85d203e0a41080998316a431f4ce405a08d2f4edf4cfc1cce229999f90f29e69

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Size

346KB
MD5

661b15946b8eae5a25c91cba3d2c369d
SHA1

b06de620aaa401f95deca482b971ebb9197cddbd
SHA256

85d203e0a41080998316a431f4ce405a08d2f4edf4cfc1cce229999f90f29e69
SHA512

90975f7ef117e867cf6887d3149e23d647c40402042bde13e81007c2c64e029647be13beab72ae22a0325401a53dce58e3b77019e814f390bcf0744d99f790db
SSDEEP

6144:ye347mvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+FlbAc:5+YyXSvi2v2ICvOb+Fuc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2808	installstat.exe

Loads dropped DLL 4 IoCs

pid	Process
2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
2808	installstat.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EditPlus\kk12.icw	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd0000000002000000000010660000000100002000000060761e05a233e552f55cb3c82687fcbdefe42946e2244ae7362447a21b1ad486000000000e8000000002000020000000f7f4cf897fd1a583d9fc35b029e00c30942439ceff744f80705ce93d6b904bf3900000002791b15050988497d1a120bc2d98045352495c0a2266eea01a615bc487e61f504b4ed53e1234886f911c37f31a53d7c890067288987f4a89d36eea0f5e8bc8378c2d1ccff3b6df2f9080a993d77b7626c47e8aaa2249ead0fa30268e3f14b769a45312181b75d25a945822b896c17286d7171b2e629cb9cafc640b668a82390b91b8455da041e1a547355a11227a6591400000006be06ab9c4b0c1366c5bf79e62ce04089a9ab341136ff109671dce6ef91dc7695ca7e83e7c87c3e23fb60744d8aa8de6f7a7fc542d9e52f2674a9c7f50ab619f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 006f0c61bfdcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{895AF1C1-48B2-11EF-826E-EEF6AC92610E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427873579"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000e473bdaf54cf89851191eb68b3665d5a2ed18b6ab11c2e1560b7e5476bc4c3de000000000e8000000002000020000000929bfecaa5eaaddcaba238cf81d784b7ab0ad6c5e35bee95ab01d969418537fc20000000a07083efae16b81f7d33ea1fed0996409b438fe441ed747ceb7462f3a97a7a21400000004a7a6a1cdc1a30bf230f42c29ed2097637ce5ed804b480de665afd96f8b9eb7998c6ce9266577f75439a435d84c8abde22f50ec5d1b3f6c10f4d31f3ae180a99	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine\ = "VBScript"	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\ = "´ò¿ª(&O)"	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command\ = "%SystemRoot%\\SysWow64\\WScript.exe \"%1\" %*"	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw\ = "icwfile"	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
Token: SeBackupPrivilege	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2704	iexplore.exe
2704	iexplore.exe
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2928	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	30
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2928 wrote to memory of 1880	2928	cscript.exe	32
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2808	2164	661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe	33
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35
PID 2704 wrote to memory of 2676	2704	iexplore.exe	35

C:\Users\Admin\AppData\Local\Temp\661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\661b15946b8eae5a25c91cba3d2c369d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk12.icw"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Windows\SysWow64\WScript.exe
    "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk12.icw"
    3⤵
    PID:1880
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2808

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EditPlus\kk12.icw

Filesize
132B

MD5
bc0c9630b9e1544ef01d7490b606d951

SHA1
757c89aef9becef2471ff6dbfd37ea1b6be91c10

SHA256
1c9d7f48f45ef07f80c45c699bcbc7b5696a8e03af736dc7a90368c19051ff2a

SHA512
529826c726a8107226245b3825cde2d87b0004aa7196d15a56d581e70918ac6648496eb7e0ee48ae63f981bd368f8e91e1b39798a20fa940d154beeaabd0be77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cef495d586b9ca4381f6034330ae698

SHA1
d49bb7ebbaeedb06f1bfa4dc98d803cda1f1cfc5

SHA256
044de923a69879c77165efa3e84dc96eb146e4b6053e3e90c3f9f2de4c37d45d

SHA512
af08e27e6b5a58d9889d3a3811d609d9cce3fcd5fbe36a78fc1379488864b6b4bfa28dc7b04343d480fb7e21efadca0f150b409083aabf027ebaa37373ec08b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb573dfedff7ed9fbd37e734d681827b

SHA1
9ff5fb35936fe4168721354b9e31b1529a388568

SHA256
42538078585cb359e536cac3148dd76a289bc7459d59aa10a869ed677906a5fa

SHA512
e90159355a473ddf833354ab0984365fe3631a7398dea3718605de3a4dec762881b80d78ae39fd0ab27e4550a2bd577ce24f6e9176dac0cc2a15eaa35828142f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
692a4bb29358d6569e649080bbee0a27

SHA1
4852ae6c9c3285f62985917176143bc912758796

SHA256
3aa8ed6f54e182de7ab9243d7d2735cf1158f9c5b48b96627cc95c4798e78151

SHA512
9a970423355e3ac0dea3b3da55958cac331eb26bd3f9fc120531569688d01e8c9a539cd4ecbce535b2f84ad84a342c00c55bc892144b5d53d5f1cf290cada8a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6d61a6a400ef0c47cf6e6423d17f55a

SHA1
37a043d6a5acb92a0ad51f9f007afb880099739f

SHA256
31fa69af79d4ab05d111e067af2bd8f895d8bc9cbf0024fe75b76a3466d52894

SHA512
a22cb140091ee5dcf202d7b66ccedcab832c87c1b75653085935b4f50e919f8e997a8b05d53750739ab7e1aff58606a78e0d84c651205c9ce2597c84bd5096d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ac09316ffe1f1c257ab2a73b0dbf9eb

SHA1
fd6861826f64f30a8b22ce3958189f0a27c791d8

SHA256
14c84cc146421c615a39e031093290600f4ba1d9265589b2d0d31f127d77b7ef

SHA512
bfd81cb7804d00a4dbbdbf7991d593f2340475cdb0ca75c0efc9d0070a3ffc737b949610a98ee37c07d784c2ff4e0a43b0a57cddedfb88ff6a0a7ab302d3ca87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71dde27885d811e2184e5b75fdb5556d

SHA1
09d46947ce4e6dac0ae43c9d2435c241ac163bc9

SHA256
dce3daa1f52911cf446cdc341afb1683bec089f531ce0454e3b37ffbd522c07f

SHA512
5c0ddfa280435378847246f68dfeb66fadc8287800dbcdfae28d5fd4aae867be6647450b549ce55c9f69ffbc0a95a1cd3fdb8a66cfcd7943d5dffe103bad1e8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe1abb1733b5290ae9dd43be3d29213

SHA1
9747e1800f395d5ba85038a0a8397752d84b06c9

SHA256
8e0f5c79e54ccc04eb723edad5b370055e1deffc7418bc0db8456aeddef725a2

SHA512
2f2849ba96ed77a1a5250362001e0b0b139de27a4958fc8817e2776d3fe88b1af78b20d15a4f1ad7bb00ece07ef9f264ba30a918a0a830a1902055c9fc78a830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33f51652ce0fa977dab40a8990d0d186

SHA1
0e134b537d1b4329e933b54d365dbe1649f7c8cb

SHA256
8972a764d0a7134c772fdcfff3060113e10e644fda63de6effbbbdcbcdc69354

SHA512
964f9fdd4005101323c69f0bb8a560ee01dc4b84d69079ecb0fb9056a1e2093b8e3f94d2aae30ce1291817566b2a32b145bd5c082d0e64c4634d9448a6f8d806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32d3c94a1798dfd4cd9386362986d1ff

SHA1
8d47aac82b7925f3c8fd1b57ce9288f7a3579c17

SHA256
3a96cc9731c9c14b40f29e3e0203bb6d070a7740f9c590035479cdaf732a7884

SHA512
3f19de93d59f15fa3aef171afe2e8143d09d4b904eab6e130f4f5c7d8b311ae92eb0261885064dc3496b1e002739a61698abb054889220e063138a81e6978027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
580c0457053d43701ba496a1d1717d1f

SHA1
c86d5929c25d409de1102fd436297b0dfb8f0e65

SHA256
89e35a0bb3a9029e3d15ab6ebf8e6a6792142e3c32b82f4b1d330bb3cd7e0152

SHA512
f7601134fc0ec4e7fd069a1572cff9f9feb37868f759f9ccca7be73b783e3a4de7461a05ac834d8692b55852a73b773d7f7bde6f923e80f08f1dcf6149f27f53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b290a04659cf5d2d85adb4d864de4f02

SHA1
4d8278211f5ec9f3ad6a938397e56fb9726077b8

SHA256
427b4a90d9b748b66d8c97ac196d5340037cad182cbbf19f4940841558334b1f

SHA512
e58fd1d525dc83bd295e54bc304bbeeea9cad30fc245f6534fb9f495d2cbcc814a8c7a7778d659bd241610dbccd376687b587c4ec720f305576d9d377f869b47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
181963a6ab5863b75e51525787e8a126

SHA1
3906aa1fbe107f06b180448f5aceba1707e018e4

SHA256
465a5b668f2c24b57f85767c2d7647b50df5ffd936d38142a564f2cb367bc374

SHA512
a91c5286dafc4b327ce3617cb1b74bdc401253a2c76c4e8403f756a323cc9931f33db889681da9f295aca12b0a0e6fe8f493714ad823edd513fbc34768b6c475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81268850591c53836ecc4717a762e8c6

SHA1
e2a538a41295e52d63c90ff679c3790f5565a81b

SHA256
5e7b6ca3221bd38719d9114c14cbc191e78999dc2c72406818e84f293c6d0176

SHA512
bdf2b2d4630ab53158d6a991a5b236de9e910b248bfe9717b65e4f57b40212a1bc190fbcb1da3965ba55d7fa22a051aa104fd5373dbb454a23624d61b75d53dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3adaca44d4b352335711de2d3916dbc

SHA1
b615040060e068dce5b4fffd963438695a033255

SHA256
d3ea22b1ba87baa419f39623c4386886b91b04ced993b7bda097a57191309459

SHA512
240279c79c3f90c4c03e6fa120fb17e2649fa8aab3a46af80946d4013b208972af57d7484f17aabdb72af6e03a14d3610ad2c7a36c813f2da8a4092af1d4517d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e766f078ca1d58ca41d64e51d5307b66

SHA1
3ffc53f2381f4f648b5c6d7faee30df8dfa62644

SHA256
00903da4013bb61218adc6c884cd6e60866e543a02ce37c69cf956e6a7836a91

SHA512
ef599f84245421d2e22af8d7237603d9e3cfcfbd5e12c241f72c38c000c1fe98545ab35c56c84791284f3fe9c295df870ac3aa989f2a5ce03a15e9fc443d3ae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23816320ff9395d9330f50bae164c1af

SHA1
7a5cc0ffc3f60c1ffdded43a1d6729e7dd3c1bf3

SHA256
435dc3d208accc69eedc16d0d708ef6a7e3e2d5a4bdbcf2f6c542d722203615e

SHA512
48bcd4fa3347bac5144801e0f0970ef493bc83b25fbffa6d116b85a756e07f49b5efb9358a5dac4b4fd18721090c69f959d136ad063c71ddf4e8505b65ce95e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a26949fc710925ecab80e590bae94a1d

SHA1
7ee47792c2a9a2f2cc6aaa90cb72615d55b11dd8

SHA256
fab0ca7ec4d984b52224b9b96a4f18a0045650d5810322a6bc5071bd60858cdc

SHA512
e1c0bfd2a78f5457c5507c6b6ff80478a3bdc8e5fd624eb0b6433f890f0d185307f975e4554ea9fe57d71357328b14d28c7d7f5f2b2832849ddbca4fbed06867

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58739bd9f203e2398b7d8adeed78a631

SHA1
37b89652703065a47335bcf6756a12160b3f433a

SHA256
51846a8a857c10d450f4e659bf52638efcb8397a1d2e4ad61d6610089cca4117

SHA512
ff09fb62ab9cc511373532a4c839d27806a9579353f2386312160e098cae870e7fc4a1940f8f80fd6c1034a92629cffc70e0a452d6fa681eb7ccbc9f153d488d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c60c5c038891741fe94cece9d96b34

SHA1
d9fe7bfdde5ff15eca04284e7afffd23daf3d2c2

SHA256
efd4571e0b79aaafbd9007e7490641e0de8279eea1c01e7ce5ff19ac51228672

SHA512
5af67724dc136901f44e56773f6e95af450d6f21ef5546443158d7f72ef02f3ba60ad544c8d9ffcb4b9a4cb9b106f32eaa73ed03c7619ce3ca485d4e6944327e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADCF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE41.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk12.icw

Filesize
840B

MD5
19b846369ea764a670b63e8ab0b5a78e

SHA1
2abb9f81e664b785cb2297a2e99576ce6eaa3e22

SHA256
80e48b473a576cb512dcd160daffad6f0d2424fa31dede57999ae23964ff1942

SHA512
6b6f9daa06c332268ca7476cb6eb5e64c778fd3f4d408693d21bccbfc23873b9376e655bc589827bb6edbf2a32d7dccce684c1cbe44c0aeff50af6827d4dd29b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll

Filesize
80KB

MD5
b485de47dfa038e4fc1b6f1782d07ad0

SHA1
67b68902d56bb7cf1d3292bf152f85572fc53786

SHA256
74ea2288ae1fad84f215ab40b0b9fbc0ae50996fe751fa5d615ae8586d1f4121

SHA512
5558228f6fb0f92eba5035d4ea75e722c227566a4d71a523c517628d1cf4b0e2cfea94495cb09423b21276e0ef568545a3eb628daa7f94a258a8659ed5d6cdd7

Download Submit
\Users\Admin\AppData\Local\Temp\nst81BE.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nst81BE.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe

Filesize
44KB

MD5
7c30927884213f4fe91bbe90b591b762

SHA1
65693828963f6b6a5cbea4c9e595e06f85490f6f

SHA256
9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

SHA512
8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

Download Submit