df33e906ce0b0148cc1be8daffa51775b4a806eb1745385fd4eaf1c2c71c45e2

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe
Size

31.2MB
MD5

6874bf24021cf66d0d0138a422888a09
SHA1

5a7bf50d35bc8efecdb6695d1a4635c8158121bc
SHA256

df33e906ce0b0148cc1be8daffa51775b4a806eb1745385fd4eaf1c2c71c45e2
SHA512

01f6d1d4d2ff05c6d090a8e2baafb8fb4737a3c53bc5daaad9eb26d79a1ad0429fffc12852eb74caebcd5b9dd93078901447097ac3c571f85bc76e7b63a9dada
SSDEEP

786432:8F0kLl8G649CuV9VYIjcBoMIB+sxtq6MNOHCFDNkk2jIejU/zxHytx5:mRS49Cu/VYucBoMIB+wM3FDNkksIV/zS

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PDFCreator-5_2_2-Setup.exe6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	PDFCreator-5_2_2-Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp

Executes dropped EXE 6 IoCs

Processes:

6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmpDownloadUpdateInfo.exeDownloadUpdateInfo.tmpPDFCreator-5_2_2-Setup.exe7z.exePDFCreatorSetup.exe

pid	process
2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
3464	DownloadUpdateInfo.exe
396	DownloadUpdateInfo.tmp
1248	PDFCreator-5_2_2-Setup.exe
2588	7z.exe
3968	PDFCreatorSetup.exe

Loads dropped DLL 2 IoCs

Processes:

6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmpDownloadUpdateInfo.tmp

pid process

2696 6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
396 DownloadUpdateInfo.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

PDFCreatorSetup.exePDFCreator-5_2_2-Setup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreatorSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	PDFCreator-5_2_2-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreator-5_2_2-Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	PDFCreatorSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreatorSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	PDFCreatorSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	PDFCreator-5_2_2-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreator-5_2_2-Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	PDFCreator-5_2_2-Setup.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

7z.exePDFCreatorSetup.exe

description	pid	process
Token: SeRestorePrivilege	2588	7z.exe
Token: 35	2588	7z.exe
Token: SeSecurityPrivilege	2588	7z.exe
Token: SeSecurityPrivilege	2588	7z.exe
Token: SeDebugPrivilege	3968	PDFCreatorSetup.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmpDownloadUpdateInfo.exePDFCreator-5_2_2-Setup.exe

description	pid	process	target process
PID 1180 wrote to memory of 2696	1180	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
PID 1180 wrote to memory of 2696	1180	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
PID 1180 wrote to memory of 2696	1180	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
PID 2696 wrote to memory of 3464	2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp	DownloadUpdateInfo.exe
PID 2696 wrote to memory of 3464	2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp	DownloadUpdateInfo.exe
PID 2696 wrote to memory of 3464	2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp	DownloadUpdateInfo.exe
PID 3464 wrote to memory of 396	3464	DownloadUpdateInfo.exe	DownloadUpdateInfo.tmp
PID 3464 wrote to memory of 396	3464	DownloadUpdateInfo.exe	DownloadUpdateInfo.tmp
PID 3464 wrote to memory of 396	3464	DownloadUpdateInfo.exe	DownloadUpdateInfo.tmp
PID 2696 wrote to memory of 1248	2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp	PDFCreator-5_2_2-Setup.exe
PID 2696 wrote to memory of 1248	2696	6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp	PDFCreator-5_2_2-Setup.exe
PID 1248 wrote to memory of 2588	1248	PDFCreator-5_2_2-Setup.exe	7z.exe
PID 1248 wrote to memory of 2588	1248	PDFCreator-5_2_2-Setup.exe	7z.exe
PID 1248 wrote to memory of 2588	1248	PDFCreator-5_2_2-Setup.exe	7z.exe
PID 1248 wrote to memory of 3968	1248	PDFCreator-5_2_2-Setup.exe	PDFCreatorSetup.exe
PID 1248 wrote to memory of 3968	1248	PDFCreator-5_2_2-Setup.exe	PDFCreatorSetup.exe

C:\Users\Admin\AppData\Local\Temp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\is-EJNRH.tmp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-EJNRH.tmp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp" /SL5="$401E6,32138616,57856,C:\Users\Admin\AppData\Local\Temp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\DownloadUpdateInfo.exe
    "C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\DownloadUpdateInfo.exe" /verysilent /URL=http://update.pdfforge.org/pdfcreator/update-info.txt /Filename="C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\update-info.txt" /TimeOut=30000
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\is-M8KMM.tmp\DownloadUpdateInfo.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-M8KMM.tmp\DownloadUpdateInfo.tmp" /SL5="$6016E,269828,56832,C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\DownloadUpdateInfo.exe" /verysilent /URL=http://update.pdfforge.org/pdfcreator/update-info.txt /Filename="C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\update-info.txt" /TimeOut=30000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:396
- - C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\PDFCreator-5_2_2-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\PDFCreator-5_2_2-Setup.exe" /SL5="$401E6,32138616,57856,C:\Users\Admin\AppData\Local\Temp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\PDFCreator-5_2_2-Setup.exe" -o"C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\PDFCreatorSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\PDFCreatorSetup.exe" /SL5="$401E6,32138616,57856,C:\Users\Admin\AppData\Local\Temp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_5ABF2B93FF506722017092AC4D4208F7

Filesize
727B

MD5
fbf8a05290e7c801e350ec803f324938

SHA1
7f87a22281168aa4a7853b52caf6f9c1128107dd

SHA256
9708271b5fa5556ecfecef3b0a52dc0b7d76cce33713f7b342c83bbb6619af5a

SHA512
71b9db529c1545eeee1009fec0ab324d6d15a439eece566b1ae9732e31fac32045868532c612ffb6231aae3c2da9242cac221a03b34979f69505845871be3be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
a90ff749a13166b81da25cdcbc82c54d

SHA1
a09692688b0a86d9e06b6a3697d2a1793f367961

SHA256
4b1553fdbeca127a257bed3bd232cad24df64166cd39a54159893d5c350ac742

SHA512
54dfe43bb1c88eac7d29e641171a27f72270bea50d3d989217f3a739943f4a3d751689dab68319ed7e800986cac1c5053305252a5f92fe14f1566f425f7994b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
3f78651552686e4bd6152cc377f4ae9e

SHA1
c72aa2909032f15a000ca0a4efb2336e4d3ba6f8

SHA256
c7def63956ae09680ecc8d428d435ceb8eb176964b188d37a9fc703f2ff27e97

SHA512
7c2cdb2ac606ec9202d216cac17108b53ff5fa72954b4c7e7cbc720b8fd2e47666d6a03cda48d6afd730094fcdeaf1ff18382497a29b33e4208b65a2add94fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_5ABF2B93FF506722017092AC4D4208F7

Filesize
412B

MD5
318211dc8cfd6b54388171158bb22c36

SHA1
63f3797ad87d514d17573bfd3392cbea1e4d1dcb

SHA256
a44f72187b72fbed0965387e82e326d7c8abbe03d96186b0d9b416a9859c42e8

SHA512
b51634ffd953671101effb0527b98dc699792a82848f32f191531ed6738724ed28d151ba41e4b7a04351cd3d51b168d7c8dad0c40bcb2fd95d0865ed1eb74592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
09ec2f2ec3a9279c122b2c6856d3eee4

SHA1
8082567a6bcf62d3b1001e4d9998f96f5ebcf692

SHA256
cb35b0093452b1275bf4518edfa09275e81b4f65232b0da630f7a03dedf329d0

SHA512
c18a39f85e96ff5a9aa7bda8b6f1833b09b494bc0d23a0466dc212d03f45d867a1e0ebd56ef9f8d3433ae24cb58d1056bbfae44a5f1c1103eacbfd466acad28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2R8PR.tmp\idp.dll

Filesize
208KB

MD5
defd46ead6e1bc077f3a68c1b30f7b5e

SHA1
1fc954f6b23b7a5254fe4b92f98a752b10386e1a

SHA256
7ea855153f3f80d22d39d60af091c6d0d38bb69908ee9ed87aa96aee46f6f1f2

SHA512
96d6b1500fd69473e0e31fd62d07238cac56cf93a1cc298cac9613c9dc8f8a6a6ccc2b697c226501893a064fbef4936afd8b6a089bb4826cdf26f4c847e9e6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\DownloadUpdateInfo.exe

Filesize
512KB

MD5
8a989a0bedf3f1038ee8914b2f35c905

SHA1
632412e347981b0613201508b5f25b9db847fa6c

SHA256
f2c1eccb3f8a947633fadf1b3018f409e0f8df0c510314bbd914bcbd4f179b14

SHA512
7f922e0aaf0e939d3b9caa8844f67d0852da392c3d17134d30ec2cbb503b972fc09164b304714e1e28ec1ba81597704b68b29e2b65800d0dd967f7b02678459c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\PDFCreator-5_2_2-Setup.exe

Filesize
42.1MB

MD5
6650efdd8c27de433fe45a732d89a7af

SHA1
d2a324f6b2b01fad4be9e4bee322587c5ef26236

SHA256
68fdcbdda4016b6c2bc81c2e2315230840aaf21331b3376daf12c314634c1489

SHA512
eceb244e19045ed17be3b345c8eb44213af0df637ccc06f97b339a4e92cc7af262a6f4b28a4c58f1a0a2a629292cba4acf9e3528d733d3328cd8ee9783ed06c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\idp.dll

Filesize
216KB

MD5
b37377d34c8262a90ff95a9a92b65ed8

SHA1
faeef415bd0bc2a08cf9fe1e987007bf28e7218d

SHA256
e5a0ad2e37dde043a0dd4ad7634961ff3f0d70e87d2db49761eb4c1f468bb02f

SHA512
69d8da5b45d9b4b996d32328d3402fa37a3d710564d47c474bf9e15c1e45bc15b2858dbab446e6baec0c099d99007ff1099e9c4e66cfd1597f28c420bb50fdcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B8G2N.tmp\update-info.txt

Filesize
288B

MD5
3eb589fac258c60443b7b482dbf694c5

SHA1
c2491813dd2e00cc6cd8e4c9eaa372c951067a12

SHA256
4b3db52281bec00299ce42ebde6cbae28d1aec991bfd7de90e4c701b134c5697

SHA512
672f368e09d5ce055fe993919e8ef7de6bc8fda637dd3ae3b5b0daf8206ff41d4ea5af9524736baed9b219d92bf19ccc38e137a21ef465909fa2fab37c8a9974

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EJNRH.tmp\6874bf24021cf66d0d0138a422888a09_JaffaCakes118.tmp

Filesize
697KB

MD5
832dab307e54aa08f4b6cdd9b9720361

SHA1
ebd007fb7482040ecf34339e4bf917209c1018df

SHA256
cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

SHA512
358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M8KMM.tmp\DownloadUpdateInfo.tmp

Filesize
692KB

MD5
2c10db017057dce22651243244e4fee6

SHA1
b8ea54a0cbfa98bb866d19e5b800769eea24e881

SHA256
e442e83c27e94bc37eb6c02411a88edd8cb83777d50312b9ef7bfc214c4cc7b2

SHA512
5f9e014129e4077e8e4745ddc8580890048f09f458d2dee2f3833931e29b6be89cfc7ef71a5837689dd3d25882ef0601ac13ddf36a2b8805092d7cd956e5c8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\7z.exe

Filesize
676KB

MD5
2e3309647ce678ca313fe3825a57ccb9

SHA1
792fdeccddd3cc182eac3a1ecd7affe5b48262c8

SHA256
e6855553350fa6fb23e05839c7f3ef140dad29d9a0e3495de4d1b17a9fbf5ca4

SHA512
5eb2af380fed7117d45232d42dec4d05a6f4f6cd6c7d03583c181b235344ea922290b6e0bf6b9683592bccc0f4a3b2b9b9fd7d41fbfebf1045bd95b027539dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Banners.dll

Filesize
54KB

MD5
1959f4be85635e2188407bda4c87747e

SHA1
8d54ec03f68503ed204888149ac017856a7c7568

SHA256
b235334ed8e95c4fc10638a4dd68fd08cbd5f5be9bc4439af6284bf4c6d0f263

SHA512
85b92c9ee1435e002ce9d42edb6159142d6171444f236e3b0d9927aba76b60d5ebbb524cec1040ee28b3527c2171c33d8a369dde420f0fcbe2ad066102736c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\CommonServiceLocator.dll

Filesize
9KB

MD5
7072bbdc5f778b5fbe6d4b628ca1a4ce

SHA1
48786a00e787e4c2a7ceb848d89f0f7cbfda8121

SHA256
32f6701c64317249df8e95dfdff03789f2c2bf4124b8769558ff2624c56a504b

SHA512
75a8a7067035636f6d6240998be0357989e6351ce7b91a645370135904baa9a0c4dbb70c31b7cf0de495cb01dbdce183008fd582d6cd638bce447c3eaf99810d

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\DataStorage.dll

Filesize
25KB

MD5
75895b347003574f6b33aa01378be66b

SHA1
c8882c26a78c320d73af4a8dd746a9a288b43b6d

SHA256
b6e260abef05efe46a752c09d9b68baa54597e7077933a7cd78019003de6fb3b

SHA512
5313ddcc2fff20443af6155fe6d74aed6e90d0932b31607ec8e5aefaed4494e78347bdc37ba6ea6f0cc6cecebdb7952889ce7901678ff29e00724dfab6022d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\EditionBase.dll

Filesize
15KB

MD5
4869273e2a9b5841893d6e4c13885e51

SHA1
20a9b7c929004c902556fcdcd87680979001e213

SHA256
2996749d2ed58a72a8bbe476ff2450dbc6961a2f8027d1eca77ca952f9c14059

SHA512
90d413fde31694b5f77a5446a15af16247b9ab53949d149b1b4ee4fc71d1ee44e870c4793bb97cfc952c878cb8f2f0978dda9dc800dde211ff4b715fb999dd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\GUI.dll

Filesize
3.3MB

MD5
c4e2cd6dabc3a669ceb44029e9b6625d

SHA1
a394ff4314c88d4fb6876803d995155fef7baf6f

SHA256
61c16fe3b1937f82036f34e6fd96cbb696162c2ec2ea49ea0c9f6eb26501833a

SHA512
e62f8cead6d30f0efc25976f7a1477048938b3ee4ce77d616ede0fdee9d7a3b13f1b03f945d9fe9d73c5696e23529571d7f00aa08cb0f2937b7a3f56519e46fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\LicenseValidator.Interface.dll

Filesize
12KB

MD5
d6290511758549158fdd5d81801a8966

SHA1
fe9d1a23f9459a9fd16532965a4b002143b0fab7

SHA256
6da2f75fc80eef9b12c5712f6aadc4242afa5c37c0531b96253029731a563933

SHA512
51d91751fb5aa6a6d86ec2d904309b0ec8c6c9e924a78a9d1e5c23a657ec1fd6dfddbe7ec426101de7a7f9905c60cc6a240aaa82f328585062a7805506f3d45f

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\MahApps.Metro.SimpleChildWindow.dll

Filesize
39KB

MD5
43deff1be0fe06dc684a1b1ed5738b57

SHA1
a56380952baf99d267ca83c950fa21b8e663c22d

SHA256
460123294bfccbea3104a81ebecc881516d024e0ce47e41842f91f436c5662e3

SHA512
735ab29cb5baf17394539604d94e8aefab0b211997ba3c443234db1288246ce1c3f8f7f2fed7ba911d3df00e1641b858720d0e11ed13db5c53577e2d5cf9f661

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\MahApps.Metro.dll

Filesize
1.1MB

MD5
a1b84e1d85ef46e744e0a492c73cefa1

SHA1
492240e4796d1f7b62f16b90c530bb2bb1feb3bf

SHA256
f1a8d821a17d9a38c878b6239f1c142f04495607ad17457022ef58796c127d51

SHA512
813a63572fd0682ba57da714402de7ff8f250c535a0238711e6ceaeee7bb482360e1cfd2a4bfe40d59756ff12598ca3750df9cb34dd756e29e4e197aea7f1b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Microsoft.Win32.Registry.dll

Filesize
22KB

MD5
da40f3db8b34571684c0cb5bcecd2a79

SHA1
1c27a41fd84d6bfe99dabae2e59fcf12fccf6213

SHA256
619737e2af8fb713085726631dd2e522fe130cac1d388a59c38907a47d7aadea

SHA512
e656d72e111eaca7c8e9b7d4106030c1104286395046c2de58a04edd590cb2714dcf3aeca2b93f843b4663f1d1e630cc19f1e4eae2fa62f0d382fa18cc8a5981

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Microsoft.Xaml.Behaviors.dll

Filesize
141KB

MD5
6b93b0f937d04d39172f9cd61fe58fd5

SHA1
54fb26f8b4f11d01573fd1c6a1b532af2b37d687

SHA256
ff75938fedee596706171916db763ac100bc7164a7346dd739ad61660e068b5a

SHA512
d3b7bbb09842984147b8dc849ef7467c3927cd8730ccfcc310d6d46bf3070e826d7a1cffc43a2ccc33d5d8521ea07d2c19d766b127fafc71edcf288db187df1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\NGettext.dll

Filesize
39KB

MD5
f949444a5b853098d15a1430904312ac

SHA1
10640d584178057f3f49615c6beef8e27f0ce37e

SHA256
5f95595245162345d917d33b835d06bca32b17804f5fc2e54541b81ba2d56e4a

SHA512
d4d5554e0efc5fc38354e4ad3a05520d789f75f9686a8804c8edbe8aebe7a075a867e81757b127a4a8a7f0fecef387856707f60eb4fd332baa62a96907d723e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\NLog.dll

Filesize
938KB

MD5
b537aa899eafd7da5f7004ce67b32a3f

SHA1
f771d740b832ccb378129371d00b397f07388682

SHA256
762a2a6ab229f58fbc549f4dc48bfe4bc2d7167952ac688df10d575ad1b13283

SHA512
56458477e9923d114404fac1049cabc1a2c6a80399e5b47dc690869bdb871c274187f746024c108896f5c4cb59b5e8aa40abd3920deac2895efb0741a3c033bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Obsidian.dll

Filesize
37KB

MD5
8386fb3cca7993a1f75e57686548ffb7

SHA1
1ad7a5c6f86cfcc51cea2f4300f9d7316d7815be

SHA256
99479d9845345e0ebf5d00cbaf7fee663df662a86278e78e458c7481bf144e98

SHA512
8b1bcee91b29845b9dd3b896f4fb2dea7396cb85d9fa348a6669b66ffb9b55bebbff9584d4e2682ac58b1a785ce3a8afd87bab938b1c03ae3460ec5168b01d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Optional.dll

Filesize
26KB

MD5
861a42ddb1203769193f2ba887fe1afb

SHA1
bd690e1e84085015819cf91918dc61da22a8de11

SHA256
4a57cb0faab044ff0219d58bb60a121e303fde61ad8e4521ab3bc79ed2f81423

SHA512
69c19817b7796c740c9a41b88beafa0b8a7d63917e5be2d08fb6bd94d364b756c60f644ca5c4e488a10393b139b98dadd4329cb5ad6283b6d1e9fb8cdfdeaf39

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\PDFCreatorSetup.exe

Filesize
58KB

MD5
44b2f3b278b1e7f2373c4ed29fc52788

SHA1
dec39a6cf4967c9f43ba4b338531dbf185fd9df3

SHA256
06606e56b36a012be43794dc56860f1a9aba6c4846d2694a88c8d1f93bcf29eb

SHA512
5564375e3dad75b524f034c7b0abc02b1341651dfcca6a59b853966c46c1f62c642c08fded1c5aca2320fe7568902f22c943cf1b51bfefd74e6567ced53a4c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\PDFCreatorSetup.exe.config

Filesize
2KB

MD5
ab73d2be0c53da6e1bf23b5f533b7d4d

SHA1
728f2dbfc7ca03af17b2b911f25a71f5c85dd698

SHA256
ad3bffc2122f909da3a0e267115605910f1908e6bd06ce078f1f853f12866b28

SHA512
310949970b3a0e2b982f095e777221eb244ac7c5ecd0ec462a9cee0c9961c1555c751a8b204bd12bc84e786ca5395fe52c0d912a984823f01265a73286459219

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\ProjectConstants.dll

Filesize
12KB

MD5
de09473f98228d2d3b3c1542c4479681

SHA1
4b8eb15034e29f305a0a754461f40e45b7ca6a35

SHA256
7fa6063e52708f40174ba4d03e1e0b3cde8a53cdfec8dfa27481d1aa9c0ee3b6

SHA512
373cad83d5ed5096cc1d0de79cbf7f6e6c53313331082a2226efed32a7b6f17a5503bc7038287d1f24329cf231baad58d27f7114871663c06806c6b8bfd9d822

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Shared.dll

Filesize
109KB

MD5
8cf46d14e1fe62891f7187a235436021

SHA1
fc67a51464aa13cbcc0b95feceb8dc90afdeafa5

SHA256
cf8aa18edbddb2ed8763ab35967a1410f25b58328ecb601f4c4ffaafd684824e

SHA512
f63a53f954c82b093bfb03cf30e69d059c148d0214db9a4d381df7aa75b5ccb0e2f0d99857c124037ea1fb004f22445fe317c0cb6f49e4f6e458c2ac12f5953e

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\SimpleInjector.dll

Filesize
418KB

MD5
ca7496309aff08cf95f8800e6eb9278b

SHA1
46751d36818c9a167a9f7bdd2fc5d89a71f47df4

SHA256
0db464d355eeaea5877ac45eb34970cc1dc7967c915e148424cbd02288fa7493

SHA512
1b9cb11cb26bee15ba5a47992d93f81f818a0f8ad9182fdb79a8e3c90042495344b89b0a55e9e4945af3a20c1135711354cf8714fb3854920b01ca6e1919c3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\System.Security.AccessControl.dll

Filesize
30KB

MD5
2d3e0b4ddf8628b41057b2aceef296eb

SHA1
8a3b1bd9df5d052c24de2304a2928fad86927f6d

SHA256
aced52254a8c3cb6ad30f99f8b745296926c49373cab00824c2c4c10ad325b10

SHA512
faac4233c45a773c4470071b0b2a75ee81eefa45f88b76fea305443514ff9c8429af3d394884933712d1fb7a7a03701f3d9df0f1de345078ddfeeeb5b4dc094b

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\System.Windows.Interactivity.dll

Filesize
54KB

MD5
580244bc805220253a87196913eb3e5e

SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397

SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\SystemInterface.dll

Filesize
38KB

MD5
cc809a2fda737badd3b9d0577d473e8e

SHA1
262e5b82701cb1f29915ec75761e46f4278dc6bc

SHA256
cb2f3c682b195cf793ca92098138adf89b381db7faa55cea1293fd855eb278b9

SHA512
282cab5c851e880c3dbb018941ebf9e8319d68af597da9f8d89f92b0fedfedd15cb7f10a6edfd7eef526296f35933ab0ab299a930ae8237dfa8a439e75f55460

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\SystemWrapper.dll

Filesize
63KB

MD5
1b80b4b170144136ee859887e0013ac2

SHA1
214abb16a15fccbe6fa8cce32df25fd53b433920

SHA256
bae697961ca2d00669123d5c725c7fa57d948b91247b143f690570936cfa9d14

SHA512
c2ca33b77985d710c2e76b795a422dca394005470b190adcca075ee2fcc596d4aa0c942e3e747ac6f0b2c6ad51eeebc0dc1fa9fa084a21e800dbd689a50d5818

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Translatable.NGettext.dll

Filesize
6KB

MD5
2d07f8fec9bb42d6e5c7f9e7ed9045ba

SHA1
d5de53e170701437ea750e374a7ba8196a217001

SHA256
27c9f9ab52fdbf1ad74db5523b569f676621c6b87a3e1eb785febf17f9c70f51

SHA512
6c6653ff5f7512c2ad7c1a1cb3f62c6da67f7f07a64786c05cac6fa3293f062fa2481f4ff3de853c1787ef1017779be36f933a026ee6bc38e19422c036571b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\Translatable.dll

Filesize
26KB

MD5
19286beecba33c5a58360d6193cdda71

SHA1
70effead44bb30a4df884fad9f91fffc23eef2a9

SHA256
b3705e456ffa1426a46862de8d24699a2325eab34c6b0fa4909c3482c144be89

SHA512
67323e03da57ab4361bc6b9796d97c7285bd2e44fa0297b2459031ef63956533abc1c58899fe417914a69a764700e0cf4d36bed8f29e9780fa2eff3928573e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\UsageStatistics.dll

Filesize
12KB

MD5
687c731b8f3b0dde161ffa870455cbdb

SHA1
4d07caca5ee0c0587d3176846106aabf413d7289

SHA256
0dc20e3017b483219260c6cc8ddd2f3ec9e07ec7a354b638b52386b79c343699

SHA512
a15855524cc51cb1764071f48aa6076ab02ad25c20d9c708e9ea7c9a9a799031f8e64c1332359e979059d99439de6d64c578f8d473fed969f1e85cdcd3bd79e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\WixSharp.Msi.dll

Filesize
31KB

MD5
17753e601e8a4e0d749b9adf0283f4c2

SHA1
d50ecdfe60ed75c23c7793d0417f1f666b321073

SHA256
d3026c5de6ebbf7fbaa1202501264f17a664ec9e2eec9a01e84cd1180900fd11

SHA512
663a4f6d472a83422017e673b9d91de996b840ae4fc23c0aac2afd453544d4d1a24b9f12a217a331d49d27f4d5fa0c64fcff50a7919e06a449ec25da4680d6f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\WixSharp.dll

Filesize
442KB

MD5
cc360fd9a134cab2a25d21cab462a73f

SHA1
204a1f5691960ea19eb8de03745a2d1f2f07582c

SHA256
bce0be6afe199dc7430fdb5f8c96cf42ce24f570747e65432e4261689ffe8e98

SHA512
df95c311adae6e72612c77d69a0de0d36460f94a9499bd1d58945eb3fd62ac247f0cb5b4fb2a87565b4a0f8c513970e06815cda4cd17fff98736613a3bcbd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\WixSharpHelpers.dll

Filesize
24KB

MD5
0e1877037e6ab67dc44e254547fee482

SHA1
5b34dda3f3946d63df9b820631541996bbd7d7a8

SHA256
0d685ba325e44dd5263ef5ee25e1788c452cd085de9f41332f401571fe602174

SHA512
f715b48c1b61e973c778fee4978ab0427c848932e1849400e4f26fc22bc3120bf0dfe48bc7868feb27e53f2e1bd61cf49ed765d2b0bccde1caff4861bfbee4a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\koukegsk.gyg\pdfcreator-languages.txt

Filesize
167B

MD5
5902c86ca1226f1379903fba98f4f153

SHA1
e809823201783c244c5c98878fcbd62455833541

SHA256
073f89e7414aa19d0a2a5ec2553ffdb85df69a3f21a69cb0e113dff198d54c71

SHA512
656e0a5f26ba9b2de218d2568159c62dc45aaa5c608f187879380a0e45c85ac9f6102d03c810874fd85edb49c583c4c5c9af25e152c599d88a76d516972ecb68

Download Submit
memory/396-43-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/396-24-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1180-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1180-86-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1180-31-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1180-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/1248-87-0x000000001B160000-0x000000001B230000-memory.dmp

Filesize
832KB

Download
memory/1248-80-0x0000000000540000-0x0000000000644000-memory.dmp

Filesize
1.0MB

Download
memory/2696-84-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2696-6-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2696-32-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2696-50-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2696-49-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2696-66-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3464-15-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3464-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3464-46-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3968-291-0x0000014C7EF80000-0x0000014C7EF90000-memory.dmp

Filesize
64KB

Download
memory/3968-333-0x0000014C7F1D0000-0x0000014C7F244000-memory.dmp

Filesize
464KB

Download
memory/3968-314-0x0000014C7F930000-0x0000014C7FA20000-memory.dmp

Filesize
960KB

Download
memory/3968-287-0x0000014C7FC90000-0x0000014C7FFE8000-memory.dmp

Filesize
3.3MB

Download
memory/3968-289-0x0000014C7EF70000-0x0000014C7EF80000-memory.dmp

Filesize
64KB

Download
memory/3968-285-0x0000014C7EF60000-0x0000014C7EF68000-memory.dmp

Filesize
32KB

Download
memory/3968-283-0x0000014C7EFD0000-0x0000014C7F03E000-memory.dmp

Filesize
440KB

Download
memory/3968-281-0x0000014C7EF50000-0x0000014C7EF5A000-memory.dmp

Filesize
40KB

Download
memory/3968-320-0x0000014C7F120000-0x0000014C7F12C000-memory.dmp

Filesize
48KB

Download
memory/3968-279-0x0000014C7E6E0000-0x0000014C7E6F0000-memory.dmp

Filesize
64KB

Download
memory/3968-312-0x0000014C7F0D0000-0x0000014C7F0DE000-memory.dmp

Filesize
56KB

Download
memory/3968-326-0x0000014C7FA20000-0x0000014C7FB3E000-memory.dmp

Filesize
1.1MB

Download
memory/3968-293-0x0000014C7F040000-0x0000014C7F062000-memory.dmp

Filesize
136KB

Download
memory/3968-328-0x0000014C7F130000-0x0000014C7F13A000-memory.dmp

Filesize
40KB

Download
memory/3968-310-0x0000014C7F0C0000-0x0000014C7F0CA000-memory.dmp

Filesize
40KB

Download
memory/3968-330-0x0000014C7F140000-0x0000014C7F14C000-memory.dmp

Filesize
48KB

Download
memory/3968-295-0x0000014C7EF90000-0x0000014C7EF9E000-memory.dmp

Filesize
56KB

Download
memory/3968-303-0x0000014C7EFC0000-0x0000014C7EFCC000-memory.dmp

Filesize
48KB

Download
memory/3968-297-0x0000014C7EFA0000-0x0000014C7EFAE000-memory.dmp

Filesize
56KB

Download
memory/3968-335-0x0000014C7F150000-0x0000014C7F15A000-memory.dmp

Filesize
40KB

Download
memory/3968-337-0x0000014C7F190000-0x0000014C7F1B8000-memory.dmp

Filesize
160KB

Download
memory/3968-308-0x0000014C7F100000-0x0000014C7F116000-memory.dmp

Filesize
88KB

Download
memory/3968-306-0x0000014C7F0E0000-0x0000014C7F0FA000-memory.dmp

Filesize
104KB

Download
memory/3968-339-0x0000014C7FFF0000-0x0000014C800A0000-memory.dmp

Filesize
704KB

Download
memory/3968-299-0x0000014C7F070000-0x0000014C7F084000-memory.dmp

Filesize
80KB

Download
memory/3968-341-0x0000014C7F160000-0x0000014C7F170000-memory.dmp

Filesize
64KB

Download
memory/3968-342-0x0000014C7F170000-0x0000014C7F178000-memory.dmp

Filesize
32KB

Download
memory/3968-343-0x0000014C7FB80000-0x0000014C7FBB8000-memory.dmp

Filesize
224KB

Download
memory/3968-344-0x0000014C7F180000-0x0000014C7F18E000-memory.dmp

Filesize
56KB

Download
memory/3968-305-0x0000014C7F0B0000-0x0000014C7F0C0000-memory.dmp

Filesize
64KB

Download
memory/3968-348-0x0000014C7F250000-0x0000014C7F258000-memory.dmp

Filesize
32KB

Download
memory/3968-301-0x0000014C7EFB0000-0x0000014C7EFBA000-memory.dmp

Filesize
40KB

Download
memory/3968-346-0x0000014C7F1C0000-0x0000014C7F1D0000-memory.dmp

Filesize
64KB

Download
memory/3968-349-0x0000014C7FBC0000-0x0000014C7FBE2000-memory.dmp

Filesize
136KB

Download