Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 15:13
Behavioral task
behavioral1
Sample
e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
-
Size
341KB
-
MD5
e2d1fda785669f8fb843491a5c110efc
-
SHA1
a2afe6d6e5e4cdd98d84bb2f44561dee0cf1e96f
-
SHA256
e93ff48a56b972395fae83b84f2d8ad1ae60864cff663813ae22ecee5f2baae5
-
SHA512
096be38c19d3a7a2ae455a0ba381b9d4de26b5ba8fd69ed10e8f1744014f8838fd6db7786b928560baedc9f5be90fcb7b1d06e59a1eff167207ee01c9e693d54
-
SSDEEP
6144:hG1RlfGH6xTaBxS5TYl6CpDN0pZosGJHjrDxk0cAVUSBiwlqntENlxG+jCESLbw7:hYPuH6xsdl6CFN0fAyNSwwlqn8szwXr
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 1692 me6Mjo0ObYorpyb.exe 2892 CTS.exe 2068 setup-stub.exe 2520 CTS.exe 2648 1XP9sIAGVJbevop.exe 1608 download.exe 2960 setup.exe -
Loads dropped DLL 22 IoCs
pid Process 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 1692 me6Mjo0ObYorpyb.exe 2068 setup-stub.exe 2068 setup-stub.exe 2068 setup-stub.exe 2068 setup-stub.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 2648 1XP9sIAGVJbevop.exe 1608 download.exe 1608 download.exe 1608 download.exe 2960 setup.exe 2960 setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/2196-0-0x0000000001380000-0x0000000001397000-memory.dmp upx behavioral1/memory/2196-11-0x0000000001380000-0x0000000001397000-memory.dmp upx behavioral1/files/0x000700000001227e-12.dat upx behavioral1/files/0x000c0000000122df-16.dat upx behavioral1/memory/1692-17-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral1/memory/2892-20-0x0000000001060000-0x0000000001077000-memory.dmp upx behavioral1/files/0x0007000000015bfa-26.dat upx behavioral1/memory/1692-27-0x00000000002B0000-0x00000000002C7000-memory.dmp upx behavioral1/memory/2068-29-0x0000000001060000-0x0000000001077000-memory.dmp upx behavioral1/memory/1692-50-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral1/memory/2520-48-0x0000000001060000-0x0000000001077000-memory.dmp upx behavioral1/memory/2068-42-0x0000000001060000-0x0000000001077000-memory.dmp upx behavioral1/files/0x0006000000016270-150.dat upx behavioral1/memory/2648-159-0x0000000003710000-0x0000000003756000-memory.dmp upx behavioral1/memory/1608-194-0x0000000000400000-0x0000000000446000-memory.dmp upx -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" CTS.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" CTS.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" setup-stub.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nsd4CBE.tmp 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nso4CAC.tmp 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe.sig 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\defaultagent.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\mozglue.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\vcruntime140.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\msvcp140.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nsd4CBC.tmp 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\omni.ja 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\locale.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\defaultagent_localized.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\IA2Marshal.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nsd4CBD.tmp\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\removed-files 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\ 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\softokn3.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nsd4CBD.tmp 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\qipcap64.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\nsd9069.tmp 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe 1XP9sIAGVJbevop.exe File opened for modification C:\Program Files\Mozilla Firefox\nssckbi.dll 1XP9sIAGVJbevop.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\CTS.exe e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe File created C:\Windows\CTS.exe CTS.exe File created C:\Windows\CTS.exe setup-stub.exe File created C:\Windows\CTS.exe CTS.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418578361" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02a5e433588da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000030276504c73d97675ba00db122f261d106388661394f0bd2609b6222c7a39bff000000000e800000000200002000000023ab756c0368bef2e784bab2972d6a5f7ce6ef392f6a9ef7327fdff38448abac900000006ac15bc3cb49650533b89065da6cbe2d4703dbf1bd3a03d17840e6a85f05634cce259260d044b8eebb31e089ac0cdae59682390c38c0d265f7039970c2fec7c90638a4aef79874c72f61ac47438404baab6325a39a2d76fddf59d48b7eb8b905f8647be5055a92b0c444861e38dbd6179692a7a93dfab9297f18dca4e405b68acda914500f54b7f10923d38a90c9b688400000002644a336f161b3e57e3ec89b7331b7deb580f420fdd0af2d87b2c06fb08d84cd02af59e929c557ad7f83ad70acb896bbd5465589362fa51ef902e0ca29a4e3ff iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AFE9B21-F428-11EE-8059-CEEE273A2359} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000d454e907ddb3a90e5d0a592b34e42c4e13b4260a04c4f392d901ec77dc1148bf000000000e80000000020000200000009de5f18afe24fb348bbb1ef0cc0f10a982346c3a48ca80be6f4ac0639cd9ec91200000008f04fc3e666bfe01b4afd5e69e3a30da692b6e60eec3ac96a702a71d6fdef59140000000c912c9d2935f457314c435e51e7bb3e94aa454dc1f479e82ef65e16720c314e05acc6e86fed9c6d007a8ac3f76a600ad413e9f64be15e0719921eca470f5a7db iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 1XP9sIAGVJbevop.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 1XP9sIAGVJbevop.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 1XP9sIAGVJbevop.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 1XP9sIAGVJbevop.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 1XP9sIAGVJbevop.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde 1XP9sIAGVJbevop.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 1XP9sIAGVJbevop.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 1XP9sIAGVJbevop.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe Token: SeDebugPrivilege 2892 CTS.exe Token: SeDebugPrivilege 2068 setup-stub.exe Token: SeDebugPrivilege 2520 CTS.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2648 1XP9sIAGVJbevop.exe 2676 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2676 iexplore.exe 2676 iexplore.exe 2568 IEXPLORE.EXE 2568 IEXPLORE.EXE 2568 IEXPLORE.EXE 2568 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 54 IoCs
description pid Process procid_target PID 2196 wrote to memory of 1692 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 28 PID 2196 wrote to memory of 1692 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 28 PID 2196 wrote to memory of 1692 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 28 PID 2196 wrote to memory of 1692 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 28 PID 2196 wrote to memory of 2892 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 29 PID 2196 wrote to memory of 2892 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 29 PID 2196 wrote to memory of 2892 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 29 PID 2196 wrote to memory of 2892 2196 e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe 29 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 1692 wrote to memory of 2068 1692 me6Mjo0ObYorpyb.exe 30 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2648 2068 setup-stub.exe 31 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2068 wrote to memory of 2520 2068 setup-stub.exe 32 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 2648 wrote to memory of 1608 2648 1XP9sIAGVJbevop.exe 34 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 1608 wrote to memory of 2960 1608 download.exe 37 PID 2960 wrote to memory of 2676 2960 setup.exe 38 PID 2960 wrote to memory of 2676 2960 setup.exe 38 PID 2960 wrote to memory of 2676 2960 setup.exe 38 PID 2960 wrote to memory of 2676 2960 setup.exe 38 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40 PID 2676 wrote to memory of 2568 2676 iexplore.exe 40
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exeC:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe.\setup-stub.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exeC:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe"C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1608 -
C:\Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe.\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/7⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:28⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2568
-
-
-
-
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2520
-
-
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2892
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5c26da2d1b231266a9f5a28eb7db561db
SHA1d079c96e775116130942e195fb82dd2d61303b47
SHA25696748e92d588171886d3594523e9e1df14cb8664d3b9b8db5a49c72829f5c482
SHA51225eabaf36dddc853cfc7911e27458185a0f50aedf9ba732c298bd0f5e983c2ecd69f8f77caf98edd665a87637e6a15126766f180686de6bba7d8eae48a7ccd72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a3ae01630b9fc7b16b9a8c7b208fded2
SHA19e8bacdbc755b12181a912e329bdfe20eae91a3e
SHA256d5831de1957c0321ff00bd2f83944dcd3217077e37c6cc027a450a60689f8c0f
SHA5128108e2af2a440aef07439ae746ee610264f5486f0bb6894b70b048661fba8b8baaa863f453a7d6325c337952d36e61cac41703d6982f088faaeb66c0bb6b201f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e98d523fc06d5bfc2ba79a8111f5c33d
SHA19d12dc65cebcd9de3aa40b28afdb3e7d0b795d98
SHA2562e969814389fd8c38874c9669d0e526f1f9c7d4faef24fadf6b159bb5c4427c5
SHA512767b25e283e03e3ebb2e94fcd3d59f547b63c512b4facb48b6eed0adcbb1bf4f771719867c3af73431bdca9c09aa4c052f774bb4f152fafbcf37bbbec2e4f0e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51a93da1366f1db1d85eccfc14b8214b7
SHA1fda33679b065233b31fdc505dc008aa7217c5cb9
SHA256c2afca0d531250b8d941b750e46d4f5428141bbac259acd9d59f8f0c6cd42e36
SHA512e46e050f71446a4e38be1834f28cd292ad365d59a38a0c437f738c974d33a19784adebdf8b2ff0f601d4e11a45caa445e52a53c7cf256a818046a0d17c50fcd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b274e709f390e6e9fab9eee3a065710c
SHA14221c18184535d6cef667d486a1fca7e771485bc
SHA25632906e1f28768999719a5757977f4fcc1ca995de64f4f27278d524a20257bd50
SHA5128032e9e71aff62458978dbdd2ae66c220c4b9e942c17d6daf16ea19f0d3670df540f462dc3ea92c7c2207efee811c9cdcbf3cf4f8a3b474092fe9d3fa1d0d661
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cfcaa6e963ba55b4ba86ec3919f20f8a
SHA1ed6395218ef038f3ddd8293b3f4757476169f75d
SHA256bf1ad27b657904bf7c08092c3ee2b8410d945d3dd304eeb20540a06206caf989
SHA51261ce999e36b1c88b495e3de8ecac979c9b7e9403aea584644266cce90ad76994a8fde38ec9c3f195ddc98c7fccbe07f9b7a1d8d1cd8e1f0e058ea7c34b2d9cc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ebe074149267bc849236d8a6a9c602d
SHA1a8aa2e6ab5ddd59e0be6053985da78e3241f7ef4
SHA2569cf2d8335cf53bc3f3360098b1c4f815203915a484bfde84f94aadab73116be5
SHA512f69a1fd4a37478e2b418daee2fdc9d9dd1112c4349bfe5cf81575055756df0a510e6c00e4dac570b1978d9f610d1675eeb9350dd5895200b0b75a56023b1c97c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cb87f332e1733aea1dd6751a81087b03
SHA10cbab4343a051fbf6ee600ca5e80bf837f739923
SHA25605c98587f4ad78daecf78da01ed1fd6abca5e056091e75cb1903eb55f1ea424c
SHA51282d41a881c978c02eb7c02bc2914556e0de14a7732e7cf6d039542b4af773a1ddabb8979eac78807eb0301f04fc5406828bdd9a5f57dc2c28ca56d80052be511
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59e94fe798d27d91cf372d78673188eb5
SHA1f1c862b0f465f163c772cf1005f26b563f60e8c5
SHA25638123618445a203f53875e7961d72c7a6f25b7f486f1bd169ec22f518b2b3c78
SHA5122846bd709d975c0f79be5d576d93b25a3b59a23e35a6eeaf0b50d4cfaf979a108a5b034a7c23ffa9c40ca2d75e9bdcea4c18aaeaeb2e35b3e10b21c026d59fd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b57490106f632ac2f2a8b8fe661f5258
SHA16675b04d0fd8706e8606548a0d5bb50513bd1d14
SHA25686683109b3e41d48fb5f3148c66374665fab1c03b3d744d755c0c1c0180b5d47
SHA5126175bd880f35afdc04b9ee143f7883851070e902fcf2db3166c448058c4f616313941d43b4a9dcaa40bccf0773a6101f1cdcc44b3a9d56fd1b995b341a28a574
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5df4c0ed6e597303e98e8eeff1403be3e
SHA14eba9484bc909b646bbb7f74a162eb6af5b169bc
SHA25612b0425026df36ea54c23decbc9225b2888c1ef4cf75bc343b589a1d10e2791d
SHA512eb8f7986c6060830f8fbac29cef5fd1131bb84c3ec6640de85d83811cd1550cfd56c916ef7f3d084a1088f1af3e74aa435fc96710d025225247dd8985ad5f859
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5faec08626f6ec14bec7c5626d145e2a5
SHA188f8ad92fd32f63ae7342708151a6b30cc06590d
SHA25671d63e5f5f1eac3f9bc4f4c7b600b0e59fb609c27d8614441b7f051d1babac6b
SHA512be4f3997fb71371c967c77dc10c04bb4848e00a6d80280bebf6d71cd4b1bf9485bd95705d6ed6c5a076593619c6ca7b317315074debc702c4fa82412677f529f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD564e0062420874357725aa52a9ac85b7f
SHA1efd94e6bd8a7796ea8b0c396506f4a36c373a3dd
SHA25627a8a789045503f5c02485ea9e9b73d34760959b1fb1b1ab523ed681c6adaf0e
SHA51246b3092d64d34fd36643ad6bd623ac842dd13c5fc083e2f956df08b1cd6cafaa0df0cb3305f630e3aa5a9b7696c1ba6ba0f39ac31bf5c43d223660f7fc7a421d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aebc25814310b7546a60365999001a4e
SHA13f9b0c8d97f0da2a472a90a0cc67bcf1c756bec9
SHA25665cb09be353db6324fc4fa1a0f867aedfb7c861f8b1969c08f7062dbfecd1397
SHA512c648c0fc9980562549bc9fdb6407325030ef6a5dbb91e5f71438db126d4f9fd8516893e92dd683e29534beb3bb893b190b57b8635419b174669ca5a22690349e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56d3e08245ec9b8987b8e94dd1cd57715
SHA114d593d0b2b6e6ab15708be048097faf23fc40c6
SHA256d96a3e8c6be05dad05273c2f40bee2bf075cf2735814ede276dd326051d1a26d
SHA5122a9ff25f8e58fc56ef792aac492746b42316ea186c559d4c94c7979c3f3291c67c4f2ede35bea73c70146649b27c8d421c4a8c4502c1d0ef068f971eedbe3743
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c8e461cd508b513c2d20410e6198847c
SHA188f533a548a78eab58f87e170bb70d20feffb6f1
SHA256b38b4ce8bbf8b293f9c1d6699229e3e50b7b1203a694e31aa801cbb08c8b7850
SHA51279af3926ad9f9864040725adba5126d6bde854c28eb3c9d55671076eb5e2644374790fa68aedd2d0be51f550094ce927622323c351a9e46c3d84825de8a775da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51ecf62f63e6f6f79184d2358585eb93d
SHA118dd20f708ff5f0bce40b011e961aa0cd1753d94
SHA256b8d0107bf9eb2225ddd95430d641b78b3f17a3df3f1b441433f1a119813172d6
SHA51285cba22c9bfe0a6d4f449681a5360edbc79a59fc75a34c98944340f88eff974d9debbe812c1ad7ee14e8c27c7775cbfa281fa85ecd24391fe6f46562561ba2d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520ebbb6813dde7edb84aeecbe9e3ea99
SHA110baaa8e2c91b073108c6bb35fa979edf079bb40
SHA256bde19fec953a7e61cf23e0da483a1129ee9885606d9f3939841cf78815784d9c
SHA512b4775ffb6504d16138f071aa4f3f5d1dc119bc1f4c4d164ac75ba518ab1295f676ef9ec9f74183d80ec01e47d5aa3922888c0d7463104b5a7430294aae1c8e3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aa12d3dd0326b62839dde564942a223e
SHA1365d034315f6e2d390a2cf42109abf0ba477f4f4
SHA2569e92192601cdd41c4ad0caafca4d27634eee39c22feb5e49c2d4349b970a637d
SHA512c9ac7ffd8aaacbdbd1e4fd0f0731a653334b5130c4b4c5488dda5f1e951e9f4c6788e9c7db3b4daeda314cb3aad34dce98a614f6d8b7fe12e1279cd9b4ee951f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5328ff7127642473e0c4d4b1d08916ff1
SHA16665bad071c92f22b3fb98d34425707379867e70
SHA256578c9d058c6c6d270e8e90f6221e0235506a359173e20313a22a6f139f8c6084
SHA51226eb22926560884e2d2dbf65bab4e90b2a6e51c8c6e9605b0620c727682a6948171ea6ee07a786a22b48bd471aedb4707ed1424a8132a1f6a0a9161b27bad24d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e70352b7d1c338ae441d823d3f6db36b
SHA1d03835e9b6f26c582941db4bc26afd3a2270fdd3
SHA2568981ba0f5c7d5d9269b29237b57375ecdb80b864adc38fd5a99f01e67985ff0a
SHA512c7de7152ef377f5b231d02512248f8d2f3f4011a84353073b856e17df2116cfc26b52447e2bd069b6f3ceb6943fb0988bd9889d73cec07d59e36fc203fed8040
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55237f14c12f3d2a0c2c99547b1a1c2d0
SHA10866c984473f0097c8195b5a3ce192e47fa7f7a6
SHA256873ebebf8a8c6673f4b793784758a96a1ddba4bbb73d8139636dab3a5bf1bd14
SHA512a88aaa489bb736fb315575fb7013be805cb2269931bd1faf8d322b129f2869a1249f103eb167ff0d910673f0398e631a5d0185ad7289bf957cb317f99996942b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD527d38cab2daeb32d44c373d678316f63
SHA1a87cdc650f996219ad1437a5fceff101513c8f2f
SHA25698f58e704a6a96b436474fcef6a7a48785cd3c2af3e70d3f3a06953b687bde32
SHA512cb33fd9e3847f1009c6f3f7b25de9a5accff86f5669164c22ab48c506d190650c533422e613d2030f8f20e2cae5afbe09c17a56c43700c570f630e1043b0d418
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD583c8c221194934d6ea3f7f4f8ce7af05
SHA1ec5286cdf40c6eb44abbc71bb20a505aa3654dd0
SHA256e4f2d7945663b08fd2697662ef2d86922c9b9e4d3e966e7a77d6aac12e63c5ad
SHA512fb1339b14423b62dd6e0626444f73790a29a5b1273468fde4705f3e1c95fe75a5433170c92514b15e82538329da971267f33143d44a969476f415a150699778b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5233b87f19a5f0e36b43c03c8a4948ec0
SHA1e43a5d5fbf0605175bb82c981bc0d45e5c13af6a
SHA2562682266ce41964975cce46999e8aa610b898fba51a93a2a645785c797d97e0f2
SHA51208f89e371f20855f065f94d51ebbd2e46ce1d888a0a0ed94c9087774cc9090b8620ac8a434ab1af2754c71b5af7e74b5fb43dc59d19275af6213d612afb25cf7
-
Filesize
8KB
MD558a3964f08ddc05bddc4982091830da5
SHA19ae52bcf579d9d1f8a8e16aedc4abd356a2f5eb7
SHA256c64c79db16258532d3ec5c28d6965d961fe0202b1ab99a58375a7888ff33dcc0
SHA512ce34908adc92429f583ed40e143f1e404e03f948ca7bcc02b4dc892a6223557894a31bc579a8923f0c016bde030b4d1d68e2301693e9b112a778c9ad46a8dc8d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\favicon-196x196.59e3822720be[1].png
Filesize7KB
MD559e3822720bedcc45ca5e6e6d3220ea9
SHA18daf0eb5833154557561c419b5e44bbc6dcc70ee
SHA2561d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805
SHA5125bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d
-
Filesize
442KB
MD55e8603920f9fd39ecede163aab0c53c7
SHA11f686ce223269087e4b036e8fdfd9214d9b8911f
SHA256f3a9cdd9ff511cd504bc5ca96e280bbc166fa1d87e749a86a5d73d05cdd1f879
SHA512935b7e57fa7f2798f0ba1b9a0481a43ae60339886462c9010328335e833207755046449dd97885df86ac8d4d46f471d557ea4585223765120b9401b57bf04705
-
Filesize
472KB
MD5adb824f8f58ed0388893da04f9a1b57a
SHA1bb264f2110211abfb3cf33054b6c9f41df27b190
SHA2564359be2767eb11a1ae7387947c6542dfc5c5676fbf38ad8339f506b62843ae94
SHA512be24cb9ff23eeee96158df3b3727b2c9a8ac0bddc344d17930badad2b233251d9bfea393d84cddbe5ea519c1a5f88cec06068e96db4094f922ce64dfe9b87e24
-
Filesize
472KB
MD55aa572fb0291f7502da43467e0c56243
SHA1a0675c785d8c2ecde47c5cccf958898048fe3cc2
SHA256f367ce14664eb7f07e6cf99853697209f7c1abf470c501b30efae78c0281e5c3
SHA51216c3c0638b5ef21b3bfb84994365be3db3cea9ea6e4c8f04370e1ee2746b22c9ad3cf3ba6437e283a44285de46c67082fae6b6b2b4f747a05f470b2d3ed9c2b5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
312KB
MD578275c405670e0d9dd16481f26f5355c
SHA18581c6e6e7f239dbbba5083c65a76b3893515e3b
SHA2560d5d6ea5c85bce2ae1e9dd5a777a35cfe21e9f9526630d13cf1795c4fb32eeda
SHA5127cf9c4aa805cc0f161200e1e71f09eeb525d03d57f550062c880d63c13f7fd616613ab3630c7ba28cc84141390e55eb45bdde8e757c9fd29bbe8ddbcfe3a2d35
-
Filesize
187B
MD5ed23468cb20f1f37a967eb26f639faef
SHA15707e3d394b6a3e36e8b1e23317ec115bafa1e9c
SHA256812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913
SHA5129a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9
-
Filesize
57.8MB
MD51e27e7745bba839a11fde43ee09614fb
SHA18ea7d0013e5f4327adef0384427f14adf8d2e9e6
SHA2563d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906
SHA512bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e
-
Filesize
29KB
MD570aa23c9229741a9b52e5ce388a883ac
SHA1b42683e21e13de3f71db26635954d992ebe7119e
SHA2569d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2
SHA512be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5
-
Filesize
939KB
MD543947976824aa63f057de1ac7a99c377
SHA15f6d978b9bd3ad7e435848090d7d53e27edcf66a
SHA256c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531
SHA5122c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada
-
Filesize
5KB
MD52979f933cbbac19cfe35b1fa02cc95a4
SHA14f208c9c12199491d7ba3c1ee640fca615e11e92
SHA256bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f
SHA51261f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096
-
Filesize
43KB
MD5737379945745bb94f8a0dadcc18cad8d
SHA16a1f497b4dc007f5935b66ec83b00e5a394332c6
SHA256d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a
SHA512c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22
-
Filesize
7KB
MD5d4f7b4f9c296308e03a55cb0896a92fc
SHA163065bed300926a5b39eabf6efdf9296ed46e0cc
SHA2566b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83
SHA512d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
18KB
MD5113c5f02686d865bc9e8332350274fd1
SHA14fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA2560d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284
-
Filesize
4KB
MD51b446b36f5b4022d50ffdc0cf567b24a
SHA1d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9
SHA2562862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922
SHA51204ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8
-
Filesize
9KB
MD542b064366f780c1f298fa3cb3aeae260
SHA15b0349db73c43f35227b252b9aa6555f5ede9015
SHA256c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA51250d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7
-
Filesize
22KB
MD5b361682fa5e6a1906e754cfa08aa8d90
SHA1c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA5122778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9