a4390c8aa7f4515e739417385626e9af0d7d8d2bbe201669d7a27dbb81909f04

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Size

349KB
MD5

82a40fa636812a69cbcea3079f59ac45
SHA1

3c3277a7eda4857ae4f7155a10cfd2fef4a6107b
SHA256

a4390c8aa7f4515e739417385626e9af0d7d8d2bbe201669d7a27dbb81909f04
SHA512

0fd4efb8c3e77c8e43342e8f37217407324f7212a382f0879d9fc47f3b1e68a51c6f7e6fbfc02a1314b3db5f2acd97857bea609f1e70780df863402deaabe3b8
SSDEEP

6144:ye34WpzWCHKMayfL44okkdq96CQpiGF+p5QKC0vb+FO:YkL44oqspidDvb+FO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2596	installstat.exe

Loads dropped DLL 4 IoCs

pid	Process
2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
2596	installstat.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EditPlus\kk57.icw	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000000472a2b3d370251c91fc3e9000412f3b0fc27951b23901016dfc86f29fe19af1000000000e80000000020000200000001bd38fffa43e77e729f59b1bb626fa2f0329cb35a38b5ac93f016e8617ef06c920000000b00993b02cb4747deb513e0bfc5a6bbda6485e16385115dba2fc3c25ed2b6e46400000007f370176c059a4345752decccea7b5d8cefbde111782e5a83ce1bb31b9131b7487b73c184d9369dcf157afd3a52f6a92d3740d3b6b5457c055ad031b602a5045	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428726464"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5062C771-5074-11EF-AAD0-E29800E22076} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80bad82781e4da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000e228890f7707bb968670e4ee0113c8f272d061a636708aac0eb18a2004876490000000000e80000000020000200000001bd6be071f2f98a0817d0df03022b684ab32216efe319636d7afb7b3b5dd55d790000000fc099bc0c20cb79457b20ab27a703bae69200ad70ea4b0d25543ecb31865d5646c249340ec8f5e7aa6f6fdbb737f270873db47eb727ebef2070dc7b40c0463ed9edaf024d6d9661dba3be4853fb9565d9122aefaa28a3e603ee59597dbac113e7d2e0aa08813791c54809d0b9390152172ad3002fb3c973beb6e6c04f61878ee8aff39c981486f1ab9a368edce8f60e940000000a7b6718049182e9fdaaf9d1457e8f28d0bf2f2e0a1541871e3057c8724ae968501eca3bdba1b0f73080b53edb7a6d5885f268ded96014bfe59e1d847d727dc0f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\ = "´ò¿ª(&O)"	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw\ = "icwfile"	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine\ = "VBScript"	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command\ = "%SystemRoot%\\SysWow64\\WScript.exe \"%1\" %*"	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
Token: SeBackupPrivilege	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2704	iexplore.exe
2704	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2544	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2544 wrote to memory of 2076	2544	cscript.exe	32
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2276 wrote to memory of 2596	2276	82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe	34
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35
PID 2704 wrote to memory of 3012	2704	iexplore.exe	35

C:\Users\Admin\AppData\Local\Temp\82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82a40fa636812a69cbcea3079f59ac45_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk57.icw"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\SysWow64\WScript.exe
    "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk57.icw"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2076
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2596

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EditPlus\kk57.icw

Filesize
132B

MD5
f773ec5dba0003ba8b49bf8548826795

SHA1
49494636f1a847b02e2969ffde924752e69bec0f

SHA256
19b744d3fce854e328652699dfd6cbc332ce4b76dc212dce8f6cfc2186a18ce9

SHA512
ad1a75d19e5fdd72a921641e2f815e4c80246fb82765d3c55487560734460e0fa8c5b2320441799f20d6212ebc66aeb7368452f947457721cc47e1ceec460dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
163dc4c242f772164a88ed93be3549d6

SHA1
71cf7c06ded3566413498438ec08c939180780d3

SHA256
9223fda7865be59364f298fd9d82dcaf64d27d9ea0605058415f1aeefb4c9888

SHA512
f0f000024e3289eb515b644efb8deca3166ad95fd349ef332f528ca8637836152bebc84cc5195bdeb7745b2650c369a420b3e144d139c7ce53203669d4349b4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ed116a59738b9d0916858452eed4f71

SHA1
4696c0e17a933a6276e734e77cf044de1f7e2f62

SHA256
ad784c59214eafdf9ac542207fa5a07f5ab7051a85e41927426cedf5e4d919ac

SHA512
1c7ec9ac16ceb71afb5099138356e876c73141627661a349aefe4b36e330c9fa4d4bf965a39424ab7a56fafcf3a27d0466cb7e74bca020b1ae296d35c3e94ab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc17a9f1477a923dbeaec8a088b9cd77

SHA1
2ec0ed6741ba1da8efed77295e054ff63288c922

SHA256
8e2dae9615dc74fd36eb25c3536afe0f88d751c5233617b208cc946377dfe69f

SHA512
1c0761cb25236e5091d89cda140a2468306542c07abcb5927a1e6497892470b62b3f7a4d77b76ab31a778883b1935aba4ba27030b151cc3717e02a59c746fd06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
139955d281302661668910b078541f04

SHA1
434dc8a4ede213248b45a0e22c96e4a9a29c4702

SHA256
55940d9d76eb21c06c19d3a50acd00094a0fb3bc3d76b9efe847924dc6bbbdc0

SHA512
b6e8feb4a2d391c035b376ec869ad0fe6064d4f1c26e8da90412e04699160c08fb04c21710ecfeb87d49624a159aed01da26d157dc2b1353768c10a11c3a51a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
775fcaec590196c37faaea9132968def

SHA1
3fb15f193165f2c7fa0193192a3bac00adc56601

SHA256
a0b20b46bd47ccf7076954b3a7d855ee242d0423e2313c54de594dc97dbc87c8

SHA512
7d74b2ba034de89936fb903ad203d209f6eaaefdba2850f02d9c150e555b92cce89dfd65d0940cd4b966b5248fa47935e05878cdd4a15bc309ed6960942e54ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11905b1aef97a5d39a15f306b34c8b07

SHA1
6e2b4e422aa2f11e749ef8369c6f9d11ed3f22f7

SHA256
8a9dee7445640b391b4d3db073aeced95570e09ef4f3323f5896efb450bbb603

SHA512
e945a8d7eaead8087c551aeb66561407ad8ec98d7c595bd9814982dd8524f34fc1ec7dce2d652735f34637daa5228c5e1483f9b5f5f069dd2c21642b624f258e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4f85af83442a5c46b3f9ececb4281c9

SHA1
91f035218d9412bd6dbaf36f450fdcb1d7b729a5

SHA256
6ba7df4ef80d0c33465ac7caabfaf2223830f0d10ff47e34c012cefe6c6b2eca

SHA512
9f8f466a42c30145028dd6bcc8202d32a33e217c6c078714c589b309c86c9cc09a12e1f7f6d50a0c5ccb797d53164738dc2b3800fa5df7d5eec275ee96b59089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f957fe1d348e7a5ee2039c89142a7a68

SHA1
62b1f8c9d4b87250635ac0f0761e103476f5bfc1

SHA256
b7783bac20f1905ae60043906da81c40e80ac9445777cf59eecf13ea5e2b4ec6

SHA512
5dfc903739a4ebecae82dcbdeba30074f6d2e8b35cf75d511021efc724dd36e5b584b4ef08b991d1c011ae3eede62e963b17eb03264fe49956ae33ca0d5e9b65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d8bb8d3e065f36acfad36b6c385ffc1

SHA1
1512e4a2fc44d5176bfc708ed093b2180c9412d7

SHA256
db5c1863f717aee11ede92412256098566fab0dcfdc8de9db94c40da4db1fe7e

SHA512
ce1f8b3b2fe5d4d56c6a68a9ec88daa153551cc426efe3b1e46c56548f47fb65bd8e0495384730660643844c08694fa999351df8efc52045cf8c425795d9a9a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75fb85feacdd1189a2095bb8bfa4c377

SHA1
c1d4fe877bf6c3cc9386b062b25c3956ae982b9f

SHA256
f3c918fa25399c0a5e891ba588166df0b71f1a5750b32c47aa9d369a6ddd95c6

SHA512
4e5ef988f000bb3c4359e685d4bd33d3917e9cbea458fc61efb96df964e5f252727ed8229d9c66a25d6945c62942c05ecb6fe117cfc4927da7fa1508a68d6537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b62089153cb279701a76f3b9a67a82e8

SHA1
ed612810014a66aae11d1129579b3c3191d10a64

SHA256
c4d53b18a79ac7224fc79f48ccff6eb7aa6f16c3579e8873efa71761f31319ba

SHA512
92303e8fe21dcbee41ef292cd1f793ab9c2c585a652e41cf314a65c8d9f6ec0528bd203df97b56af797b8f81e1b5efee37161a143d354d95d6acdc94b7ce21e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21d6e3e7e65133baa947063edd05e180

SHA1
8188940c863253628d15c21c54b1256d7534c150

SHA256
3e7d7cd1454bae1da80e724934f23c78bc07c4fbc00f842a628d90f532b33b16

SHA512
95de5deba57d07d82fedabe9562bb74fa998d63ad82aa5ac33c9a2a24ca7bd2b8cd44b0dcd8c6cdda306cad53e6b276e05a13def3f73d593c61682aac581965d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76ee2104ba1c3fc34e4eed9f0fca2109

SHA1
9ff9b5be293b59ad1c9f6a9bfe91b0fdaaaa88d7

SHA256
8379765490181a7fa3fa5335526610daf1a1cac73ccc7c4c9c3075ab074fb3b0

SHA512
cac65089a24bc1670a03ec57f4384a689781ffda689ad95d0a9a704e342d5bae06a24daf60293e3881a456651dc04395b55af383ed24c1f29f4949c797a27a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d3e7c8147ee4678eb92c7beb0df83d1

SHA1
9bd42a2e8cc6e1b1c98d9ebed4933c95e97b63eb

SHA256
15ce478ffb6916c15e5d043442038e9c411e7eac0d88c88a666672e654e4212d

SHA512
d807a32d9281b500affb6b7b34ef1d7d16a1c4c02612fc0aae226c758d97e414739b4489030944da05da72bda6d249c7e35f39aa585613f400ca9fd57446229d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bfef27758e3145d88e2063a9dc3c9c0

SHA1
6f48b5976435a396b1fc9f3ea0be0bb0ad547d59

SHA256
caeede4f2ee703af4bda12f135f415581f54feffadc80a4f1680770531b1fb0c

SHA512
56a295090223813711d35b6f38bd021d0495b8566507674d829d70b059889c2395409a1a7ede812b46fca78a0ab0ac6f0c69e38309f9b3df11fcaee8ca57b600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62f0db05875a8f6d0a6005e82995863

SHA1
be1751e126169b808f9d13e440caf4d91800f80e

SHA256
5e39bd8355d2b76a5359551bc769a177c40ed3b90dee5f8363378b6ce7289941

SHA512
72c519a9c491fa41e057ddd2e349c343fc15ae15f5ee4753c6fe6ddf8756b7716211aae748ec7fc8c54772a1d7b5aa210dfdcfba1f2c81593b778f62c154da1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deddf065d30c02953cdb8204f2f83bb4

SHA1
6465f0b8af89c775ee894bc7f52d25185bd751ad

SHA256
3859093a60b7b8ebf5a72320637b43916a91646e3354505f3012735ec1ae1c95

SHA512
9b0e1bbe8efcb2ada72f8cf7c279ac321379a4b0dc23e29632f2734d7695e8eb8d3ad602ba1af6a5e5362e3d0c7078756a6ba50ed3cd2a6e6d3cdacad744c636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8dfaeb0ff3fd40e1b3a85cfc48d0f4fe

SHA1
2ed372ded8e88e1d86bd533de40a44fa4cefb2d5

SHA256
4ab1b181f50e85fcd78cf12db903082ad61c4fc0133109f70f4d4ef51b5160c4

SHA512
19ee53869c5385c83a60dae73a1972cd64fa1732a17ce0780515b56ba7261076071b2a78e9487be732d83c3d9adf27e4d38ae5f469bb4025643e153419608b30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e95b946d6fbab9ad71dde3cf4805b4e9

SHA1
6a7d5cedeb14cf0ceb0fe7012dfd36c78027ccc1

SHA256
ff967cd6b9fb5d25a2ba625f9a81b8fc5d52f5d8469146b0d3c5c3023ac35f8f

SHA512
d48791e25b82cc276dd81499eef7f95f8590d1cc8c23c0ceecf0d10a19348608e761c76d82872d7eb5bfa1c6c6c7f4eb2eeda25028c034b5679601ce490014c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db43756cb5140ef1152591654f2d10df

SHA1
31c0c402ea4a8f3ba03289e8922ae5a37a02a262

SHA256
91ade487f3136730a62effb91e4b2a62e420edd03d98ee589cf63875ccd0ddb9

SHA512
4783f77b27a5e5e3a00095b9fca39eed79e4cb535fb36b4b0af9eff49e2c10c9b74c00b25e26c72b90f47f293b7afdd4c6bd84cf78f160d4cb1b5fa96ee70817

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DFE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1EBE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk57.icw

Filesize
845B

MD5
770da61f7593590c13d276ba5d554dfe

SHA1
b73a79fbe45b57fdd61dbdf6bab1d7b0bdac35c2

SHA256
a1d172b84b37cc5774ddcf614f9db8ba29a649fc7b6cd8c5233946d911dc27e6

SHA512
91f4523fbf80b6ea61f0ca922bedb5015ce172918b13560c378b66c1d06c50914bc0f52202856ef968c3f7a3e8c12d32686a65354c1e0954746b81dcfe382691

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll

Filesize
80KB

MD5
67cf306d9bdb258d3cc5b3244cb54550

SHA1
8146becfa2fceb897216720e8fa59960b69ebae3

SHA256
a8526ac60d3c0d33c503c3d262752182864d1dbbd376ecc0ea60987dae869fa5

SHA512
74b1dcc812a2cd291a9429228929d2dba26a053315add45415da579c3ae7e7566a943930de42e81ff5d2a4c36de930cf9c5cb26ea92576c504a0621de633acfd

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF384.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF384.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe

Filesize
44KB

MD5
7c30927884213f4fe91bbe90b591b762

SHA1
65693828963f6b6a5cbea4c9e595e06f85490f6f

SHA256
9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

SHA512
8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

Download Submit