Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
03/04/2024, 19:11
Behavioral task
behavioral1
Sample
a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe
Resource
win7-20240319-en
General
-
Target
a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe
-
Size
338KB
-
MD5
a44888f03675f69a357d19adbcc220ae
-
SHA1
43338123541ff06aafb0d675c96548ec9384e835
-
SHA256
f7dbdc92a1d8c28935e36c18f2e9967735d9a82831dd86d09a6b1b0367ea0a88
-
SHA512
2717c7da72ef936a359433db349cba35dfb8eb6d012ead6b246e1dc3933bb38cec71e746a89b5ae9c2a91d2bb582eda97ffaca5bc673067a6a97c1f3e78e2a38
-
SSDEEP
6144:S8xsgaG4PT604cB4exGXoBJnxo2oEY2p0+X8:SYsc4PQc7xzor+X8
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
pid Process 1680 F4pUjWsrtzpIGKV.exe 1896 CTS.exe 2520 setup-stub.exe 1416 download.exe 1060 setup.exe -
Loads dropped DLL 14 IoCs
pid Process 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 1680 F4pUjWsrtzpIGKV.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 2520 setup-stub.exe 1416 download.exe 1060 setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2972-0-0x00000000011C0000-0x00000000011D7000-memory.dmp upx behavioral1/files/0x000b0000000121c5-2.dat upx behavioral1/memory/2972-12-0x00000000011C0000-0x00000000011D7000-memory.dmp upx behavioral1/memory/1680-14-0x0000000000400000-0x0000000000443000-memory.dmp upx behavioral1/files/0x00090000000121e6-15.dat upx behavioral1/memory/1896-20-0x0000000000200000-0x0000000000217000-memory.dmp upx behavioral1/memory/1680-238-0x0000000000400000-0x0000000000443000-memory.dmp upx behavioral1/files/0x0006000000018adc-273.dat upx behavioral1/memory/2520-282-0x0000000002B90000-0x0000000002BD6000-memory.dmp upx behavioral1/memory/1416-315-0x0000000000400000-0x0000000000446000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" CTS.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\Accessible.tlb setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.ini setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\removed-files setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\osclientcerts.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nst3641.tmp\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\omni.ja setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\application.ini setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nst3640.tmp setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\mozglue.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\lgpllibs.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nst3642.tmp setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\msvcp140.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\mozwer.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\libGLESv2.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\AccessibleHandler.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\install.log setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\ipcclientcerts.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\defaultagent_localized.ini setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nss3.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavutil.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nst363F.tmp\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\nsj66E5.tmp setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\ setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\nssckbi.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\dependentlibs.list setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.ini setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\IA2Marshal.dll setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe setup-stub.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe setup-stub.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\CTS.exe a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe File created C:\Windows\CTS.exe CTS.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b2000000000200000000001066000000010000200000001aa7fd43e1f9ab31d2256b2236f4e0ac5fb29c5784340ebb8f142cab04fcf296000000000e800000000200002000000095d074ce56df61afa63a03cb676345411a4ab21437ea483d85b808b0998a809e90000000be9f51daa51fbd892e747f1c4386368297778a4b725b9580b1563a72d915f9b7d5b427e4a6a18dba809278b0437c5ceb1cc616e0eb2ec68e18fe80dc43848c17ba939e251207895aef7d5d43ca406cbc4dad5e755e0222346aa82026fb2fb09fd3eec468dbdaac948e1e010b63351dc26c8082fc17b65d7b8c371454eea332bb655eb65265e1b77c47ca4d9dd44d4238400000004ab8e96c5e1cf7fc6ad38db0b08a554344580a3c3179403282680aa9ced1b733c4159e78f3d33fdce2564ebcc13c4e53f11b854204a8900fb418a9a51e6f80c9 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b133dafa85da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b200000000020000000000106600000001000020000000a3b9cb0792b0cf5803f40cba4e8efdf859e1ff40387120960b0877c8f97230f5000000000e800000000200002000000046c7744dc67087496bab75f70f4701c8bdec7019a98939f9241a8f50d161982520000000c6ccaac5fee01baca4def92cfcb9b4cb058eddff941ab0ba6529e6ac3089d3b140000000e142755a6fe86175a7c10c164f45c6ab9b9dd6610e4c1dd4a15827bd519c42b8c600d372ce06d304f430dba48e6e0f111e3a6c5415baa9d90cec39890e1b3a11 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03B6DBD1-F1EE-11EE-B33F-663D173F3824} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418333375" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 setup-stub.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 setup-stub.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 setup-stub.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A setup-stub.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 setup-stub.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 setup-stub.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe Token: SeDebugPrivilege 1896 CTS.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2520 setup-stub.exe 2604 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2604 iexplore.exe 2604 iexplore.exe 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE 2632 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 34 IoCs
description pid Process procid_target PID 2972 wrote to memory of 1680 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 28 PID 2972 wrote to memory of 1680 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 28 PID 2972 wrote to memory of 1680 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 28 PID 2972 wrote to memory of 1680 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 28 PID 2972 wrote to memory of 1896 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 29 PID 2972 wrote to memory of 1896 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 29 PID 2972 wrote to memory of 1896 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 29 PID 2972 wrote to memory of 1896 2972 a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe 29 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 1680 wrote to memory of 2520 1680 F4pUjWsrtzpIGKV.exe 30 PID 2520 wrote to memory of 1416 2520 setup-stub.exe 32 PID 2520 wrote to memory of 1416 2520 setup-stub.exe 32 PID 2520 wrote to memory of 1416 2520 setup-stub.exe 32 PID 2520 wrote to memory of 1416 2520 setup-stub.exe 32 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1416 wrote to memory of 1060 1416 download.exe 33 PID 1060 wrote to memory of 2604 1060 setup.exe 34 PID 1060 wrote to memory of 2604 1060 setup.exe 34 PID 1060 wrote to memory of 2604 1060 setup.exe 34 PID 1060 wrote to memory of 2604 1060 setup.exe 34 PID 2604 wrote to memory of 2632 2604 iexplore.exe 36 PID 2604 wrote to memory of 2632 2604 iexplore.exe 36 PID 2604 wrote to memory of 2632 2604 iexplore.exe 36 PID 2604 wrote to memory of 2632 2604 iexplore.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exeC:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe.\setup-stub.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe"C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe.\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/6⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:27⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2632
-
-
-
-
-
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize2KB
MD590e838d74e03cf142f1d3cad1eba4b49
SHA12af897ab68c07e2e801a9225b425928c67436d48
SHA2560efbd57897767db0ecc6862d65b8f44c5d2c1d1fbc894b8b2523bc7e9345a5c3
SHA51235a7b349e3c1771b967a5139e9fa5072487b6c39326641a44acab49990c96f8963baedf321e1257617be56be65d0ecb29a3a90a3570cf3274d3ad4fbee07b946
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize1KB
MD580bacc4bd83f10d7c0056c41902fcedc
SHA19792b89d2ce26dfb05d5612827ae5d1d13f20ee8
SHA256cdc1523a762e5eb3a40afa0d582b1ce5d3ce0ca608ae1389c7061e9629617c21
SHA5124a8181c9107ed9a95028eb25ea02d31f6a18448272dd65d4aacb00b0f4a1103e92c72d17d592b7ffe39f4eddd2b723f835316960166768378c8e6ca3b5d23d01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a3a1762ceb216806c6e4b9ca739a601
SHA1542a34531637b34cb44620808840e5e7c298c772
SHA2562f49887d8429467260138e0f93bf136eb3dfdb04fe7db3f6d56048fc57461ac2
SHA512e1bd4b5029754babc4d6fde9094c58ab0049d8ae3bb97f94f7a4b83f150f580f035007d488e863eb05281708ac44fde6131bc19d4c1ee8591274975465106cf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bea693d6ea31b08d0e3239a8391358ca
SHA138e6cab37e26337ea609beeeae9b3a2151c16ece
SHA25681abc34848bb9a92d08f0a020afcd418a4a692c8fec9e8175a7f87ce58741657
SHA51289df9a00ec4678df7fa44c70c612a35b6bc42dec69e9365169f97f70205b12a93694e4367efaef6dfd6f602073d3cfe7f741a60e46a2140347529b76f084b03a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eba1aada17d2146250ae58125122c3ec
SHA1fb70af0a13cf533429cecd0b082bd8a17348a590
SHA25606832822139e5b1ad229fa77580de520f3ab68210f753391cb7d33e0e093ae32
SHA51240022b2ac8f7d3d4ac2441a66b83ca586732f205812bb9b29579bf2bbdb30e4f04ba24db2060cfa49cc39b5ef249bf21be0f7052eb071d456a03639510888856
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dd04402aad527068034a964dd903f5b5
SHA1ed5638b6b07e8686736765890d8cbb005439b376
SHA2568d16b564f90d82a6c8eb38a4d1badb891a093b7b50f879501459d1989d75a11a
SHA51261bc331a398afcfb41c639fb7dc5ed16dc069eadb4353dc975ffab82fe249c6037b1342a5d5d576b9a01697d3ca0a4022e53ca9f36a7bf894351cb8786f8d10a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f8e610e80ebb9bcf8186d3a8de350b16
SHA1cf96054073f843ba8efd7afaf38eb7664c014481
SHA2560143349baaa23223d3e571c8664671c30f60e92eb6130901579e0829d78fa167
SHA5129945032647279b47ff748d457f41f75c70c0b9289e8ab77c2df6beeb1e0d233b2f4504dd1189fcbc97ebc02e95813650b2c6276375fc47790310dae21e39cae5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5257c3902244f059de53bef1dfa2020fc
SHA1e93e1d922d5b5c9cc6847c4e32ecc138c8ba4716
SHA2562647a758ceafbb2d2525e0c74f64649a1728846088fdc055aa5a33acb5decc07
SHA51208a2b814e064c1047f972ef4848d6f993b4f99a09b19574f6db3677060aa2e61abe0263300893aa87b978e2a47c8789b69953ee1dee1fbea9bd1c98f49c17ac4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d0c20a72d0e3d159cf13f926c1d1675
SHA1fd895e9c44fa574531c6cdf3da51924f4831690b
SHA256e1daee659a9da77235ce326ce03781a514670143cb1b04bd58877f4a385e1a92
SHA512d97a9bca52ea7dddca18ac5b459bea0dc6707d907b6ce4ec734b5dd0ecea62863ccc49c185cd0d00ac42df16533d321c7f7d88fe73aeb6caf591dbd2d0db27a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5adf1fa346838263cb801b3ecee7059bd
SHA1ce4620de49f8cefe9b0922016be0a6a40ca60824
SHA2567806a1f65c52eb88eb7c45f71d2206f37fa07bff6c08094c5e54fca2e7819631
SHA512603410d0650e9867d76c82bdf0f2c2baf25fedb681f885d4d0bb9f71ed09edc4f714041aa86d29eee2273c7137576f460b93e0152ef4600fa7097bdcb7eaa2a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dc66348a87c9db9edf53214e6c711977
SHA1417f1ab9930e02e18217fa4afbf88347e118992c
SHA2566827d01d6be8d0918c4ddb849e028a089935f32aa05313054eaa7824b6ee2d00
SHA512a2f467a632aded93c9547845a5b4664b444d6739fa5341f44bde5f84f830041b6b4798e3dd0e777e7881874e6d2d8bbf491301d8eb8c6193bb3160b98f51accc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51f98d0a629ac15cb2eea5281c72326c9
SHA19fe15e8abf0587b489b8f3b0914fb70b8715dfd6
SHA256be86162bc2f69e0f1b39602e31e5f53c5eb432d69f168a0884e2bbfe4eb30948
SHA512a120f38bea9ee29093ab6107e515b2b8760411c5c7b6becc9648c89bda243baf7632c4a1f777266c8532345e676e8514df0a8c71defb3450c916d43a5f1b6cf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c7b640f0de6a44dff0ab1b0eaa5067a
SHA1d54ac1c662a3384c5737d9e293b0519acf607cee
SHA256ca754257b58d3ee72782eb347a1f06cb5ace2b7771b3d09da034394084057b6a
SHA51224795d71f086137fa7d5c54006ec7ace27c6fc48c81c7bda3675732bfd4fb3d884d9eaf2fd798108f3dc6991144d1aaea5656e0d06011014e08722a9f5caeaf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b3261b8adf16403b8de214b2be7a1c31
SHA13161ec11dc1dd139f4fc1ac7d3090db422f8450d
SHA25648e42c04e380955d267904c2605d00e0f6818ab7efe4d00d9b3d3202ac7c3aef
SHA512ab15cd15f721876e5c81271e2d6fdf1f9805c96e729456cec4b8d5b9c318715482765d6277e887d275813fcf649c273633a6763c7e52a183d74d529d82d3969d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5071f92067cd26de037af706b028addcc
SHA1daa879a4f4eea86aa4abb4c2b96d9ba7d2d0ba48
SHA2563f5b9dd33461b9807114c750d3869ce86eec2243d95a55db5eb0e4afd235e588
SHA512f8145836fa021b51d825896b03cb9f7ae339d09ca3314416b02b399f46ee44fa20ee43cd6aab59d90d6ebef98d4d91992dd3644ae71f1caec41f090aa4a4d59c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534c65c6cd8efe7c6e807da94c4a00505
SHA114e86826ccb8d6afa2119709f48cee284a8a2294
SHA2564ed79ed5c72ee5b216c7603c1835f778cba82c82f5f5098381812c9c43a3eedc
SHA512d26b47c10a851ad52422bf6f7ae58cec7ada7a85badd4533af45216bef90b69fd115641174d8aff049491c7bd71ac6cf2bfb9198160fc2de97cb69a55d2ff232
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56883b1a14e763d1f8f61ce41a88bfd12
SHA1bc9382884cada657e0baff4c8f74e1da9928dca1
SHA2564adae269b348768101e5b04157f569b1e62f9f3389b19ca5624085e69ac6b20d
SHA512a03080a8931be0fe0023d205df7384696ed05add974197fe88d42332c0f2b3c01145448b7afa79057178f850dcfba8eaa06ae464b5e6a86a42555cccc3005273
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e41ab187327837be0a8cfa2079cc08c
SHA126047c6a1ce6b2a205ce1985c127f2a050f68209
SHA256184ca21cca3834a9fb85b0d54abc6dadd8b9ec4df93828d89895cb2afa987918
SHA51266e9dad2a330c681ee990701f93cc69feb87f7547c4126a0f8342551bbde837be82e05b59a2971acae8e44d4816defc40016f4a63361889452fe492cbaed2b70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d9b9ed11e9124f227b41f9caa56205d3
SHA18ae1162cc4a206196dc5423796782373a0f2ceff
SHA25655af53f79aa1bcb8754c956693a6dc2ca474b50de40f81b982107f33fba20de8
SHA512729129582dd3ea2e35b094678062ea5eacf30183f2b0e578bf8875cd9db274dafb50b74a6433ab9834c85f47fffd012c9a434045db09640656faf0fe07cfb53d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e3a7e659a6bbbe27ff9f83b0539a1ac4
SHA135d552c899cd6ad346f908ffa9d2d4f89d61e373
SHA256edb912b83ff085896e81653d1f554ea04d59bb82b3fa1e435ce0e3b17373b7cc
SHA5126518dd7f4e8d253a40838fce27215443371a80640e662c178ab098ed411b18b7587be3ac3faefef27da08adb0baf88ee57ec877742771c9fd64e0ecc97c25335
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a9f55abad66b558f1aae34a6a88437b7
SHA1b884c80be0bfcac7936cf4d29888b4a6454a5363
SHA256a41ec32e45c775617ef72a7616f672e09705d12f6dd1b83af1f4565c6b90968c
SHA512a11f1b70b066383faa9f59a54922128772a4b6231db40bf93649723893f71b4b4783213170b53acb498b7382a7def2805ad98b0f732224a283d6e3dcdc1b9c5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD585951d817db59e1e21c94711bb36b223
SHA1a3e3ab15b4f5330cd310ac3f054dcdd8833eaeb0
SHA25637894fd1202e78d8c8a9a577ce1f1256dfedbb3c0d7223e79c8fb01bb19f6765
SHA5129b69caf7e84178f22dc9bc4db39b600d2cdc81addc495ee9c8ef43cd2f1baac3a206fe3ec6bc65e0ec40f00243cdf3119f24872ebfb6dcf7dd3ce61bfbd740b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b4c5ca313a135d1cf1b049068bd88844
SHA1e6152490d95c228536598d3455223b83ee5d7557
SHA25696c794da9d50dbac0139cdb3142ffd3494724585d5ff50a31159a4ee0a86dc1b
SHA512a6b34327ce516055cd93e30bbf038defaa0ded1ce0f781ffb869475a4691808ab312fbe0c7b167509a761c6c1b238f7d1757bb54bee5ca2974c537236bb3299e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bb778a7d219565be74b469850a047e44
SHA16fd259b03c96e504bc33c70fd7d1db9f9d46367f
SHA2563c832ceeb022f84f0ae92ed62542522b6feda8a31becd5de52f5c391801d1656
SHA5126fbd33b60e9442a85fe808c1510f46f63e1087c89679977a90e63f0c0037b86a23cdb77456a102929f515b4a2a3fffeb8b8d369f49a62b6d92aa648ad6a1a41b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a6f8e6405aa768bea9aa6fc75363068
SHA1a1efe0f1c719334e0ad007b937d752af9ce750f5
SHA2563e1f872281b4552369ed074ff6252a68149fcb9733282a488d110bab93ffa717
SHA5129b4e2aad24557373024b61abd35a8fed789ce1f427a2a277b13a718879a56653c28c61acd774f674bb597bf52964222c64b054464ef3f830f9b2e15d583a185b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5462c97a3989239db46d1e03495d0da90
SHA14f7e80185b1c7f71aea0514743be0ca43255fc59
SHA256d791ae7fe1120152c559e97ff5131494e8a45839c90a052a46ddcff0ea9818bf
SHA5128a5b74a63dfa123784022e42247d5ebd06921cb986eeba0c75db303acedb160edfa150c1c37af4cbd1c09cbfb367375021b225bedd9d6c6812601f5516c37cbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5115383edfe9f2adb09172aa0da4f4a59
SHA1d39471fe8b3acd7dc7caa07e9dc665cb7a0e6a4b
SHA25644bc7eccced0c395692f42681638565efa048d59d357e599bc533cd545bbd902
SHA51241ab8fa579e07eb9bfeedf7881771b944dd7825c6a877c0308514d65fd2a6cf926dce18e3c9e9f290b134357676f2e33e4ac001e29e5691847a55c88842a3d97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize458B
MD5843c3f14191e19ad5156225b1cf6eda3
SHA1b3fe680358860572270de5622abd62c90ac52d25
SHA256408c00cf7274bcedf69b3720a5d96bfd5dd0367e8b2bba854a2b48b9b07f0cb8
SHA512bfa7ff0dd52fab0146810e82a839dcb23f01842ed18170a1759f8ea8ffbc9e5780bdbc65e8e7b80b1694db75873a29a30c708be6cac4ab6970e6bb2b6e892caa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize432B
MD58318b67122d9b329327bf7728c45dfcb
SHA1fe72620e23cfc57f3241494ae617af2eba0ee9e5
SHA25630b740adea6b95d66aa2f959bae1abbeba68c99d867827f6efc0bfbbf013e52f
SHA512a284480999f29d6ddb685acce4eca5a223614f0b8323cb51cfcd58d6fbb784a2ac9dad5498d71196e7ed4c9e2f23b236ec2fb1c86ba723bd2d5c3bbdeccc7ab0
-
Filesize
8KB
MD5e17234f39ab6cf20da3fe5531033c6fc
SHA1230bf8450fc5f05ea49860871de86a39067477d5
SHA2561a02e3d2c0ec55b156ba699fd0cf62c5ede802be4bb503b2bd39ca63f4e369de
SHA5121cacac234daef4700a024884daa45c6fd8593923906d6058f8a0711eaa8b9ade2217d869ade4ee806058c3b8e07c95329931933d04ed93d6843d78d3c01a4e12
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE0WTXPF\favicon-196x196.59e3822720be[1].png
Filesize7KB
MD559e3822720bedcc45ca5e6e6d3220ea9
SHA18daf0eb5833154557561c419b5e44bbc6dcc70ee
SHA2561d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805
SHA5125bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
187B
MD5ed23468cb20f1f37a967eb26f639faef
SHA15707e3d394b6a3e36e8b1e23317ec115bafa1e9c
SHA256812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913
SHA5129a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9
-
Filesize
57.8MB
MD51e27e7745bba839a11fde43ee09614fb
SHA18ea7d0013e5f4327adef0384427f14adf8d2e9e6
SHA2563d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906
SHA512bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e
-
Filesize
32KB
MD50e7e453ad39d8ea670bd958e9f9e4999
SHA1759a278aa63f98ea495c3f5f829f52d2b26885ba
SHA256a4bda0a7d0dbc07eb77195771d9ccdeb18d2d2e4d7c5a7e7028e771c6f567428
SHA51253803908c638e19b033ea1d190474a3f22c38a97b73fae77f5fd9b9287309918268522003aadfe34b42cbbc7428043712ff8f3ef191a14739031f231092e538d
-
Filesize
407KB
MD527eba7c268114cde294ba56de94c1814
SHA10a0bbce1beaadb36e92bbcd1ed7de601e79528c1
SHA256958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e
SHA5125879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98
-
Filesize
939KB
MD543947976824aa63f057de1ac7a99c377
SHA15f6d978b9bd3ad7e435848090d7d53e27edcf66a
SHA256c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531
SHA5122c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada
-
Filesize
306KB
MD5b1ec7bff4192f75a0a53608047a190e9
SHA17686a580333e8d60e1806418c8467e85beab4d2a
SHA256134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474
SHA5122af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067
-
Filesize
22KB
MD5b361682fa5e6a1906e754cfa08aa8d90
SHA1c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA5122778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9
-
Filesize
4KB
MD5837429ef2393bd6f8d7ae6ab43669108
SHA1bc1a6e461de60db2f3036778c761103c02374082
SHA2569e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5
SHA512c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1
-
Filesize
33KB
MD573a0bec837004bc5ae5cd0a5b0d3bcf8
SHA192cb463841b6adeecb8cc9cc8eb5f39a61dc7edd
SHA2560dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534
SHA512f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
18KB
MD5113c5f02686d865bc9e8332350274fd1
SHA14fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA2560d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284
-
Filesize
4KB
MD51b446b36f5b4022d50ffdc0cf567b24a
SHA1d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9
SHA2562862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922
SHA51204ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8
-
Filesize
9KB
MD542b064366f780c1f298fa3cb3aeae260
SHA15b0349db73c43f35227b252b9aa6555f5ede9015
SHA256c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA51250d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7
-
Filesize
18KB
MD5e89c7cd9336d61bb500ac3e581601878
SHA145b2563daa00ba1b747615c23c38ef04b95c5674
SHA256431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e
SHA51209485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f