bfb9b85fb5c0748ffeb13d1e08917ebe6f14b3bb17beff24685df416b5980c7a

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 08:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
Size

581KB
MD5

ed0219b7ae19954c6ba16f8b2d74b0f4
SHA1

5c508e9c3a00a91a871a6f36674fce0949944f35
SHA256

bfb9b85fb5c0748ffeb13d1e08917ebe6f14b3bb17beff24685df416b5980c7a
SHA512

db8fd1e7417761d75941d95ab629ee72db4af1c30fbb20501a4779c7b9b203a3da82601a9f2847cf3effaab117f5cc51dc25aa4a21a4b12c09cb07b09142d06f
SSDEEP

12288:uoMDtCi7NFlZnNqZ9xGrLpZ0ZHEqtgb0Uv:ufplNFgxG5eZngb0o

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1800	nbfile0.exe
2704	nbfile1.exe

Loads dropped DLL 7 IoCs

pid	Process
2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
2704	nbfile1.exe
2704	nbfile1.exe
2704	nbfile1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x00060000000164ec-16.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5307A81-F7DE-11EE-8A5C-CE787CD1CA6F} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000e4839738cb18cfd752b3f9b0cd4a718dcdc2e7c8691413cea437c875527de831000000000e800000000200002000000067130c08611fc524ac0be02b3de4e954ffbe63535da3d2c7d5a298fbca9ebb9290000000754e21c3f3fb3aad64197edc9556ce422843e3cc566c458d3e120cfe16915e75e2f471052df8df9e333caed25d5d8b0de328028b25cc56c0a8a7e5ac34706be4fdba00d432d148f8603f6ddc35b42fba3f15da7ac87f98feba41f4bcfe3b3712c3cea6d859788e75b951a5060aef0861b4cd48e86227433b3b2717d26b5eaa2104d1a7153dfc5900c3c878a827e8612e40000000288f04ce51b0dca28d1e1707da59e8a315a2e5aa2b51d4f9fb878a7646f0258499946b4ae661b213a6fef28f076127eba9f2c7a1d47798cb863f0c02d3f1669d	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418986587"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000b2b6ba158e802cce35c6f079e7ee4dcf3a5691c08a4ad4d29593c8414b1497ae000000000e8000000002000020000000fa313a887a74a91a1a870d217db46a8d711d82cda2e3f0e03a6ea08a48b357672000000045001f54ebbe86242aa64966d794ab42df660cb895495f7fa01f6c91654126c8400000009e3ce97713755ca649eea168af5501ceceddcba4675e069bc33788213487df77090b426f45265bdecb080cfb2dbc0f280b2b1395c9a18db3be790d3306a72d47	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20a66fbceb8bda01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1800	nbfile0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2920	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1800	nbfile0.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1800	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	28
PID 2080 wrote to memory of 1800	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	28
PID 2080 wrote to memory of 1800	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	28
PID 2080 wrote to memory of 1800	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	28
PID 1800 wrote to memory of 2920	1800	nbfile0.exe	29
PID 1800 wrote to memory of 2920	1800	nbfile0.exe	29
PID 1800 wrote to memory of 2920	1800	nbfile0.exe	29
PID 1800 wrote to memory of 2920	1800	nbfile0.exe	29
PID 2920 wrote to memory of 2652	2920	IEXPLORE.EXE	30
PID 2920 wrote to memory of 2652	2920	IEXPLORE.EXE	30
PID 2920 wrote to memory of 2652	2920	IEXPLORE.EXE	30
PID 2920 wrote to memory of 2652	2920	IEXPLORE.EXE	30
PID 1800 wrote to memory of 2724	1800	nbfile0.exe	31
PID 1800 wrote to memory of 2724	1800	nbfile0.exe	31
PID 1800 wrote to memory of 2724	1800	nbfile0.exe	31
PID 1800 wrote to memory of 2724	1800	nbfile0.exe	31
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2080 wrote to memory of 2704	2080	ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe	32
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2460	2704	nbfile1.exe	33
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34
PID 2704 wrote to memory of 2492	2704	nbfile1.exe	34

C:\Users\Admin\AppData\Local\Temp\ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed0219b7ae19954c6ba16f8b2d74b0f4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
  C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2652
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
    3⤵
    PID:2724
- C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
  C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\1.vbs"
    3⤵
    PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c43359516939dba05cfdb47c43403a4c

SHA1
2c8aacea398db8b22a7ed9d52d28147222b7fd2b

SHA256
1ff997b625ec4b9694f9a634f604c94b2d206539573ef435dfe600078d762ba8

SHA512
492dd39377385a00c6b5e29c6e4100223060a471bb342939f515345df12bdc738d19cbe446a1d500210a3be3cff0d9a065dc6a18f9d09067e1727c202ac2d4c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69679891821c7c559db20108fea1d909

SHA1
80e68d981eea3591ba27b97f6a52594026bb7341

SHA256
46f710286f690b918d37926fbd6e1153e604fb3ad4230832431ff291a166f3eb

SHA512
2be17da53f3f60f4b2a78e38937d6e876a8a37818497ca89f611589cf08a6e315c9489bca47c56e39b42d2aff3b1cc7536c2ecf6dc5daf91fcd61371225d71a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cdfcdce59611716974891ec2482fc37

SHA1
1e0c065c0cadb53f0e00395e5bca9b6a9d49ae04

SHA256
9c1b6bd73a84b2d2f14bbdcdd01aafb28d8627775a099b585d72506f19555fb6

SHA512
219e437e3d5f6c5f97bfadd242ed2560d104b0afb203f3d263bda130242cfa059591d3ab462170f06e36e3ae9a996aa3ec7ae2b6f688cdb26cc17d2de443b6fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f35f783f3952296dc6ca8ffcae93836

SHA1
2c70f823bc3121b29a2f538511b1faeb2d4aaa8d

SHA256
a975582202ee7eb0c70d6d3f7fc056e76680c50456192b9bb11603e44e332ec7

SHA512
cfc52ea3ef463d18fef0356d39ee849739f58d21c72e4f6b583731ca2d65f47a1224a2d76d9d32f1497de4a2a2c6456f602a1b2256a8d42c5671a0e47d3aded4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28083195d3b542ace8b9a0e4ed61dd20

SHA1
c2ffe04aace11f1a6bb12c45fbfcfbb6accc9e54

SHA256
59c98df10346ae3570ab6152f4fb65f5d7d6ecc668769a23b5b1874dbbaa21f8

SHA512
7962116b09c73b75682e16d441c60fce881e679a583d07cbbedd9d67aa90bd9385f730fa6f42c19243933c73ff7bc9c9c4a2497af21cc0962e2973b282aa3193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6598620d05bc6b60b222005fdeb0e3ce

SHA1
391458d33425c35a3cb00d34d3f44ce8eb1888da

SHA256
a47613627318810e66631a633826a82c4d0cd9d0834aa7bcd062b5c9c86e7a7f

SHA512
67205234dc8da4623d463e290825e2d543380f771ba77d5126972272f78ee348e11af1bd3c9ae7569af544864e078aba1c4ef9724093153faffaf91711b4c359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc363ef9ca26a6aa75d25db20e845ac5

SHA1
d969f9b2a4b7a9befb9a538b4cc5885f0940e21a

SHA256
e037024cda05c12a80322048e73639fb3f14540220ea973129b7a3cdcc92095a

SHA512
c5683cb0a62d6c696a271151e185511a3eff8fe5f58400cba8636594f8ea1fb65baa9261029f70c9f4c74e5660e3e17cd5bed6c6940acd991decb03a2afe0a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a633bcf8bab24de46f374ac9d9e67f7c

SHA1
fa887058ccac8ebd7170396da29c23cfb56f3dd6

SHA256
088c9acde33f54363c67599a6f0f69bdcf46c50846f479d621e269d7d988856b

SHA512
e03c3b2a6683990250306cd370feb3036611d1e02636bd813f3d9b71e415a41807d72cedba7a3bc74f20648f0a19c1b7022d5be2f7e2f2bf99fb74b72f2b5ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb297a4041e53c41bc17ff0e416592bb

SHA1
40dfa73279988023799550ee924e648a38206e36

SHA256
4420ff15fa37d6ddec07bac1da769ee4424352aa2a780c1a9e907d18e0634936

SHA512
492fc38e980b231fbd002cbe5c74e58816c3d08aafb665465f4738618e4f4b8fc7dd2590cb59de5cdb3671307560262782367ee8b4422dc8fb06166cc578e026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75a1d4fa3bc31b48e026c2099195d3bf

SHA1
9795e8978ffcddf5f7e5c0994c971120b710006f

SHA256
ca2e91230a86531215288daca0f6e1c41db72b741b9df974f8014ffb459411b1

SHA512
cf5cf7c27e5c4066e22a6d2586d22e03046a272d23a1aa29c323c9ba997dac2907e0c22a68281a1a859a0529f0c911d735ec376a81558ec98ededcd759f4ff9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a811a4937053052a6920bac8c57037c

SHA1
6f1b8d7751aeae4b4f47874de9f6a7d9e5161133

SHA256
16d495e6637ec46f2ac65072454c900bb8429b7670f69a2c7b806c011649d65f

SHA512
6c301c349d302eca9081678e8809441df4ee9078ac04feff0ad0285f633d9dccc0ae588f95611989f336b084be5e73f757692733a6ac901c0f5ebdf9f2a37b5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
204de481d4c5ee277db808436867718e

SHA1
a16cd04133822ababfb19d3a552a015e9b1c9526

SHA256
1f29c236e6efadb620113614e9d63240fa512ecc68b1e20af3f9ccb89c0effe3

SHA512
38bb2b78986ac3cf295d068bf942b4a9400498fb4a6821eef5c84a2563a0dbf59431b22b489e6b108841f0331bb2fe529b499a662c029e076d15539e374b20a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07f0e56f5befc3e82c295f868e9fd102

SHA1
ab23c0424232dde2872d3cf4a8ba74172881aae0

SHA256
93658ab030d316d4d88df92b9a0142b0bd7be46ff167f6bf22452b5ad9ba0cde

SHA512
2dbabda6b123e948c28045684dbeafdd0961bdd258090851de4af28a9908a7fd08a683041c1708d9ca2136a4547caaefeff018159cfe415d3fb9313045bfa238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa4303fb52615e71ca22c2f7fffef485

SHA1
b7f12b7f82290adc58395249bee969c23bdf1919

SHA256
45e6ecdd5b1d7c1ea2dd29b64126fce075baa6f9fa95034dad19a31d3b708115

SHA512
97ed3b4711f5a8f3b3976a2aba0a4bb7b2544040878fc80581053a25488cb664ff16c8ab10279f31d6fad72732a0f1ad50735c9d5756a135f2e1a926824b1b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c9c5573b092e1a3f6168a604f51e734

SHA1
5281e6fc54ee92b271e962507d716e3681df6679

SHA256
b3d9748d4808aa6c89c93996c043fd61b0b822ce271fc266f1d9b19155a357da

SHA512
3006fa2281ab426167fb07195943afaed27c443f21ec32727f02d7f3a25907e36bb91ed84cbd9fc660e99f9d9124d07d373d314aac69eeae3e189df073d1317c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b13c873dcd2b667011dc1ef408b504e5

SHA1
0aa47dd9851b77df26289a10886b3d20dd6417ab

SHA256
a6733250511add6fbe5a56acffd443124ef756ce3b295828b6178687a2470992

SHA512
d1a6471548ca3b176bb19f90b951f2c5c7f0dd84f7dad9a8cd9eef969673d6ac0c370fd7dd35bedbd83e7fa72d512c8807fdd482b87bac8515b6c6f4d59f5093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ca0c4a1490acf628a162f5194228505

SHA1
b1adca0f96db548aa19c75e20e521787f1e71524

SHA256
83d5e82c67df347f14eaffb97563b7796b18f8502263a676cbcaba3fec91695e

SHA512
0ec61b7f5a61d3fdaf27a9db9589e1abcff93b3f8e04d3b2b58a78f4c54c392bd41cdd1c73ad5b73ef12b10bbd13ce56c4ea2bb7d35f9ee3e79dbbff960a189c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7945e5c8baeddeda9f9beae50827130

SHA1
84b6138ed45c533f4e95916ed4ec1a39acdc010a

SHA256
2693c22d6307c7da70fab11da724e2579e44326f6a050e06d21a7ae2d048a055

SHA512
7b00493da9b8b3ac71872e6412a3f93366abf1a3c61acb152757759e65a44019a57bad1b43818e426bfa9814435e05b3fce46aee7e860250fffcd4deb7433e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e0ec7127efb4a02783676bb276e3f82

SHA1
cc699f255c9a7920c4fc4f8ff678a0a6fb8b3872

SHA256
dd2ac19aa2973377d7ff070201d500db8d3a69554cee60392f3a53af8678f434

SHA512
2ba884a2ee0f0f0bd0da9c6cbffb765c4fc006faa5f1ee5ec877d6fc371769e55c63cd4f40e6891a9cadb60c3301395c076a937ca57b702b86b18f0844693f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3C19.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D05.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D2A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe

Filesize
467KB

MD5
74869a0346ab36bbba85022612505121

SHA1
2cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a

SHA256
6de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a

SHA512
723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5

Download Submit
C:\newsetup.vbs

Filesize
651B

MD5
4736e7158c27f244482f5a614b9dbdae

SHA1
d3a0e95a81e9e3ec95cfd596b25749a0e24e27b9

SHA256
b8229bc8d6b0013858fb9599cb510afa4566a439164b2c7444c449540a124acc

SHA512
cebf895dd3ec3822c42b78bac49c685b063cb5afcbcfb3850b073cb118d086c5fa75ec50b6e73d90e14f2c6b595752ad87910b8cf27378424d72a9ea309bf824

Download Submit
\Users\Admin\AppData\Local\Temp\nbfile1.exe

Filesize
52KB

MD5
c4ddf11ebdbf9d8397d710d2cb4e2fab

SHA1
8008c97e7d6ff92deb3e1755a614f4afedca92b9

SHA256
67a632049e45c25de35b533659624ca24f8e70447abca015bf5776ce6cb3ded6

SHA512
3c9be7b92208e8c0f57ab8048108714e06b2aa896a479f61637a93a9eacb4818fcb25ce3d4e1a24086558daeae65d4b482b2c1cfba3df202c396e2bc218362e9

Download Submit
memory/1800-11-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1800-12-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1800-14-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2080-28-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2080-8-0x0000000001D30000-0x0000000001DBA000-memory.dmp

Filesize
552KB

Download
memory/2080-10-0x0000000001D30000-0x0000000001DBA000-memory.dmp

Filesize
552KB

Download