97f58178bfe012b144e17ffe5213b2417e1b3fc85358f89f435c5998aac38360

Analysis

max time kernel
93s
max time network
98s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
Size

884KB
MD5

eacb90a2d5dcbac11d4dd90ad9656f04
SHA1

323073226ea8edae68806e532491ce8e9226dfd9
SHA256

97f58178bfe012b144e17ffe5213b2417e1b3fc85358f89f435c5998aac38360
SHA512

fdfafebc84eaf9de6c16ed0ab1ce90d77b5e880e2129577a4e95fa573e4ed9ca208c660a688d6451543fd4dc855a6ff74f65892fea4b0ab0ba8c794d05f59d49
SSDEEP

24576:Bfx2UnwMAmQApVtJiFEgwP+iVDgoNzf37Xj3dXzBZDWxU:ty5mQ7E3FV8Gzf37XbLZDWxU

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	sethelp.exe

Loads dropped DLL 5 IoCs

pid	Process
2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
2804	sethelp.exe
2804	sethelp.exe
2804	sethelp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\CalendarMaker\Main.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\MASTDET.CPP	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\dm.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Biolife\BIOLIFE.BPR	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Prntext\ABOUT.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\PrnInForm.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Prntext\PRNTEXT.CPP	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\Table2D.bpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\About.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\ABOUT.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\Rep.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\Main.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\About.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\2DTable\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Prnplot\ABOUT.H	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Table2D.dpr	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Envelopes\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\About.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\about.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\About.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\CalendarMaker.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\DM.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\AddrLabs\Main.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\dm.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\about.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\PrnInForm\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Rep.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\About.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\_ci_gentee_	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\Report.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Mastdet\About.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\Report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\Main.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\AddrLabs\Report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\MultiLevelHeader\MultiLevelHeader.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Prntext\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\Report.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\CalendarMaker\CalendarMaker.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Prntext.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB5\AddrLabs\About.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Prntext\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\MultiLevelHeader\Report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Main.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\dm.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\dm.h	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\MultiLevelHeader\MultiLevelHeader.cpp	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\CB6\Prntext\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Prntext\Report.dfm	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\AddrLabs\AddrLabs.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB6\Envelopes\Envelops.res	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File created	C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\Rep.pas	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Ec1Vr2\CB5\Prnplot\README.TXT	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sethelp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXPLORER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000081c1cb8ed4fb83c1220172f458d50c22d060835395567fcf4246d78a05b95c4b000000000e8000000002000020000000a6079800c1141d89466dfec998b774675bf7e4ddfc7e8c3d9e8d49f3eb7cdfdb90000000bbfd5b9aaf0d169121e3cc2bd989571228490bb080259c72e39f31483db5a6bfe913943f2bb692a01fb16e324d94612e15a5d412a556a6b1771166016c96526c967769ec73a3b18462e726abe012f257a8369523d509653d1ec07620f2026cd75d9a224ad2517edffa6dd6e9b7dd62ddf49dd0a248a1bd103537d652c1fcb4c29e5555fa26f3022b9e12fc9ff6cbf0e2400000009ac1334cd462f9f6aff5dd2a9ecbecff7b62b7fba0135b2e2c63a1cf46414604d5718cacd3de20a1d00ca7522444f626dfa5ed1045eecd200c4abc42e0636358	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30190c9f600adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000000fe4230c2295d6fe024b52048fca9a8047281f8fa51f9e34c8b716e6f357c6d4000000000e80000000020000200000002ec6686dbfd27bec776b5c5d4a693fe060aa095683f4861fbca9d491baaeb70620000000bf9e82f0961661d753e6ffc284c0507a55464f59218695cc6cacecc186a29b5e400000008dcc1efe71e5dea3299ab6d5fdee6c6aebdffd5042764d57f6f767143c8a4b7e93cd90fe2cdee43787b0bd93924f4ec8d9e2ff9418edf649a709a6d816f248fc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432890645"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA56C4F1-7653-11EF-A6BB-F2DF7204BD4F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2804	2256	eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe	29
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2804 wrote to memory of 2732	2804	sethelp.exe	30
PID 2540 wrote to memory of 2616	2540	explorer.exe	32
PID 2540 wrote to memory of 2616	2540	explorer.exe	32
PID 2540 wrote to memory of 2616	2540	explorer.exe	32
PID 2616 wrote to memory of 2520	2616	iexplore.exe	33
PID 2616 wrote to memory of 2520	2616	iexplore.exe	33
PID 2616 wrote to memory of 2520	2616	iexplore.exe	33
PID 2616 wrote to memory of 2520	2616	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eacb90a2d5dcbac11d4dd90ad9656f04_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2256
- C:\PROGRA~2\Ec1Vr2\sethelp.exe
  C:\PROGRA~2\Ec1Vr2\sethelp.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Windows\SysWOW64\EXPLORER.EXE
    EXPLORER.EXE C:\Program Files (x86)\Ec1Vr2\readme.htm
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2732

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files (x86)\Ec1Vr2\ReadMe.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Ec1Vr2\addalias.ini

Filesize
59B

MD5
d606321ce7af92eecb9e0e9e5b735ad4

SHA1
b466c07a787cef588f59e3ea180f3acf9671037c

SHA256
85f88dab0de0ad5640854e0e98f972c3376381d9091c3acbf3cb5e14fc1bba25

SHA512
3052ca858064b65bfca58e29ddba77c95cda8ec55c1a61389edc16c41c2ed207c171d98b693b38d572d9d72ba89a64f5c41007c2ac22bda84f2c6d92a6d1f7cc

Download Submit
C:\PROGRA~2\Ec1Vr2\sethelp.ini

Filesize
60B

MD5
2d002ea7e85ba363d27a1715aba80568

SHA1
a0818f0008cb02150424c145a115a71ff8b0e060

SHA256
49a0cb8290fd6ed7f62f8a42e50a59ceb556e62c5386395c4f425d52926230ef

SHA512
3880fe821f2b2b9f1ea44959e0e8934f4f3f88a2d432c3bb0d2df362736a26d567e0347da4dd15368e2bc5f75e2289870834f7eac3079868c6d09fc435ad233b

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\ABOUT.H

Filesize
968B

MD5
f54e36c8d44357ac7a1aba6160ded46e

SHA1
521c986e38e9db4b4e7c53cbb8f56d79115173cf

SHA256
6d0de8d4b914eb9a2920d78da62096acabf7a57da9b939826b6f32bb8b101b14

SHA512
69eb273e7e8cf71ded66238481f788f63e778759d547f60a6474cf54a7bdb05e644e7fdb081ed6a5020da5b949932369d98c7bbdfb6e8deeaf1fc1d77b4186fa

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\About.cpp

Filesize
477B

MD5
26726328b286e76e3f23cba9d96ae9ec

SHA1
a84fe20e5c6c0084ad94bdfab62c2e192ad57edf

SHA256
af2f472c4fdcf8d51a7fd4888847c1adeea667f359f3e2b30b0aceb75949b769

SHA512
cee37d7f8102b62b8d831ec4202d63efa0d81e2012fb048fdcad03917e0547aa120f1dcee06dbfe23685977473662914065ac013fc029252a31caa2c71df4ef9

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB5\Biolife\BIOLIFE.RES

Filesize
876B

MD5
80fb7871c9d0ea5254e6d610380c310b

SHA1
33032b33031c467b1c6fb5e8bbf83342a90d707f

SHA256
7dfccc4fdbd99affa893134229b53cfe942142710cc6326f3c975005e0f9b457

SHA512
be20d6ba5717fab4266b5061e2d527cfbe781818e8b2e1db1411c1df285886c2a4f07aaf36a9d5e8f0f075790e8e44ac06dd66c0d9d925f97995c2cf6ac9c7e1

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\About.dfm

Filesize
11KB

MD5
0deaa1348e0d6ad44108589eb3d83157

SHA1
4e7a4bb855d8f79a63f19760f55aa63b61039f97

SHA256
85dd3bf382265daa5a5e680510e69c51664f2d7e4d1350a877fd78dfd3952b08

SHA512
192d597767d0073f6c8e7478e2c72559f1dc1cab33740634c126bb2fc04dcdc979e8713599d8c41534ef9cfd9489c928a1ccc19a3d1705cdde8b3c330d8844af

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\2DTable\dm.cpp

Filesize
531B

MD5
e0d94901907224fb9dd5376e6300dd62

SHA1
04f41add07b19a7003e78852163db8d382450016

SHA256
8e83655226b6bbfda55f6960dd9b7f83c8ea37361b36b8cadf3d3aedb04b8339

SHA512
4b2d11c16ebcfc63c9a4a4ba0b03ac263ed914da5b784206796bd242a3ea0caf857e88cd46bce349cf45505951bc97616b2d69a601afa0dad1140384827c9009

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\Mastdet\ABOUT.dfm

Filesize
11KB

MD5
910bfa8f16d92bd86d2638098f15f348

SHA1
d65e1a0c27676904f9802e14c09002477d739745

SHA256
1bb070861d7da08cb6342a6e0acc069cc1d46d64c3c80c3e7e8053d0bbedbb86

SHA512
b8b768129c7a5c09a63b0c82d6420cb27cdf8b947d34621089c3edf4b7c56df5eb2a21b1edff6525faf1cbcee93bc6987d97edc049f46534ddd6ea5fcd2eb5a1

Download Submit
C:\Program Files (x86)\Ec1Vr2\CB6\Prnplot\about.dfm

Filesize
11KB

MD5
9ef65ac16af8f6fffa39657e407e6c9a

SHA1
fed637788acb2ddb986ddc8515ea80272c1daaac

SHA256
b91291ba92cfc7ba925727452c0fa57a726f263feb89cb6df1dfb2b299b58952

SHA512
7a0f8b70fc2d3d537e8957d3dbaa5dd8180b4702ba216b6ba84104d33cded2487fe5689cae6b94df844c714ddae7d6851041d6915670c490ffee774933477728

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Main.dfm

Filesize
10KB

MD5
2dbbde3d45f9cfd3b6ee8980980f1fe4

SHA1
2ab9e23d5eef34b87742ea210ebbf9ae7eb3b382

SHA256
5ea7119cb455578fec469dc97cf82421e37f3efb15fcb521e8c46ed68724c74e

SHA512
8d0db676a4dca99b6cace5f28071b36dee9fa2bdecce683f07ada6c7764c07f015a8c5b3190cad471d53175c88d51002205f83667e932ee315fa1fb63cca9e09

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\README.TXT

Filesize
565B

MD5
636b8d36bc13ed4e20171d0190d5a510

SHA1
3d174521bc4fed17cdbfb0d723dd5d6ec042750b

SHA256
65c18fcee70c19a3fa079fd35ed94f02a9d452029d46ebf0416e205567b7670b

SHA512
7cdc91b95a76f961a7e32c95afbfe01dc84c262ffb82f275ba29fd201608086dc2bbd8cb0f3a00fa8eedd9014f80275ea5261276dcfbf750255851843e0abe2f

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\2DTable\Rep.dfm

Filesize
5KB

MD5
8a0f889788b8232e5d59ab34a161187e

SHA1
0cfa4f7afc647c7ae28753dc0a2f04cb4390f25a

SHA256
c5ffbee61929115805fcc38332c2342f20bcfc0f179f727dc1b6e22cd3de2b57

SHA512
73ac72658cb20788a1ad851a89a075a2a6d99b782b4ef1b53da78f97f054558778c986a7251a549528223ffaadefe68415d26fbe066b3ea3da4902935935e995

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\About.dfm

Filesize
11KB

MD5
b359e1399706f099de38b9db798b3d81

SHA1
f4587d3141f3649cd92176265413d8b99874fc4e

SHA256
636f12cc417fffe801d35f04aed3028bf317ee28105e7aa40947375af41a0198

SHA512
8cfec2667ce9de6d021778f67ae882218147d5b77dd4a585f691be4ba2606544f5e5ffabe6b5bf4f4e4dc50a4284785f0d3eaffa9b25769c5304a82c70ea64ff

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\README.TXT

Filesize
529B

MD5
44266472a06f19d22d4772b283b3c419

SHA1
b95b2f56ff0fdf7fe794a11c17f8f6907625a37e

SHA256
9938172311e84d38d6388b2f9da7f0d9892ae4750b55642a3fa8659430bbadbb

SHA512
cda64ae3fb4aeb1a94d456aa0cda9bc2c567eb5061f64afe6652dab9fbfe2aa588df8dda8ffa294ef9348883a88e953bcf872eacb20534c20e3b6f1f54f0deac

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\AddrLabs\Rep.dfm

Filesize
4KB

MD5
0f18999bba49fd4ae998bda04ffc5d2d

SHA1
4a730b7aa4fe6ed9fcd4e3ec117cf6e07a8a43d0

SHA256
2f46850c1031ddd5709c8a1285184974e6bca25ac6ac3a581de25c4b808d2929

SHA512
cb8cb1a21525964668c7240ee0ba87b69ea4fe0aa404f0bb377157cd157447e71623b01fd00cb9d93a82c68154b94718f083e060e2a6337b72f8bbfccd78c940

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.dfm

Filesize
11KB

MD5
0ee5dd70c8058d412bdeae519eb0391b

SHA1
053899d94a73d358a573990383844d21c19c64ca

SHA256
6243b856c625ea76451ff9d2ec5cd9384b68812e10321b9557436d7a6c1bdb97

SHA512
6df5560fd421f4b89e32af9498a2516fa29d054fa1cdb3d418ffef085c16625d21b0edf4a6b4d49098906c32ceb8e2a728199e6dba8b66baedd523586d07f9d0

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\About.pas

Filesize
450B

MD5
7c54d094199ab373fd893b2708a12746

SHA1
fa8039205447792e2e07f263f74c90f318da50c4

SHA256
20e1e2bd8bb5848c475f3cc9da0b0b5ccc514ae4036719047d352d35a7f70327

SHA512
cfd07a97fe7a57f8b79229618b7a07cdefb0f8437bd525f260cfb2a0147b3f35002053dbedb52ff06ad3877e122e3a6511c72b77a10ad73cc36cfdd74a560f1d

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Biolife.res

Filesize
1KB

MD5
c4a1e1fec40451f65e347b6dc5a26d98

SHA1
f0f327ba0bc88976d9d81fc8f571db7665372cb1

SHA256
1ebe807b9f1cc705ede0130d112a712718b37b14bdaa7f44b71282657b92b6fe

SHA512
675faf9d9d97705ca1e86e4980f6654b41c4a3031661b451eed7a13f5da9ed0c39ac33e6d615a80436f89e7b386b6d07d1636ec4f4e51265130a46b25009ef32

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Main.dfm

Filesize
10KB

MD5
1ab09d7fc67689a4035ba3b5bdabf69f

SHA1
40a5b580bbc0f775ebad15cc804db08f58917a7b

SHA256
6b75b0da2d4242a4599b5c6a2dea1c69a54e6d488464cd323839305c692849ba

SHA512
089dde1156336478eac5e146f7be817105a8ba81b1c75fb004f5a9716da247e2aa40202478cabe77323a05231bf676949fb182930022189c7db15aae4e70d5ca

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\README.TXT

Filesize
628B

MD5
37c60d69675bbb97c4b67c10eafb80e5

SHA1
9aac9296ed58f84c8796f9b6955a30bbd783193b

SHA256
92ef35235be9f1af4089e3aff7f4c9940b6edc5d3efd928841558b61e274bd8b

SHA512
292f2cee593b6d5dd6c2fc285b77f83a2d7477c09723e8feb278160204017ba298fd3989feb2cfc62f63dcc72262b421a6e26e9a386e2b1df08189aa1eb381a9

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Biolife\Rep.dfm

Filesize
11KB

MD5
5751cb9ba04a8df18d5c0b6f8eb664fb

SHA1
b166eab64f504397e87f1c33623100459810b7d5

SHA256
69b0d009abaa91489b1c4fccfde07a734c3f44e6246a351583c2149959549fab

SHA512
5fd24414d3ae691e0c2ae3001389d2f657d741ef5a8f9194331b41c62487fe4721d8e73f550c7aa57570a3bd64eb3f1d6021a8493b3e1a2a3841fb0e9c7201fe

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\CalendarMaker\README.TXT

Filesize
772B

MD5
6bb02316485e84f9ef652a82524dffd1

SHA1
000bf6670be555c6e8e7a3990481e581a30cbc02

SHA256
08ed01dd69f830bcb5c7131f595a08a7cd61a286d51408ac92d157184773aa30

SHA512
e13e83300c98ce0b54fcbb187caf41f57cb0400df0f8d0ade932f2c9880353e3f0673cfbcd8133a3e99a4a75f7df86cc0ac197e83e724da048e56819a2dda342

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\About.dfm

Filesize
11KB

MD5
5e6a3aec63351018f1165d3d10f1987d

SHA1
1ade013d074a6951a44bed157d4343f71ed6fd47

SHA256
738571fec15daaf5b4384623b37f21be2867ee33830c29d1a95ae5b6d562a0f8

SHA512
572e439d60cd33037d6077e51851e6d9e65b0efa1de7ac6b0c06b474eea948b3356f2d7bec33594e4f1d05d8a863d93a1e6351a22e07abcaad528fe90ef3e7d6

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\README.TXT

Filesize
568B

MD5
e6fe7414adf8ca74999c9a5b9205e8cc

SHA1
308e4f8c915f45c6aee87c66726f5b0dd1fc9250

SHA256
0bd0dfb0b246ecaff96e6abc7e9c036d2c93bf1c89a8766d9450a07f3b1b171e

SHA512
580ca864daf8c194b69f446a4f78098f70688a4f3ee70267f7b05ef636f7745e386c852d919caf9c7199295d00367aa51c0621848c9ad3c02d62847c7e84c46b

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Envelopes\Rep.dfm

Filesize
5KB

MD5
fea2c7554450c5099f2657c233c8d2bc

SHA1
7290ca48e9742edd3795184bae485f2082e60d2a

SHA256
ef7386cef5582cd8a163d35e44e5d292fec2adc31a307bd4f3474eec9dad93fd

SHA512
69a948ad3f3a1325260ac00855020e3b38a0666416a5c04ddda103f48134e3d6bd8ffa122bfc7f3520d3704908b7650693b3f7ad9edc83fd8b7514abbc02f0c5

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Mastdet\README.TXT

Filesize
671B

MD5
62ffec0325540bd5c926e7c1d48f4469

SHA1
29a6d97e816adf0695f765b70697c43d84f2f1c3

SHA256
74154bad7f785e8d98dc1d8982bbfee5788b9e65278d5e2383cea57dc62c14fd

SHA512
453074149d4fb5a6ff9613ff894aca0cf3b82a417d4b266ceeadd4a6ff9bf68292473140a3a5b1505d55ccf914d5a332d2648ef56898395cc8075e0a572013e6

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\About.dfm

Filesize
11KB

MD5
7d8413a700283571be6ca585f38650cf

SHA1
189aadd666b5f50b55ecd2e65bf7be024704ff73

SHA256
45add276c5a718bb9b8e9c31d86868e6d0fdf9c0d6c459dd0280ec45c3340ed7

SHA512
8d99a46518d2bfee8978e24c8d25de628a0a795f41c75d7b6770141167369876384563b05cfc98a97115f5d19a9dc6e251526894ee005744b04412f1e44fe4c7

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\Main.dfm

Filesize
11KB

MD5
5196eb567196e97bf903ae26985dbc1a

SHA1
485954ab314bd2c0309dca0cb467742346ba7e35

SHA256
5dcb10463e257c4655b42e923a00c5b6ce8f4fb09a8aa81e16b6a8ab3ad86f31

SHA512
5f18b82e954cd242e6c720d83931eb07c530d4547633d0d519b1844b0bd641b678ea33f44b6510319eebad91a2e45c0abdb23513e4f025da920d9dfe088ed7e2

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\README.TXT

Filesize
547B

MD5
3109b5c7590d103342962c1fc324ac09

SHA1
b15c7717f079c36b19ff34f093f761c22469844c

SHA256
1dc80191ef94381dfdabe66709c8b83e14f4ae240fcfb18a57b6df064e733060

SHA512
00ee2193730dcdcd0bbf4798caf59d728317c10b0df2190a41463475b8431833094780b6c5746bcbca814a0a16b48cb9a4213a66383d182c28b96794226c34bf

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\MultiLevelHeader\Rep.dfm

Filesize
14KB

MD5
f3e7ce6ae48e6bd1311d90e2b36275be

SHA1
6f20475a4da0a7b9fb3a1b513219a34c830c25ba

SHA256
ccb842d3259f1aca6459e8b43f7e73ac388d7c7b5490700a477a8f4a3c8f250c

SHA512
64bb0a935d7e1e4012a1b03cee310600224f346106d40feb0a5df2dcafb6d4853daa96b77d6bfb7d904d857b67be1c463700dafa5bf2dbad44099c15d7f8c637

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\Main.dfm

Filesize
9KB

MD5
b0c1b95ee12e05006b344bb6fc4983c6

SHA1
71ea8ea7e4092c2a81607fb6d9a159ed6a6dcb4d

SHA256
7d3fd6c849b8510d47edc3f420e2556aef45560647cd3ac72fd091909a87e1aa

SHA512
74118c3ce2f84a870f49cf661c7dad1e88e0fdffe22cf64c7508272cf6e8b20915d95cff1d270c4cb087b7249a378bf270f5c47bef7e46773a7c1cb9c3e82a91

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\README.TXT

Filesize
606B

MD5
77b18a849cb5c632f05b157de5068314

SHA1
c03b2b21f5d9267bddaf158a7e7fa08c02b20ef0

SHA256
da6098aada3ee557b24eb13d42e34bf2f917c395190e5e2b03df72b69e969356

SHA512
adb61c92d9e71d1de8c0b638d1045f8fbe84877e0dada37d2d580e843fd7bd0ab2dd7c2528cdeb1b60736edf02b50bd9d07d1d6532bce1eca6513b2cdbdde7af

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\PrnInForm\Rep.dfm

Filesize
60KB

MD5
ebb0e422ee47fb243bc4851cfb0da49b

SHA1
9bc580ad1cda82500de43906b6167c1e1bcc5ae8

SHA256
fd1a5f00555f39621c13d2379df15763a66b60931ee89f9ca85adf0df6619d83

SHA512
54ed9d85c274067347094500d95a71c144a4306c4955cb6b592dde8379510f45e8103f3eac6ee33a63c9bfc995e57473e290822f34ac8cdc22cade990d08b2b7

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Main.dfm

Filesize
9KB

MD5
89962c5845bb2692b4b138ad2507c763

SHA1
bfe28e9d0cdc98c1314603f959f3fcd322abbc79

SHA256
d92a0f75b5e8265f118bac7f4418276bc85e5de667799a3b8a7c6fe17af5a09e

SHA512
5d317f120d52ad09aeed47461e020ae3552baf020479899e1ed377c650d5a42b187554ae37b6540a1b01a148cee913f3db089599214f6f4ecc662f14cf7a4773

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\README.TXT

Filesize
514B

MD5
a3ce61db9d113a60e3da29b345d42dd3

SHA1
e42ed60d33635076b29ed21e7056faf05b54ada4

SHA256
e5b62ff0ea6e206e1f448e9de7c2e300252c8e22b4bab995d067746c06cb08db

SHA512
02e2d9138b481f8402bf7571ce9c841d18a4cd1d4956405d710650b4c7759d6781a938007c2f861eb7caf9ccb8d0de79bcca79ec90867065cce6686744419f13

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prnplot\Rep.dfm

Filesize
12KB

MD5
0c839796edd44fd53885219f583a7cfb

SHA1
b80ce1214eb109a1900507fbcb10fa06dc3ec237

SHA256
d18c0c7f7b43c1388179c23e471c212ceb2fe5ce564f573175356f93c7ecdad6

SHA512
1fe51ee25ada665b3c41d8384bc9fc7fa48092f6305d0e7f80b007650e74feffdd2559a36f70b040ae759b89dd14bfda2a17828a4ab6531ceb3ebb023d87f353

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Main.dfm

Filesize
10KB

MD5
e6dfb8e3ae855623512727631e284570

SHA1
c372d98d328a824904913e97ba01af1a117b3e69

SHA256
1b1dc9c4e8178ee53f8617ab0e3b5c1dd777a10391b2425a9ffe91a8fed59e4e

SHA512
971d992f4a149afbf4c1205a1047b15c846667b37a4b6e0c06c9c74e7d55d936ce38c16a44a8ee76fad2e091d929446ffa4d823bf0ee79a4cb0810df8504f503

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\README.TXT

Filesize
530B

MD5
71d6225c27f5f02f6459f83d60a984b1

SHA1
86b4c919c48454cdaefabbda44b71061cc322a37

SHA256
c032bc7741d7825dc34c19829796671573236ff9a5c43c32a36d0bb9f1190c22

SHA512
4b86e010ea6fd2b5f65fd5ef0567a185628c91ed75a90a958cfb4eaf4961a01b515c7f20acdd5b02bea25dae7693b59cde52c0b19b7cc0d45b3ac73da4feefee

Download Submit
C:\Program Files (x86)\Ec1Vr2\Delphi\Prntext\Rep.dfm

Filesize
3KB

MD5
f6e03e70e99b7c1e2b538c10d008f4a5

SHA1
f8ccd90f7ef4094d7ae64ff7000a96cfa251d667

SHA256
f09c6412f08824b4e2880394e064784512815d741db5a40b6db91274bb8b043a

SHA512
ba7b1d903856627f5c91af96d1a71d2ce429fc413cb87224626f0a503ce235443898ba20839106ab3eaf49293c5f09fc15a7a90cb7aa7d03960caca1081c20f2

Download Submit
C:\Program Files (x86)\Ec1Vr2\ReadMe.htm

Filesize
5KB

MD5
f4fdb04f34472f36150558ab12eddc30

SHA1
8351313e3066f32635ff7b9f8dfcdc46aa0a40a6

SHA256
cb9ddf78dc320b9887697d3648f63c6102d24035ddaac1edda49ca203ee38f8d

SHA512
d75f0d419f84fdfc0e15dc96f09cae8034ffdcc63481a90a305732a4556d6312cce5c58f4d49be833f45468c87f1c008a3eabd9a6d3e224571d1cf70c1009aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f878ff068698fcf6678d53d51319a9a2

SHA1
0537c9f320574ca8d860a47a46483bae87bebb0e

SHA256
ca4b63805dc5aa939e300a28e385631c65e5316d9eb465ed78aa23466295efb0

SHA512
616d36c6e97d1dbf8169785385b358fa0d6574788b6ff724f1fcba29947800722ec74ee50eb73f9eb08dad186ec42064516b43af9dfebdd0197e592492c83aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7296a2568f0fa66805d23af3603191fa

SHA1
63a862a5cb7d7dda952b61344e65400f3805f387

SHA256
e771ff9007e2286675dbc59bf2f8144448b3720f6be680caf56758908f2dfc68

SHA512
d43ed8892a245e3816fe2d071a7a29dc5bae3748b5c4bd8f2ed78b61cc9f1da46e3daefd2fad2a374bfeaac65561c8c00360add1c4fce61f3e147c600a28f730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d6ff1218b58c3030b5b60765f5880c1

SHA1
1e69ee9aef20aa8af3c9ed8773ee1c0371677881

SHA256
62dd23205d42fd5ad73cae291717dfd886783a60189585c40400d6addcbdd76e

SHA512
455f9980bfa2d40163af62856e7dd61a14bffdbd475a0f260c2e8bd038dfd67e5f53502cbd7020c6c58af464c2eb82743c9b5c18cf877b96c1c7fa94b721d4cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f5e988c0bd723d91a5c655a8b40fa2

SHA1
883c65ba10c327b080402a42cc41639ee606845d

SHA256
26c12717d4122a29c12fdb99e45aaf4b1df50b99b97e4008fbdc2b4bd8500578

SHA512
2f3f20aa5ebe4f74a0f078c151cd4e74a6827499716bd6795ca857b933466eb8feeb06e3d55bf5e091c212640c1b1e4f5e001895759d0c1b3825bc3b05d95d4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a798388bfc14fc12889627c4d73487a

SHA1
ce957ad1e0bd0c406326e15a3a69c54c87fa6d7c

SHA256
32fabcc7db28a46e0df87d5db450fd898c5ea1fd060059951b8604a2830aa13b

SHA512
6742b23a8ab672965cacabb234cde19d4ff5683a61b81243ac41d499f4dae9ffaedc6dd49a792354fc3434c938c3ecdb9d2bea2dff544c023b4b2f1638b8d315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4168c729433be81674770facd700581

SHA1
e92fd28ee87ea1b778f6c2075d33e04da77b66d9

SHA256
63637071155c3d97917fa62bc795ea9edd2e9b91e1f420fb67daeb6ed0aade9a

SHA512
e57ed48d7cb7d9557098631dff9486d31667652359385ad7d58e4629512013ef889ebd6f31f106e7d046e1f78651d40ecfcf70ad5d479e99fb94ba703089720e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50936208d1cfc1f345c77118f8578ec2

SHA1
e2c90c92ddb51900f309e6e1f3c8cb6d68714238

SHA256
0be47990957564244eda3c4c421c0d28e149785e59341a0f67a906b6181fc09c

SHA512
70bd20f8eae45fa9707763e87ed55db54c434ed36a6bc044397f578d596365138e80054217edef9d67d58597eecdd156fccd598841092cb0b55b1a3e2198dce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac0f4cba1ec8d6be5ab00a560b96e7e2

SHA1
fe510f28f33341d6e17855832034212047c1c462

SHA256
0914b9ef6d58573aa44cf653b5c74f443c5749fa7af2978c05ec5e64d00f6495

SHA512
839009b6ce5c5e23d59601bee1a552bd1d96a03487b8103f2d41791b2a94334b22e888e303e25ebb9d8dd6acdf03e81dca99da30df0bd3ac5dcce50d5c747783

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5521a6fc6966f9aca9fb86cacfa0413e

SHA1
e542875f65a201101b719d46f699564a9d3721a2

SHA256
f849cb5b662876209188ba7997643514483fd0da3d7150b8f3b98d70bd257a03

SHA512
d990f7e5d369162e375939cbedac1f56d57b0c54578af701d80c637ec2ce1b3bb8f045d4716f7f5b0d6f4ddc292fe938a00a9c0017b8902fdead7b7e75a8eb9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43ee52f13db85854131609375d44bc2b

SHA1
19e42219724716d0fef6a9b543ac9fbcbcc44456

SHA256
901b431822d6de95ed50e6eb52eed955925e5b4268f5e1706ff12a7f4a3e375c

SHA512
5101e8672dfb966fb94ad150b7d1ea2134c8022028e044a8dedb7da2c5217eabd9a3d09f221d753949fb75ca69a3358be1096ca842d2b0f56ec238cae8112a8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dd0ca4491b61efa8a84ec114531ebfe

SHA1
068be37096d3ee007ba1238a21baca7414d1f99f

SHA256
21e783b0c064f4ccd0a035174ea16460c0d520d4f99ad6e8c8b640f32a57b147

SHA512
4d451de86b0f87f1c0fad1b7a82abe8a6f8af1b3b8437030882254b7d62d27470e54746cdb1564571ee0d2e4f6b4e7f5eb37107a8335b2f5cb290e73d0cb0974

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab85E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar86C3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\temp\License.txt

Filesize
580B

MD5
a601cac3942f65f260ed053491460225

SHA1
cc6d1b2693ec9514e59315759e7089b9649cb8d9

SHA256
1d4149efe65294b4ace63e426da9c4c9af94b92c34ee7e86f52fa7cba2038a72

SHA512
aa5bcf4bad5e9c8193b555f28fe65669e3ac137241e5fe7c76c603509748123d166a048a93a09d17406cf1e51b3822a643ba81fd63aea42e0a22889665e6b1bc

Download Submit
C:\temp\VR.BMP

Filesize
10KB

MD5
449c3cc681c8c52806c42640d7f7a82a

SHA1
6e8aaa77799873c63592264e5af49d5ea944029c

SHA256
adb8aee628b0da5e93f649024faf6c5657ed3aa544be2e35ca41404d0a887c0b

SHA512
bbb1bde6900ec956393cc17d47cbaab1e6dcccf913351c6ae69e7b823b160e7511dfbeba4a984c8326c77e29a8c3027d04d78af8cb6668b1d17926b0b2dd5322

Download Submit
\PROGRA~2\Ec1Vr2\Sethelp.exe

Filesize
199KB

MD5
c3ea6fd6c7582fff36dff4cf7bc7bccf

SHA1
17a1143e61792b83a207ff4237afc2d51c19001c

SHA256
b414a3e2f7a08a22bb335d7a41d8d37152edf0df60448aa4b7c163f3f7cdf190

SHA512
7f4ef95f44669de592d080b32da1f2c7a4278f4ce7b1ef3c2486c399f97ee982efdd5ef748bbe3096d030bef504f84843fcd1a3e2d90504ec501fa07b0780850

Download Submit
memory/2256-11-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2804-1240-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2804-1058-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download