5fc84a87c26c08738396f5cb4078b2e6ae106cf6019502e71a1ce2982e7926d2

Analysis

max time kernel
137s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 12:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Size

346KB
MD5

c8c78035519220e98b6bd7f5bbc8314d
SHA1

24ece3401a8c0214707a547956f897212ee7990a
SHA256

5fc84a87c26c08738396f5cb4078b2e6ae106cf6019502e71a1ce2982e7926d2
SHA512

97e5c9b736652abc63af7322037e5266b27626e620a47a72f45490bd5a05b2749bb69d7b851e9bb10184caca6f65c698ed8fbec647b25edb44ba274116de444d
SSDEEP

6144:ye34vvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+FPi:i+YyXSvi2v2ICvOb+FPi

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2892	installstat.exe

Loads dropped DLL 4 IoCs

pid	Process
2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
2892	installstat.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EditPlus\kk06.icw	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06657370bfada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000068c2ec4c846f5af801c9e28a0f761cf997a28c9be74a5a420746cb043cc3aa6b000000000e800000000200002000000046c310673c8466549dc10f3ffd37e28932ed5ae72364e5760fe21cfecd757e6d20000000d4eb729167fa10e1d52c9041a59fd697dd0b6b17e1154f718dd431e7b2514d8d40000000aebd41c98699615163df8cc693fef4974b4c11a953048b0fb77ed979be028230d624026219ed97d6bf5d77ab2f9caac74d14e6386db328c4f3fa3e8859b786ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000003eefdad946a08aafb55f51362db91be5775d1b7622d3e2f9919db279165b06cf000000000e8000000002000020000000c81910036d3f589301c9d474dfacbe23a0d4f1f0db1ad90b586f781d6b58572a90000000bb53d6d7b0905590ec26d23293a90d050070205f87f5ff1d0e6a71685ba0409a5937cd536e08a00488058abea0674068921df34ed71bd59052aec80f2644f9f3cd566b6dc9bf10e7ddb15e43df03206e29e1c230af2f00e4f7bc85f78857833641fca08fb48f1cd0e65171588b3b475173195001f9aa021f25e4995819614ac9a6fd6dbba7cb9990fbca3cd8fcc1fbe940000000e4305e1d06b1a613ad901eebccb1fb26cdfcde7f602a711ea87339a1316cfbee059dffdb91171c3fe3cd4d5a128fb20f821a0c05212eb156ab099ada868ebc54	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431094736"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F5C1ED1-65FE-11EF-81BB-526249468C57} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command\ = "%SystemRoot%\\SysWow64\\WScript.exe \"%1\" %*"	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw\ = "icwfile"	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine\ = "VBScript"	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\ = "´ò¿ª(&O)"	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\Shell\Open\Command	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icw	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icwfile\ScriptEngine	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
Token: SeBackupPrivilege	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2564	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	29
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2564 wrote to memory of 2772	2564	cscript.exe	31
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2388 wrote to memory of 2892	2388	c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe	32
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34
PID 2848 wrote to memory of 2668	2848	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c8c78035519220e98b6bd7f5bbc8314d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk06.icw"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Windows\SysWow64\WScript.exe
    "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk06.icw"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2772
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2892

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EditPlus\kk06.icw

Filesize
132B

MD5
e8827bf20ec554f76c1f3600aa9625e0

SHA1
059482bb6d7c305a6ea27f9de13b4d4cd2fca080

SHA256
ad80a854d40aa49d6024a558bdb3ac20fe6476df3c1e9b76b87bd2c782be66d7

SHA512
edf990faf8c3f30fc0ce95456d0e224deb780b9d4ae94af912e85b27e933c92817f5ea35f524481aed79d4bcb9d8ae8749aa831253645722ad316a6eaa126ac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55fe392f2bc3267b25ce44f87997821d

SHA1
869bdb5843d904e67c2d925b7796d4a75cb688d4

SHA256
c5689f50ad33357746febc9444bcdd97e159dafcfadb73827f70fa3288b35734

SHA512
3275620de2211cbd9070502806488385a37cb65c1e5afec01a56c60649fcfcd9b110941d089c4ddddbdaced76918506324e3822b2b12b1ec20d6e4d95657ca4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79b73a46f4e23ceab5adda5bcb9d1bac

SHA1
231e053cf28fcd5c7eee41d152adee356589858a

SHA256
eb7bfb7e750e9753d55a0846c9de965105209539377bce81786534d8835847f4

SHA512
2d0d69f95a525152a074e70ffe1badb84f29f38f37d4b429da870e037abeb251ee976684e6410ca77b5be782972d4293790b6f06308867121af950347c8ee9ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
893f2dc31afa08f9d9e7d944f8fa29da

SHA1
9bbaa286504af57977f92a13c6fc2e7dabc5706f

SHA256
7248bfe955c1ad8bfdae7a8bca07036072d2b15f01df5550e5bdb3f2e2541bc7

SHA512
1f187d03c9eae3a36d72cb9d0e63d3d9d7a346eb69fcf0cba4bc14ef3c729884f2a219f1a1c49245fa7e4bc150552772dbad7286a2349802ab0da86413fff040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba746a474e2f912f3c98e33eec5bab01

SHA1
ec1cf2c0c2d847963d52cbd1a799ee160d372535

SHA256
a19169a6198da416f9e1cdd8923e6218bb80fe8fdf8d583ba1ef2641107d5388

SHA512
a2acf7c8c515c345d8c2e7f8753eaeeb78d999e24f1f24fb345dcb8cb433c8b280da70acda6192c6fb8ee396cfad7b53efda30726b43702e8e2da2d78a38169c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6287ea4e1ff5c2d616de4199b02ca9e

SHA1
217867ec8eab94ba188facffb9716b50fe7d28bc

SHA256
77bd92186c59ab7a8847f5097536f7947c07f2325e0dc7d5a1c3c7876407834d

SHA512
8740d112592d8e83395c49b10fef19408b9116b850cc110f34c651efe187e77094e1765c6a95a70c41125cf64b010d378e7324efbc18906b44d872c7335450b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d18d91143b8efa8ec6764b04033ae903

SHA1
8d7c7d2606d1d39699df349714d389cefe9fa0b5

SHA256
57d1054f2670fb7c657eb8a8de57db0a82c8c20a96b0b87a2e93f3c523c3ae6b

SHA512
fbb1ea6ae0e20e56afec6989fcb95079828c2e558380e608b609546aaf8ca83e4981abd187bfa97491526041b06732a341256d6ecead1847777c4ecde7a6fc85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e1a3a400d8322678e4585f90483ba31

SHA1
19c085c8240dcced4e16c0fa5db67bc8330b3c3c

SHA256
002004841972b1139ccc4d1067c1ff2f044af9e320df6de927f270c45bc5ee41

SHA512
24bac1e79ca0ccbdc51dc864ff88f3e00ff9c4effbedc5bf671eb40d3ac74cb5fadcf3419b37f6f10f2aea33f60ecb4065339f5ef8971eda13b74d1b6d7075e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
592dec434a4b977f29f923e9cd9122a9

SHA1
99ae5ebcabcbc9ad9714a67e8eff18d4cfb68e5f

SHA256
1f57e1cc9849373cb40acc0154e4985ee3ea704cd332144c3773cb46410e9260

SHA512
acca6f6e72c447e006b964da97917adaeaf870bc0daa8244c54d2dda801436ad8e1bcfe3e227dbd66b105e60766368e3a197429fe4b4adf427e16833d3330a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3772a3219db870fc5cd189b757f93e9

SHA1
852dc09da292b78a02f632046594205638e3316e

SHA256
a36f094fa1783783c2186f1040c5340d12134898999a3697f20222d57a82fb50

SHA512
72c333362c8580ef53541c6f5d320096e5f36d89d0d16b635d42f496db298b69db19da34ee72f8a6013caa5f2fa1013bfcf03070dbcbd755d5f6e120d4ff6318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e828f521605c7193f203e2b3844113e

SHA1
27e7610f0db2e27546a776ae9a6d18bc0ac5d8b0

SHA256
328408e4adc22899910aa5f673540ca8721df4a5f1919a4ed29ef25247606fb1

SHA512
853ed45a2c5b9c6a45b5915a92465aed09d57efcace0e78f6e1cea76595043f11da970192c6a5b6562bf1662686e2314b5beb07f897e647fb5ad5df5704468a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709beccc8bf7e3a6a7ab2610250381d6

SHA1
1736bc94e6613f389ba54d9b7c6bb6e9d03ccbab

SHA256
8cd145b301a0a79654ff9924eeb4bba82bf08412d32f77baa818bc9fee5f90d6

SHA512
f720badb0648312acc54bd64e7ddd30c9ec9205e624e1b28c097276ecffe3dd4c7e20c41a65fe9c1318d0c083c7be427f8c7a97aa92e64213a119b01cc95d8e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eecbafb4c876f2cad37e31ca59dd514c

SHA1
bf45cea01056a18cade1630b9d51c68f1eabaff8

SHA256
b218a0e164a70999ebc19efcc68f1f4b5d4bc3fe412841c417af8b766ac4b9ff

SHA512
21d8f75b979cb757c1f9e9711f31d1d88c63f1147418e5e6e4af1fab9549a03574e8feca72a0e2f980558c02dcf7150889b87b31a3cc2a21647887065f981a85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70e2d86a1b5ad223790b138ef9be0877

SHA1
d95f651e3b8d5fe423e99a1b20d8f5656723227c

SHA256
6f91a9ab55b489356d94ecab89eed335802805bac67963f794efd9bbd01dc8c5

SHA512
6340f0236777ede51400599f0bd28c55e5d652654c57a5827317ada1891bd59149ff381416ea2cf927837000278ef694057207ec69bad5cabd18ff79c2eddf58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ad98e5bf7499e1e3ff22ffc352acd55

SHA1
c445cb8d49a5617a69b0b5af051cc7e4c2f93f15

SHA256
809b8abdc7c05fb8bccd5bc76258aedf5196491470db9fa9fceb1391f680a58d

SHA512
f960a7179623a078281db85d783927151daef88056a9145f81e3353006b5bb2daac0f0500e5a8cbf79e4806bd59448fd6768e5273bf6607cdc12635b2f039096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21d93fad316aa3c618f84cbcafb5b8e3

SHA1
4f79c4f3993e0b75038a9515d7c7f03ed3c64ed4

SHA256
8136b4514e5e3aa492bfe119c73a8b5f3c5f1410cc71200bea139c8ae25992e3

SHA512
f68b80aac463daed3c57b1d0ffc9892c2fa885bf64125699be861fff1ccb6d5ac8c3234d3c655064155e478b82652ac1b8de3fdef5beb83d7a8498d92dd5da55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15e8b58bad3488ed7a993c845169473b

SHA1
90173f0093bb18b252ef4f81ee718656fde1edef

SHA256
1bf592ac5fe43fe92266840077f9e0bab42c9d356867c7110afe2680a62ce7f6

SHA512
f46398374aaddf9dd8d8e9a0b5fa27c42e112f1718df90715f2875dd7fd0bcd7b6859d898a81cd964d29ca4e6d4d058d3d6a935967b6dc3ba5c2824ce183d69c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
458d02a4330c3f1788344730298495e7

SHA1
4db7b85172c0c6a998815f3f293d0e127c748816

SHA256
48f94faa89a0404512234d19046b9c00f12cdfce6922283353d5085d7e6c8679

SHA512
b6558acfbe9bc222ab8d6e8ce4ca6e9802d1492bdb8f3d016a7be2206e9b36292346bbea9594cb45b433f1275c87e90e834f068a5cd5569098d6e2eeaafd8255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
237f3e4cc791323163a4e877bf0ffeb5

SHA1
ce8aabd7bf7da51bcfaac63788f08da7bdab3dd1

SHA256
3cdb556d65d80cf443f14e1524abfc840b667741bbefce731625acdbac480df9

SHA512
5e10fe9682672e2ec6d291bd3c4bb4a0c640d368c064830fe80e62b3434499819e840dd37512ddce1591c34dcda354ab08a17a777f00b5cf46ba8219434d1c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c671711f6c249f540b7bf22d544ece87

SHA1
99011ae4280a47372c4a6c3e2254e81fc08839f0

SHA256
2d65d26b46cf2e7f2c85e234d8a36e386def32080b192700506cb48b4922c7d2

SHA512
41ed79306d276de3b73ea1ac8a54cb938f5d1266cc0137ba7dc375eb0c4749ce44d0a6c139ce8bb9c77a1951a97cdcf98dceb6de55a045dc34f1ebde7a7c2aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44d8fda3afbf9762034ca13d9e9ecd9c

SHA1
aff7cd8de54d8e7fe8d6ba277616c084575ead92

SHA256
c42434d38a02fa3342811ceff9076d6bb90a2d3748273726965973bf3f59e5e7

SHA512
c3859e3787782b3191b42e2166477d6b09dceeffba394acb90b7175792bcd19f0d27a98828b61c3e29cf5144c13b00b43e804966bef18f9fa3467f46fe5c0585

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D68.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E47.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk06.icw

Filesize
840B

MD5
1b8c5571fed03370b8d9fa72fa084cf3

SHA1
bbafbed6c8e429debc303687ecebaaa86f1a75ed

SHA256
ee8e833ab214befe3b91c190267f200dbdbcfc3aab92803a52f321aaebda701b

SHA512
5b97de7530c25abc8091b509e4d1e891eb3ac06d7764c56cb69f0baff11c4320bd2ac09f6ba4509c12a1ae3fd4ae07407888ae974b128aba8cdf5046013232f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll

Filesize
80KB

MD5
cdadfa1995ac40ecdd51e83c0d67bf4f

SHA1
aa076ea83d578e4057ff9fd1e7923a497c133e8a

SHA256
56afc62c43b35ede478c5047be22cd8910022baa1d2d18108088009692e6fbd2

SHA512
75d44c6f643ba1711d823de2314734b2618df5408c4f2bc153796489452e73b15f9bff531fe23b0c34fc5259e6846bc399e17b50d2ce3e3f0d90bfc412eec5d9

Download Submit
\Users\Admin\AppData\Local\Temp\nsjFCE6.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsjFCE6.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe

Filesize
44KB

MD5
7c30927884213f4fe91bbe90b591b762

SHA1
65693828963f6b6a5cbea4c9e595e06f85490f6f

SHA256
9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

SHA512
8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

Download Submit