48eda05ebc3353d6a9386a9796a76c42395caa2ab9894936ee59484b17369fbf

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe
Size

681KB
MD5

485fd9e0fa159847c99fae2d1463a838
SHA1

e13d2db455d5c09738671cc906069b09a89d0655
SHA256

48eda05ebc3353d6a9386a9796a76c42395caa2ab9894936ee59484b17369fbf
SHA512

52cbf756b6d652b2b11d2b9c184d08d1b87afe596cedb26511ec0baaf5f3a6df16e0e6603b237604c1274953ae5605b7ae8b98b54281fd750e4add240a45e345
SSDEEP

12288:v0aOMEz2DmXYj1F9n5TBT3SXW3YoJ06N2xOqkaAqeUe532rGzduuSh:cEEbXYzogatKuGzduuSh

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe
872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe
872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe
872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 412	872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe	86
PID 872 wrote to memory of 412	872	485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe	86
PID 412 wrote to memory of 4436	412	msedge.exe	87
PID 412 wrote to memory of 4436	412	msedge.exe	87
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 5056	412	msedge.exe	88
PID 412 wrote to memory of 4820	412	msedge.exe	89
PID 412 wrote to memory of 4820	412	msedge.exe	89
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90
PID 412 wrote to memory of 2200	412	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\485fd9e0fa159847c99fae2d1463a838_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://plugin.chameleontom.com/?aff=1557
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f8f46f8,0x7ff95f8f4708,0x7ff95f8f4718
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:2528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16323881232455787782,842905842906872804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
712712b52541321b454857cd3555b2e1

SHA1
5b0e5f19014a50c9b6922ad7621780ab3752cde5

SHA256
4c383ee7ccb6b27ba2d4341cd6b512f3e7503bbed4267e3ed745c2826875c07d

SHA512
f9d109a34d3d6e73de61234731107abec1084f9b7e4f736f97babda09eef5f88ae1cde57efaa6996a4a1e6c2b07c75204b3641774f171b9b6022f4add9a3e224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e723fbef5e52b2bc5ecd278960f8e24

SHA1
1a57134d49b232b3905c082016405d3d8da9fb23

SHA256
d6ec53b71d0751bc11d64ce86a01b9f709d9851aff6c733defa901958a248e8d

SHA512
f7d5dd50b2e5ecf22518cd9675bd0278f2164193461b402fc6cd794b819f275f2ec7dcd635376b9da11c2b8d698a03da99cecd2394561f6169ffed3390bc3bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1a2d69206612c9ef218f1ce366c1d10

SHA1
0481ddac92476c8df6f0c86ba00f47ceda5c906f

SHA256
7ed386e4c4217f295d07cc90aa4836ce9514522b0d00ad2b101b3e04cef4e013

SHA512
6d5455b404e48e2e3e8e11d0a033fb8b302930e63f38a48290c978ad05b2eec548b75c5cb59c70c3274496a73954c37d0141974ef69cc8fc0ffeb27ddacf4830

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj84E1.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj84E1.tmp\blowfish.dll

Filesize
60KB

MD5
926e4475c00fb5254c32c876921b77d0

SHA1
8a55bc8b6e49021a4abbd441783c41d5e019798b

SHA256
d54c8582863c079996c4f1113b1c106204773ad9ea2ae831ba2b33b45bafdfa8

SHA512
53f389e1a967c123ed591c7650cf6d3140abf1012dcac90faf2327e68558949eb2b19905098bd14ab3a9811d23f98466f88418d992ca6373f94afae56a285bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj84E1.tmp\nswebgui.dll

Filesize
157KB

MD5
dcf180c820c7eca0409eca7c32e12cb2

SHA1
655984847eb8c4a244742ce99316bae8a0cc7515

SHA256
204199949dabc9708cd1e8f0fa40f37d7889f04b0b1b072599a8481bd97bede0

SHA512
9efbe1af3488278f9888708503d4cb2b505d57e63626c4261583d870ae7a04d1002ac24599fc7cfeb3bf7a718177d5645e8227ea48f63e98e540340b3ab7f420

Download Submit
memory/872-16-0x0000000004F10000-0x0000000004F3C000-memory.dmp

Filesize
176KB

Download