68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e

Analysis

max time kernel
126s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe
Size

387KB
MD5

fa96a7c1c05185f062d1c6bef8e3635b
SHA1

f65c61064983317748f1fa10e489918c42b50a5f
SHA256

68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e
SHA512

b628bb90f8459072d8db4d3425740883ebb4937b82234467d8541e1eeb74205e931a253766c8a891278e02f081ec7ce45fae52337d22f45582e7609ca6c0c6fc
SSDEEP

12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9se204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sf

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1496	StikyNote.exe

Loads dropped DLL 1 IoCs

pid	Process
2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\RESTART_STICKY_NOTESS = "C:\\Users\\Admin\\AppData\\Local\\Temp\\StikyNote.exe"	reg.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1496 set thread context of 2988	1496	StikyNote.exe	32

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{819BE391-DC47-11EE-8210-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415952887"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1916	reg.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe
1496	StikyNote.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2988	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2988	iexplore.exe
2988	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 2872	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	28
PID 2848 wrote to memory of 3048	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	29
PID 2848 wrote to memory of 3048	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	29
PID 2848 wrote to memory of 3048	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	29
PID 2848 wrote to memory of 3048	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	29
PID 2848 wrote to memory of 1496	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	31
PID 2848 wrote to memory of 1496	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	31
PID 2848 wrote to memory of 1496	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	31
PID 2848 wrote to memory of 1496	2848	2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe	31
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 1496 wrote to memory of 2988	1496	StikyNote.exe	32
PID 2988 wrote to memory of 2532	2988	iexplore.exe	34
PID 2988 wrote to memory of 2532	2988	iexplore.exe	34
PID 2988 wrote to memory of 2532	2988	iexplore.exe	34
PID 2988 wrote to memory of 2532	2988	iexplore.exe	34
PID 2872 wrote to memory of 1932	2872	rundll32.exe	38
PID 2872 wrote to memory of 1932	2872	rundll32.exe	38
PID 2872 wrote to memory of 1932	2872	rundll32.exe	38
PID 2872 wrote to memory of 1932	2872	rundll32.exe	38
PID 1932 wrote to memory of 1916	1932	cmd.exe	40
PID 1932 wrote to memory of 1916	1932	cmd.exe	40
PID 1932 wrote to memory of 1916	1932	cmd.exe	40
PID 1932 wrote to memory of 1916	1932	cmd.exe	40

C:\Users\Admin\AppData\Local\Temp\2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RESTART_STICKY_NOTESS /f /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy "C:\Users\Admin\AppData\Local\Temp\2024-03-07_fa96a7c1c05185f062d1c6bef8e3635b_mafia_stonedrill.exe" "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
  2⤵
  PID:3048
- C:\Users\Admin\AppData\Local\Temp\StikyNote.exe
  "C:\Users\Admin\AppData\Local\Temp\StikyNote.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7502d63dc33c36a998f63772963223e3

SHA1
d28bcf21d1ecdf08a7b37ced35b2e16b826a6854

SHA256
6a631688b13a610054e46dbd0b9eb2036792cf297cc6988c103e826275b85866

SHA512
dfc70da2563df23508c8c3c3e642bc464a98e5cf0f87260c2d964a36c97ce8e42a375e46ef4f075e564804dd67ba93b525f5327e1002acc012e89640ea7c57ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f164ee36afd75b5345cb40ea50ed852

SHA1
61009b028a0e41cf1b5fbc1728aafbd03a0e790c

SHA256
35269e356e496345890a37c0fd7b5f9c427ba406fc9d96338cdaa0456920414f

SHA512
6dada2322a03dea2644fe5eedd778e6d3ce11154594438c89ec8426ba949e92ba6f2e39c3f533a79c792c027c8d96db4914b00aac3c11c354a751bbddef9f77d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bc4223bfb93241945346781c0a45b8e

SHA1
42ff3dbe721e8c5731fb3f2eccfdea2d6504ad51

SHA256
ed831d5888878b3f4243783935b069f5555fbc9e6a7c1308356f757215300946

SHA512
9b073f29f8b00be746ca08d65228bc1f02ac8d6fdd4317c0183827b84733b56da127cc29c8e37eb6989e74d87cd64087617098164f10b41b05e4b14d9a1f0f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f6e54b3802ae82279121d59b536afc0

SHA1
6972648f08283bafcc2ba31d5443df1c124fc51c

SHA256
9a3f3962653bc984537920edf5d4f370b711ad55984720015c97d2bb785d4643

SHA512
1d22b4bf02607739381b7abe8216672d349f3bf2baa41d58b4169c3e16aef2f569ea9ec32d3ec3c47dcdbf8114a1cfc9711788153ab8e5492537e9ef0c04a230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04cd1156e24d79cf59a1a5c021db1e24

SHA1
96e17ab2b3a6d7310feda46c61af875d58118b1c

SHA256
eea618dd591c5f9d2e1407210407300b4ea2f100ff6f1f2484d1b9973e8dec92

SHA512
7da16203bfe45d728a66379c8187c6f8ec20054c748eed5283f615b29d53164128da988df93abac65971a1f773baf21b2ce5407d802d8f4a08d58041c984ebba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7fb5f7529fc16344bb8ffa0cb66c742

SHA1
8cce8943acb030f342340465e34de8daeb5787bb

SHA256
aced97527dbf0539a005bc6375db26040df43622e2a159907915821ec5bdc869

SHA512
a7bf80e4284bfad2cd6b4650de3054fb33394206f2c5ff50035c0b29b5bce093965fa9403f2cd607bb1b0be00f3cb134b623a477f5820048f79c2dc271d2f5c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8b6fd983b7eec6251b955b186b6aeb2

SHA1
41aaab329c764003c078fc4b6d9494aa701e0d84

SHA256
f3330003a49c313511a3eba8d83518942e0d7e517cb16b1d35db43bb3b850644

SHA512
74537b3491a423fe2f82a8e7c0a5435ae45be276d060d8f3f5fca351c153c85073bb3a9a2981fd6bd0a691929edd6ab5f1359684fcf984f631260e622ec3de8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
131549c7f7c67fab463cd7043f9a21e4

SHA1
4c7f3f563cda19b78a9743e35f30fc128b56aca2

SHA256
6a9a79825e441e2fc18173fa8daa818af227c804d572dc8d8672491218d55ba9

SHA512
8bc3f3a5a5217e5ff238aa0c192912b2d9d839252806b1ab5f3219d45e9aea69e4b741bffa2eff35da9a6480949884006894dc4991b12262ce11cb4da8b8a735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c3ad430fe6cdb6a3f0b3c696cc6fc86

SHA1
be5a00d5cda2071848239efe33c3216b0eae405b

SHA256
b1e809cc7fd2e3e8f14bb96bf755ab1154c4273b4d42d1ca081ca49af517260a

SHA512
931c16e864e65e17140de8b2769c748ae4a2d39a6d7a2d8b25453b428cf4c8232737332bf0387d0a426a2055c35194115f3c84e3b4a4b8dc409599e6a5c855a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4b6d3355b964d66a5455fac00b7eee1

SHA1
4d1d45c8d3624d81a11c3f145984cac4b435f42a

SHA256
541fd68000d5567969d142364a2316cd06abcd3b38a0a68080ac62fedf85b0d4

SHA512
6b21ef979a599000437ebdce8771f38c31dd036527d02d5fb795c2d8b2e28abae3ec6e1c8677c7b9425c94246a2217d00d2717718eead3793edd008026b31d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faccaab18676d6c2889fac0b28f8e41e

SHA1
45819c7dddcf4f51c09b4194e23591cf3080bd1a

SHA256
1d3a4fbec9912b76ef1a47ba5081d7c0d81473bef1280db3e3498cf529f903ae

SHA512
7ff75cd4a4f39061f744e680eb9846e84b714eb742c84e24da469102dd81ddcc916b9d8919e94a462610f1a056889c4f37c0416587eb9b3c7f6be37d703b9dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8a67c269794572764092267a20126e0

SHA1
7ebecb64cb58698826ac30e8896d54a8bbe38092

SHA256
3085186771e7db7bc5e7fe5cd2e8e905c2fc6a8a7d8c16d0c45fd690d2ff9358

SHA512
a59d86c64d567b427ae6f927308bd7b50ad6a76b97f3b1f9b8365d4b7d62a5c67c1d450ab78df05603eafe1929f10d4494a184b3c52149efec7542c68edf0a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d48b92f7b121f0aca85782519408a51

SHA1
d562f2f71ae8290e7571c3e8dabcbe4ae6b1abd1

SHA256
c95fb72e0ae9e192606b97c0a69593990ba263dd882f131a3fcee7de1b445e7b

SHA512
54bd69dff117a10bce0703a304999935fb7cd809c313bc3d919741dc1d2a8f5606cb4292adf1b691585015166bc99cf616fd2c0062d746dd53cfe9ae0c785cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
238b7b1139ba75fc53a252807cd4e9de

SHA1
284cb345588877e8bec635e17ba84e469d67d8ae

SHA256
f20afe06bcdde20b138b437612490494cad227fdb1326de092244d11654e3f16

SHA512
619085692514d5bc7e71d2858a829ddffa317b2621c69a44ed16f2722e2365135d58d72fd91f526f24e0b7212a9eb136384370a1429c4c88764496b11d4be790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1baf61f8d4b5d770bd46817ceeb5daa

SHA1
3741e2823d25ee4992c75a197be1f8646322ebdb

SHA256
da54858c8a14eab5d10b52c5309bf8cf3aaa885d4449979965bc3a3cebab7567

SHA512
233a85a535db7a86588482c4fc8a9631b03a3c69e53ddb754b478c7313f37dc8aca861076244d3556a30717d9afed1969c2ada0e3c9b8c72cd99fcfa52c27b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df45734f64efc27921280e7cc415065a

SHA1
4a7c9ada3c076086b8cfad55b197620b4ce517b3

SHA256
2267b6355c4ad55af6b35a35ec24c7c65208af581131ee0994f90a0b74b7b6af

SHA512
69ebe6a37ada9d72845ca277363b607779cc532d00a45cd0f0be9c229a42ab8f01c0f6e70259ca37f47a0326ec6d33ee99b98207ca73a8aca6c967a6348b2365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a935bb96dae882d1e129b7ec965bff90

SHA1
c9b24dd566e0fb7e272e876a27421833e48035c5

SHA256
2b3593de7e23efc3cd194755867fb5d743d025c196e289fbc86e781fae6e4886

SHA512
aa7a2851ee260edc1bb6bd17ce16482c5a623cc3af0bbd0edf31492b7d94743e6eadfbfd0bb1386461096fbe4886e7539a6e5f066a3c9d6667ac4ef9cc738133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58842ba285e02ff84d5851cd72f2e32a

SHA1
e3dfc48c4d320b83999f5214f76898d73286f380

SHA256
ed3e315b73d71207a2613dd76aaec1dbb9c00e7971ac3a94b8a0666468b713ba

SHA512
bb7bfe0d4540c1f275b7ba782c29da9b8b6d0811b584cc29e52004b1d41e45f443de4506de30c6899036ac4ab030b1b3a253dbf9065ba8dbb6b3ea4fe7d18c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c794688cb3008344a00b6d1ad7c6f86f

SHA1
ea725f6b328401efaf2a1bd85f7d360766232051

SHA256
5ea28ccd7fd4936a88094cafe3f314250247d2bdf98e8476d35664ed2dcb8d86

SHA512
fa3e630002f491bf888cac945926d169699e6c5ecacfe4bcb44ac963e2e68c4b5693d2af05d7c42d7267b5c24a3c2542a24adc562243a0be4138cf729d9c9244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b29044a9a36b9f4ac69ee2727f67c188

SHA1
a9d33b65caaa281b83900fd207506bd03b9083a7

SHA256
a76e816e6fbddcf9d68792d0960bccc4de9834a4aa8a59b7f126c516107e3e18

SHA512
e088bab2c71c357f61f01816aead67725ad52335ba41f2b98df87b1465c4451467b6c1f3459e741f0b9f2a4ae54010e96338fe231dfee376dcf2293310038d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab85D4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\StikyNote.exe

Filesize
192KB

MD5
4e6ae648332976d399d9e08171c8eca6

SHA1
dfdbadb13cc1ef1f36db595f979bca8b89a83a69

SHA256
9d5d5865481b2ac7b1a57d0f5de0e5d6392d72f51b8ead268a734e1c228a71ad

SHA512
aa2535a5ea95ac1b7823833b322d57634e40e8d1c2ff340f97a1c1932746af6650f027e295eac1ae1b268bc4aefd7837c310a6e9e62c5214c088aab0efb787c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8734.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.tmp

Filesize
47B

MD5
72a392628d7f368bb9bc9689a694f55a

SHA1
feacee9c66028a333446f2c968bcb3d567a4033d

SHA256
afa60141aee93d7e3f3d8d296e36de9956f588a6cad99f8e79ce36ab88e828dd

SHA512
76f40be7d3e0de960c7bc199fd094c64588841e5b6a1b99bd7fd2e3b53f9e381ded992ee6d67848dd4fda755416792ff6e29bf0acf1a348796dcf7e9bf96229e

Download Submit
\Users\Admin\AppData\Local\Temp\StikyNote.exe

Filesize
387KB

MD5
fa96a7c1c05185f062d1c6bef8e3635b

SHA1
f65c61064983317748f1fa10e489918c42b50a5f

SHA256
68e467a157e68f55ee95455ff7a9dc5915788c404d3dfa74034fcec8c17eb08e

SHA512
b628bb90f8459072d8db4d3425740883ebb4937b82234467d8541e1eeb74205e931a253766c8a891278e02f081ec7ce45fae52337d22f45582e7609ca6c0c6fc

Download Submit
memory/1496-17-0x0000000075FD0000-0x00000000760E0000-memory.dmp

Filesize
1.1MB

Download
memory/2872-3-0x0000000000090000-0x0000000000093000-memory.dmp

Filesize
12KB

Download
memory/2872-1-0x0000000000090000-0x0000000000093000-memory.dmp

Filesize
12KB

Download
memory/2872-6-0x0000000000090000-0x0000000000093000-memory.dmp

Filesize
12KB

Download
memory/2988-16-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download