stormkitty | 3087eb38d111c49d652a0a26cafdde80f3504f841e503788cb8001d1eb79d435

Analysis

max time kernel
133s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/01/2025, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
Size

842KB
MD5

b303919a57b5635af5cd6bbf17642a7b
SHA1

406811b6e29c936f28805645f8d2510bb0e2ebc2
SHA256

3087eb38d111c49d652a0a26cafdde80f3504f841e503788cb8001d1eb79d435
SHA512

0bd599be708582271005e2f18c6d640dd00147471e2f65bee0d07e6866d01c71b0536883346614674e9858625f1a67b962832c2eb38a918cd0d6cd3edbcc91f7
SSDEEP

24576:zq9FZgv6K89zwCgGofKP0fHxwa01vRrSNKFkXi:oFZgS9O3SPxa01vRrSNNXi

Score

10^/10

stormkitty discovery stealer

Malware Config

Signatures

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral1/files/0x00080000000120ff-4.dat	family_stormkitty

Stormkitty family
stormkitty

Executes dropped EXE 3 IoCs

pid	Process
2364	svchost‌.exe
2408	svchost‌.exe
1928	svchost‌.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\svchost‌.exe	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
File opened for modification	C:\Windows\System32\svchost‌.exe	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009038ff73f44ca043a9fd11c3c387da9300000000020000000000106600000001000020000000e9c224b54cebf42954e68870619e1a64b3f1ef4256f8a485c41d9994f25ba732000000000e8000000002000020000000afa8acdace7b5e70e9076326a59e0386aba6b70b0afe4ad328d92fb85b78d1aa2000000073eb8e18ee6b8f56a0cba570db42076bf03afcb141ee11f65ad3f3861ac5f3c44000000066aaec2de2a820efb710653b09c6d252c0f8bafe358923fbdc0285fa6fe5936e485ad324b583f2a7a31415a1db61713a13eaa213626c7398f8e28bd85caeec20	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01f1f6c2662db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009038ff73f44ca043a9fd11c3c387da93000000000200000000001066000000010000200000009a890e313c17a8d9228339610abb57a2239b94a85599e01d95b0e9d91fc067d8000000000e8000000002000020000000f899e3c7a3861d18bfa420c73c66a5edcb821ea53202afb36a4dea66b1124c2690000000c88f846a067bc3feb2dbf2c49094c0f756dabb528f866dc8fad546d4d2afddb36f3da8900237d1d6ba65ae50ea7b3a6b619dfd2adb550d4c7ead68dca31fee02b30e20d820feeb459bf323f12a924e6d57ab855d60245429ae096e49ee3159c184ced10776437e8972946dacf1b34a923def0b91e20811c8d277ba6712a9f7fac68dc5b899a6e7af4954709abed6333d40000000cbf7102ebc77ca92d85f0a4e624e00e289618af9d4b04f2c2c3fa575caab80fe34d88001ef4010bc5f8eb936268dfd657a5ea770cf56b70af74ee1b74925a9dc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442541339"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{937150E1-CE19-11EF-BC08-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2728	iexplore.exe
2728	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	iexplore.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
2728	iexplore.exe
2728	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE
1580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2524	808	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe	30
PID 808 wrote to memory of 2524	808	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe	30
PID 808 wrote to memory of 2524	808	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe	30
PID 2068 wrote to memory of 2364	2068	taskeng.exe	33
PID 2068 wrote to memory of 2364	2068	taskeng.exe	33
PID 2068 wrote to memory of 2364	2068	taskeng.exe	33
PID 2068 wrote to memory of 2364	2068	taskeng.exe	33
PID 2364 wrote to memory of 2728	2364	svchost‌.exe	35
PID 2364 wrote to memory of 2728	2364	svchost‌.exe	35
PID 2364 wrote to memory of 2728	2364	svchost‌.exe	35
PID 2364 wrote to memory of 2728	2364	svchost‌.exe	35
PID 2728 wrote to memory of 2780	2728	iexplore.exe	36
PID 2728 wrote to memory of 2780	2728	iexplore.exe	36
PID 2728 wrote to memory of 2780	2728	iexplore.exe	36
PID 2728 wrote to memory of 2780	2728	iexplore.exe	36
PID 2068 wrote to memory of 2408	2068	taskeng.exe	38
PID 2068 wrote to memory of 2408	2068	taskeng.exe	38
PID 2068 wrote to memory of 2408	2068	taskeng.exe	38
PID 2068 wrote to memory of 2408	2068	taskeng.exe	38
PID 2728 wrote to memory of 2572	2728	iexplore.exe	39
PID 2728 wrote to memory of 2572	2728	iexplore.exe	39
PID 2728 wrote to memory of 2572	2728	iexplore.exe	39
PID 2728 wrote to memory of 2572	2728	iexplore.exe	39
PID 2068 wrote to memory of 1928	2068	taskeng.exe	40
PID 2068 wrote to memory of 1928	2068	taskeng.exe	40
PID 2068 wrote to memory of 1928	2068	taskeng.exe	40
PID 2068 wrote to memory of 1928	2068	taskeng.exe	40
PID 2728 wrote to memory of 1580	2728	iexplore.exe	41
PID 2728 wrote to memory of 1580	2728	iexplore.exe	41
PID 2728 wrote to memory of 1580	2728	iexplore.exe	41
PID 2728 wrote to memory of 1580	2728	iexplore.exe	41

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\system32\schtasks.exe
  schtasks /run /TN Update
  2⤵
  PID:2524

C:\Windows\system32\taskeng.exe
taskeng.exe {44A7975C-5A9A-493E-9AA5-FA2E1B62FA56} S-1-5-21-3533259084-2542256011-65585152-1000:XPAJOTIY\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\System32\svchost‌.exe
  C:\Windows\System32\svchost‌.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2780
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:472084 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2572
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275490 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1580
- C:\Windows\System32\svchost‌.exe
  C:\Windows\System32\svchost‌.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2408
- C:\Windows\System32\svchost‌.exe
  C:\Windows\System32\svchost‌.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
1ba162baace6e1452acfe05e5306f1f4

SHA1
78465e64fcf437c46742824c5487d3c783efe868

SHA256
22f12e2ed5cf5c61e0ad4b2ee4d84e0cc7a269dad8f9412e536da75807d7d9a4

SHA512
3510e1b8f4b1eb75e5c439e9fb7f8d8d06183c61b470e7cf0959918a69b0ae3cc18962592226ee1712477de0f6a64826ebb66a9936c9e1afbb11eb5c0a84802c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07d8748c61a97f8875fc993509f1aeb8

SHA1
68ad894d293fcd759b406b51767fa4c04660156b

SHA256
d629bbd7e3ae7462ecaf8f2aa3656d6b191bd3dfe854a7b44a4d54cd6e82b376

SHA512
80e2fe58a4d1ae7c9863282c24d6594d472100921d78f2466f1d68839eafaf57151b068e71d6a9a813642781e926c9952d5985cbc41b6244ab39b8f3358ff8e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dda0dea543c0d1eeb5194fb7bb945b0

SHA1
c818f9096e1439e643f68eba6c7f34dde7933025

SHA256
ae11732f32eedcd122a178b051c6f65797ce843f6435c247b15ed3ede4ec2314

SHA512
70c1d2142ebc0a027500a1245361d376998c0de2482056b1b4679ea0d3e90163d2a406a6602ad048390f4e832c75fe449a5f6548ecc514c6b3720f50f6af2dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90d04d73708aa1edf38eec7ddd639299

SHA1
164c9239eac31881a9bc9c7063781bda5df3501f

SHA256
14c26a228ed94230cffc78b7d1b48c86e5cede28d329c91af33ffad836de67e9

SHA512
828d297dd7feaf4faeae55135c60da5222d93c1cdf986c3ceeb2c83691915f4b6bbd9b2c420612713ac8227da5d4425c48a61aaa770237606b2ce1d7259fa493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7866c5fe6ed3d2e002ec6419faa10a35

SHA1
e17b0a67fa9c6fe45e4970474f7b8ebfa6ba4d72

SHA256
078a1fd39ebc946711f07b7e9c35615943b957dbf7d350f23b97c532d3cfa19c

SHA512
49ff03dd2dc4e620141470760fda2bd0d9724cff93347534088944e5fb98aff36294771dbedf533b4b51dc476a76adffb617575bdf9043acfe3905eaae8b9ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c23d8fe63e4e419bd082dddfb8f8ef2

SHA1
b65ed13ff903206549cf96503a4c8e47206d9760

SHA256
5df92c00b37afc50dab011e06ee1d1e5dc2064e5ab1c32028c3d3bfb1615ca54

SHA512
86ea2693bcb0a5249f841fc975d4edec93e9a7724ec7ee80b899e4af577eb8f70cf713e1baef3db15b923484d4450cb2fc2e82669579e68521e98c9143b27c29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557b8c6af88976d2c1444132f653f395

SHA1
737f3bc44c5c7e857b0742a12f0a0c5edc86ea11

SHA256
b488c915857247536290a97f4d56eedc1682f9cb9d4febe84b5191018835feaf

SHA512
188530fd2d97e6dc576a87f34417d8766f5c0e1fa9fb4e6db612a077762a6afd8d504759ed9dfb7abbf7e2c591cc7030864191d0231ca4657d0d510fe8893a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f688fc6ad1a8e6afdf9cd9ef72ba709

SHA1
afef2d4caf1722be124fc1345cfcc0274de51820

SHA256
516284a7675c953d18d03d9822b3df23e720cdb2decea1f5b51779f73d229457

SHA512
22d41f51b91247b171596befe4f95d7eabf97664cb3a542531b49eb6eacfddb9691eaf9c69d9102a8ccaf9ab85b684ce195cbc0f452d2905b800bed7a1abd2fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5db3d54732ac26b8cf11f578c3f5c8f3

SHA1
09eb2872b10ac191e63b2f1ffc65354707c45cb9

SHA256
1bfa9d31dd339063aa7ece5bcdf30bfefe7d58c4883b9462d5b13e197dad755c

SHA512
01e2fbe18ea5f48162336d57e1fc00911a7919eea7ae67c140f7e2367d830f99fae997f82393425312dd8c8ad09894e67753a673bbf7bc0b9029960453a117d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4db13bc3ea7039cf9a0d9cea5315870

SHA1
1f52f4281a06d99ce3358e4523cca4fef308efa5

SHA256
879828638864c24458ea693afc637d7ad42ba5f202ab904b7f73251a19371392

SHA512
619a9586d21299938de974b32d75f66b1d4f90a4a003827b88a9081cfee66fc634e863d38e78c237b3d8425bc207c1617c048c7e0ccd4b65b19a4407f47c0183

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
489afac6a3250001731688f65e260a90

SHA1
5961d8a4a4375576db41aa17ae68b47d5364607b

SHA256
9092261bc8f2df8686b262e28b5cd198cceb562a9a6e8d4b0e29848f8efa7496

SHA512
5498714a3c7462df2e8dab5be17fe55df81a831ace09862e271f2a09f818af767605e03920efe24d043d0ff5bd898527cb8ecb51334862871a0e8d2ca0411306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11c1f85e2624201ba85e3b185ca2c0b

SHA1
6f68f1b287af337de04bbbb50c9abdaf082ffc04

SHA256
42f2e7203843d54d5f74793d6551e4602a13861b7442cd71ca86e34cbdbd2ada

SHA512
43dfe695f86ce49bfc96e08065e4d7a004bd996ed3ac3069b8f653ab8a717692977faf9299f489fc5da8aafc8d05738a91c0bc24fabc9835866045fbd13510c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d961303422207e26a3b4f9885269fa3b

SHA1
ceff07042f8c89a7c2b4360fbeda184c56356fcd

SHA256
fdad774dd5c3b3e6dbb4f39bac5a8dea1101c2fcb79487d2b1ea57e6a7de9249

SHA512
2f8d55c9017967eedb429207a73b0622d9b8c67066a0952c38420b6e3fde7f196e62472d9b2ffadb8f403af08f78d36b4905b9bfa4b2657a951f472204f6b1d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c63e2580d1383eea3d974e39810d1eb5

SHA1
4832ef982c0633b280c992f0317f8f6e5d668937

SHA256
93fcb100e2f3d3cd04cf2c1afb6e8120c8140a0f8dba224f847d32ba8d8b6d14

SHA512
31212a302067cbfd6d6a3016f732074d2414eba0653991b20bd4fcb02eae9ac6a74396dd790ff37d92b7a4465aa11dcd89648b447156966d59e4f9532072c0a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12f0544d5206df47cdf1c0c056c16e5c

SHA1
184b269a936138dff89cfac90fa9d1e185e1161f

SHA256
cffb61d18d9c60a6349cbebf8c0c1b74e7f4210013deb2364dce9ebe5f805509

SHA512
f5b7d5ea3748bad0441c66f456fc3a867ba4eed544f74200cd09c18f3f3b8746144b6ff7c59bf749cf8f3c0df5db7ccdc07a223dc0bae1cbee099542ce4c0a27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
307976bd795230895f90a0551e02ceca

SHA1
9759432eb6f942df1778d8b54ac71901f4b13782

SHA256
0f61bc72e71e100e990847ef6099a0af3cf97e5229287064549d8c2d7adbb325

SHA512
7d2165c9786d96be255b8a81932bfa7aef327deb41ae3c9d67f07b53e99313ace70adcce63900ecad7e13c48fcbbc7b8f1766aa8ffe8a6592d0f071a9f7b8272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e3525c0a19ca3b9911210e2dd7b53df

SHA1
269af1c55761d8bc65228ee2682c604969a1d645

SHA256
ca1087499150250243c2364c8a9c08477555b616d24841373cbbcfab73bc6dd0

SHA512
1881c1d64145274f6bab6240832273b399c5c4ed35be7703d402aac3b2c45d9e086e4ca2b238c743345a5ad97a421df6c23049d93955cbcc46f00b360c305712

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b3399e79a643eecfc155f7d0e83c25c

SHA1
ade829f5b84b4e8d1c910dcee743245d307ec0a0

SHA256
1185e1e3bdd4cc349028fb78b87210c4e495eeb1da348ded1c24656d0ddf8dc1

SHA512
44cf75b9409f3ab3c5277b8758c40ee0cedc1447ea66800dadd76651abe8ac66d3311cfb429ad130a3eb98b81532e57bd235798a53814b7c230b9838a3b24edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d3efbab03b8d00dedd3c41bf7cf09c2

SHA1
e738aca365e00917a01199a3b4c8c69431675b1c

SHA256
2c76a51f52df0a4e1a3837ce7c7a8fa7241d88fd24931946a072a590fc4342ce

SHA512
2d84ea1e749daacf21fc44b7c3e947ede6f816290fa8c6e57b055a45d5227263b153ba29722837e863ab585ca6e84ac71973ef6dcb055c443a1bda9ca40391a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4facf9440f52df06928d239a4ba24d4

SHA1
e566f53c5fdf15273f21079456261710bb1d6d30

SHA256
dca1b2134beabe12f5bb66ba592cc98b1ac840ffa8a6ee59ecebda7be408e129

SHA512
686b0f8c07f25360054a544f1ab09e2aa7a6dbc0402bc4316c90c60122756d1768e635804641f2a1c46fec233232b18021de92960cdf86816500155b9e148a87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5fbc90bedb7ea2c3038018a7e52df36

SHA1
6fce03fa0e1825d39871cd6de1fdb5d637bc797a

SHA256
6799468d238f294d8ec9450871348a7cbc74dd7907b48ded639c3425a373053c

SHA512
00e940ae720d99efbdddda3ba0631482337b814568ecb420898552c9027deb4fbfa1d4484e712de60d72c0c1342d7a39d131d895c8fceb64e832549055697df5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4e05716eac04bf5d474c209ba56183e

SHA1
48042269eb85f0e258795a00a0e2ebec35519753

SHA256
44fcfadbcc0bae9ac3f7077eed8ecb0b1b56644c2d5f1483a8e5f1f0d05a2246

SHA512
fa6adb9ad21b1b615d48d61468538f0004e0e8f03045e868d42473176f757019df24b08501f233b183c3a8ba9218a445954ff9fbbac5d6a5664c649f09455fa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556a205aa9bdb228e5c5f44d342dadf1

SHA1
bc7131365b8919d023a5da2635897e4c188dc1c3

SHA256
a9aeb8445791a50d10628c9184d3ba253aad1a148b8d2fcf69b88893cf9302a3

SHA512
4b0340d9a9971910cb4369077a1bbb1c44a393d003538ccc202183791f25e8f34bd0b4fe33a2cfad7093d3c5582841dcaf81d33418f8b3f0133a7a386d5893bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d5f030029d14f6489176b3eae4221f7

SHA1
a539cb0b9fc469dc14e193dca1bfd5d292c4854e

SHA256
6d2ce3aa82282ebd6e8e0295f3fe371affff0abc6b8ad8b0d2a4650200c7551d

SHA512
e0c8e3cafbb830ca15501c7e29ba12d836deb3ac8348d79aae61840b94e4182b711235b6d6769185f5479af63226eec637a278026873da26564bc29e11beb7b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5bd1442d708278d621fc42605d007e2

SHA1
bd99a91e77bbe5b96fbe2d7748ce86c36de2fbf1

SHA256
d705b9c513a5ae3a36c882288ece9259f24850140554017bc361bea41828273f

SHA512
29ef11e8b5c83f3a02eb439f6165b3421045a499355623f5a329f9747636aea4a1ae6918114ca02f551c7782c6c2d94d9b213f804c91d2e51e210c6f1393cd3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9c419df5e422698bda5ec291f6bf96a

SHA1
dfb3eca5dcc4cf7a8cf7639482bec49e2ed58e2a

SHA256
4a307f982908e6f3cb8b034c45dc1ab6190a8d2164b7400b55ccabadf56dbc5a

SHA512
e3ea972c9c2b7b62397ab06650e1bf520e5778f25802f389526dcb3a3c1ecefaedc36c0b3055242b85c46f63e5fb18a633c7e3c38d588202504305ef4d231cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
374c62b43e5c9d56e744f95ccdd10a82

SHA1
7a65ced63cea8225899dd29fbceac9d3e822df56

SHA256
f573abbda4dc77f2f5288586d3da19086f60c27a2b0783110e8f13c5665deeef

SHA512
cff68982110fce579702730eb22c6f9a388cff057ea68afd2d6dff42ce78a5765e217f8b4eca429b9360898fc612b389880fcfaec3f7b77c145048a6380960c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
131fae2971d1aebc95737414e495bb77

SHA1
3d57462218517f36e2d865fa03f0b725bad9fe54

SHA256
fc2bc70a67579a652caa21b6eaff8ff240322e73c1c39e2d8ebcc6595236c39b

SHA512
166ea8ffa5cdcf3afa4c89634b992912229c5e20f8f708b299219c879769c62684136f17cde37cc0779733ba02b47beabe9b665bc97b691d0e3234d6a2080dab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0af6c24b81892b8ce9878cfcfeeb7e5f

SHA1
b9b098b0dce565d2d1f37a32516db761e7a15eac

SHA256
57642cd1aa637149c48c2a2cd0fd5bdb69581cfdf1cca65e0e06353cde64ce86

SHA512
51cb925e34c31a2d8fdbfb99afd8509cb4e6c926d12bd02f740e1b7fe6b4acd9a70b7df994d570724c847c5dd2c4cee5a86f68b9a02f1dd343a7a503e0144568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3465ae752237cd06200a2e5376fab4b5

SHA1
174847b25818a01b68f4de0fba3aadf3da7daa0c

SHA256
e86dc58cee905c94b8f6b90039ff7370594cb04f34dcca59e290b591c174cfc6

SHA512
8c74aa8b63e15581658d5edb02b3230e62e250ccc281ca6f0f290d71ab8b60210164a141c944bdff8328e9c10827102d99d528d8d75c2b2406643394053f1e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
346de18f22ac6f8fac872066f6563c26

SHA1
621ce5e4f73738d8298098aa2e4e0a49532e900d

SHA256
f695d75fd76576b6a4ac6632bec2d71b29c1463b0e1043e2136ec01340b0c526

SHA512
b49737e901963025cb898de20a5087ae8e9980f369b0db0e8e2e9af3d5438c0086a91bc959d9ab2bba3aa12052249733ec7f74518a865f289e0eb44a18278494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbda9dd786074cae418addb09e65ff7a

SHA1
fd875c3fd7ec77a6c6b0c3e6f12e3af3658ecf96

SHA256
4ffe587b1752098e8e3d18c828058555971f696ffafae2981f0b74494cca8401

SHA512
2f9bd9f2d6f7e5a0834e99dca42e61f7ceaf416b4d18033b42e6d1954e999081c8858e56d8011d3b1d304a8f10e810e0076fd2dbf1edc80a65cc44c8879cdc3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE418.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE536.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\System32\svchost‌.exe

Filesize
660KB

MD5
3ae4a965680a6b9572c238cb51cd0f33

SHA1
850b303af5b5818c8c34cd88ce67acc6f093c248

SHA256
51f1e33f84709ac4ff359e47fc0c98395cdb12bd70feb8af78e40f494ef9803e

SHA512
328cafddc052b566033bba0e5714c0dbc53e7c442500969a1a556e9fb90d97fb9efccf233ac4632d148b2d6350c54a0e5a8c6d4be5b19b1dcba04b0a61e17bb5

Download Submit
memory/808-0-0x000007FEF58D3000-0x000007FEF58D4000-memory.dmp

Filesize
4KB

Download
memory/808-1-0x0000000000FE0000-0x00000000010B8000-memory.dmp

Filesize
864KB

Download