743c517e964c7361f98a0a350f5fd39532aef3a3ca4b9eb15dcec035c67df815

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

377ca1364687a057eac7da48e7031130_JaffaCakes118.exe
Size

1.3MB
MD5

377ca1364687a057eac7da48e7031130
SHA1

1a1eb4b91142eea8aedc289936b79e3c206e6342
SHA256

743c517e964c7361f98a0a350f5fd39532aef3a3ca4b9eb15dcec035c67df815
SHA512

d3fc32a9b6d7a4a90e398ef9eb438fce94f758dc01557c36726917288c59ef81fc334ad6afcc818c2a1057cee128c990568f27de093efb8bf19e3c2965d27b22
SSDEEP

24576:4kRKXwKlvFNuC8/xt8U5vc1lvu3DqK2v28kukCSAyfy5MXqS+bOU9joZ1hgSCULE:bRwn7y/xtH5vc12kv50C3j7S+bpjoZ1y

Score

7^/10

adware discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
792	T8SETUP.EXE
2212	12srchmn.exe
2052	12barsvc.exe
2176	12barsvc.exe
2640	12brmon.exe
2608	12barsvc.exe
2032	12HighIn.exe

Loads dropped DLL 50 IoCs

pid	Process
2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
2212	12srchmn.exe
2212	12srchmn.exe
792	T8SETUP.EXE
2052	12barsvc.exe
2052	12barsvc.exe
792	T8SETUP.EXE
792	T8SETUP.EXE
2176	12barsvc.exe
2176	12barsvc.exe
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
2640	12brmon.exe
2640	12brmon.exe
792	T8SETUP.EXE
2640	12brmon.exe
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
2032	12HighIn.exe
2032	12HighIn.exe
2032	12HighIn.exe
792	T8SETUP.EXE
792	T8SETUP.EXE
2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\My Scrap Nook Search Scope Monitor = "\"C:\\PROGRA~2\\MYSCRA~1\\bar\\1.bin\\12srchmn.exe\" /m=2 /w /h"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MyScrapNook_12 Browser Plugin Loader = "C:\\PROGRA~2\\MYSCRA~1\\bar\\1.bin\\12brmon.exe"	T8SETUP.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085}\	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}	T8SETUP.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073}\	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085}	T8SETUP.EXE

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\Message\COMMON.T8S	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\Settings\s_pid.dat	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\CHROME.MANIFEST	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe	T8SETUP.EXE
File opened for modification	C:\Program Files\Internet Explorer\ieuser.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\LOGO.BMP	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12html.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\IE9Mesg\COMMON.T8S	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\IE9Mesg\COMMON.T8S	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll	T8SETUP.EXE
File opened for modification	C:\Program Files\Internet Explorer\msimg32.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\CHROME.MANIFEST	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\LOGO.BMP	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8RES.DLL	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll	T8SETUP.EXE
File created	C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll	T8SETUP.EXE
File opened for modification	C:\Program Files (x86)\MyScrapNook_12\bar\Message\COMMON.T8S	T8SETUP.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5adb534-31be-491b-81d1-a6bafb832d96}\AppName = "12medint.exe"	T8SETUP.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5adb534-31be-491b-81d1-a6bafb832d96}\Policy = "3"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e70eae41-bb5a-440e-bf6e-be2a280fd49c}\AppPath = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}	T8SETUP.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ea07715-76b5-4572-85d4-592263f48907}\Policy = "3"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar	T8SETUP.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\UrlSearchHooks	T8SETUP.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{b3b5c47e-61f7-4d81-af06-461fc86686ce}	T8SETUP.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e70eae41-bb5a-440e-bf6e-be2a280fd49c}\Policy = "3"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb2e53cf-c096-40b0-a485-03134f164470}\AppName = "12SkPlay.exe"	T8SETUP.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb2e53cf-c096-40b0-a485-03134f164470}\Policy = "3"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ea07715-76b5-4572-85d4-592263f48907}\AppName = "12impipe.exe"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}	T8SETUP.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ffa983a-c1a2-4974-b796-ff4dfecfddd1}\Policy = "3"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb2e53cf-c096-40b0-a485-03134f164470}\AppPath = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ea07715-76b5-4572-85d4-592263f48907}\AppPath = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ffa983a-c1a2-4974-b796-ff4dfecfddd1}\AppPath = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ffa983a-c1a2-4974-b796-ff4dfecfddd1}\AppName = "12SrchMn.exe"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ea07715-76b5-4572-85d4-592263f48907}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ffa983a-c1a2-4974-b796-ff4dfecfddd1}	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e70eae41-bb5a-440e-bf6e-be2a280fd49c}\AppName = "12SlSrch.exe"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5adb534-31be-491b-81d1-a6bafb832d96}\AppPath = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e70eae41-bb5a-440e-bf6e-be2a280fd49c}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5adb534-31be-491b-81d1-a6bafb832d96}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb2e53cf-c096-40b0-a485-03134f164470}	T8SETUP.EXE

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run	T8SETUP.EXE
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run	T8SETUP.EXE
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run	T8SETUP.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935}	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9664E31F-B2BC-4DE2-87C7-43694E33ECC4}\1.0\0\win32\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin\\t8res.dll\\625"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E64A3E85-DA78-4178-91A8-E9FAA308375B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2ADDCC11-40AD-4244-AFC6-90FEEB3BB2E9}\1.0\HELPDIR	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}\ProxyStubClsid32	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c}\ProgID\ = "MyScrapNook_12.ThirdPartyInstaller.1"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960}\ = "_IDataCtrlEvents"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99}\Version\ = "1.0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.ThirdPartyInstaller\ = "My Scrap Nook Third Party Installer"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A9994E4-A107-4C07-ABE2-832242BF8486}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}\InprocServer32\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin\\12skin.dll"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}\ProgID	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.RadioSettings\CurVer\ = "MyScrapNook_12.RadioSettings.1"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085}\InprocServer32\ = "C:\\PROGRA~2\\MYSCRA~1\\bar\\1.bin\\12bar.dll"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{661A3047-196C-40BE-B957-98532655A787}	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279}\ProgID\ = "MyScrapNook_12.MultipleButton.1"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704}\ProxyStubClsid32	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C13F1DBD-F8F6-496F-957A-2FDF9594BF4F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1}\InprocServer32	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}\Version	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{120e6bf5-05ba-48a5-8ec6-e5cf05c98095}\VersionIndependentProgID	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DD51B24F-4AD0-43E2-83BB-ED9AF4475A0D}\1.0\0\win32\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin\\t8res.dll\\1406"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1}\TypeLib\Version = "1.0"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201}\VersionIndependentProgID	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C43DDE8B-9428-4C43-9A64-FC66912FE6A4}\1.0	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d}\TypeLib\ = "{2addcc11-40ad-4244-afc6-90feeb3bb2e9}"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}\ProxyStubClsid32	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E64A3E85-DA78-4178-91A8-E9FAA308375B}\TypeLib\Version = "1.0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0FA48495-56EB-4EBA-BE5F-183846983A48}\1.0\ = "Skin 1.0 Type Library"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0FA48495-56EB-4EBA-BE5F-183846983A48}\1.0\0\win32\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin\\t8res.dll\\405"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A9994E4-A107-4C07-ABE2-832242BF8486}\1.0\FLAGS	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0}\TypeLib\ = "{4A9994E4-A107-4C07-ABE2-832242BF8486}"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1DCC4E8-9C40-4F92-BA1A-1B846F321AE4}\TypeLib	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C43DDE8B-9428-4C43-9A64-FC66912FE6A4}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279}\InprocServer32	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F210473-F79B-48AA-B4B0-78872B5B4541}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.PseudoTransparentPlugin.1\CLSID	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564}\Programmable	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E}\TypeLib\Version = "1.0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0}\ = "_It8HTMLPanelEvents"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C13F1DBD-F8F6-496F-957A-2FDF9594BF4F}\TypeLib\Version = "1.0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A12635F7-09EA-479C-8FA0-65C98B053C3A}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\MyScrapNook_12\\bar\\1.bin"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1}\ = "ITemplateBarFeedManager"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}\ = "ITemplatePopupMenu"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.Radio.1	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.Radio.1\CLSID\ = "{ba339ddb-918b-42f5-b582-88ab854c42ac}"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d}\MiscStatus	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C13F1DBD-F8F6-496F-957A-2FDF9594BF4F}\ProxyStubClsid32	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{661A3047-196C-40BE-B957-98532655A787}\TypeLib\ = "{9664E31F-B2BC-4DE2-87C7-43694E33ECC4}"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}\TypeLib\Version = "1.0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.UrlAlertButton\	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1DCC4E8-9C40-4F92-BA1A-1B846F321AE4}\ = "_ITemplateXMLSessionEvents"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564}	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.FeedManager.1	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201}\InprocServer32	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MyScrapNook_12.Radio\CLSID	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171}\InprocServer32	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A3BD0431-C030-45BF-915D-01C8E8AF05D7}\ProxyStubClsid32	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A12635F7-09EA-479C-8FA0-65C98B053C3A}\1.0\FLAGS\ = "0"	T8SETUP.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7}\ProgID\ = "MyScrapNook_12.UrlAlertButton.1"	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99}\MiscStatus\1	T8SETUP.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF65B486-2053-4654-9E48-3785CB20E757}	T8SETUP.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE
792	T8SETUP.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	792	T8SETUP.EXE
Token: SeBackupPrivilege	792	T8SETUP.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2640	12brmon.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 2944 wrote to memory of 792	2944	377ca1364687a057eac7da48e7031130_JaffaCakes118.exe	28
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2212	792	T8SETUP.EXE	29
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2052	792	T8SETUP.EXE	30
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2176	792	T8SETUP.EXE	31
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2640	792	T8SETUP.EXE	32
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34
PID 792 wrote to memory of 2032	792	T8SETUP.EXE	34

C:\Users\Admin\AppData\Local\Temp\377ca1364687a057eac7da48e7031130_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\377ca1364687a057eac7da48e7031130_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE
  "C:\Users\Admin\AppData\Local\Temp\T8SETUP.EXE" /p=9N/n="My Scrap Nook"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\PROGRA~2\MYSCRA~1\bar\1.bin\12srchmn.exe
    "C:\PROGRA~2\MYSCRA~1\bar\1.bin\12srchmn.exe" /m=2 /w /h
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2212
- - C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe
    "C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe" -remove
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2052
- - C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe
    "C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe" -install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2176
- - C:\PROGRA~2\MYSCRA~1\bar\1.bin\12brmon.exe
    "C:\PROGRA~2\MYSCRA~1\bar\1.bin\12brmon.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2640
- - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12HighIn.exe
    "C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12HighIn.exe" 12tpinst.dll,#5
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2032

C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe
C:\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe
1⤵
- Executes dropped EXE
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8RES.DLL

Filesize
161KB

MD5
d190e64ed1cdb91014037a2cf0bc8103

SHA1
afb44e22d1aa4f8d8d369461b29828cbc38dc555

SHA256
63d70526a4612e7881bc1c7b361ae17c84cd5b5103efc279f4f58f07f48e11b5

SHA512
50e7bd50edfc101bfe36b42ad4bdb77f15530177a5aded44821e486f539f29a55f7332dfe9d1e3fd7fc3eda7d0a8cc27ac10b3f8ff034f42da61de280c3b8b68

Download Submit
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\chrome\12ffxtbr.jar

Filesize
26KB

MD5
88d8804b131aeb67388e246eb63e6f50

SHA1
670a7e8fc727f8c16b4d348b9f56aecccc5c2a24

SHA256
7a4bdf510737ab211097e392fa870a730cf3b080d45e94c1a65efae78f95ce80

SHA512
203e11073677779b1e64e859e83559f6bf1b19c22fe3f17fa71036f4fca2f4eb82f087c99c43210fbf23a9928e0d9b768430fc95b0a358f607b1e173046af873

Download Submit
C:\Users\Admin\AppData\Local\Temp\T8SETUP.EX_

Filesize
1.3MB

MD5
2e27b0d4b4981ae5a49312dbc7fe2088

SHA1
01879e1d4c98bc6595293b8b35da9a44d405586b

SHA256
8997c72481e2ca4312be5b856d23fd538e8f109b4aedcf677653dd6acf178f81

SHA512
c183f83598ab97cb4203694ef011c0098d4fe983899982ed6d09a66e0d6931b1eca5e5b6f8d523a64f794d4cc50b0626d30018e57aeba351f71fc685408f54f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\extensions\12ffxtbr@MyScrapNook_12.com\chrome.manifest

Filesize
265B

MD5
3cee0014adea308f50292f0cb9f814ae

SHA1
c4f9ef9d3e15ff9562706a4172bda1a14e590f46

SHA256
1d5b5b54de790739fc867982c4196ea72b2a4e68b2ab8a8b1d30d1419e80d231

SHA512
cab143048c041eb43db5f5ce0f15f8f67da5e8dd3212310741d3cf2dcd5a29afefffc92318ef169bb7310d48f41485588eefd5a08a427a50cdfddd291c13e258

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\extensions\12ffxtbr@MyScrapNook_12.com\install.rdf

Filesize
937B

MD5
3fa0860b8b10f6b95a08abf89087fdee

SHA1
d3c0cfbd12bffd7b87d3d2e9de863cfa9e2a6584

SHA256
52d6a4c785d7bf443eac34f316d3984f46d7168b4d7be4cc8f9890329fa81317

SHA512
97b2b4238c3b9504eb1a918510021f4545db0db50910df7387c286fdbc86e8ab596d2178692f5c4d8781ec99b19ba9721077534cb7c87afb753b16bac662ab47

Download Submit
\PROGRA~2\MYSCRA~1\bar\1.bin\12SrchMn.exe

Filesize
37KB

MD5
c04e676cda28972d41b85256a8d10483

SHA1
05e1921ca1ad596504766f060380a086ffd9b605

SHA256
b6a8fc2287131be7b61647ba640f871c8ac70a71d3a5c3346f7d75ae6680dc45

SHA512
ff2a96d6086b14b7b5c0eb7f9037b6459c90be80a8338a893b466634217ba25eda5cd0203a0b646c247994cffcbbb6501b64183e3707cc725555c920ddb44337

Download Submit
\PROGRA~2\MYSCRA~1\bar\1.bin\12barsvc.exe

Filesize
41KB

MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
\PROGRA~2\MYSCRA~1\bar\1.bin\12brmon.exe

Filesize
29KB

MD5
35d6caaa9e4d82974a74dbdb53801f98

SHA1
0f78fe90af015b0a511ede007bd1791a341e891e

SHA256
5418b7bb40b097da6370ada1194f8b2d2d3eefa3ca36a6eb31d39df7791a25a3

SHA512
bdace57d273841bb476289d6fe9803c57a48ab7ce630b8797f848f6eb7816b00b43223fd28c8caa440b1b1d027a2dcf3cc9cee007fcf5905650d15e800c8b245

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll

Filesize
61KB

MD5
c2d3d2de66b7ed064ff6b96aa9599215

SHA1
58b593186c002382adb9b3ddb26b1bf82334d6f5

SHA256
c290740fe6b590dfaca6db19e0ce663003b26b32eb921eb19619ea359640d348

SHA512
02b7d7444d8674a94959699305b754bc673b51be88a39dafb416983e29913db4976b668eb9a977546b8dbe5bbcaf2da00838af593d06055648eb39faced32ca5

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll

Filesize
61KB

MD5
57dd8aed0e235b1bb1e588199883c84b

SHA1
c4b330ef102bf596943503b0e8c5d39a5b3dcfe2

SHA256
45c3cfdef55ea3abc14fab5d25cffd0e08306f91aaea4a67248ee702e7b9fd7b

SHA512
8cf86f5b222acc39516404322ca58d788b9db4b564081f5774941333f893f5aea9cee1adc6185ba0567c72e08f7a4697efcddf53ed5c169e6a6464d1b1bbc666

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll

Filesize
29KB

MD5
22ae719e91b4bfcdf6122d3e2a0f272e

SHA1
99df98dfef4b483889fa88162d20ee46340a5dbe

SHA256
2529f6465570ac7f0b82613c694181cc10515ee045cfaa48dd7402e9b9d791bf

SHA512
61028e30c28501f0c18c00ec8888cec3eade43b823a545608fc6ee9c6c2529723b5bede0cb2d4a016562a8ad4a59b1cf2b6ed00d1f745387ef9f15b05b63ce8f

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll

Filesize
673KB

MD5
f2b77ba18cb741c0b924d441c0efef6d

SHA1
a2291a55257865e3b311d421cf89efdc020e517b

SHA256
7b6924a1daae67ffb1b69f060fe5d6f6bf0a9681307feb2478281b5418e5ebb2

SHA512
04c7eaa8696039e942156dd4bc2618b0fc55929933476cadc43bedacde4fd706df30b1e564fbcd8b3aea26a4e17aa9b723f29a573b64b724e98548bfecb06ae6

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll

Filesize
33KB

MD5
d3efe03300caf0fa2215206280d31220

SHA1
12ff3195bdaca5482034aac3c3e132d5ada421a9

SHA256
b67d6eba635dc1cec42eec2d1a1ceee34e43cb3a55e6080b1a17d29af5d9cf08

SHA512
a2e32cc4926e017f04a7feb3ed9da4a32741109b75ca845cdadc20b577c4d96f1de4d05e08466559c174b46731e0f8c35f305082c845f298c55779c6058e96a0

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll

Filesize
97KB

MD5
70a6b86cb0a6a3f7b35421ec7b9f5b7f

SHA1
baefcb03679575349e01668c4f0938643baaa022

SHA256
0059d01f099fffa09373a6ead57f3cd1c6772667b9a7eeb6edabca3cd1963cf1

SHA512
4d6cdd61afb68b3fe6b705c2298ce35a1e42834c17e4faae11413bda44f0739647b6d773e73b530046c37ec0e15d8687f7546c0cdf30dedf5b5ab2adbd8c427d

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll

Filesize
49KB

MD5
cfc3ff05478e454681e6f1cb2aa8396f

SHA1
ee6acfdfc1e0b2327dd18f4ad6e8c64b3e91e20e

SHA256
909e45c4e208907b99fef410ec4f5fe848e06be036b7a3d3a49e94bd8f259530

SHA512
515ac446b8a4dca8a16e650e4a57112afec138c0eaf629749c701b6982493253bac9e05792a7e166c06c769aa1e49d7d1689f3e29954a1bfc7daa64389815412

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll

Filesize
53KB

MD5
8d721a2bc356a862ac8b2349bbeb614c

SHA1
8090e240f528004402b29c11e5072bed79d95384

SHA256
5dc33b6ae31bb0b277f6db3b983e4adf5c509646b574c0630864ef462c6626c3

SHA512
57a61aef5c03e69ee26fc7baf3ae30198b95c28b0d8887e86015683c94ced7cb7e6a5cc310da13bb32d87f81ab33778c412d60f48a4f646e18d17242b609fb10

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll

Filesize
89KB

MD5
f18d8bcb38dfd1409cf19f3ebd3de3ea

SHA1
2ca2ea6cf1ad1fe87c25d4ab6b1c7729e48c6390

SHA256
090686b394ebf791b262b97249b20083c6a78e6cb04847a3ba643eb64c5ff184

SHA512
b251f89728dda4f7250d39c6875d5362a89076340df34fc04f5d03773c354b0297bce2d9d898c5359339bdba49620fb143d72b5d9a6ce4ef2ab33ddab57e73a7

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe

Filesize
21KB

MD5
635f5e4b01597d0baf2422245c8ff541

SHA1
9788294f2b8ab28dbae4c73bb61a6b1200bdd89d

SHA256
b1c485330062beb4d02e3e67e68de82c6ffa22b0bbf1eeb6356d2ae15d03249d

SHA512
d93fe70d449df96321d30f2ebd725af2cf07f0ebead6ba9db4af47ee513160d1a6a8f78533c642fe685609438a2d1af00089aaee202b820fc7bf7a2cca9ead02

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll

Filesize
33KB

MD5
78867ee7a6ecfcf5f37fb2f46493db1f

SHA1
5adff50c2a1b6c3c673134819343e7fa2e7d72d2

SHA256
7c832e203c135a9a6d8feb4acd5cc828bd625bcf33f5348f38955d2eca8e31d9

SHA512
f42f50cf4acda3ffe9a6a210d136b8ad3427dcd82f8af91a04eef60f8e3a7fbfc2a23875171ebce2a8739cebc0414617b3f6410a3db6984c4970285b88d2477d

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12html.dll

Filesize
93KB

MD5
977731fd992e5190de741d6d1631f251

SHA1
91434eb0c345139654b34c6d76531fa3b5f0dc00

SHA256
a8b9edb8e090cb28bb4c9578fa1aab53c816b5a9d95853089135f41ff66d7385

SHA512
08d39cb7b6cbd2546c4c95c8df7c402bb9545298c87176da4ef424508ec77ae8be0c17aaedc623c611a4675b3f15613dbb00cbc500d6ccce24302e20addfede2

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll

Filesize
157KB

MD5
568c1f7d72e5eeddc97b05fb3e786ccf

SHA1
53f3044159ffcf82c746898941dbe3dc2ac9a24c

SHA256
264e123877da29452933488131e025c7c78abcf4390e09daa4c9530133f8c4a0

SHA512
aa2ec24caee713882663762bdefb8e54a43da53bc6f43f6e8af46461a32425de4e5aa52c0b2ec994df7565553f7100c89f87c745934f9f97be29d81f6490b9f2

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll

Filesize
81KB

MD5
6df45cd8b40014f94f1a949fb96d3284

SHA1
978867b422339e68971e56c49c66f14f2acd745d

SHA256
c7a2447a749292e6aa3a8db104b46058af0f044ee376d6ca49a3764955d9b6b1

SHA512
aacbf2c8cf9e06d94b622762d33d2f8614410589ef8f0e02b87006e74c7c0dddab1ebd9e6018b6857b34ffcf5100b896c2bf06067e3bde659972ef966a64d996

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll

Filesize
33KB

MD5
121fe87b463651d75c9bff704883c978

SHA1
dc971c75ffce77cc952fb6660a2603e09d62d4d9

SHA256
120b46557864c807dde6be7c0c1e71a2110d784a242dc79159945669d920fdb6

SHA512
75337eb17c5db5276ecdc789e8e075376c18941047358e0946dc710580a5bbf2bf122d0c443e02e04f908bad18b5eb31c84b4e29a0676886af51d754b3bf1520

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll

Filesize
41KB

MD5
b315203e6d9995156946194516cf5332

SHA1
92ac05fff3ad68271062a3dcb87e12ee6b816ddb

SHA256
aa30c65ee96701116138ebae7d1f0e831452a749f1f9724232a03e660ef13f51

SHA512
83d897c787d37804dee112dac89c51066969c59b77080404da0c2f0cd36db478f0eed31f127bc1e636ce3ce4ca4b96a2fc8a4aa62d2da52336fff8d33762ce5d

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll

Filesize
45KB

MD5
896943b4b92b7e3f406844674f629076

SHA1
3eb4a6a25199e6339ec04f36189c71738de63ce7

SHA256
f8274d77f804ad805806d531e940956d096f75c6b6b17f34a753f1cbce6c1632

SHA512
35a39b00cf7e0da8b151a6261f833f12e442107157602d0a8cf991a424978158177203b79290f4b0ad8e6d0fee70e4655980727c3db3f26b249c49d98afa7e71

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll

Filesize
157KB

MD5
92aad41d2e12e797af52d4bcd75cbed7

SHA1
dfd07b722e317d1cddaab7d5b31bfab57cc5e739

SHA256
a2122cc682e9155708a0a8c12d1e0935231c82a30f4ec1afe0245d8ea4c7e7f6

SHA512
b005d8ed9d9413914a7c3b28277ab7b126843dcf2a4ca28e58c8e5cdb942d11384deb69cd7ecd5bb7d6ac9f5d593de36a5ded07bc8dc68f0b833ae3110276397

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll

Filesize
121KB

MD5
4876e787ed8d945838235f8cfe079d05

SHA1
77c8dc985373b1e5d9035ecb3a831c7dd1abfd55

SHA256
97b3a0272aa17e018d91d235cf5e21882a626bfc0ece264a699c25c2999bb9fc

SHA512
dc920a2ad55acc725ee362bab710f50e8edc92729bcc6c1793471e9fef17352218c9680e132ddea95dbe16415c6c2c18cd00b0f52b1c3143395fff8e681e7ac4

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll

Filesize
41KB

MD5
5de55f0f8967fdb31ee5b259a5aba975

SHA1
c5f26031d5e0c487bff0d60aa44603135bf60395

SHA256
159ffbb40567e8ebbcb29a24fa76bad6f1af81f5ec45a75cc5875dcdb5a78e4b

SHA512
72320cec163ee236569a7f747e4aa819a81796f7de13feccd553477546223ca706e67f2554f724b240b1445753129d476485bd2b8e57d413877467437c684028

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll

Filesize
41KB

MD5
d81c2100db96422794bed6f3c3957bce

SHA1
d3675555ef2fd6e5d4d9646d3261fea127b53be8

SHA256
42c1e9298842ed383f4a0099b0782a5b57681e700f24338c5369e4a8586db9b2

SHA512
f2552cabb78a791f9b904879570cc3f5853dcd70803590601137437d30936f09ec6af11f4a416a9b5fa10a4fd6b744456d0ade9bfea8698dcb5530fff782a851

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll

Filesize
41KB

MD5
a4c73c71941826db74af6598336eda99

SHA1
65d604a070334183e5034cdeec5838e46d705794

SHA256
64fa4044c2e8657b84eea6de847254731f20c010eed16bce9e82201dad825c13

SHA512
a8471104d239709c039a56f1aefb0f9004c1b038df3bf830e125a1efbcab5fbe2e77e19d4d78fee50c8357c192dc27e67957cb951225a01907a6322591efe6c4

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll

Filesize
45KB

MD5
2c0327baa4c4e39bc839fcaeb7156dd2

SHA1
72e48f7f37e208a52ad975eaecab29fc50223c27

SHA256
5b1fe0d4b92c46a303e112763b926c978d5a60462f72327aa4655d7663507652

SHA512
9b2b3e90fdfc5067e3d3f5c13d60103eb036f9e3ba8cce990fb97a17a4668b9033ce823793f03fb39070b140d0e3d1956000d0b339735e938dba40b95c566034

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll

Filesize
125KB

MD5
00fbbb2b564dd1f2f54ed0810a08b8d9

SHA1
857980a7b7ab77ff8e34a090ccd76b8ba628e7e4

SHA256
5925099be414f4f006fdbbac9d46b50d2c25e97410e9f1bd931e13ec586cd669

SHA512
13b6e9965fdfe4ec390b5d9146303d34e12dc0e23f85202a0954345cdb83d9d004a98eaf45dd4fb0cfd684546d483b7a23e7dbc63f64df506dd7b5bbc5ed4547

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll

Filesize
161KB

MD5
aa2931d735d7f0a58be82f8c71a39aed

SHA1
e401834e35441df1cc412899e414ae3b2b8de716

SHA256
bc26c866dae1dca43b55ff1f0c9dc79b3d6b84ad3d796c8be0e4ea9f09a77f05

SHA512
f406b6f817021d6a6e9a007dca1b05bc2240066fffa38589704d4ac246ba49f965a83ae0b1fa8338ac4a4d6978690b0d1762d6717a20d4e513f3f4e11ef216a7

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll

Filesize
41KB

MD5
6335d76eb910f4ae1fc616b208c7c300

SHA1
110033f4a78dca521e8ba73f75747e4e3b6ae545

SHA256
54fa5362ab82e7b7d631c48b7931ca50efeac29e2bfbbea30619f8f6be3b45e3

SHA512
60fef65b4fe22ca617d4b5bf7bf3bb3ba44190437666889f26c4e65244b423b97681fcc44d11606ffdc4ccd71b598f096c7b08de07ecf1c82ac0a617963c5ec7

Download Submit
\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll

Filesize
29KB

MD5
9a205cd825e8ed68c9db72dd14c80f8c

SHA1
e25022975902882d3220ca200b6c170fbb1ffb8c

SHA256
ce250586f41e24f2b385f7e9ecbb94472f28e56c745ba7fa7eee2d6c985f3b55

SHA512
b3c67b15aac14004492f11711e70b3a944ad3620cb65880ac38e4519e785df776bbe2b75c5520ebdefd5aea049692179df803c8cc0962409d461cc57fca97bda

Download Submit
\Users\Admin\AppData\Local\Temp\T8SETUP.EXE

Filesize
3.3MB

MD5
c2d6b84ddc1cf3af3d63ea52b2e9fd68

SHA1
eb000be35ac34f4882b59180c6d80b39d2914241

SHA256
14d7ed950d36375696b8837b332e2c67dee5248b9ee82f7185511dc73ac47152

SHA512
76aadb9f0d45e91903e4dc83ddf4aa966a6adac4db76faf085e9e16719d9b9300fa8db7d6b9ad7b72f0152d496af59ee1cb2a453ab862525f1c27352c37351df

Download Submit