cc1c8856cdc7850177842a0fbbdcc29ee7ae84a9901ff3692be114f56557dc23

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57421e130fe58a717d447de324692916_JaffaCakes118.exe
Size

543KB
MD5

57421e130fe58a717d447de324692916
SHA1

070ed8f6759bc977e7c868ee3c88d61bc33592c9
SHA256

cc1c8856cdc7850177842a0fbbdcc29ee7ae84a9901ff3692be114f56557dc23
SHA512

246c50031dab117117be2509c8f07a9737ca67afff9d230e5864bfa83e34423be41d6e09a92e1e119a64abe28866b05878ced31da6e0c16a1c35e00048c5612c
SSDEEP

12288:022aKZXmy9/F04PXK5SUbPxpljffHAHKeIzScCFOND7n2cNK2:0Bv2y9/FHPXISUvlDfHFGcXND72cNf

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2096	nbfile0.exe
2820	nbfile1.exe

Loads dropped DLL 7 IoCs

pid	Process
2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe
2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe
2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe
2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe
2820	nbfile1.exe
2820	nbfile1.exe
2820	nbfile1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	57421e130fe58a717d447de324692916_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbfile0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbfile1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x0008000000019438-15.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00077a415321db01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000a1636c2b36b65fc6d900c8b6c1fc83280786decdcce23f6b74b9db02824e92b6000000000e80000000020000200000004b2b756acff7856b9dd58b23d8c3ca8532f6c3d1f4b107025401be30c6a3f8ac90000000106b3e938caab581c3278eee70c7ce48f6e737b06bc5ad4a53638ccb75879fa253286cdfcb2002cbbff2a9e2ae170b245233c8005ea795d1254a3d65f25a99c6fe156cb30ecb7969d2e7d95a3b1c1985a134a630edea978efdc3817ce0f8a519a7aee04f612dccd39fc1f473af18b718e0f9c47a88be3880468d5b2cca17bf63320a1e391177de9616dd7279669600734000000004c27d5e5619a2ab99b4fd6a91f178e989d93e196cf1eb0fd2b6f6fcb718ae48f46febcdcebe93e2f988b11fdfe40eead11383b510600ea93fef8091cb5bfbb9	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68A61261-8D46-11EF-9FA9-EA7747D117E6} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d9361feb59aecd023e0cb1eae2a0c604d06cebefd75f34c836a3b975546bcb91000000000e80000000020000200000007115eb547b16b28d65271d448d9c869798df6b5acd685bbe28cad62099946ba22000000055490330c51abd8c71d1786cf035b7b440023b1ca0caa486f002721edf130a78400000007e15120fd450df1f644e2696dcf239e56c1457d6a181893309e87631d8d047dabf9d02ed8a1cf77275583bb87cd96bc42ce499767f596bed3eb35fa8754fa358	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435413769"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2336	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2096	nbfile0.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2096	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	31
PID 2208 wrote to memory of 2096	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	31
PID 2208 wrote to memory of 2096	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	31
PID 2208 wrote to memory of 2096	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	31
PID 2096 wrote to memory of 2336	2096	nbfile0.exe	32
PID 2096 wrote to memory of 2336	2096	nbfile0.exe	32
PID 2096 wrote to memory of 2336	2096	nbfile0.exe	32
PID 2096 wrote to memory of 2336	2096	nbfile0.exe	32
PID 2336 wrote to memory of 2264	2336	IEXPLORE.EXE	33
PID 2336 wrote to memory of 2264	2336	IEXPLORE.EXE	33
PID 2336 wrote to memory of 2264	2336	IEXPLORE.EXE	33
PID 2336 wrote to memory of 2264	2336	IEXPLORE.EXE	33
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2208 wrote to memory of 2820	2208	57421e130fe58a717d447de324692916_JaffaCakes118.exe	34
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2720	2820	nbfile1.exe	35
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36
PID 2820 wrote to memory of 2788	2820	nbfile1.exe	36

C:\Users\Admin\AppData\Local\Temp\57421e130fe58a717d447de324692916_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\57421e130fe58a717d447de324692916_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
  C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2264
- C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
  C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\1.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7df69d15e9a472abcbaefe9dde4f2f71

SHA1
a9b4542a891e820aa0742d703a0021963fc801cf

SHA256
ea0800043f0620323916d7e79fa5d8c24f0bc39f79971de1c93b89b05d61e3c9

SHA512
3fb06f9380cc7f1c82302ac9706f4d757effdce0def5d98938d3e600facc4afce853da9a7011cfad674230b96c38652ad231a9d3e413af36415d746a835fff88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ff5d11ef842511e8a92a159bcdda688

SHA1
fe75ba36b9423d8e6edab9d996bf915156734d9c

SHA256
4a39722b02076b81e91ccfc296e52350b309185c2c67759c3aab8dba777228c6

SHA512
e97f9d11b3ecbdcbaec077ff34d6df827f7a33478df02881bbf5ef0c0ef3e9760612096fb04ee0daa9ec5a0f48665b7137c2d4b166994de4301b7d601c034902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8029e7309d6120c4f8dc3045b3e2f8f

SHA1
aaf0a907d9c4e66ed068fb3f7b8278c398072869

SHA256
ca7d2e5224597ef04ae4f3c02e454da48b5760033b09c896e676fb5ca9dcb3ed

SHA512
4c1ddc02b810ed5336f0bee3c1510f2e3dd844a30ba858ac5f14b93597cc1dd799b6acc6faca3d404b4b67661b64bd53ce3738bf627409a0d094bc1a00214190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be344c20fd3285185e8a9b670d9b50fa

SHA1
f9449c66b8b827511d590aaacfcc2df8d6aa2a26

SHA256
6373eb2352770b4903c693677bf351e77376baa1066f9e5394b0b6ffb298bba8

SHA512
accbe45f90e1913e1d32a7b55c113654696a3934339f9f748ffba4bf5fcad57195aa58d4efb1b7b885e7d0a6e5b569efe4275b74e3a25700b65e1fe3af50c556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
578bd270c5652d73c1da653225453463

SHA1
82ac14be9543dea2dfaee1732ab521ec8de933cb

SHA256
70092606ef60c1f819a082fb0254096645b1d1cc5d6c807823d502def8c8c2a8

SHA512
b8daa7a95cf88552b4b4bacf7f54bd01534bce015b2af37540cac249078bd5a5388db014818892071318fb64bb16818d27b8115f9e985e9597355b69f45c055c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ee19d303d3f633afaf3691668f42a5b

SHA1
1c8ff3a5e957f0bc1583b5770589955765f5c15d

SHA256
76c8ecae5c9fc46bb05eb3bdcf6748db2c26c30c5a04f630407cade2c0ee38cc

SHA512
52f98e7bc43f07c49e53f8220739786b3ad067e41a26eedecc74f9ff017fd4d3f50903d3576d208dfd5f00bd62b11a3a9d5fa5c121678f02b50537f6cb788f86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a48e5cfd586989ee6190233e350bddfc

SHA1
6f9f3bc971d1bc80fa21a85f039de9f798d89664

SHA256
c0909bf049097ca0d91c3eed36244d5ff55d3d16632a93f3791ceb3f6eab7f58

SHA512
5ab79b6d2b019806ca826ffe7925ab3905d9f067e555fa27d7b6b7708f5749ede5481c0826a1bd4916ee7c3db2844dcdf41ea3fde800fa7d080ec8144f2a4899

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c2cd4a4d797ebafcb3c0b0f0a05ea2e

SHA1
c27bf1099ec127d584a257ae993a597ddd6191b1

SHA256
b81a612962f9cfd1355160105b29b247549591026a09506ed9ec03ab33b6e233

SHA512
9a8cff2a861b22dd00c1fe24de8bbb8ca68d569c3cf39ea66cdebc8c53fb047c21854c94f9465c45beb16c2e83788fa46e0ef993ad8c76ef3e596876ed3a3ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17df842e758bfb953d3ae4b4e09c8c18

SHA1
1b8756c8706ddbb02dfaa567a8e1efa3b9d080b5

SHA256
052291fbcb847f463fa90b44e02762e65bf42f52c6eedb08f953c060fd280126

SHA512
67abe67cbe033da8a06619e5e6e572b58d73b515f27a44a2a5900e52041ac738303f6952b3dfe87d885e5f5b976c172dc1530b3eb2d17b03dd71f8917467bf62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54b801e8e96dd17b9b3e9796822c051b

SHA1
305983eff33198b4956d92caa54c41e4426ce97c

SHA256
6e416dc08ce6adc315d6a4fab661276b8d5fc707d1205f844767e3be0eb37b37

SHA512
26b5296b80dc67c645d871cfd0e38e14329845904e62eeeccf130ee2759942f960462dc535045f67144f19667dce4b32769b55dc32c7b3c260892cf364a88393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7724282aaef289a335afc79b097563a3

SHA1
ef6756d45b33bd32f457b9ca55b7777e5617674e

SHA256
4c4644075f7ce4b36738d59a2f6911b8011e7b6a4646f1682be73083fe79b3d2

SHA512
67a9a201106ecbb68e87553494e5d9f0bad5fcb9c35aa08fcacdd48b198751d1d2ae78a924a4683433de75d53a883091798ae9171e7d04ca90568a174922749c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9698d9da41e567d3e44009032e63f3b

SHA1
58ee18d94cd332ad4d4a483bd66304ecb62fe711

SHA256
361f21a8eb15f08b3d8683a0d99e28abd769035805ebdf3ab86b63dfcd3739f9

SHA512
47036fc40949137acea8617b18c65a04f5f64a94a69edd49cef74b882b7e15e4200974761eada1fdeddae53347f2c0105761180f0b4953178fbd58a3dca45592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ccc5811bba5cfd0294f472b2890cab

SHA1
f7721a29e6bc8a20638c14bc36270172869588ad

SHA256
a9e11216a19041867162147f6185733306f4bdb99f7e1f4453932a668dfa2cb0

SHA512
c56b77f145002e5c47160bbad4560df42b7634facafd03e937916bef43818342461b23993a880c7f6b94bce08890fd25384c2a8e944b583e13d05831d2fe7db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d0ee950af9214f1f55af091669b63e4

SHA1
e2579d00235b632e2b236980bbe0622615126cd5

SHA256
ff4bb3143fdeeebe5ff3088aa843fb51cf6ad76eb50f528fd819237780608b2f

SHA512
b99876b08a858b82870178b168b77d6fdd3efaba05451c315f3e8046082603decd256b140c4736dec5f687e8a404ee9006f301077308729e0382e8316f58a87d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2540749cf6bd607cc3a270d4fa21d507

SHA1
71f95ffdfe2b8065b341305dcedcfcda8c6c9930

SHA256
a36254be4f5183b9552864e07a668e74b83ca451d5e5680ba2b0867b2a9f9e03

SHA512
d3c0690326e37ad5dba50937a25e385647002449bda814682d883850a8f67ae5f9d5134ec773da78dd10ffb6a3362cff1bcd732e0d2f1e9a10f3cad0a59095dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b19b0f21e50d2b522a1ba7d8698f54a6

SHA1
4527371bb307bef13ca7d379fc62b007ef7b8dde

SHA256
4c3a833b3ad67f22cdb2adbf66207416f49f86dda96bb9e6ddf67550bad65f5e

SHA512
5c7cbe95d30b82e44a6a34dc318aea521eabeff7a777354d2a2ce046e06cf4ac268884d8a1d071f6e469d4e9c9f394b2b61867289bb2acf9b91cebcd911f8458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e00e51e3ec7935b9806fb1c4a38881

SHA1
f7af88b5a3883643a37ff5d8d211720001c366aa

SHA256
8c984877aa74bbf9a0e7bcd5a28064e616a4a630bb93f1ba02b479aa4edf2324

SHA512
d78a4e7de7d06e6d202eb8dabcac28aa20c14ce3c9484e83ad3abc597b08c7f10e2cf53107547a32a08dcfaa9992c05d4e7c61e349b43846d0914c57e663ff3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a52a9081df599b3ff08b1af32950b76

SHA1
b4057d381aa019f162d3a8ed316790f65aa05727

SHA256
74f533bea6eccd907cc1a3972582c9a03083f7876be5eab6d120c9b79390a721

SHA512
b31901186afaa818ef008c6b231d971f5cd0692c1307c52a4d5e784269bccbb7980fb4c1a1df1ceec7c45719b61fb8e796e341650f5ea6dbb30a75cef5f64b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB79.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC37.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nbfile0.exe

Filesize
463KB

MD5
78f16f393670993cc6ab4253073a7cb9

SHA1
642e1520236f86841eb14776e69608a71c7aecf5

SHA256
244fd86a6b4ce10c08a173b70ede0274a1e43d0a48e35c2a7151cfcfc79372c8

SHA512
c81c3b931e974ef9adf131132a31c7b19b674ab3130ee5ee828fa59d635c821d2fce2be8e6f463f7174713070ab332acdebeeaee1c9d374001e7e0dc7b9b5686

Download Submit
C:\newsetup.vbs

Filesize
631B

MD5
5e2c0c26e344eeae4304c9bb561ea89b

SHA1
4664f9d0f582ab586ab197515aa45499eb18db41

SHA256
f74ed58e1ff45165abf943ff0364fff8e5d873b9051ccba0da940399fbd8aac3

SHA512
4aa5f6d5c35160470f99808dab9a68f826e726eae0b7f536e71665b978d72502faf971c4f9f2a9a792b3aca04736c9c97d633da7b34b50dbd3831dcb67284d97

Download Submit
\Users\Admin\AppData\Local\Temp\nbfile1.exe

Filesize
35KB

MD5
08f52a4ccd01913b9a9691093a64366f

SHA1
e44c6620b4107a0f55e89f632c007a9a1ec88119

SHA256
85357e0168e34f2d01f319a0f129132b77f03cafb6820ecf6dda64a39266582d

SHA512
d6a9eed3a663f59047cb6d74aed375a7041060921ea80835f039726fa171fbf7b030c29a4c3059ae875058605f54bebfcba7d4daaf36b5ed1cb960e91d4755fc

Download Submit
memory/2096-11-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2096-36-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2096-38-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2096-35-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2096-10-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/2208-27-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2208-8-0x0000000000270000-0x0000000000300000-memory.dmp

Filesize
576KB

Download
memory/2208-9-0x0000000000270000-0x0000000000300000-memory.dmp

Filesize
576KB

Download