256

    cddf05d01b8ff3758dd6bd5803a8487e7f945cdde510eb295b7e378516ad1090

    SHA512

    b127ea6ac1d6fee9a3e7f77793e12ccdcbdcc7985c41b333899db8d5dc38ed8ba0119ccfaa42088aaa4d4273f5d2975406f9b57f72cbc30375970fab1a423c0a

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe
    Filesize

    605KB

    MD5

    3b8b781ceb1dc92d9fd5fcfe5a2e32b1

    SHA1

    6706430ed60882e868c42438340ce3d67d47fca2

    SHA256

    70e6360b4e6b65fbbf23e2cc02add38f6246c9a3559b3e666c0ce6e7113657c7

    SHA512

    e64a33c2b009ff9e2c70b666c3641d13bf8185fe7d20901ba8f9040c3c96dc504348d12665ded8d258f74a422c6f19e89d937c016a2e552e0f1445595b411854

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE
    Filesize

    1.7MB

    MD5

    6c032d499ad04ce4b68d6678c8b283ab

    SHA1

    fd0fdb1deac95330bf098c8e3e6e996aceec6e82

    SHA256

    2f2d018cc0eaa82b3d21d4761c446b8d2cae6c223ada4eedecd9c4175b30a0f2

    SHA512

    b258a078a6313962d5134f7ec52726603fe8cb1d98f4f3715e6781eb02019ec9f4e013a9bd6baa470926473061422c17f9a63a8c5576392f4cfbe3f8db5c36de

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE
    Filesize

    109KB

    MD5

    c9eb150cb1ffddbfbb945431b01fa0bd

    SHA1

    9f1d399d9628a3dbee47b48cd00e3e1d168f8ee3

    SHA256

    11aa495e86e8e34f5319a68e3b3313aa22ab2583541dab7f8c57eb7e583b2734

    SHA512

    4ff6154c8a0244983aa03e15777e97c8cbc4d55986c161b5073ae2d911ed2e338db02257703c5348dbfa48196e7f8a9c03bc4868c7c97a46622ed959600f79fe

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    Filesize

    741KB

    MD5

    29c663ec1d2a78873abce01426db2450

    SHA1

    010c9f4c32f50b857ab39822dc34ba612c1e2e36

    SHA256

    d25fe496f045e883bf38cccffc96c8704539b7981deec33ce1a1443a2f9e8dcc

    SHA512

    3f9de19f3f6b0f86c8ed665c9a90a0c083db6071eb5a5e6ca32b248b85fdbb27fffaa160f439e891568251e1a4f064211a948e1f562d03d3d39e7a6ba69a86df

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE
    Filesize

    392KB

    MD5

    b8f3f5f610229dc7b10dc16d053b1883

    SHA1

    dc571ea99b2d071b64950cc51ab2cfdad1fb4c0a

    SHA256

    9d5cfb587528886cb7a5a3f1b97662af357e726ce1087176045b027ef54e359d

    SHA512

    b4c11a479f41b9d07076fb479987c384adde2efc99e81516385d4c74a3a6aa5d497cf77b286dac7907fad478715f0be93465094f7dd254b6be0df10e209976cd

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE
    Filesize

    694KB

    MD5

    274a141af2214a44ce69d2f9affa5a28

    SHA1

    6a4afe10386cd3a4951fc0194e1121ae183fee73

    SHA256

    5d7bfa30b792a280e5fbbb1437988a6dbd20bdd7aaeb2f1277f42bab461807ca

    SHA512

    a77baa028f10325c8801047fd21f299a324012c0aa94df8d1126db5722bee29143315c9a31b4cbb0ccbb731446444e1a9aff019202574f993399aa863bfaa7d7

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE
    Filesize

    726KB

    MD5

    ab39765fd93058a20f7262fb7bb20b4d

    SHA1

    d14fa3302e82a5350fa7f33aec8ec4626527c090

    SHA256

    cc6d24bc0a33cfb557276fa9e99313a56ee26e422dd06805356919d5b4a825e9

    SHA512

    fb55fcb242c12098159fa30dbf4486f55d34261058115bb655f9ae77bbb0674211b49276579a0d0ed32ef096a7fe85ee1f0b35dff314181af32586ec8c7dd9f1

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE
    Filesize

    144KB

    MD5

    e03487c42f0ff6ae05e9209734afe24e

    SHA1

    b3f3288eeeadf0af46b73730faab17fc7871030b

    SHA256

    c304ad2b43d27573de1245f309c45a7dec9386b9a8aeac42a173c55bbb0a9a50

    SHA512

    97b9f44e2f18a4347e8ed1d37443db51ff89f04bf8fe722d81236a76ccaaf7342004391ffc425555d35130691041d29651c14439442f1f0f95ddfba9f32fbf98

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
    Filesize

    127KB

    MD5

    cbfac8f980b7cb5b21bce348a0df731c

    SHA1

    51d0363c43cbc9d9a6711b177f700bad761ef1dd

    SHA256

    5e25c21d4470ee6fef81987e6cb7f5d74a781c526e0d76787ca57d4f48eca3d3

    SHA512

    9da7ecbd8e9a3009092c15e09252eeec5d40cbd86651d2d3bc4e51f374b23a6102d26acdd272b2a1bdf6ea954ad3d66cc147fc3eb37cf99ef93e444c7e6b505c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE
    Filesize

    308KB

    MD5

    94b8392ad89de62f704acdb045008d9f

    SHA1

    6f26d487e5a0f216ff60508f4163447a51c72e08

    SHA256

    10e571b94193f987c7f89b12d87e965a22d6373abe00838692abe49fc6d013de

    SHA512

    9d392e80cb61ff7bae5c4aba88316da24a9a746a1cfa9c1f8ba8702ffc81d6df06673b2c92deb80ed2551288ef53fc6c1e7f07ffd08de92d70a9d76c46d45074

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
    Filesize

    1.6MB

    MD5

    0c8a67befa289d17d6770fad5261154a

    SHA1

    6b8df8e2dbc0796953d8c179264cb8e7b0b5a529

    SHA256

    8d8e5f0ed38c805cd5395696c0475dbbdc1b20db9dcccdbbb673a04b9f414082

    SHA512

    5e4381474baf53d3f7ccb6d3a29e16ae60d6c08dd6e9e703669b285898c3287b5bff4471467bd721c54639d7ce1d9a937f0c3963cb9f10456cf8eafb9fe18bb8

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    Filesize

    262KB

    MD5

    372f40eefc14ee2084c32f1b0073f277

    SHA1

    9bf8bfa4b5dc81aff2ca253a55fada7d41fda923

    SHA256

    49a39124c53fe1f2783a4ff4b85af4bf67cd68d7b489fb5f59cb3b82bb7a4319

    SHA512

    4f16d1449b652b1a0695f5e26f69025dabb0fd49770fef3d41daae6bf6df080be74709356421066d52b6e08bc853d23634fa7e34b48c59639aa629d2d953c888

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    Filesize

    2.1MB

    MD5

    00b2ca5a336592188232d2828ec60643

    SHA1

    ca9e0e7ae4aab10b2da635229a4e979e00a3cc61

    SHA256

    8abf21beaa27a68ccf6b1abbe2280a40dea69b878deb51d00bc248e959120543

    SHA512

    9e849088e4a0827ee889bcc4fc6ee9816238e7264f629fe5cbd7a05277d2b22ab3915f419a92f1b4a6d5f350be10e4e2f79beab849059f200e28d63f3acb9026

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE
    Filesize

    3.7MB

    MD5

    773f895427a6f6ffb052d4521a01ade8

    SHA1

    c4fc0f24c16e306f13f2b0baeadbff0c68e08005

    SHA256

    1534dd396b404787c9f25c934528a3c0d46d988d29f21a395d1a7cc604e2138d

    SHA512

    b2310f3273aea090bcd72d3507b42a10f7992dabcd03a154aa755b084e8e100cdf158a10f7f9e67ede8aa1fb71692ae3a564543ed87ea9294de2ac9f8e8920b4

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE
    Filesize

    549KB

    MD5

    ce0a3561357a20332a8c53c1a3122303

    SHA1

    2cd81eab1f860f31ff813987dc136f3824c862be

    SHA256

    a004428e8fc7ea0c289aebced280f745ead7c54d19f8ccc6a303b2b090b13427

    SHA512

    b1f540a17ffb9fdba1ee9453152119c815089b584cca2fdbe1626ea6e755b5ada7e67d202398614e7d85b5835a481bb33226f0379f0ed658e82527ee1830f049

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE
    Filesize

    606KB

    MD5

    3f164c4222eec45c894f3c4f495c1175

    SHA1

    eb048059585197a0a920be0a4e06b6c9fd85c171

    SHA256

    2d25ca71bc6f94b4504e99b3b31a94f8e51d6e58c261ed749c08d6081b02ac81

    SHA512

    bc120bed4f7e5e354150bffb3b87fe0cac672cfa4857d3484b8367df3c79afad4506aea30ebebe1c848234f831c2e2c002ba85d3ddcdf38f97ac7cbfa0d510a2

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    Filesize

    1.4MB

    MD5

    35f05624442ae6b92c2a4a35315a4ca8

    SHA1

    863a128f04b4b6b79503c49f8f72874089e0e64b

    SHA256

    a5767504f0e41476cd8a26cb7bb29fbebe86de23f123105b9e3bd3458cb061da

    SHA512

    36ef2e98ce29312d771f26a1639722f0c3f205b93472eb25840053d61ef1939f8d55aa2637c2225dfb65fcde2b736fd4012ee7955ee4663f24291c04e3f9cc87

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE
    Filesize

    1.8MB

    MD5

    3019956b4747fad919eb95549494b6d7

    SHA1

    03f548c562ef6fa7014bab28f2e2f0791feededc

    SHA256

    53dbdc6b994bfdd90d34f84a016c6b380d80460a02b5c0ffbc64fb44fb9d3d4d

    SHA512

    b5f789c026fef1f34933c9e24a38cc32911ca42b46bb56896c93f7dac55b26a3c09cdadcc150d91f6782c2ddcfbf375b70661be013240cd354041fbae721b996

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\misc.exe
    Filesize

    598KB

    MD5

    193ef451fcd02d429e82bb5a87042c63

    SHA1

    b8647c1aa815c66c134a4c8438f2c35ed93331ae

    SHA256

    baf44048f30d0e1debdbe4bc95fd9216dae6cf2c7346914c7083b13764b3fdb1

    SHA512

    c11043b9c38233b2b915ed82295d85f47e1ee09ea1dd531f7a224314f0c6286c0171054169eaae518939e6024b751fee47f13d7a61de1a5882930a7ab02a7710

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\b78011a22cc4226acf52abd21e62f47a_JaffaCakes118.exe
    Filesize

    169KB

    MD5

    5f7e6337df7c631ba010a3f82e83b0ef

    SHA1

    083abcfbb5e65631bcb43a3ef21bf0392cd1d319

    SHA256

    1abf499b1fb99a07d974340ad9049ab9f194f63e79bd75639e34cd72123b09bf

    SHA512

    331114f7b2b9ae27b9bfd33593f64ac0a3f3c80ae5b8702fad447543b98e7026b665e1043c8e9bcd45f35e957cf10434fa9f3a02e47cf6d9e541f4da4cf0b6a9

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • memory/1728-96-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-15-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-14-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-157-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-129-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1728-94-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1728-93-0x0000000002540000-0x00000000025F6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-159-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-163-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-95-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-130-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-158-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-16-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-160-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-161-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-162-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-97-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-164-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-165-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-166-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-167-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-168-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-169-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2392-171-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.