f1cbdfa43dab33030a5602decafa648bd589cf3f9ba28e4f9945c4901ffac483

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

simple_port_forwarding_setup.exe
Size

6.6MB
MD5

b7abaf389a791b2a3a783c3c2427c37b
SHA1

85498ad92c7e6a1b82d666c484960c2e9b6c7f0b
SHA256

f1cbdfa43dab33030a5602decafa648bd589cf3f9ba28e4f9945c4901ffac483
SHA512

e5a6b38a1c1bde3f844769c8e1fd13d5ab7a9903ce6cc85158505c36bf1befce8e643ff53b79d7ad15ba9446b1448cf2acfb34a0ad907f863a5f5f0cf9038d5d
SSDEEP

196608:KYlWAFz6uG+K3wUHYuW7W+fVG1f8qYc1/8UkOIIaB:FYZ3wI2G1f88nVk

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	simple_port_forwarding_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	spf.exe

Executes dropped EXE 3 IoCs

pid	Process
1928	irsetup.exe
5092	spf.exe
1532	databases.exe

Loads dropped DLL 9 IoCs

pid	Process
1928	irsetup.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023499-5.dat	upx
behavioral1/memory/1928-12-0x0000000000400000-0x00000000007CD000-memory.dmp	upx
behavioral1/memory/1928-228-0x0000000000400000-0x00000000007CD000-memory.dmp	upx
behavioral1/memory/1928-229-0x0000000000400000-0x00000000007CD000-memory.dmp	upx
behavioral1/memory/1928-235-0x0000000000400000-0x00000000007CD000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Finnish.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Japanese.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Maltese.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Persian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Welsh.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\routers.mdb	databases.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\spf.exe.manifest	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Catalan.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Malay.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\routers.ldb	spf.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\ports.mdb	databases.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\comctl32.Ocx	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\routers.mdb	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Albanian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Bulgarian.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Hebrew.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Portuguese.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Ukrainian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\custom.mdb	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Hebrew.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Korean.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Romanian.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Slovenian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\_Current_Languages.txt	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\routers.mdb	spf.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Uninstall\uninstall.dat	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\update.ini	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Catalan.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\German.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Latvian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\msinet.ocx	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\settings.ini	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\spf.exe	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Albanian.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Greek.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Spanish.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\update.ini	spf.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\change_log.txt	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Afrikaans.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Finnish.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\French.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Irish.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\ports.mdb	spf.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\custom.ldb	spf.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Afrikaans.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Hindi.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Lithuanian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Romanian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Swahili.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\MSWINSCK.ocx	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\ports.mdb	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Bulgarian.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Polish.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Russian.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Spanish.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Czech.lng	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Turkish.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\list.spf	spf.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\Latvian.lng	irsetup.exe
File opened for modification	C:\Program Files (x86)\Simple Port Forwarding\Languages\_Current_Languages.txt	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\saved_presets\current.txt	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Uninstall\IRIMG2.JPG	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\spf.exe	irsetup.exe
File created	C:\Program Files (x86)\Simple Port Forwarding\Languages\Danish.lng	irsetup.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Simple Port Forwarding Setup Log.txt	irsetup.exe
File created	C:\Windows\Simple Port Forwarding\uninstall.exe	irsetup.exe
File created	C:\Windows\Simple Port Forwarding\lua5.1.dll	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	simple_port_forwarding_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	databases.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main	spf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	spf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	spf.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5092	spf.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1928	irsetup.exe
1928	irsetup.exe
1928	irsetup.exe
1928	irsetup.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe
5092	spf.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 1928	3828	simple_port_forwarding_setup.exe	85
PID 3828 wrote to memory of 1928	3828	simple_port_forwarding_setup.exe	85
PID 3828 wrote to memory of 1928	3828	simple_port_forwarding_setup.exe	85
PID 5092 wrote to memory of 1532	5092	spf.exe	103
PID 5092 wrote to memory of 1532	5092	spf.exe	103
PID 5092 wrote to memory of 1532	5092	spf.exe	103

C:\Users\Admin\AppData\Local\Temp\simple_port_forwarding_setup.exe
"C:\Users\Admin\AppData\Local\Temp\simple_port_forwarding_setup.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1744242 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\simple_port_forwarding_setup.exe" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-523280732-2327480845-3730041215-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1928

C:\Program Files (x86)\Simple Port Forwarding\spf.exe
"C:\Program Files (x86)\Simple Port Forwarding\spf.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files (x86)\Simple Port Forwarding\databases.exe
  "C:\Program Files (x86)\Simple Port Forwarding\databases.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Simple Port Forwarding\Languages\Afrikaans.lng

Filesize
62KB

MD5
70d47914e2b28ab15fe0fc777b1f5990

SHA1
58fd4d814745a5e5f34c20a3db80c79fc8205ab5

SHA256
0752bcac2be1c5b8223c067312080cd326c5f0c42d7cdc5712b54eb5ff895524

SHA512
a66504cc1b1d453c24b8c4545be1293fa0c8474d9fa0e2e9c24e5ff85c80994129fbfc241a452a83fc0d159bd10d15b2c122b1db19fdb76ed1671ab0fad5db6b

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\Languages\_Current_Languages.txt

Filesize
1KB

MD5
51bef95de9762bf2c6e5a5e50cbd9821

SHA1
b0418c3621380ae26b3ddfa0b47c93c1cb57c8dd

SHA256
e2f1bffe568c0661500fb177e14774217f6ec033d4da079479d3e18c5b925da4

SHA512
b39d082e838d8a1a39159ef3a8e2b934c3816158bc049a977a13b221c31ea35f5e9d33daefcbea084c035f1e31e52d4f5ebdf203eb3ea62ca1f5c78e59972b1f

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\MSINET.OCX

Filesize
129KB

MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\MSWINSCK.ocx

Filesize
123KB

MD5
0e552f559edb48ac376a1e54b20996fd

SHA1
5d85604054bac3ad282f82e4b6ed844772025e92

SHA256
abe67b995d2c3f3898a84fe877ea1913658eaacf9841774204353edf5945674c

SHA512
b86736264b1e3a788d709b2d6f54ff5d8417fb1a4a73b6e6e9242856c4356a7f9c34e7b7fe860e415280c066d6cabaa600144d1d4af989517882eec7e6a2a64a

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\UniBox10.ocx

Filesize
860KB

MD5
ecc0b4dc8d1b15da901eba5f09ca5037

SHA1
5419ff79cc15badb25f26872e54ad7533b074c91

SHA256
cc3c0485e724f612d54e57d2bdf6dad88d8d2080d4fbdfd6733ba5ef41a84914

SHA512
3ec315aebed2be58c6654f3450509311fc50106fe69ec0b65c7e53963f022f47d70b587c4a9f153b8d392a38438ae26753dc5fd409a0f6cb4a8c1bef737a4f91

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\UniBox210.ocx

Filesize
1.1MB

MD5
ad0eac85abc25b2e3c81c3ad41c10c42

SHA1
883b2047c446efe70437edb0979f5c39ebd7a287

SHA256
174252b088324bec2716d295451d7d449b79d89ea2e66245c56cb284b583d7d8

SHA512
e05c31cddf6b872af10dd187087bfc4964b697ede456a3f9cd5b170b07974db08196ab3435fe157df53e6b9b7e13292294dedffe6f51809e2436c0749992c5de

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\UniBoxVB12.ocx

Filesize
208KB

MD5
5d2a12a554889b7378977b229b11130e

SHA1
ef9b33c2659c476ad2e4c35a21340e159b74004e

SHA256
a6d4931cd17c7fdc8705a72da68b43c9f103373da60e08b3fd1880a7cece7a0c

SHA512
f728adebd814332d35a15590ef1a779f506b9e16d738f42239ef5b6e07962412bb1648c80e3ce50e5d4abca0aa01d891207353ed8b568541c86f092d9c0d7a42

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\UniMsgLib.ocx

Filesize
108KB

MD5
9f2e56bf8dd2bf49a3ee36880bb57c5f

SHA1
8d0554c9939b7cb5a1e535bd182a20467b8b960b

SHA256
7d0338a411dda93d1c3563e168a3a5053567bf216c2e8942aba0128a136b8b22

SHA512
336b8022086bd9316cd7868824b455e7d95f39dbf451be9e4ec99f31c7eb4cde4225bac5475ac4933d4fc60380bdda9eceac626930207a25b642c9e3c1f82b8e

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\Uninstall\IRIMG2.JPG

Filesize
24KB

MD5
21d0c4f3cff95c34e07ad1140136e99e

SHA1
1f7f58b1cf233d7ff0852c7fe79c3b67d1141cbe

SHA256
45eba9d0872bcb19a40ec70ff01a410adeab5706424304ba3f19a7d530e98c78

SHA512
413a4e7bfcbe072886a8928555f4873726aa06b2e5221f5b93f049022ac5c9c8702b00f5ae2d55ab8d5c6f853fc405bdbabad651a3a4cc398145edc0d068cf9a

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\Uninstall\uninstall.xml

Filesize
18KB

MD5
f6d7b51994837ad061d6a646f7b57145

SHA1
09f18e3a2801861d98aeb9c633c0420ed6570642

SHA256
bb614c2f7179e77babcffbb861e2fadac42eb919c408f83e0f4b3ba612bb6aed

SHA512
28fcff03c2b95185a1d40fc86fc359d9e760ebd3241717a28563b308c4a4b82cb6b6ea03adf4b8e02a7ea75fe990bf423efe9ffa09fd947191883b3277084a5d

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\Uninstall\uninstall.xml

Filesize
25KB

MD5
4bcadb09cf5e4b16b3aae0547f4d088c

SHA1
d56e8ff1db039a63249807381f30fb79e89b2346

SHA256
20cec6075a3acdd660ce817f8a787492df543d39a70bd201366ecd7e21439bb4

SHA512
508dbd5e567ec435ef24d65f1f92b05abdb18c0cafc7e71aff9ae9cd1fe9fd897047a11fda5586aa0672898b241e70148605d9e6e991d09ef8012775382db29a

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\custom.mdb

Filesize
212KB

MD5
bc276e1cafda9f0e7a0edbb60898bfd1

SHA1
2686c9f6682a4c2c5cb608f1f9cabd3af03d7df7

SHA256
2db268d0eccc55445e8bf0c6e1bb72512c015d095e40e77a9fcf0b1060d479c1

SHA512
51b31ce0f00a41552ff8925fa024b2756b5799647c05256243afcb3f9c49f908c0f395cb6f3d2723771d5c85418fe0080f1741ff7b1433b54c8bd4e949301ffa

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\databases.exe

Filesize
882KB

MD5
9a462dfdeeed05e299005496a2cabc26

SHA1
7dc013f3cb7797225755ec4484abc3d616d5d712

SHA256
af48cf59f166d97d390fa757cace2c6dcde72644f82c6f158e6d793c36bf9797

SHA512
ba2306514cf99b1c91dc2555c40ae3860de156b700de158f8197335fe766f634f9fc7e536592d4bf31f7d67a743886206d19f2809f1f6bfc2d2adb741207e1f4

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\databases.exe

Filesize
392KB

MD5
e8c553eebc2a0baf813be9eeefd83f5b

SHA1
308f94733c5052dd6ec6b0fe54ae744d6dc0e6b7

SHA256
5d3f1bda769ffc8b755b5b97bdb322bbe3b14c80d3f51a18039f4c2ecd1d7e0b

SHA512
05cde790e230b54e58acce6c09a2662e23a286d78c911d689ee495705eb3b138d821ca9a7f89f4a7a23b942373262040e0e86056073a9e193fe35bbec6c0130a

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\ports.ldb

Filesize
128B

MD5
ece9ba24cc1cbefa0c2c573963ae232c

SHA1
d5d7d3dd73e66534b94aa30881debb9b62c6b4ac

SHA256
7972b53f160ab1cf592bd47a97ac2c0fe867c3a06488717257b5ab80e30b750f

SHA512
4046b7004912bc9fdc09b059c9375db8abd346f0ba28e711331c41812969e4492c6a46f7a58999eaa331a15d58d1b27c7616a79d9f47dd25c99297785d149bff

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\ports.mdb

Filesize
340KB

MD5
42d7a683e52ec2ed56aba77dc19a557d

SHA1
6879183430f0c638321cfae8cfdc6cb0de4b1303

SHA256
b49d4471af4e4329ed40e1723322878b8a5c71eb7fcec0acfaa6a04bc9f8a4f2

SHA512
3568355377f89acd23f5db49bbc5b77841002a39dc94f4d057470586b8220dc070bb7e38475de5e499db328e6c31aebd6e3b72d432eb07d26b2efecf6d214c2b

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\routers.mdb

Filesize
4.7MB

MD5
74ab0ab15192781b4a2fcb6cc11f1ceb

SHA1
f5f58a64f2d745188010f1f525168a2b122d506a

SHA256
854d63979e209483548db1555529e75d2bd0b60356abe2e1d8a339491e7de98d

SHA512
79c8cf85d6ff4ed250eefba6beff447fef2a3e4f429b90f09fbb9b184fa243edb2a47c4db1cea0d53cdca61ff9434be7bef64f8e3eeae7756bce5ff1590ab3cd

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\routers.mdb

Filesize
4.9MB

MD5
e882686b301f399014edc0215bfe8d4b

SHA1
ea9641fb919b3350893545b69165d082a2215681

SHA256
677acf1217d28a655725b721a376bcb51671ead54c12632e87dd8798a41e0a3e

SHA512
95d61d6e3c2a85de8b2e0c3f49f4e874ac0e3fc3ff9a8db49f07d067fbfe711ab0777d3cc7af34a6bd8ebaa7ba1de6e030f54a5e144c6fd01812b84001bc3652

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\settings.ini

Filesize
528B

MD5
71a98f438f7df95f615fb2e46a84f505

SHA1
edeec17eb1dbaf9eba39a966ba943c382e174746

SHA256
604b079470e0bd0e986a300813eb275ad77da94addfb23735e03d85d33b1ef0e

SHA512
bf7503618269dc0108799b3c9f06db283ffed6a9179d1582f23d27997f31eb76f32d263730b8bb11524bc2dfda5a97e38f9c8514793a9300005ee6a4e550ff2a

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\settings.ini

Filesize
552B

MD5
d4c744be89c48d57982841e1c7df1322

SHA1
886f450c4b50f7a03d888f70d93c14ee51d2e62d

SHA256
223801bea140f52c8a924aacd1415b9601eaf9f930be88b245f07e0a2c5cf692

SHA512
92a1b3a6660f1c0aae710d0990893ab74ceb75b34db766a42a27a4be9fac60fe54d4f311eef4ab77b7913331dbc76449a85a60efe8143006d169a1d7d5a45218

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\settings.ini

Filesize
550B

MD5
555e03ea20d0b34d70b148dccefd8277

SHA1
e5b41bc54d165d990266e91b291d337d634dc737

SHA256
1795e6584c5f31f5fa1dddb120f2eeb5ecb1a6147a6250717257c0ac820125fe

SHA512
e391c2f5b71a1c705e508ada64fa2fbfab2fee2a716ec9a26161bbe7195c80e1d2af8b0630249f4620745b9a02e9b4de4878388ee66a68d89eae23439a8a3e15

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\settings.ini

Filesize
556B

MD5
9135f3f358c5eff7839fa436f4043cae

SHA1
e856ab54f3de1d54b48fed107cb0cfee7d6034a5

SHA256
565022abd853ee48ecac2b72dd39b60c4f990e3810c3f5a26a7e770f37fd714f

SHA512
6af959cc869847d88583470c07c9566df5e4b7b96fad4ee9213c7313488a4ba430e1b396d5db9a9fb9016b51b7a0f8a08686c9441d97e00374cdccf8c8757089

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\spf.exe

Filesize
1.1MB

MD5
a4e51ab835e89246f10c4c6bcea0d090

SHA1
14fdd3ce7e1c78828782995975cdeea93b38f15e

SHA256
09dd725c4b462bee8b61e86c97d31b8eb2dd76390b6c0c9c18413bb403c43006

SHA512
5b0754cb21cb5cb14e4e98faad27b57b4274cb1520d55cb425fea2e779a9cafa439a9ea323ea9fc153437debb4087b7a768a68585ef90fba0d791d201ac05a16

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\update.ini

Filesize
94B

MD5
d843c3a3bfd1b4c6072155ab6ae56c88

SHA1
1c82b81ab8fb7b24f269a6f470cb948f9c8644cb

SHA256
9aa7df430d307ff6e768613f64dcaccdf45372cbba1120d07b83ad09aac696d8

SHA512
f4694e9781dea3d559d5812e7419c9fc367258f79f6b3d70928b3e94bd7e520f528bce8186a12925bfa87a929b441c45504a56e1b7ce8730280e4fc381604648

Download Submit
C:\Program Files (x86)\Simple Port Forwarding\update.ini

Filesize
99B

MD5
3de48f50a7fb32d93b4a7883f699666a

SHA1
25069fc05a547a368aca317e70fe28df744e5790

SHA256
fecb12916a42e01f60fff5224e3ce24d39e7473e6f594e06ec3b2bc0215797a8

SHA512
db30a0751df711f262d93314f670fa6c51c2e0b7238334e513cef4930f25a87bbd756d2dff82fb31df5805276a997cef5a1c6626750aefa957f982b51c22eef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG

Filesize
5KB

MD5
f6b6fa565c6b9196495ffb5fe0f62634

SHA1
964469c79b3631e722986e2db62f7b54a0a64169

SHA256
90f2039624c85649d26864732d03e8ed84a25d52a77bf844a79bc27810ef4d3a

SHA512
19503e3d30fc9ea4bd2ba869117dd2c2bb5b1ce38d806e77828d6b8ac0f3ce7073b180e837606c384d4c0e4a14ad552820b1d10ca5f060074f6bde8564331eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
2237b196de74b2516360f2e0a4b302a0

SHA1
cc25a25b67a197e811048bbda90bc11bebb862f2

SHA256
163504468b302e52914ff784c2878d2c42a2d5b0c5d9eb3ff15b46aaecc48978

SHA512
c6a4bc3150ff2b00435f2e094860f3a0cc9e9d1bbe4ed58450c472444d5050cb799d878eca144e36ae2911691876d96e016f5e22df69530ab5fa3197dc3d0907

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
318KB

MD5
8c0b6838878f3dd76135f999ddb1c900

SHA1
903371c45acc9afd86911a417938954963904442

SHA256
f537713bbe56322189b5ca120537b25d380da267bac4b6a3fcafa62c1c8a0777

SHA512
460bf428ebe57b2b018fdf0316028f80ac6921847c0600c1d9c7f3c8fe78c172ccfd4f1baa33ebc391040f9efd302523050bc0e239de85ed77dc205da87cadd4

Download Submit
memory/1532-311-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1928-235-0x0000000000400000-0x00000000007CD000-memory.dmp

Filesize
3.8MB

Download
memory/1928-229-0x0000000000400000-0x00000000007CD000-memory.dmp

Filesize
3.8MB

Download
memory/1928-12-0x0000000000400000-0x00000000007CD000-memory.dmp

Filesize
3.8MB

Download
memory/1928-228-0x0000000000400000-0x00000000007CD000-memory.dmp

Filesize
3.8MB

Download
memory/5092-298-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-254-0x0000000006580000-0x00000000065B9000-memory.dmp

Filesize
228KB

Download
memory/5092-244-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/5092-238-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-281-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-318-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-258-0x00000000066C0000-0x00000000067DE000-memory.dmp

Filesize
1.1MB

Download
memory/5092-332-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-276-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download
memory/5092-338-0x0000000000400000-0x0000000000897000-memory.dmp

Filesize
4.6MB

Download