6975478e458147acabbd3aa4f377606cd7fe5d446af02a19f36da8262291f35f

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Size

2.5MB
MD5

a96a62dc136c44dd484f12c2b62c98f2
SHA1

1833c9b9c405238e5f6610b58fda4c0259855684
SHA256

6975478e458147acabbd3aa4f377606cd7fe5d446af02a19f36da8262291f35f
SHA512

15fefecdb5f7cfcc33dc79586255b3ab98f2b9d3dd203fe9346a657b33be757b6a718ea82bfe37a518f73679f0d30a7b15dfc8fbad5d3189314b83e0605eddaf
SSDEEP

49152:ZTKJ6ZlyxtS0M6IS6oB3NuNDEtSZ3et2VdC7:ZGJ6KS0uoB30tEQUIzQ

Score

8^/10

discovery persistence privilege_escalation spyware stealer upx

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\etc\host_new	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File created	C:\Windows\System32\drivers\etc\hosts	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\etc\host_new	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe\Debugger = "svchost.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4384-0-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-2-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-3-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/files/0x0009000000023369-884.dat	upx
behavioral2/memory/4384-901-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1661-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1663-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1666-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1668-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1670-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1674-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1677-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1678-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1679-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1680-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1681-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1682-0x0000000013140000-0x00000000136F3000-memory.dmp	upx
behavioral2/memory/4384-1683-0x0000000013140000-0x00000000136F3000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Security Wall = "\"C:\\ProgramData\\0d082\\MS692.exe\" /s /d"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Eset\Nod\	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\M:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\T:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\V:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\G:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\W:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\Z:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\E:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\H:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\I:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\L:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\N:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\Q:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\S:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\U:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\Y:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\K:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\O:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\P:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\R:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
File opened (read-only)	\??\X:	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mofcomp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2420	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\IIL = "0"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "1"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode = "0"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://findgala.com/?&uid=7&q={searchTerms}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\PRS = "http://127.0.0.1:27777/?inj=%ORIGINAL%"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ltHI = "0"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ltTST = "12784"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\SearchScopes	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL = "http://findgala.com/?&uid=7&q={searchTerms}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\URL = "http://findgala.com/?&uid=7&q={searchTerms}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL = "http://findgala.com/?&uid=7&q={searchTerms}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Software	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.DocHostUIHandler\ = "Implements DocHostUIHandler"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Software\Microsoft	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Software\Microsoft\Internet Explorer\SearchScopes\URL = "http://findgala.com/?&uid=7&q={searchTerms}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ = "Implements DocHostUIHandler"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.DocHostUIHandler	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Software\Microsoft\Internet Explorer\SearchScopes	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.DocHostUIHandler\Clsid	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ = "a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.DocHostUIHandler"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Software\Microsoft\Internet Explorer	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.DocHostUIHandler\Clsid\ = "{3F2BBC05-40DF-11D2-9455-00104BC936FF}"	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Token: SeSecurityPrivilege	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
Token: SeDebugPrivilege	2420	taskkill.exe
Token: SeSecurityPrivilege	1140	mofcomp.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 2420	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	88
PID 4384 wrote to memory of 2420	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	88
PID 4384 wrote to memory of 2420	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	88
PID 4384 wrote to memory of 1140	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	90
PID 4384 wrote to memory of 1140	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	90
PID 4384 wrote to memory of 1140	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	90
PID 4384 wrote to memory of 2936	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	92
PID 4384 wrote to memory of 2936	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	92
PID 4384 wrote to memory of 2936	4384	a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe	92

C:\Users\Admin\AppData\Local\Temp\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Checks for any installed AV software in registry
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM MSASCui* /IM avg* /IM ash* /IM McSA*
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2420
- C:\Windows\SysWOW64\wbem\mofcomp.exe
  "C:\Windows\System32\wbem\mofcomp.exe" "C:\Users\Admin\AppData\Local\Temp\534.mof"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1140
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\System32\netsh.exe" "firewall" add allowedprogram "C:\Users\Admin\AppData\Local\Temp\a96a62dc136c44dd484f12c2b62c98f2_JaffaCakes118.exe" "My Security Wall" ENABLE
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  - System Location Discovery: System Language Discovery
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\0d082\MS692.exe

Filesize
2.5MB

MD5
a96a62dc136c44dd484f12c2b62c98f2

SHA1
1833c9b9c405238e5f6610b58fda4c0259855684

SHA256
6975478e458147acabbd3aa4f377606cd7fe5d446af02a19f36da8262291f35f

SHA512
15fefecdb5f7cfcc33dc79586255b3ab98f2b9d3dd203fe9346a657b33be757b6a718ea82bfe37a518f73679f0d30a7b15dfc8fbad5d3189314b83e0605eddaf

Download Submit
C:\ProgramData\MSIGUIBFMJW\MSCKKCW.cfg

Filesize
2KB

MD5
1b6dd99434c85e26ff36a51dd393c60a

SHA1
8f65f3a7b2a9ed458e6fffaf00544a7374a3b812

SHA256
07ad82badd659c658e681ae9e5f4785c4c71246d9cc4b231a92b7ed572b5e6a2

SHA512
1cc268f995967eec0f64a47f907a2e0a3a98737763b9fa58c7d8dd6ec925af027fa210e78bf313ab20b7a78faca9c5767a038dfbec9f014c587282ddadc7b92e

Download Submit
C:\ProgramData\MSIGUIBFMJW\MSCKKCW.cfg

Filesize
185B

MD5
b8224e5293d4fad1927c751cc00c80e7

SHA1
270b8c752c7e93ec5485361fe6ef7b37f0b4513b

SHA256
c47da9be4fc4d757add73c49654c9179067af547d0cc758d6356e2955bbfcb61

SHA512
8fed9a509e46319529145fa2159251e43040d26080af84e44badaab1dd339c767ff75a2c473bc0abfb448b03beb96718ee34ba6bc150ed3085322878b55a22f2

Download Submit
C:\ProgramData\MSIGUIBFMJW\MSCKKCW.cfg

Filesize
379B

MD5
bb7c63c9f67d257cf3fd1d6bc432678e

SHA1
3dde5f45572faf446991096ebd94965c20f1f701

SHA256
d2d94f2ad7fd7a60aa80c660b55e041e37b28e889812c9d810336d4c40e3b4f2

SHA512
1873b68cec93acfa4d2b0b076f0aae847bd93a9723c4eb9bfdd8ec8882c27b244c51efeae26c3c758f89b23698719a425a09cf3e75c741609ccad78be047139e

Download Submit
C:\ProgramData\MSIGUIBFMJW\MSCKKCW.cfg

Filesize
651B

MD5
a9f06cb5d13586b12d04d314cda3f1d4

SHA1
ad7e94b50b8fb4c5ddf49b018922946a9e7d6b58

SHA256
fa6d2890d3e275731f145977076c1e13585c0394f04c44dc6325bcd68d76bfd3

SHA512
880a6b043ec4fbfa8e13eef37bd3a852cf9fa7529bec62272ea60c4c28134cee22b3e3536d8794472a2ad0148b796740e61250d92275ac45a86477b99fc63a74

Download Submit
C:\ProgramData\MSIGUIBFMJW\MSCKKCW.cfg

Filesize
1KB

MD5
3631c6dd7d96e9266df808ce59a9e300

SHA1
458404cdf0e5f28e1294730064620181cb092f58

SHA256
df9310e61007b9bae1ec70555aa0048f10d3d58bb3687be046dded3f955c0528

SHA512
2017ac5d5cb796b5fa451a57167a11ef2ca5bcb78d15232db4f779f17d9074669773b8c5e00b3b3553c1ae6c4606aaef0951db744e31335527754c70469a80eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\534.mof

Filesize
330B

MD5
5529c4dc7c738997134d3c4bf520c592

SHA1
efccc154391a6e2b07492ca0eb54d253dc30b2f5

SHA256
f190924ec7d1a49e9d78d67320879025ba775b1fde807115377fe1449e2c850a

SHA512
8082ef470cc6c826966f922ff7fb193965eed47003fc6e943cdb45411afc2860b73a929aea62163b215a1368b20b3bcd50ee2341043601e1f3bf8b363e14fdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSWSys\vd952342.bd

Filesize
12KB

MD5
09ffdd78b3a4905254c52040b58320e7

SHA1
54a600c8b5237ba795f8b2922bda72a8327d30c9

SHA256
de22774d9dd8299d50494d8db2465be688762c876d89d9541156b86a6cea8d0f

SHA512
fadf5c57857c7633ba22a9627f5c5b4ddb113fd5dd659452f6e71ca4145ad3e1dfe09320b4071ffff705c874eb8c0963125b795e02a9ef252e589f62df1a9c61

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
dd30742dc6534822fb85e34f53d76c49

SHA1
edfbce039975bbfcb71243a0219c18fbec83d0df

SHA256
8fae5d5f754c7384f330197ed10ec29b7b7bf6411bd3a5bb02f3e345090e9e81

SHA512
b25a0187d24d60a93f25023fe90d5d790ead912bd3ab58dbf50e1af6a6a49d284a858e5fde8344335ae8edafe552d649c9917058979ec544e688400b35261f97

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
f6b9095380d10cf06c7a13f2b814ad96

SHA1
20762ae225be99ee3958074a8fc755a0e60ae8ee

SHA256
dfd5a1396ea96db11f0a2f8b7e778f89045f4172b47293a377ddbd0d820a6f9d

SHA512
6ff3c7effa9c285cc4e410b189cf66cbfca62ff530a4c98ce2fdcb5036d99f3599af05b05b2ebf9fe2137ec7ed654ed5f56df0e049f7540f571b51978e2b1df1

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
d299cd19ed640bd12b073b7206960be9

SHA1
3b3877062adaa09b3619715c9a8338bf08107678

SHA256
c7a58c1741aac8b1a688f0d6ddbe8dd92130ffe8f1fa5ba633af7ef51e337d86

SHA512
65274bef276647461c1c1e772a10f49b132c140ff517375b5bc6cdb3ac29ae18f36a1ba9e650061c4039ec19b9f27e9efeaeaa3e95f0859154fca0432653218c

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
59c0dc5cc82abb356d067450fd9a8bb6

SHA1
55ca3b991dd2504b1406d70390e4992aa08fcded

SHA256
e7921a3c9dea958fd5b6e97b356772c376212c0bd03b62d29edd203e1f2e89b0

SHA512
626870339a382ce80c42bf95b50b6a2cf131b78410c1c2d3a5e5618b3252b18443e7fab755784ebcf8562f519ab52f58b6539f204d6afc224053ae907d3b0f0b

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
81cb10800c698c374599a759d14ee6f9

SHA1
190eebc55524417308629aa188e3a56b04125df6

SHA256
0ece53d40dc311101453a03c51016e23f47dff3f2b61ea9238cfe4dd9f786599

SHA512
ffeaa0685a8b95fccc113245e4dde6e2507951aeee3cb0a33fc180fb88b0b9e3891bee845c0d2fd6d3a595eaa37356cd68c1f13d715eb4e9ff3f77a48ad707b0

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
d444b0d62fbf11df5d6b5bc89a3de41f

SHA1
c83dc418d3802612da087b39246f520575104af6

SHA256
df5c32116568df59b132afffb8a2c9672afc48315bf7a1fc762f5ccbf725e639

SHA512
fa2651e8b6bc24fd6535fa9827e76eef27353641bce0ce5c51b1842752fd849f256095e3b1b10902606cb03eefe9eb548d52a2333bccbe6b94ecb7e789550ce1

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
2845ff0bcf7170fb04197adac021d983

SHA1
38c3bdecc2bb30a2d02c3b6294b7db417c0a8f00

SHA256
0ffc5b9cadfec8bb016ad5614eba87ba4d6f48c4d35e6bbd6191ba6f42f6f198

SHA512
bce364339c6ffae3763fdfdd3d003af52620f6f03bb581609baa97ea15bb46524e1c5db30fce8236a6f4bc17edc46a16a9b4680b345e1c54accd45c6244d9ac4

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
55a5d1f9f6365c11acfe876fd7afe077

SHA1
ea148590c0b0641cd5f263078630061278038c3a

SHA256
c79509b90c20ca9ed9e0e773d6583644d231324f99624df8421dd95c25e6a929

SHA512
86ecc1b94c82251aaab7e0c2444b541d9772693424443b20185205f33ff764208e03c63a863b2db3a90ff62f5a53a047551d80287c6b8cf50498a28d2c693a6a

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
9d39eea8dde72a17bb3a908c6be90fc0

SHA1
3ac7125c0e41fb960ca7bd04007ecbb0d5deff10

SHA256
3639e0a55c2292e2c649eac62832e6f0e32ccd16d06834707562ec9a49924953

SHA512
dbb5f6d75db65cced0a2c5ce9034b608c29fce08d25cdbdeaf61463b515bb1623059c4d62b1f7ee4a1d650ad07794c1d228d79be7f225a2b127452557d2c03d5

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
23256caae2e9135c5e5a63efcce6472a

SHA1
f05c61c1b58f61ab31a814f058baf919f3737b5f

SHA256
914b1c2243a49ab90ee1d0cf63c1a8d98c715aa0c0e6ed1e4d374087da37715f

SHA512
eb3bf2142e075d7a10f7111d4a48738ae44c3c5fb3cf2ce5c1b7bb7c505230fc384c1930ab6d5fec01d62c1ccf57bd184e8a6b1a2b0fe07d956cf7e854377cca

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
4946e0b9a31c1c93f83c456aff7f8c94

SHA1
a651809472b92cde70242348f660e7f97351e84b

SHA256
83454d82c99b32de2eefae6359c815466ca308f88db23b05cfd39e739d50506a

SHA512
be6599810b140410ec31aa9eb6e8322ad5065474b0a08dc498baeaf1b49ef933a7bfce89e76113a0a096b79cb98dc12ad047b83cb572df68ab64eeaee2e7f85f

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
02cd9858bcff284258b69c9eb8e9dc28

SHA1
81c61e7ee8448dc8c3f8acabe42b944c20509c6b

SHA256
da11f8736468218610fdaacc55eaeda81861107495eba99693f9581898f9ddb2

SHA512
ab078bc53a98d041ce78b636f2cd5526061a206a082da928a69794db3fe17f50423fe3bd21963542e04663956ac7154a31061953ad059c875d3ca506340ec4a7

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
4990e81fe112115f504f7b1959d33e4b

SHA1
7abee1d0e7070cbf74ade1318d0229d93ff5ffe9

SHA256
5dae9b759e5e9163f1ae044049b45162d9e5af651aae3e0b26d5b26085b42f39

SHA512
a6783e2db2e86f118e748325374a19c46a5d79b9c992b4ce05b44eb91840f07befc2c1331e88dbd3ef1a3e3618fb9a86e3db214962134747c03cda743e4749c8

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
a48961aab634a2586ca8155d2fd3e0d1

SHA1
4d70ff5193cea62e69c52c294d2bd9ada3d81ac3

SHA256
262316af42401bc68280b66c315414cf2d0745b98c50e0fa2c1e1a44f0905b63

SHA512
2e95bd67b755fa9c376fa528ea2f5a1132667f683aeb587a7b3fd892d371d6348ee1e281bf8dcf2f78b1c63e7f2b039ec162cd110e553ef78e1feb6a4c13cacf

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
9bb27ea08314d4b90ed2cfef48434f7d

SHA1
629659d298d94e17c81b5b8201611814df39b40a

SHA256
18df242c7cecdf00f02743ed86b6f02f04d9810bd4245c140b33b0a1e82b146e

SHA512
3f96a63142d10d6e2fe1e860d3f5f06e3801dcbc114f983bcd2585779c92f488d181bc4e3861892e4be1511dc4a481dfa4c0ba3c43f04ddba9fe4dbbb21a2d7f

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
649286ee6e3886d2708872dd3b5016e2

SHA1
ed459e2f491d71e7a6b8838951d0b295e1ff3706

SHA256
4596c39629a763df4161e29a4cd932cec5759a671bcf636ef51c8efb8acb5aae

SHA512
24b38a48e834bc72344294c17b4b2573e02f0bce993a80ecb7b5e68b96c2981821f5f99d4f22d9515ba9079db6ffd59815fcd8fd2c94c71ca81e998174f63cf3

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
791c0a6670337e84a775f110cf41aa1e

SHA1
001a4c581a73338cf0dd76e1bbacc924f809e275

SHA256
152aac04767a1689d1f724d9979bba88f2539a11ea2926cee712272557faa21c

SHA512
bcf3b246350b7b4b87f1b370b6d842ec2dc05d22a74ce88a94cbd6cf85f9cf935a2d850af4f12d56f6784a824c21646b81584822db0cc3936e1afff67f6accf7

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
622d501323259cb728ff50c9cfb8f85b

SHA1
45447458412ce8fa90e35d9e37f2cf389ddbef4d

SHA256
49fee3b7630760968f5e6c100c8d44ab25afc050ce0eeec69951de8b7c9b6c06

SHA512
30af5dd61f84546991139bf2849b3cf904fd67b90f7bf20253a7f537c0640fdda9cc1e88ddb8a267bed55bd3ba10f2f5c47f06f44ed903f3038a598ae469a9ec

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
b7291dde6522bf775216774cd42f9670

SHA1
56dae8ec2a43320a9f211b41b21ae263cee06448

SHA256
5aa5f80328630db55385f3d7bfd96b7ea2b37fe867ebbefe92d84683ad2bf17b

SHA512
e0af823e082ee7f8bb3a344d0df16bc52210c1c0251ec222e32623b8cc3d62b9db0d30cd1d6b3cc32b81a4f901134c7e79340889ffae4620656762a5f545a25e

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
9286dac521a9d1dce4a02e3a6b799500

SHA1
f39129a22b5129997860c9f4c5971fcca3edb14a

SHA256
c4c5d248e6298fdc02ce69ce8eb09334c88bacc2b92dd4607bb4b4fef7720fde

SHA512
1128eb80734dc0cd1700a6a1b4bbffe8d1446567fd476422dcd1640b71fc38f6282484b87162b2d0b053325aaa72c3a304e83202efcc578efb135afb4f387187

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
3cb900cbc0f494b73dfa9af114f1c944

SHA1
52f221d1850c14ec1dfa9831af1e278e8bf2e987

SHA256
1c34cfe1a5bff75499786d569f5a8c466969fc9f97399ed0ee271524d0e25929

SHA512
ed1761726ca2b524e7138b4275b6d604da4d77059975b79fd0448ca951858e0b8807cd035ada6df6d5d0f38fb696ca68eb3b370ea57efa40ed7ad594c0f48870

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
d16e68c02fe8c402432e925e91ca936e

SHA1
27550a30c839823564a54aa6a73faf86c42c72d2

SHA256
9172692ae5df8e710e9ae7ca42525609570d82fd6474575528055f3bb6b96cab

SHA512
0476bbdfbe0c45db8a0ddbfa228365704ccadfe1e190af445cd06c68ca42e90feab384a5ad1673909536a34822b2087fd08bce6edc5aa62a35e619b1ad1ffb03

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
f1f70e5390c98ec7d1931ed20ca750dc

SHA1
b645cd66ce8c4a1ac1e8263ee54e7e3bf5df4ed7

SHA256
331fa8c47ad763d40af80910f8992117312c8823d4765476def4ca0993ab0200

SHA512
2add23c5f4fd1154cfad2219c142abcdebd1dd9ea7643741e2f3889e59c01a61c9e711a9f445b0373799c8cc59d90d3435dbd08a796b44ace516f6d18bd8f8d3

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
4ea2898dd04c676b1de5af8cc3b1e866

SHA1
d0d07106ff85ce6bfb27ad29ee0eaa7bf145e73e

SHA256
f135a5d57872b0b6cb4cef19fd451a40e31fbc9c28aaa2bf3fb6c3c3d837b02b

SHA512
95265cc46eb483231b0996e08b802b17bcf370f2467b23d7054e04538d16b114b1eab12d951e2d23ed2bff0bbbd225f4db75d42a2dd061901dec2f600a467530

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
fa3f536282c1ba7fdf4dd5c2559ada16

SHA1
96f1b281e57988261446b413aff78cdd42f460be

SHA256
edad02dfd011b9fa38ff2a1835553278aadafc0dc7db435327f30a3dd5522747

SHA512
9c361f95dbe200f6676845fdb9c8850d6b626181cc4bcd20b6931e729463c459b1695e2fa9e148130ced7db6685ea6522f31826a711711e391ea70cef91a39ed

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
e3a5cfd76d377af4b00c8309a1450640

SHA1
e03d3f8f2181d75a38fda8d512296c0621cfa14a

SHA256
3e4f623ab3340c7db8c6a5b7629ce984df0ea52d1739241d2feacbea52f9439c

SHA512
8e87bf44cfe7846429f9c916cdf482af4015a38af2dace19e82c3e5e4e53dacb6e2b0da887519c64e619fc2576271b023266e6d50293991ef90f6c4723d49827

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
1KB

MD5
26fcfb441a88407627b37a5a41b0c79d

SHA1
925b8ff5f81cb4a9f1edf74b24319c0680b48d09

SHA256
2c7abb1d7b75203f232fa21667304b2bcf087ccdce9c06d76a6e1acf069aaf2b

SHA512
487087b54ce17d41ebcadce550f1d066b9122419068ef0975257339c4b8cb5f62efa50679ec03643df2366bc588096f3a346521f528281cc1e6b22004b57ce16

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
f296e166aa549ee45e95e65e05e80334

SHA1
45d6a286c266446899c9c1bc19e75845e7cc790d

SHA256
d35cc57ed86022f3fc515518069e2a7b77c012e852ce790cd42f82585bc039c1

SHA512
7d4394e5e6d23223fe2fba2dbff586a59de758ae7a7f1c8dddc4bb4c2b14560c5033e54ccad8d599863fb9d671a33bba7f025788f42600a128b1b702d4b3891c

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
a5d3224f62694789659dda7f2dbbd6e9

SHA1
d2849d9c434666af82e07265b81801863aea1ceb

SHA256
d1ae57b00595d992da584e8f9195ec2f0bdc8c4a5ead2b2990aae431aa958738

SHA512
884c97d2af5ee02265d2e87cebfa0f404c9612f53cb88e7557e59841357f85acd520de9653e047182c464545aebe8e14bd942c754f616647119eadc3384d503f

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
ffb9b46c6af00f02952ccea6c1e16eb2

SHA1
a8e7d2cd942d1f6a02f9e64efb4e854e36283f93

SHA256
298f3ba74376418510f0971bfac334682ea32d767159017b228323d4304029b8

SHA512
72a6bf869cd050d57f7b6a84a52231a08e0829bb5956211bf8aaf20cd786d73e04e51c594f00f342f90fc6a8de8077d24b1c826eb5669a967c7cc52765e775a7

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
30bd31af592760f5887c3a872f553baf

SHA1
a084d17f54618fd60483cbbaef4559114133bc48

SHA256
d4c232081d2b35ff82e0ca78d49666b3435db3fe98726cbdbd18e49af3b30c71

SHA512
f9bbf5f264a193af727252d8558586f2d74c6e5f8dd65f28ab4ab3057779613cd50fdd33425f9b6162541d1a55b8eb1c233bf78623368b16506abc8be94cfc4b

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
3KB

MD5
92bcc1bc86dad97b1b05326385042b9d

SHA1
9c3b35a4b396163e1a8a3026a4177882d8f0de59

SHA256
3ef7438a6d73a95cdafb7f68dda10bd76e5eb031a7498b16428a48c95cb85dc0

SHA512
37b7fe9b4e7f5bdedf04e88ee7d745bb7fe8c90ff752af26fb998e8c93dedf912d88766819fd1b37dcc303960aaaa41d5e660238a8dfc8d7352221cf422628f3

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
3KB

MD5
841ac4cd77426333090f54b7023b0199

SHA1
a6771d12401118667e91801801857ffa72b96ce4

SHA256
13ea4dabbd84986405e01c6c554302152f6892f283e0e37b0ccc2e55ed783e6a

SHA512
3b2e84eb567ef2a90794f86dcf79fc61ded8f932164d858f58bf3462c9e0c4a6a97213ca0e43574df091e61a7d2483716a2d283db8bfc89cf4b76e943593f7ad

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
af2b3467b5644c4836596123172dcf0b

SHA1
9cfe84d1a8eab47ba465193a8454bd4e1ec50e05

SHA256
cbdee4316472005a304bac28974d037a40722e5020bdf4609ba2539ad00a03e9

SHA512
0b196aec14ca37402033c9ccb2f2cb81dfc0f42a22128d537fdef733f8720e90636ba6c376b7c4a3cf271db3dc002001bce1b13b1d8c304b38be34d2c726fd6c

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
3KB

MD5
2dfdad836d60b5cbbcb9a3099784855f

SHA1
7d6aa3e3c4c9bdc5e582f92e0d9f5abd58591c53

SHA256
87190499a7a7eba47cdc357a978e81888d077ef9122fda69736723e7198c53b2

SHA512
5923a1461f35ab885a7893365e2596c87e9c5d11120a7b2b17a88a13ee5509a10496121573b8b0dbe47bed3e65286f6a85203fa018c6956a883ea4d3e613c0de

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
a0fd1679af1bd5d24223669efd6f2b22

SHA1
83cf7feb6f4941abe4b30ec09c9b8ca2c1cca6c5

SHA256
8fb812a45365beed5965f6d659cf793dec93d2c0b3f9f4844e380755dbd0ade3

SHA512
3443dd1ae6707b18d947b0530ecf4bf875be5e067182e45dde2ef923ba99877263b39dd786b1cdba201cc1d34ae354f48371f286025d9092da30a8d79205c499

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
13b7c2cdc83c348ed92ba89d93e5460a

SHA1
4f8f7d5d9a190137034099bf5c8bcac8aadaf9c5

SHA256
eb16a9ac4f9cbc543253d9dad4b05772c847ea8221a732e637090dc4f4c0d40b

SHA512
61939298bbc2ad9ce8a2b822577b4be624dee454e81378999de0d18bd82be36dfda1cb0904eb80b823de98225712327f662eababd548a47b1bb0c93d37714e98

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
52ad333921fe67ec3f59c906400c0033

SHA1
38d784f013b53026e812d8d7afa640d12edc930a

SHA256
2fb83d66a989cc473d0ac6f5d507815044955968fe0d733b43878c0e57ac7bc4

SHA512
671c00a13a3b2e9f9c48361cb60adc5eb12d61b06759de2aafddf0f88c7a33b674a7afad1482a3128030171485ed61de4af74508e4754923ea3673537f50330f

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
c9cb26608ec245b7aca8eabcee08c41c

SHA1
5145c19a57cfdcee8e532347f7701e0f8772dee8

SHA256
116a9177def4721ce0f9a0e65b80ae75a3818614430a323b2b1ff970a51352af

SHA512
8f0640dd8f2979288b65de209bc417039cdf3a0d8d949a9abaa01cdc2b60590de15e5afc607fc611f39faebf1cdae59593edbe04b9fa9681c2bc20c5c6ddaf17

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
062c4c3c06aa39a98e3067756a21948d

SHA1
309fdf6cb6ed659fcfc687dac5ce83def21b9299

SHA256
d1a6d207ba5caeb1a230b356d9ccb5ab50a5718436c51a2bac95f21824cea83b

SHA512
4fb3803e84117b74b222ba7a4657d6b38d78e045a4aa8c52141f88fbf15f4eb550faae74d7bd6ad98992aeb69b8708e7115996669336f1803544d63047361855

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
28ba5dace45188e0bac88a788bf537d5

SHA1
452e9cd82ea41263a122658f455dd5c0e89e275c

SHA256
a3ffbc53ac65207e219da776e8c991f034acdf41deecd1ff13686b8a8eeb8336

SHA512
d99aefe9fae1a2e6ea28db267dc9ccfdc8fa517f60f500bab53038860e0f3d08b2f53becb510ce1fc28095d32917360f15ea20d126344a836cd88c4698b6a175

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
efbeb038bac3c33f1d5fe5e5fea6ce70

SHA1
f7e641c46f30a1843873afb01fd901e56083e557

SHA256
6dcec295f36bcd078cbf4d57440f11be357466fea6b8e708672bfe4926f6865b

SHA512
88725400cae58144781cfb28a468c496e2558b953ce6ac2b3e87b3efe9661d177a599514ba2dc3d98f61f74fa23227a2824c60b29d7baadb870ace16b996e6e9

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
e2cab2ee263c1997eaa697645750a37f

SHA1
9a35a7fa7cb98f8de4298b4fae417f135f87e5e8

SHA256
2f63bf4d946d0ed474996660524575bb1c18040dcac4f7cbee431312b55b0450

SHA512
4a66150fc6c09eb6df98827dccee045fc1844e09dfd4ef5fb2c36f9e220aa49b34b7607afbc7b2a04a9ab4d7cd50f220b51bc1f586eb5acaebf064a8ec7cd00c

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
cdd92466342d7f06d236aea0f1ad955b

SHA1
30bebeedfa81b47d9ddee99b28d152cd6f19e193

SHA256
0893b532bf35c9b66bd9c6267d3e364dc1399d5a68125545f7da3221d074f15d

SHA512
832bb88d3ec93480149abf28ddcb0d70dd9fb0fcef3d4893603d50b234b6a343cc50eb1e447bdee7003729ec99c789ae2ec99e8137904a16556aaeb6851d8add

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
b20e912e13890bd4c5ee21b4b0cd4750

SHA1
ee9f2a2bc6377053eb5e521e69cc9ac808ce2da5

SHA256
3ddaffa3ce2fca1bc5dd77ad90d21d556a6c12ce72409202a54dae9a17f06fa5

SHA512
5bce0999f6db14c7078ba4710ad92ea83e1a9de43b2c8219f11925b318de526a285ea0024aacaeec6b7d54f4d2de82a7fc2adb6270040932b88eb3693d7e4ae3

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
a78348ed5ce1dc4fd755ac36dc805799

SHA1
610b1a86c3f28d1d40ff1b6882ad6cffd33689a6

SHA256
544145a8705e6f5bc3fa1f9266ab65e015df5077e52f90b9052ebebefec2ce87

SHA512
69604079287e8b80c2ed6803d782a1b270c21e5d48ca20a4fe236fb271dee7ab976e306aab37b3eba9e3882ead9531790657deb665f80c9dcab02b27110c76bf

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
356528ae8712e69e07735ed90151ebf8

SHA1
51949fef2459234cf32767968efad636459212ec

SHA256
5f6dd04592b5d9e750da00058c2c2e17169b37850da2c93c1550238e94a95ba3

SHA512
ae56691b813755282fdc502d12213b7be09d2032bc9e43b2d6a90362fb69e87f27643062d4d2b0cb61477384273f6c32a26a7731565739ae7ccf3725af9e5dce

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
24bf572671164101c6f98c1a85d71ad5

SHA1
d1bfc999b6ac78ce412a1641128f619ccd6563be

SHA256
022b5119cfa281f548b9a7f801a27173d32f80cc7f47e8364f503eefeb5907d4

SHA512
9d313b0910eec638ead656302d5d4a51cb75291fa8ba2ae02fddbe848c4818f92bc1b4920d02c61172157c14cd29083df122f194f65747256f03cdfcaf7740d7

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
4938b967aaae616c9839b0b236d750ec

SHA1
d7a87a8b6e74b56877d08fdacc0f6bc10003ce5f

SHA256
4665fc607b4a227d151844e111a44a3944e21d9b10a4197865903817735c27c0

SHA512
4355e4d913d681b6300b6c71074395f540c7161641f141875140cc94b84a7a98ad7fb01779e281f680e51f77f47d25e87f085b1a57c0b460d8cfcd7d2c3aeccc

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
a2f3f604d89194ab8172706c48639a3d

SHA1
f8bb050d68e1cd63f1ef71cb50d85534aadd6589

SHA256
7c8a6a97e0118e8875b71829c7070f3f825e4afe5acf99ccca973a74c499cbaa

SHA512
56c7be7fc96d92f0e09a2e6999a869e16ab4cb19047c60f243beee51a9748ff78e09664a092b0fedf048da8267eb4f68b76fcb959d3f08b9bef285a19fa08543

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
dca0aa370ba975fb99002643987f9225

SHA1
6782ecf0a40907f6c510bb8bc01b15605932b19b

SHA256
46550d513495ee2af1de3fa4aa377cf1e1779cd121428cd480bf231e5801cf89

SHA512
1c86d9e866f40abfe6ab0578555a9d3958a1460e4a2b6bb9377c0311d8ff25b4d683609653881271f8184e1ec4573b7ae11732f92f1f7d318f45d44c3809df27

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
abd649af2918c4d608d15d28072542bb

SHA1
0916af8c7941e4b3921c64ac211a9ba3ecfa9a41

SHA256
92e84d075de6c49f3a5de2e3bd193d040db2da80e337e7c5d912620c28239b07

SHA512
e79c575488ee5e387ead26ebf78b8ac37b728494f5bb21c2dbbc937436b785e0315f68578aa4dcddf0a438ff62c7a65c2a8e205fcea3665cabde4a966b3c8e29

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
1f5e6c2c71938c3dc6259deb0dd382dd

SHA1
6ff9a6b828f52123e46a67b720960f3100089fb1

SHA256
5ed8dfa00de12adcced05b0b00af92c5f0c9e467618bbe2da8c7ac0bd81de54f

SHA512
b3496a6df538b596e77f76db5fef3ca61e0c8cf3f19f45a68c6d0e9d09ada0314afef77b1fb6dba55baf0229dc03626515ae4b5807417620c49baa30a28ad546

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
5fa389bb6353a4c612d0f0a7eb9f951d

SHA1
ba9bc2ac184df01d45d578edb5d87f8e78b678b8

SHA256
28be2c939351575677edb9e70be456d736add3322087811fe5831125df6f0f60

SHA512
5f10a36fd082c973960a93a664688c1ac875d82f8fa5096d97ac8a3788c7609bff9c0a23a30e9cec926db4f1af2bb6fdb85348dd916cfb82d79ff6e09ac0dbf6

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
6f04f6f6c7ea46f00726bd8f92af46af

SHA1
249a3cf2abdfdf01a28e4a95010808b94050411a

SHA256
b38bcf2479ab5551b14f067f30fdc86530e6cfd78d70d064e82962dc5bda7aa7

SHA512
21d79edfb8bc9dd0bec49e3ec7d9fcb9e6681bda71f7b4d1e59c5b7d95a652666e05b589f7755452ae13aff90a468616d53dd8a550a2f483351aad2a316d2a59

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
db86aeba66ba609295cce1af0d80a85b

SHA1
19653ee59ae02667f9efdbc5debe1fa7e3bd63ec

SHA256
40cbf01a15b1973967ab556bcaac035cac681074439bd40e5d9a023b3f3c00c2

SHA512
e7600919e22aa0c9efb61b7dc028757135f6b3bf852902b419bdd75c13410d036d348ac945023643e76aaf02c4b1cfd44dfbd6317ab1ce78d1420d11cc0cb053

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
8d604af05c13e6e224e94c78d1f20523

SHA1
6d9dce9ba81bcbf54532e6b9ca9268937fc29a43

SHA256
fe6d24223e65018c80d6ac05dccc8c8b27cc64f14444584963917c3c95214ebc

SHA512
fa2780f763e40ce0358492b7f541b15f6b5766d0fa7d9fa6d964fcd71329b68e4b237c40afa999df07b9b5c2b20f12baa5ad0de575c1a55d351d2da77c22fb8f

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
044e6aa32c2dc883228e180d38fc26ed

SHA1
536029e64f1da17ee3216f8317f8c5157e27745a

SHA256
d090d7ad08d392b3bb80070635051f3f896a4a6daad5dbdbe43562427956e8a5

SHA512
04f0a406a35439113eef9a590ad8c9d3590baae26b5f6a2cf4f69dc405f6a8ac8cad1220cba731e076f30cf7097c2d35fd58994e76bc2bdf565b2ab37bdd89ca

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
b94cc1fc93ef7bbf816263e464313bd8

SHA1
62dc5406a5155cc88745bcbbc1c395abd1a37956

SHA256
8666796fa01d11f2336591cc0b4ec85b0d6e8e9144301eed9234292e2610509a

SHA512
8728437ddcb3e23ff27826671b87deb61bce01c9eaaa5bd24ad751a4c130efa2804557f6175b69d67308afad1ed0c6b23814a90ccf1a927d8323396263d32cb3

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
bce301da628b71747d3d6b8d3110bf85

SHA1
e006e58745036f41e98b2876693a02be1d549df5

SHA256
db77defe2f00938a6bb8d4a4d67f2df9513cc35742f62b783ac968dd14b7c698

SHA512
a009674fb3a6de481cbaa5f6b863b6a773b17c2cb2a0896277fea3ca5651fe8dce0cfcb228b3082b479e952d9b7500d470b0e9d293e71aa5c23210c812455828

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
98838c8e6ec5d200f6694dc52d31e270

SHA1
8a0ca8174a4163057eab67f7bc83fae3c670f2a5

SHA256
127a336e74f37f0545d46d61f8baa99f4fa63a4f0af5e74389601af7721860a4

SHA512
8a1560c3a7281ba157b04d6a9d48b2c40a6a8018989ed98dcf3995cb0acfaebb3b5c6b6c43c9709c0dbdecd96b120b02888294d257bbe310c7dd26ee22b58540

Download Submit
C:\Windows\System32\drivers\etc\host_new

Filesize
2KB

MD5
887683062f4c4a3a06846a9ec9f9df9a

SHA1
d0ed286960b04abd93dc4263ca1099e72b063a3c

SHA256
5e96a8c3b57a701db65c882781a001960ca94ab0dc6affc05141a35690067657

SHA512
f946f923aa1779058a19ecb42348a52b4620307983994e4d32bc287ae0911a735bec620dc67572df3e988fea20ac93ee83447c51bf05f156b7d150abeb8b55a5

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
008fba141529811128b8cd5f52300f6e

SHA1
1a350b35d82cb4bd7a924b6840c36a678105f793

SHA256
ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

SHA512
80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

Download Submit
memory/4384-1-0x00000000004E0000-0x00000000004E3000-memory.dmp

Filesize
12KB

Download
memory/4384-1668-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-0-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-3-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-2-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1661-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-902-0x00000000004E0000-0x00000000004E3000-memory.dmp

Filesize
12KB

Download
memory/4384-1663-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1666-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-901-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1670-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1674-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1677-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1678-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1679-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1680-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1681-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1682-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download
memory/4384-1683-0x0000000013140000-0x00000000136F3000-memory.dmp

Filesize
5.7MB

Download