378692b1ff5651fc2566709310c1c144a0641c62eb2dc913e4b1145cb8f74184

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Size

95KB
MD5

2991176639468ead9fac846e32d151f0
SHA1

834ea181aa78a56a4416d3dcdf0180b76a0346a9
SHA256

378692b1ff5651fc2566709310c1c144a0641c62eb2dc913e4b1145cb8f74184
SHA512

443fc4ea5d78c39a5e73d5acc808e9feb53d3525b38c6a0467116af1c7a3936c8a50ee0615a4d91300dfb8ed2f00fded840e23abdfcfde03bdb2e4f7b25aee21
SSDEEP

1536:EpgpHzb9dZVX9fHMvG0D3XJ0Vf2gUBglcADKd56zAmxFGlbJUcFJVKMYQxFD:ygXdZt9P6D3XJmOgkjADKd5H+FkFJnY0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2672	installstat.exe

Loads dropped DLL 4 IoCs

pid	Process
2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
2672	installstat.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EditPlus\kk21.icw	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426487888"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007022ade8265690429af26814f45a01580000000002000000000010660000000100002000000063bd123a63b9b8571a2f5c1b6979d551e09efcc5b8fde3f82d7409eecb0de21a000000000e800000000200002000000030d012eba0bcb4d4f378df6125c4a12e061067795d5d9ddbc5f2a456f9d5d6ce2000000009ad7c8bcc431c2d2532e65be8a9c111a8903ea465014b42b7ae0a6ac80164e840000000aa3ccb11c28de8bd4e64be5c366e27e117016a52c6dd7b6d7ae0669fcd15a6965258870b8de9f160510b0cbc312522fe8860ab17f95b2ec17b1a511b53d6c336	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007022ade8265690429af26814f45a015800000000020000000000106600000001000020000000f24c808cc0e0f2c3f134c40105fc76cf32fd32d4d77a7464660c9fe41b3638a9000000000e8000000002000020000000260ba21425fd9d9a80d7bc3117ad96930cd025cdf69d7f4f0f265d652ab2716290000000212ec53f4b80e1296a41fdddd28b3b6ae871d5e239e6106106be59ba65389f3f8dfa8f25bc2a40743f93febd2c3b9d88193b201499b25a486ad649b86fd9e482c94b8395cc011d6c2fe836160c11a44f78074098996024fe828c9e9b487da9bc52d87b67aea1392164c615ceb835b41237cade68038e8a311cd416ce5b17feb40a697710b1963be7b1a0d7e1d8fdffc0400000003aa7be2df0525ae0809e6643ac45877831ff18e605177a60a0118ac45b08fa781e7549595c165f26afc0166a1ed0683cbf8b4d4b8b88b7654819920acb3788b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39177901-3C18-11EF-8A04-E6AC171B5DA5} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ee831025d0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command\ = "%SystemRoot%\\SysWow64\\WScript.exe \"%1\" %*"	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw\ = "icwfile"	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine\ = "VBScript"	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\ = "´ò¿ª(&O)"	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
Token: SeBackupPrivilege	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2364 wrote to memory of 2984	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	28
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2984 wrote to memory of 2604	2984	cscript.exe	30
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 2364 wrote to memory of 2672	2364	2991176639468ead9fac846e32d151f0_JaffaCakes118.exe	31
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33
PID 3024 wrote to memory of 2800	3024	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\2991176639468ead9fac846e32d151f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2991176639468ead9fac846e32d151f0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk21.icw"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Windows\SysWow64\WScript.exe
    "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk21.icw"
    3⤵
    PID:2604
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2672

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EditPlus\kk21.icw

Filesize
132B

MD5
e058cfbecae7b18539fe0e001ac9155d

SHA1
58eae38055c4da25db4092d2dd921257c3c15ad2

SHA256
80551877522e3e1ed29a0ee2085700676a2a1f037fd183b27cc36e265f3b5d11

SHA512
01193f0e457b993557a0d3ecf96fa2d35a16d748001f7476f118d4ccae392b547696806908ca955d62e48cb85dc4b0c018120431abbc96a0d78d97afd9835be4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97700ed0b449d4ca4949b3d55b7c4360

SHA1
f5023c5e0804669dce0b5c229b0ae184c2251477

SHA256
223547c22d28b0e8fd7db3c9321ada3f49dcb6c97ff819ed14dcc94513c08877

SHA512
fb583c6b7f91afd17510ef5475d975e04ee2c2cf807099813da4ac39edc0f2369e63f8430b5361acda5b6106c318cc8640395dda0086cd2446443308e96bf967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7790c85ff6a9a906dc6774db07a8394c

SHA1
8ec17ef2625f8cb65a4915fe4bbf09f395d7b098

SHA256
c1e091ca814b1fa8608746394048f76dff820ec7cf1d4bc38a74ba7a4c62d2df

SHA512
4e96e7851dcb3e420b54961c17d65490ecc50c4e1505dc4d0ad09970a0b2aff104325a8fae756b21aa0a27ac02703efea8f5d0cd33e4d8eb02985842e3352c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d68fa0c2d4f37ca7beb2fe1550314d6

SHA1
a524f02320343e4def01c8878822b99ac330b8ea

SHA256
90b05ebe120ad4b5ce00e012e33cf3bedc3357f6dca0f5b75590572da08777a5

SHA512
4198421c8af575ac881d02172464dfc1768dc45cbd2f448bd1165043a79340ea7a61be3268076571596478dec19c1f3b867e741a6648aaded2f40caf4d05e6bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
909c3c3708de5485ae8d84ed8bf65ddb

SHA1
1e490c82da31b0361e172b56313cfb1601475b0d

SHA256
b14840c796cd609d9dd0c480694e5e8b11c67def675053c6b9bd9729dfd6f41e

SHA512
4859c22d69cedb5e379ca38143d111c6b8488ca18b25c097732378312df042804c7f1249136fa904edcde650f1ebc0002dfdee97208cda9c716547b1a492f823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
526223be27453166229f91a26f77b924

SHA1
481d6480f2ad41d852a6ffa6c9ab2ca1e59a422a

SHA256
c66940d9432eb67d84d02998b1b7935e90eab059d7ff53119af6dff236f5f218

SHA512
a61c216d611bad799480df70ce3ddb0cbcd46120e46e9dffd39f7fb2aaac851565a897d7bfe696c030b1ee7e10975dd0fa6014d495ca4f7a7d92509efeaf84af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36f0975e37842cc92f237d21f695ea16

SHA1
11698c05d3908bf827c3396c531098e740bd7c42

SHA256
cfce12deeb6b64154d9dc988a4b34a9bc3d035290dcf9a383e14281539c83a4c

SHA512
5b31244b7ac097cf179912ebb37b99b7f7063eeb21d0c8ba24aa71016807309dcaa061f53388daadd14392ba0a2df513b66c4c5cd92cf43a563e5323892a808b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1eb8720653a34765b6644fab9f65002c

SHA1
ca6d3fe9878377595c9fd290849fde45d8806112

SHA256
f1ce7a7b5e1e7b9816f2392ebf2cc507d89305940bb30775147100ec23878c10

SHA512
d3d305689078102de3a9654cabefafb81f3c350d492e89200f55f00fde336c9981c650f0d2b47c9fe8b23042b4e157ece1accb722ab2e47d46b511e9060e3fe7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cea2e321984477127f678c6eb427c31

SHA1
1ac9a508d3db536eeebad39383d7008ba33b5b9b

SHA256
33b3a3348ab7a517176ae1f2b1d4922ab445ced2afa7e472bf584d0c205479c8

SHA512
f727c81abcd7dd376ba5b2f87127e0218d45ba411dffa386339e8055ee22f96036a9d0f15931343ef8f43c9ea524908a8a553e9b44c21a6284853c6f69422ca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d696d1c53914ea082ad28f3172119a6e

SHA1
0d33c50064e5942b7f67138a7f812d5a47a61017

SHA256
dcc4ca3e77d517e4223d3a9ddff37d316fdfabdf3a1bbda8aa0c1bab1c28303a

SHA512
7a403e3af8fd3be5c37b8114a9d172eef0437dea8f888f89cd11e97ef8d2aed0d349e900e1eafaeb9a9a6fc3690ce00e8b02440e0b52a05c87edb6a4c06cd419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d17a718941458eff617de4f1287c1d8

SHA1
18c11a1292b7dda1d457a2a815d8627997b2c9b6

SHA256
ee0a38df8a6c2550f0195538098147273940e240aee47f655f5d9e6aff191414

SHA512
ff03e6fb93979ca108908c082f9b838bebbfe76a7bfb97107c01179a721db31f28394c8ef340e182484b940eff4650b4650e67ebe6498476da198a5a3417e404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5bb791f426b9f056f177b07ffd40093

SHA1
5c5d422bde486381067a1df16122ac72d1bedf05

SHA256
c86937d20fef2b96138fe9ca7892920fa7c8e523a4f7c907500717c82c3cf6ff

SHA512
19dfb6e2b7f9acb4eecacdc5dd22b817977b4c90616e7c58592b9de7f617e7f0a290e308533248fd26498b0c558aeff56bf39ec0a84abe73f6398e22e79eb189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3413d3e13f52e68feeb3280434bd09b

SHA1
3570a4b51006dd12153475fd0211ceda076d1c40

SHA256
03dd72c37005ae1cd8c361f9baeb0ce8dd0840e4f8eed5a02b1aebf06c2bb293

SHA512
92aea5ec81a4f1df67b0cef4388421bda9de40a068ba2aea9204936f48d4d55078098b8b90e3aca2a8a97e82452ba8dcb40f74b128699c60b5a4a55099f24b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4452f240269275d96191ae25df536f7

SHA1
b2f3402b739052020f16d7195a13c5ad514280ca

SHA256
1138e69d5988c6a4e9cf3f394b844dca64137a05a87519ab228d09e77bd4c2a5

SHA512
2dea251bf8d3151c6e2cc26199504e38d5b7aa011b0a702a6ff35a19e0a643af4d9374d19ab058540c2571d56df35182bf86d7423431e2a0eefff213c921fe92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f040d189fb0acb32a7a60639bf8c78b5

SHA1
c645dfaf63b1235760cee0d2ce36336c2947dd15

SHA256
3ec45c42abf15c85590a6f913a823f6f3449ef6eed0a3f7d4bc1c1a72a2eddcf

SHA512
fdb24ec236763bd7fea6fa1578377c8dc6d00144d793a7dd6b648f12e6a1024732fed05ce798930854a6845213948e856d771afc5502943c1208aa072aa9c9d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd96e358f41791dec9b58f5cc37ea303

SHA1
36c03657f0117791062e4cc421f9cd431722472a

SHA256
0623097dbb6f9782fd77af042d73cffa2d67f6bb6db44ee7f58a8a8e16f18d0c

SHA512
ce42fb79d2c6d1857a1988f26151537dab4d44e606da5246faf6661cbdbe95b41df5a9778a04fd5b4ec41102128944c0312379fdf80169f2cb21b591290d1ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
131802028efccb458080c6f223529938

SHA1
abadb9b64f82adec6b4a857cedc2085bdaf245df

SHA256
7b4df52761255963121404b092878fada9e14a1575a19a65beb85e37a1a83429

SHA512
6d8bf1cc2b05a08d126a5c696a9bb4c7c7c80998ed865641cb05a809076f346594a1f4dd77b459668ca1e82a50011c76c4202020dfb56274c27310a86b4a601b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee165425f96bec36ec3f14a8a6c5500f

SHA1
4e6a3a290b228037182b7f0532a71e10ce60b67a

SHA256
67b7c2c5cde118569d520012f6bd8f5df904b181b2d1f1a5f1cab5376d92475c

SHA512
40b51edd20379803760edca93868a4f6827bf1754ba63e85629a3228ee09f13ed1648e5eb8c775123b6077e9e348fc99a7f7d71fff8ba0e7aaaf45ea77d78b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c2dbb626bed214569c7795859214be3

SHA1
1d05c2b5a80ca2444bff08939bd882422a7ab136

SHA256
6cde152d0aea04e670791dcbfb7bd8c83e1e54789c791bbea65f4a80049f22dd

SHA512
607a7a3b58418551768ace6915e225cdb7663f8aa4885691ef24c9043c6fd765b4cc6fd44345ba4898a73c67b383117602c6824532c4d68b11af7adf7e6475c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e9f854233143e8c8794b7ea1b1c4295

SHA1
473c1140c140941de79f59dbd39b618b5aa8b3b9

SHA256
6df39123695afa97cf93896e7c4d3fbdb478fb6c28a3aebfd7d94f6da4166e5e

SHA512
b0b0e6a47fb72a357e53de7bdbd0729a2bdfc518f14766453b6338fd7d4a2c445de042f8c66045cc14a8b5cc2465cd73afe2241d6df57631562733178b9691a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77b3b39016c159844c50c41a277d38b8

SHA1
d83c2ba568324898335458f17d371af30784d8a0

SHA256
3b080b48d74cfebe08fc049ccdf8b162977d79f2acb2645993ef22e31491b71e

SHA512
4f474f0d7f859cab790e109440f76b2335111eb6998262b4d6e7a01ca917c810303e3b36306f39fb346e6fa2492c5d68e0e477c34715f23c10193b1a60f0d156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba989dd62a3b662985b451746f59ee4c

SHA1
26dbf70347abf399997f6df8bdc2a92a49a185f1

SHA256
042a74daa5ed84b64bbef66ef061464a6865e1e78d3aad8264c0f406571116fa

SHA512
459c04ad2d5ba823421a23533a986842179f403230d246ec2dddc861a203d1a75f88792a7b59faa6ca65fef9278063ae22cdd255ddaf36b42d2ac499092f77bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3546.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3628.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk21.icw

Filesize
743B

MD5
23486c3d0f3b4df8c25bff36558758eb

SHA1
4b9e4ff7bc3ac91daed370a3c0d4817c39658196

SHA256
2861ffd0f57640fd31847f7e412c564cfc30b14e321893a5e6405965702a2221

SHA512
479513c3dc03d7a38af5997e97b19c4a56026498a94f0fadccda41a3bd26711b1a59550da4edad0f6f023a1a5a1ed921fb60187221722de66baaa6b095cf508b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll

Filesize
80KB

MD5
67cf306d9bdb258d3cc5b3244cb54550

SHA1
8146becfa2fceb897216720e8fa59960b69ebae3

SHA256
a8526ac60d3c0d33c503c3d262752182864d1dbbd376ecc0ea60987dae869fa5

SHA512
74b1dcc812a2cd291a9429228929d2dba26a053315add45415da579c3ae7e7566a943930de42e81ff5d2a4c36de930cf9c5cb26ea92576c504a0621de633acfd

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB38.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB38.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe

Filesize
44KB

MD5
7c30927884213f4fe91bbe90b591b762

SHA1
65693828963f6b6a5cbea4c9e595e06f85490f6f

SHA256
9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

SHA512
8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

Download Submit