Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...2d.exe

windows7-x64

10

JaffaCakes...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 13:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_aae012354e85221816f8134e9c132a2d.exe

  • Size

    17.4MB

  • MD5

    aae012354e85221816f8134e9c132a2d

  • SHA1

    bc9d12afad76bc94406f60b1c2d2218c0e42ae43

  • SHA256

    10dbd9fb6bd529abd0de6b9d4333eea2953616dc2f2c350802b1b8f158d7efdd

  • SHA512

    6b470bc7289d5a1185df6f90b2fe59fb658525214e9f21a6353d4386879717a7be4f585bd2a51fcd2a65e0393cc72e9a25ae8f73df119c6027ca70898e7f472f

  • SSDEEP

    393216:C7QNic/q/5Eo9+T91Vk8eV5AUDznzVdbPjEoLprZ:C7c/C5ES+Tu8ePtDzn/Pj9tZ

Score
10/10
cycbotponybackdoorcredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 14 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 55 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aae012354e85221816f8134e9c132a2d.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aae012354e85221816f8134e9c132a2d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe
      "C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe"
      2⤵
      • Modifies security service
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2596
      • C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe
        C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe startC:\Users\Admin\AppData\Roaming\62007\04BD4.exe%C:\Users\Admin\AppData\Roaming\62007
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2728
      • C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe
        C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe startC:\Program Files (x86)\07417\lvvm.exe%C:\Program Files (x86)\07417
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1728
      • C:\Program Files (x86)\LP\D4F6\6DD0.tmp
        "C:\Program Files (x86)\LP\D4F6\6DD0.tmp"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2792
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SkypeSetup_5.8.0.154.msi"
      2⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.blitzdownloads.com/id/2496/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1136 -s 872
      2⤵
        PID:2712
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1756
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1484
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2336

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Active Setup

    1
    T1547.014

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Create or Modify System Process

    1
    T1543

    Windows Service

    1
    T1543.003

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Active Setup

    1
    T1547.014

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Create or Modify System Process

    1
    T1543

    Windows Service

    1
    T1543.003

    Defense Evasion

    Modify Registry

    5
    T1112

    Credential Access

    Credentials from Password Stores

    1
    T1555

    Credentials from Web Browsers

    1
    T1555.003

    Unsecured Credentials

    3
    T1552

    Credentials In Files

    3
    T1552.001

    Discovery

    Peripheral Device Discovery

    1
    T1120

    Query Registry

    3
    T1012

    System Information Discovery

    2
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      9004fcbcbf0cb8138db0e9cc1103a991

      SHA1

      53f57e8dadb0ce013de299cd26d40d8aaf464f7e

      SHA256

      5fd289bc41e45d229bf0465f323c658d0e80dec433e2ce4f12eb69ae715278d5

      SHA512

      9aee8411eb9b5bcea38007a9dfd62a74b3903f84d181d130dae56febded6e9289d3e130af7f6156cee147e428c46325469c7bf820d45b9f60c4f9782d6d3720b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de13efda530bc7b2934307e035d426ff

      SHA1

      8acc21c7db526005bee91a652a7a800506c1967d

      SHA256

      622c6ff3341b4c81f31ef079df850289377eb18d3e6abf5cefdee54bb1304b55

      SHA512

      7ece52ac5eff38d3e7ca97d5033bd627d8bdce90682ecf8a8e1adb574ae2cbd4ccad8c789154860ab61f9176363719152eb8c9953f3a7c0528f26c58befb6568

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5ee05b17fb9169bdffc7ad0ab2cb6737

      SHA1

      75dbc760a0d72a00bdc022ddf9b5d67bd364850e

      SHA256

      8d68919b44d6d2e46059f289097ea96fdd17597f51f9946f05db91d5062fca4b

      SHA512

      dac7777470fd3357449a10e73fbfd9618c6d45e86327ef91a6c343c8b3f8cb472ba978ea76d64b82178ddb89efa0c12b28f0bc31461d81bde92b3c0a1a5b8c9e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a0a9a2d4b6f2fb17a39b5a933b788bf8

      SHA1

      b76e37906d56784b83dd0bdc3541e65cbddf6001

      SHA256

      4983dc344d3684baf08d12bf5dbfbe4c76f639609fc210746fd024052b00246e

      SHA512

      1c57ffaf97801682bfd20821d85eefd5386850cbf65de8337cc7a4be0fe2d5dbb56c0b08eb64fa155776c65c83c0335457bef9f45d1c212004e6bd33434e6b24

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc4168089dc961c26ef6940fbed62909

      SHA1

      d0334dff0ef27d56a6b0b1eacaae19ca3002ae62

      SHA256

      2de2992a75fe92c29c3f97cc8ab3ec6ec48a214172ee6d96aa1af2dd294a9770

      SHA512

      9f50ce969cf7c0e335de5ef45a49f3e6b429a93ac250cdeaf0115ecf65c92f7e89a26ef7f32265d7bf0865480e3de40e1ccf95461ff7c293f1d71064e590f1aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af2dc756d102ae809b73d1b1272e6543

      SHA1

      8b06d5db88626216faa22415791d61db6daccd09

      SHA256

      1fcd468a37b0bb44cf3ef166a710e11a97129619dc02b8455df7bb7968e9a265

      SHA512

      32d5e80b506650356826b30d67dde41b7c859e45d60155209e096a7e719dafcf7c861e63a99487048ed6370c52bcfed329b2978eab721115ecb7f0042b152634

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a58e33d0f3a3e0f184721dfdf1f9e478

      SHA1

      21b9273820062921dbab7e6e6498e955db7649b2

      SHA256

      8ebebe225750638009c8be5999385b97d3031b72854cbbdd15ecee1847fd5a3d

      SHA512

      d1d032023cd0e11cdca453b0ee11bd64faefebea85676e9ceac677185f42aa4fc4ed0ae17735df39340c4b6cde9b3eb155607451040cb309274afde5d0f901b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f242882c72819c33b1aeb059763d2bc2

      SHA1

      982fc6c3561bdb84fdbab1b637731461cfe73c4f

      SHA256

      48233ce29730471b23271ac34644a65e58202d52b25495fb9ca174ff30a2d17c

      SHA512

      f743923ea28587303163bb2c07c5a75f6fe405ef3723d2b00d9c5c525c02454a3dade9a5bce62668a1cbee670be33f26a3a97855db757c5ba1dbf4c66490d94a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de4f66e5dc31bd5f0d71e7dceaf21ed2

      SHA1

      7d873459e5ce639ac50daedf6cf4139dc4990042

      SHA256

      7b01a17ffb84c38390f11f17eb407ab05b6ea9b6fec57996b045267bff7b6368

      SHA512

      70d1a941a8ed26165d6e11d034c5a23309b65894778d773207a959c5a29fcdd0cb0a5bd39f87ea1e31e1743a0c4d8550af3266778479d8b5e7eae313744ccfdc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80d5a79ca223f29b4f17a76eaba8986d

      SHA1

      47cfacb88e5a23fd2f6da3fc4df669c616fa6db3

      SHA256

      b13fac7fb77b68c04f6d5deea9b0715b1be0317b5d733965b23f59f28037b51c

      SHA512

      c987ed18d8b844041da1949e6f7d46b87eb532ef794dace1d40720c641b7e1de262d81713e5fbd273e227019fa064e857588dd5be81f3d42aa7629ca4b997016

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      87873639ea7b2c28fd1bb4148a2d4e56

      SHA1

      26e2212a6e677dc38fbaffbb88de6b5e9d2f42ff

      SHA256

      85cf21425cd45f3ee588981552a7db95ce4d8744138bca2c1e948da8d6884898

      SHA512

      8383298adf22da45f92b60ba0e506a72c3c3a53c242614466d03f18e65adb0c1dafd7ae6deb7d0d63c65f73f60b301c3c188b0cccf3e369eac7f415cd8ba14c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2deb5251883628ef8b1b390464641a04

      SHA1

      a2ee19cea8626dcb9c3f91d952b46ec5126d632a

      SHA256

      2bbb9212f7793fe070fc2af70bbe4139adb2e1be5e743afe1848ed3124616f2f

      SHA512

      7b449439c8eb1b5f38a8e712e9f6ec718ef611a33de0b0794040e81eb187d3c09fe53edfe3929c94a7d0a546ceb7b00722540a7e6d0c3cf9c752966ae2118fba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e21573c03373c6ddc706c7617d694a98

      SHA1

      369d047fb2eea00157ba3198de8a824d73632170

      SHA256

      aafc00cc2c4e9f0435c302dd372603c789eafc35c2d63192f384073a317bb408

      SHA512

      30b8c9b240f06cbeede78cad8bf2244cb559ae825913164627bfd03efdb0db492fb42c533055934a8885a0a6e6921dceed2145b21948e938fb228612518f2229

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      92bd38b404f974942898e1d0d9d1b3ff

      SHA1

      36b210b48d1de383321ec77148b047048b5dd1f3

      SHA256

      cef10cfa3e023a72f22f6a4183c562a486f02025404cd2b69ab9b5d1764b6225

      SHA512

      12cafaf204142051b51e80f2233cfc926b43cffd703fdf392ba5af908392e10bc23da02b768e2444a1ed8549508db2843af5719f422c6f446f10e8c5dcdceb7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      21ec8b27e63d4a9f7b729f988cd07d1e

      SHA1

      ad17fe23e814d7ffec3c1098d17a93a0d3ed471e

      SHA256

      81f82cd80f115d68ee9fb95d53e40de6b8215908539c23c574088371a0e2ceff

      SHA512

      5736a57190bbb17949528d1cb165e0b1c0c5d382952f8647dfd5408bf1a6c5f88753c3b46ebadcbe7fd5db910ec91aa280c27fae671fb1288eba0d5cae1b2e84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0c70ed4b44b776798ac28a50585a6051

      SHA1

      abe3b621d4ae295c143816c3ab1902834fb7847f

      SHA256

      4b93958f16ad5f6dc683bb0846f35574854e98895e0f749bfb0d172f35716e7f

      SHA512

      51854ba308a003cf15b00b339085e18b2b43f0dd473b49f95f48397b21a98ffe7514654e26fc412d755cf852b7954f002f447d3c5a420b236972f732cb528139

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      38b5264c953ece62e672b8381c8bc1da

      SHA1

      e189120c18aa17e414960c7eedfaae7d9147e526

      SHA256

      9af1009ec1f48e7c768ffbfbdc339c1a46aa7ac06d24cdfb50941e345fe0b568

      SHA512

      eb35d6d2a787c98149d34236b0df726ff6b689f6e6814fc334821e0b10a11dce69c41e98a2c2ad4ea871283bb479661215850061b57961c60fc5ceaf47f31421

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      878a8a5a8f04ad5065163df2b100f98b

      SHA1

      939d8aec954921a357ed121e58a55be44dafc298

      SHA256

      8f79438d2f4c7f5ff95562bd506ce2747d69681ccce3589f700829247558ddea

      SHA512

      6f5157420c82b99d8fc3e9550e569da7c91fa5798aa8667aa0fc41ddcf1a2a6693112a239b95a1436b2d4c1097a624834b6ed26239a7b793390eea98b66cab89

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
      Filesize

      1.2MB

      MD5

      fabaa7a02490fb5b29896c33affd141d

      SHA1

      0762eb29809fdc80b49e2cc72f104f6ae6150440

      SHA256

      d7114f98c67e2fa91f1d34b05653b393bcf99f50b7bfbe3bdf5d92b53a01cdcf

      SHA512

      11e2378e496140972240862c24bf236996e44c8cb4aac3bde7a32e8e50b382fb71112e925eb5142ff56aa223c1301fc1b07a75a29d0ab92c015c1a9ae881dc1f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEA90.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SkypeSetup_5.8.0.154.msi
      Filesize

      18.1MB

      MD5

      8e72248904118a4a18c394c7194c79ba

      SHA1

      2e2b0a7f9ce0005261e862a872a16c7c361616fa

      SHA256

      636fbe6c6c60e74f717ef687594fe84307f3afba044bcec4b9d27ca1cc3db7d7

      SHA512

      fa8d98b503860fe6d3f5df15e33efaae706457202d289e6aa503c3f1a93293476fb92deccc683950d37fe2918bf43355e249f5b7af1aff6d8b1ac84ea03958f8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEAB2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\setupSkypeSetup_5.8.0.154.exe
      Filesize

      275KB

      MD5

      af3cd15fb4a6641dda8ed0b6d3195ab4

      SHA1

      24684f9178f9a8b39c8b7e347847d73099bfeabb

      SHA256

      2e64c20cd86b8f8f6b083774d1bdcdf82bbacb19890e692eed47f8dd1764e792

      SHA512

      885edf4e1aba373a81b50e28ec4b3027286a093d93f6d8988b6f0fc015ed429802d96fc6a914966af7df6ac9effebf08843a59ccc1cb615e84228dccfd13c167

      Download Submit

    • C:\Users\Admin\AppData\Roaming\62007\7417.200
      Filesize

      600B

      MD5

      857f83d60c5ef9eef9b79cfb609bcfb0

      SHA1

      34f0376512f84a0af7c716df7e641d86aea3fa09

      SHA256

      6735c7000a430903f0c6194bd5dd48d04ccd443b12a04d46e29a8af8eb556dd0

      SHA512

      938ece13e08ca4c00da617f91782d8fb4e45d7ce0d72748b56aff6d1be19288c5993b9c3d465d7377edd133dbfc95897c4ca33b520a646629b6a11e4100fa022

      Download Submit

    • C:\Users\Admin\AppData\Roaming\62007\7417.200
      Filesize

      996B

      MD5

      1a33d2094ad218a23fb159c2de453fe8

      SHA1

      b8c6b6da581e9909686ed08812d6e8d1298f7a60

      SHA256

      13323daa490be1008ff3dae819538b5381f1895dccecb634df73b89b65891ccd

      SHA512

      daabf71210be7c1a2cc5928c1362623bcd9085b283c553d8d9da3a88b9f4b883ec5e02ba1e4f266267250bb35c310720493a5d02e691be3151e22391a288941a

      Download Submit

    • \Program Files (x86)\LP\D4F6\6DD0.tmp
      Filesize

      97KB

      MD5

      7ed57812afe5eb758136beab427c5b8e

      SHA1

      da347ebe4068a2d7c33ae732272ff2acad2f5279

      SHA256

      7e9f6353251602f7b674ed3717464181593920f688a3dbd0bfbae8218878d6a5

      SHA512

      568b895d92ae48dc9e43f1a4170a1d18cf73dac553ebe520d58e4cf2dad11c7d14a01aadae9384d64d4a7d34a0359a065a1710a3ed53c2eb803d4752b4e8b7fb

      Download Submit

    • memory/1728-726-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-964-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-946-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-463-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-715-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-34-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2596-1417-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2708-37-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2728-551-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/2792-965-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download