locky_lukitus | 9f641227b8e5e176b29630376a125949b22389b07253b664a44371642f1dc400

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe
Size

590KB
MD5

3bb08784ca43d644f60fd9408de9133f
SHA1

08b4199debe88d9b73a3dbe506ce7c6249537c39
SHA256

9f641227b8e5e176b29630376a125949b22389b07253b664a44371642f1dc400
SHA512

3ee94f28d095e46a0dee39a157ab122e2e3d67b3b3254a6dc50e3bd63f7141e1a4684f8eb51f560e47245ff8957ad5346f99b789264ab55a237c293cc1ea24e9
SSDEEP

12288:oguxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9i:8N5+f7t3cEFVq5Y0wu7zos

Score

10^/10

locky_lukitus ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2520 cmd.exe

pid	process
2520	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

Modifies Control Panel 2 IoCs

evasion

Processes:

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\WallpaperStyle = "0"	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\Desktop\TileWallpaper = "0"	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fbb714a2a4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000c471d2ee5ae492a0a6721c6b485caf6ed2e4d0e6a831dc7a91ac7f55d1ff7281000000000e80000000020000200000002c203fbca3c06a19098ca6aaf0e88092719de51de0f7d9c70c7f247ea6e5e12420000000f18a9c4656875688912dcc74c5dce2209774e401e176e5bcc2de79b32d908aa9400000006ccb674e056b070ee2cf275fc363734f804109139f10170baa2d548f23da996c939f495caec1b8ae772ac6363ccdcaf6e43c666e0a34c6f9085d9f55aa3ca2fa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000740afc9ef1159b5b8d076a00b205400e5c2cab2c05d77d10bbb67db2da5dd2d3000000000e80000000020000200000003b29ab2746e365cb68c0ba642c82ed829b0ae3a1095e4c7c67a1251a171bfe0b90000000dfe28538b5c2f7948a72713c8c940b37d97f22d2901558b2eb01c47672dfe60bee91003303c03eabfae1c451a29d0bf4f02bf83af831615f7065e7e5e21a7916ed6cca1d5ad911d1edf9cc43d4396d22df8335c3813fd9f1285354ab2cdf9ffe4b06a2fa97493de56f98f68c2e48c65d162861104ff2e8e4f03f74dc6ecd2e766ca4782518e049d3620b61180763b1ce40000000d9d18a3b1b856aa5a7a1ebc92b36da98c64ad4b0ecbca385cef618f04836bf119974329c37fab500290b942643beafb1d99606d5ac39ed5c3eb9f2bbc92517fa	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{405134D1-1095-11EF-9AB8-560090747152} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421703736"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

2948 iexplore.exe
2980 DllHost.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2948 iexplore.exe
2948 iexplore.exe
1624 IEXPLORE.EXE
1624 IEXPLORE.EXE

pid	process
2948	iexplore.exe
2980	DllHost.exe

pid	process
2948	iexplore.exe
2948	iexplore.exe
1624	IEXPLORE.EXE
1624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exeiexplore.exe

description	pid	process	target process
PID 2824 wrote to memory of 2948	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	iexplore.exe
PID 2824 wrote to memory of 2948	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	iexplore.exe
PID 2824 wrote to memory of 2948	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	iexplore.exe
PID 2824 wrote to memory of 2948	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	iexplore.exe
PID 2948 wrote to memory of 1624	2948	iexplore.exe	IEXPLORE.EXE
PID 2948 wrote to memory of 1624	2948	iexplore.exe	IEXPLORE.EXE
PID 2948 wrote to memory of 1624	2948	iexplore.exe	IEXPLORE.EXE
PID 2948 wrote to memory of 1624	2948	iexplore.exe	IEXPLORE.EXE
PID 2824 wrote to memory of 2520	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	cmd.exe
PID 2824 wrote to memory of 2520	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	cmd.exe
PID 2824 wrote to memory of 2520	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	cmd.exe
PID 2824 wrote to memory of 2520	2824	3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Enumerates system info in registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2824

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\3bb08784ca43d644f60fd9408de9133f_JaffaCakes118.exe"
2⤵
- Deletes itself
PID:2520

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c774ae66145a15ca24c534a5c1df62f9

SHA1
762eb873ea18177aa93461ea5ed9087fb1c67d92

SHA256
217a5ad0a87fbf96b9ddea145972bbd89a43ef1fc156de95ae00e77071276ea2

SHA512
cf7ef7a404a97fec1d5c380b1203701cecdeafe0584e939f9f010d3f99626acaf55f0a4fa5ff0e83042a10fd6a7b8f9d50fd3caa463020270089ee6e88463b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9b3698ee5b69e913337f64e3ebe9b0c8

SHA1
76b94824a3b2e40f0f2b26b6499c8994d84250be

SHA256
d22804f080869bc36bceb3959d7b76dbc09f7b0847554d0b2cad94d9f304d32b

SHA512
86fa23a11aa3988f9f8288360eab2b5762fcef17b0c93d0e5ce66866bf540b08d040d8a23283e6cb8ef41d54078998ab937c2da1204520bb4deb3ea4b4e718b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b57bab4477ad90a92d163160cbdaaecc

SHA1
c539d1ecb6c7b5d79a52e35b83866df9a4a757e2

SHA256
2f5a01a4a0030d97dde3fb9c86cffa6c71a416f8b1bc66b6dc8f8630ac7d5330

SHA512
42f546af70fa61a3b589714b43bacc9cbb3cdae1f37e114c94ffa6431cf34261ea467637b8c4dabbed40783a59b62f3c94b6ba079a0e4a793ed2269e8bf43f21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b6c85d7ee334e8cb9b890ace2bf5b4a

SHA1
fdbcd4ba7db4d88951e72e71d4f67f1badc68930

SHA256
94f91140f954eebae18c6791ca02d6573b6667ed791278e4ef9bff91fdec249e

SHA512
c00bf91510bfb5419af2995270c4cde61d515756a9c6f29b4520023ebc83652550fc2b8232681608de883e0a7414307ac4c5e5309a2734f2e719bbebb40f81a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4a378ca78d833591015e4f2740beeeae

SHA1
1c7559f254727c3c8826fd242e9390036ffbcd45

SHA256
b1c64bf618a322565017caca301d035bc6fb99c766a97a12519d5e9f0f7623b3

SHA512
7df72fc9e0208a7f53e4acdab514fc111760848b860d8539866fa8b8065f40bd7354526517c27d4bd11e8449d755289e6376bb5843e0e22ed8cf936ffc7c1c90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
eae093d425e7d01ac4d1b730cd1dc4c3

SHA1
783ae13383762cd38ffc7e48affcd1d9729ccf9a

SHA256
fbf66be10f62adf4c379934170fb952f9a3a9e5e89455e35c26af40340ce14c3

SHA512
b782821cb8f4cbc708f6cebde5dd12e00e1329f2374c2201f8e4f4b3529685b19c50b92f9c5fcf5de65b14329052b43017b0f06dc6ab80ee0e36c3ddd4c5deb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
03b6cad75ada344e14313b6fba844424

SHA1
e615657be1ec0068c5514f281b1abc46e6f9594e

SHA256
4138ec830d84c1813e2a5270e69c28759a06e4b3052ad9c60cf63df04143825e

SHA512
4e529771019703991886a997a99f0043c4bdc3a12a35e015565281d34068de1d22dc3c5659c0e4040f09e1608af989f27da95f848a4321425f1b906fb0d7fcda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fe28db04fb490e5b6487f605f4f4c503

SHA1
9e1c3ca71bb9b9138829de41033d35ee44c32ea8

SHA256
ea342125764f12fd39550f74c3d722e1a895a3679a86fbcf45e76ba267753ab9

SHA512
4486013a4d56da1e4de8541a0a902f189c707e6ba9b5303a7b53fafa9f298468a4855a1aacf97009f32eda828fe37155b730fe07e108e8fc6683e1e2455d668c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0658f1b15afde08311e22440f27f4196

SHA1
160aae9a348af5126f5812b4b661ddbb25bb4d8e

SHA256
555c5a3263e0a6c62edf1ac93fbd19f6657036ba46ade176f98763906b9ae9f1

SHA512
de363068b574ea1c893452c8ce99b0150ff6d4a5245bef13f4e51fa26d7f99d087a0730130ebe592f97124c9170a82fe33f1a570412f113a44c36d22647f4490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0566e88c499269fdf5953851b1ba4285

SHA1
c3240152070a3f9e3b833357c0d2335b875128b9

SHA256
72c9a8e8c288199ff3e10903db4cd014ac4e11eae33755cb216b662191c96f53

SHA512
e69549d669de829bf9324917a0afa1a3c576f91a2f12d0dccfe8ae94338c5b5670cb9866442c89796bbb2980ceaf651e1fe67a22adc056b9cef9e4830473903f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a8c600554504c8eefea815fc20dd417

SHA1
f01f086630f25f8009b208154652405cf894ee5a

SHA256
c06ba3683d62e9a1b1470e18f385a3779731e620099e896df86f4caf884d9173

SHA512
a418bbceadb45d9c18b92f12502a18267a8504d822515bfb60c441b88f31a66878a31036f04b24c7d41bb2fe768122cc5507c1193c57ffa4a49db54b0eb55e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0021ac691f391cc31061004f15138fea

SHA1
ac7d48cb91e11849a6115c079a1fa161e4d7816d

SHA256
341e003122bfcde9e365f07fc302a5e04f75f5f24e63faff93914feba407ed37

SHA512
a669d13b5f03987fdcd2633c03c497422d5e45aa62d5986e33a2271df94ce8c8dbe3edc08a380d1807a8756eb198b0799002d5c1eccd73fee8767a58e38cbd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cab87449ffc57bda0af9f1a4a7e0a06e

SHA1
67d8b3046956f3d162cc63c63958b76bf7692b78

SHA256
2f9c7337f04f15ca15e5c3559c53d9d43d021d53f956dfd89bd1732a2d43bbfe

SHA512
99a82122559297561a81787e26a4f2a4cc9f3c0e4cab08e0cbdd4384dc3031220dbe081d0b49f3ab2879d0a5789d2643f513ec4eb8a32d1694a9e502bc037809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9435bdbc45191f4de15d38a7a859ab2b

SHA1
ee910d68df669be2b3996222437072a7b190840f

SHA256
a51dd97238dcea7853d08c3e56a48aba8e55f1534ac49acd2712bd2109ea19e3

SHA512
6106021c27ab3a96e8200c499fc32ceb5c546d73ca93601f542b6c5d996a2d4ebb4adaef77f8600e2159bffc11975c016a88c350771e162d4441d40fc8b6e876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d15273425d798aa2b90f3edaabc7147d

SHA1
81665e351907f2d36c8d3fdccff1405ad99043f0

SHA256
1d3ae404caf5eaea3b707f500d06b476f282fc0f6f9cc161163f260b18f92a12

SHA512
0b65e59e20aa9a2445886db3b2f01c239479b3288322026194d3832f0ee52b4f830af7b7ea12ff43cd5df2a56e35988203a1f6603d1ecc1b035dabdfc58f8e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
369a83e4ea73a552477ff9bc7d6b91ff

SHA1
db06f56d9834557d2e9b7f3fe20208903ac2c641

SHA256
b4a990490604f8a6880a88c7a6dcc700e9d215de7addb251fb6388b4ba9c24cd

SHA512
c08f9e921d5d9cf434173b2607bb741fa27bfc860d9fff6d277cc8f2b84b888049de51d679a4d726f7ff82357336addd1c6cb90c88a9cda3bb89f4c830c330fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a731b36c27c1084e9189c6396733a515

SHA1
a9312b7c55df09afa0b0f49bcbff9772bde8a11b

SHA256
098627cf7f656b9f75cdba8f654c6097a154660c914928eb8b95d8e61002905e

SHA512
2b136ccc29efb9ce167ece082e22635c78eed8bee0e587439797df076fca1cb06212ecd62deee59fffdf1790a232ae23c3ae94176b82b83df17ab7fbc938a8c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1be41211722a4d351391a1fa83551e0b

SHA1
9597c967e9d37e427f2119109ff6347ab35d86bb

SHA256
744b621d1aa6d5a287117c82e5f788a21af8f46be0868191a6b7462f520953b4

SHA512
5cdfba51bc4fc132b1e380a1d11a5b55f39d598c6828f809d1fc1300d7a5dd03365de84f6d1eac4e63b9e6348b90096502335b35af2ed4ac4937496fb72cb996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
22b1efd4c1522b77d5d6d069d075634c

SHA1
72f5ecf8c01d1a7fbd53bcfb1efdea1d666541dd

SHA256
539ee7501cbfc6978e965d3f74c6ad07ebd8c4ba1f430335068541a83badc68d

SHA512
10942fbc912cbee8784b0bf35b79b0b781d0fd3cb53b0f4f180c56c81c1639ae9a6c900e7267ad308ac600a933a3d6837cda09acc3729d697e20e7b7803eab3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39F7.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B08.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp
Filesize
3.4MB

MD5
1dcc92463e2f5466d55230443c0d9325

SHA1
87060509b8bf4bf6ecb4f0f3916f233f03805f3a

SHA256
aab0f71ff336084f6982f19292383c9755c212fa73d3f625cbb1d6bb11c1e36c

SHA512
fed53c95c6c49c33252ca8a5230a6d55dc69ddd48991c3e574356e5c51ebf35ae2ac3ec0d5732203d59705e25bb74266c2510c133117e77328c1bf1d5a554572

Download Submit
C:\Users\Admin\Desktop\lukitus.htm
Filesize
8KB

MD5
4c1551b5aaff1b1d330e6d0dc0c8b945

SHA1
513e7009a4160fee87cc6328dd8150df5be60138

SHA256
0686b50e61ee119cb21712b3d39abb7e8588cc1e3ae2df7b756e0f6bc655792c

SHA512
fb7c21f1491148b1f2605be4b1036507904cdd94ad31546cc8ca51c87e1f220178d41319a45de061d5e9131161dca48d9711543d28e87d80fe1eb92b1a686475

Download Submit
memory/2824-4-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-5-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-8-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-265-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-273-0x0000000002B20000-0x0000000002B22000-memory.dmp

Filesize
8KB

Download
memory/2824-277-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-3-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2824-1-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2980-753-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/2980-274-0x0000000000550000-0x0000000000552000-memory.dmp

Filesize
8KB

Download
memory/2980-275-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download