Overview

overview

10

Static

static

5

JaffaCakes...46.exe

windows7-x64

10

JaffaCakes...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2025 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_15c04c1ed856078b0eb198b20b2e3f46.exe

  • Size

    1.8MB

  • MD5

    15c04c1ed856078b0eb198b20b2e3f46

  • SHA1

    7196e4f6bf947e133f79002fd7be34d7b860d75e

  • SHA256

    1427dc323a24501d87216762b9ce2cd2198bccd21c0f1ba9a16c035fc2eb5968

  • SHA512

    3f23e4ef92055bf15c77d5d39ab2046b364e9f1a2632e570674175df501770c639893e68eff112524014c196109969a22596e682aa71f0755191f308ddf0f23c

  • SSDEEP

    49152:GYjoVm7iWBynhbDb+/ryW1s73BD1Tw90qgL3C1:Pam5ByVDb+/2CARDZweq+

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealerupx

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 43 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 39 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 26 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_15c04c1ed856078b0eb198b20b2e3f46.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_15c04c1ed856078b0eb198b20b2e3f46.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\C35F.tmp\ta.bat" "
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Users\Admin\AppData\Local\Temp\C35F.tmp\install.exe
        install.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1716
        • C:\Program Files (x86)\Software\setup.exe
          "C:\Program Files (x86)\Software\setup.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2908
          • C:\Program Files (x86)\Software\set.dll
            set.dll
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3032
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c copy /y trsaj.deg aq.part1.rar
              6⤵
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              PID:2780
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c copy /y trsbj.deg aq.part2.rar
              6⤵
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              PID:2800
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c sktnrint.dll e aq.part1.rar -o+ > nul
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2660
              • C:\Program Files (x86)\Software\sktnrint.dll
                sktnrint.dll e aq.part1.rar -o+
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:2756
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c sktnrint.dll e -hphp20fx inetj.deg -o+
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2640
              • C:\Program Files (x86)\Software\sktnrint.dll
                sktnrint.dll e -hphp20fx inetj.deg -o+
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:2664
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "trsaj.deg" del "trsaj.deg"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1520
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "trsbj.deg" del "trsbj.deg"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:628
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "aq.part1.rar" del "aq.part1.rar"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1088
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "aq.part2.rar" del "aq.part2.rar"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1104
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "none.dat" del "none.dat"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:548
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "inetj.deg" del "inetj.deg"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1732
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "joy2.dll" del "joy2.dll"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1924
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c if exist "joy1.dll" del "joy1.dll"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1528
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c start m1.exe
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1352
              • C:\Program Files (x86)\Software\m1.exe
                m1.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                PID:2688
                • C:\Windows\SysWOW64\28463\TRSB.exe
                  "C:\Windows\system32\28463\TRSB.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1868
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c start m2.exe
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:788
              • C:\Program Files (x86)\Software\m2.exe
                m2.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:2428
                • C:\Program Files (x86)\POL\POL.exe
                  "C:\Program Files (x86)\POL\POL.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • System Location Discovery: System Language Discovery
                  PID:2360
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files (x86)\POL\qs.html
                  8⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SetWindowsHookEx
                  PID:2804
                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
                    9⤵
                    • Loads dropped DLL
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Suspicious use of SetWindowsHookEx
                    PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Software\inetj.deg
    Filesize

    1.6MB

    MD5

    c090c1c11a68d19ecd8fb3303d5e040d

    SHA1

    3eb8583b716302a6eafd44fc93006f056b3335e4

    SHA256

    ceb923db4533db21a33b6a8a28c3e5438c1ee1ede94c9cfaef97fc06221c0b44

    SHA512

    d666b03002db2aef0b7d534ab8a6575dd3834548405e481d944c3d4e78f47b0eabb7b321e7a1ba16e1e836712d1ee27255b122da15642b18854fc6abd9979348

    Download Submit

  • C:\Program Files (x86)\Software\joy1.dll
    Filesize

    6B

    MD5

    7a7a127732b980c12fa9d4488eeb0ecc

    SHA1

    83191c736de9d93710a0d1f5118a93137524c3ef

    SHA256

    d9b69786e3533b538c5a1a2c31bb90cbf52f5afd931b3da6859e9acfdec41259

    SHA512

    d03a69ecf4bb917f9f3044f04f2d99e8e12b1da459d3fe1b57f414f0149e86f91d9c50d4598f498b87c783f73975037272f3ea62539865dd9d5f9d5d78684a26

    Download Submit

  • C:\Program Files (x86)\Software\joy2.dll
    Filesize

    6B

    MD5

    ba3482cd482a8e4208f0f603f42d0ae9

    SHA1

    79a5f97d8b84510f990018c7a3987500b86e6734

    SHA256

    8b25c4ceeb25e58d84dbd1c957b8b07f8c7950df67a2e703b019c8e52d60f220

    SHA512

    4e4285a6c01ac372a8e7e62348066d802ceead8e7170a7beaf2de14d897b070c3838c6d3e1f2382b16d8d4e9e7b4223fb269da11fbc4219d161ed1f8211f7aea

    Download Submit

  • C:\Program Files (x86)\Software\m2.exe
    Filesize

    864KB

    MD5

    3845681f30b14ed77137e24befa45c0e

    SHA1

    c70aaf5ea693be90782b2bd37c5933f301403fb9

    SHA256

    3206711740834dbc0d9ac5e57530cade8d63ec66d97c656dd317fa7ed0600706

    SHA512

    8f28330c9d9b14c355a02f6c04d58de9d4eb1cda7e761017e65ee095299efd738ac82e52ddf926ea3aa2768f65d6ae9e56ff9fc5e93a20e69888952a2a471940

    Download Submit

  • C:\Program Files (x86)\Software\none.dat
    Filesize

    43B

    MD5

    b520bcb4f985e84131b263f585e25095

    SHA1

    55459dc8adb00742c1057f3ff9f0672120afad8e

    SHA256

    8215864318d5e3719b99d4ad2b8c374a28e1a692f57044a4fa4519923901e97b

    SHA512

    6bc5cf923a6b95e3f9817274b84e418d2537e1e4c9ad24179633439ccee86207c10a1c78cfe530d8d91e73d66b6753b5029a15c82d21c715fe7995be974f4f53

    Download Submit

  • C:\Program Files (x86)\Software\trsaj.deg
    Filesize

    1.2MB

    MD5

    03323221dba14a477a729167721d3994

    SHA1

    bf2de09d27175688c656cb3ac8c389d9f898ac4b

    SHA256

    9696d901f9e4bd889bddac531a5f86cdc01c14e6df748ab3a4c5d27cf6f857e0

    SHA512

    a4ddbb38136b0b996f52b557c70e92560492ecd4834f6f3bde0cb04bea9b90e4927b95367a5b2e5bf8da4beb1f6d1def59f49e8aef9277ef6cd88529a95b03b0

    Download Submit

  • C:\Program Files (x86)\Software\trsbj.deg
    Filesize

    442KB

    MD5

    7774988b6c0f525ddd71811d93ca2670

    SHA1

    89611b783b2d530bf7ee77c0b1b860d888294f97

    SHA256

    71c7bea5944c32a0a1b71273d6124d4545eaf7b31c4c11ba7c668709aab8ce4c

    SHA512

    30f46e4420e4aed58dfb7e7482e90948364d5589e237842b81235a6b3891825fe8c3e8044cce2567c4dc68b28ecdd3b6303922298e5b4e1ef5ccccfa7f4e1615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bdb92a2a9b774b01819ca0830352dd7

    SHA1

    96bd8b8db25a1089a443218bbe79186a308221f6

    SHA256

    f3b14cb4cd00a66958d0175891a0754cce9c77e527d5f7f33360bb40d17fbf6f

    SHA512

    e725002d9d48d4ec63d7b8f6c6932fa2e40632f80c65dec8ec0eff313ec412de6c68cf4b0d90630b8e7de8570a87b8e41b622d9706c0d34e2f31dfa06feb2a85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f937bb70a086c762c7ef1ba7301d443

    SHA1

    8ffedde9a97fcdf43c96fa3ad3885d6640626e56

    SHA256

    78ec255d4ee41578455f3be6f453291362fffad84bc20789ee82f0a81c604d4d

    SHA512

    02e256c511bbf6f4b72a449431a4f4d8b91b9eaaef12c9a3a35fc6c2ce5a9be65c7772226cc999f5348822ff92571766690c7545987b429f943c123d59d97f2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64a8c911c91a35d81cb4fc9be83741fe

    SHA1

    b7771fe4777fa97da85710e2d1f326c210d55d23

    SHA256

    1316e0f310c505e8e045b8d65de23d9d15b82a8d8f6c7f0fd11e0d45bf014b16

    SHA512

    a9deec97219f02741512b7afaa5249eb9a7e545231303a397508286c07687f3f009052d2aa0a0aca0a72da6740305f0e76d7ad60775e46deffbd59a7d7029133

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bad9eefd0e38e74e66dfb66cb6fb1ce

    SHA1

    59d1f383fc5c49fd465999f02ea1b094922a174d

    SHA256

    0323fd1f0dbdb57dc4a63f95246d651b0445e46c5a19bd21d305949a7dd27957

    SHA512

    583eb0cf0f0d33270386bdda3efa7c2f27e4ea294c29673f9e13c0d10cc18a38cbac57e67a3aa1e09c185439d608dc03c1bb083909b288492224d45541f16c21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9abbdc2951b635df97d24b6c1ceb018

    SHA1

    62e4066952abf129d7512c921550f56ee8b8ef0b

    SHA256

    fd869c8280a4d335476c886fe4c389ca6010f83fef6f397971998978fc6dce69

    SHA512

    d289d85d6b04ba0da74be52651ea93e11a36399910a2facddddb8af35f4c02b3f1f6b9c2b57afdd85fd7659b30ad648db8e61e355916a5a9a08ddc3c56584a17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69539d7a027971d79903cc790f1adbd4

    SHA1

    e9b486a39a5dce9c66235a597d0290006b1be302

    SHA256

    fc19a8cbf8bd7dceecaaa19c770e050a74bd22d14c7810dcf7b610c9dd9b1bc2

    SHA512

    9f093a814626ee27e46f853da5d0f873c4c1e8695230ab3edf433644c46d4d02bf3daf228a6baecafa32d67b9e03d5ae6d3a6a4a5fdca33e692c08f61dc147d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99e8de1919412db27fd65aed2c1ad855

    SHA1

    96901521b7f9b613f6d0ec05dcf80817cc0c047f

    SHA256

    90425af7fee9b2b755e45f1432008235e56c833bb1970c289b2805647a1a145d

    SHA512

    dea7617ef8bc58c666d43b1eca1eed9dc274cb747d880f6a6a296a7db8d91fcbea6f71b052e54b4a879f7ee99e24f5ce32b9569377297e3d2fe12d4e80c76efc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    644f4534e21f8fd6045d1a0ec75246c7

    SHA1

    2a7f942207a85c4b2fab72cb5fff65564052ef7c

    SHA256

    9380ba58cfb8f71b2715908d052ee9c4dcab00087c057d50e47aeb686d96c3b9

    SHA512

    a382d2018b10cc077b55ab23ebf5c4dc9175b79789ba8fe8cf5b0aafa6ce273a23afe9ebafd28b5f6d0570ef99ecac410baf968b609de447669675aa7452772c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d648915347cd1a084597f2402e6c8ec

    SHA1

    9a35acbdb75024d941761bc1ed50f4457e8ec857

    SHA256

    5c44f05440dff2ee43628a0bb70df48af9058daea767711a6277492b97e72c32

    SHA512

    4a5061bb7c60eacffac45777159bd0b3417a800feb18325ca169edc1e770125384b7ec9e5776f777b97f2e919ce10b17b1b3377bc4c40b3dd5749ff4ebbfb00a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b34429586e84e566f3d60398cb5517f

    SHA1

    102c92fba2985e869aad60812f04bffb88aa1744

    SHA256

    6afd49280e50bfe311a71161d0abce99528b15076ca1b5a6ef5c109a5787d57a

    SHA512

    5765d9b08e7b72bf222eab3ddc476c94306f4e29b56c1213dec923c67d751b353f71579e2199aff7c89be0cb7659c5063c819afb2ccb78eb0ff9706be54f9320

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    278caed6bc704eac200b899a9e0a535b

    SHA1

    0b44f8270abb3f8b011a82a6a63cc6f8a6648641

    SHA256

    33f359c4ae7c3a60a167b6d47677041a9e00a6e422729a43bad6798cfbe27541

    SHA512

    f6991b40544f08332eb838c67cdb6655d871c6bd812ecd0b6a028f8e1a45a478cc7a7bcf00bea76a898002cad9f172b4c82225b6ec01e19f4e9835ceef5e0e15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36d9903a7a403acf8a80ddc665d7da2e

    SHA1

    3f360b12eb940d0b91e913b4f16c4dc8a377fdef

    SHA256

    24cb2947c46d652bd8278f07783301207a1f0f2a138556024e8e2db692725e5e

    SHA512

    101d02081b7ade0de9ffa84a6442d5a48950c1b962a981b8dc06bc13e91b435cf069d1082e596f29a37c650f0e0da4c8a860e40674633d7016f99fee3fa3362e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    805dc4a1dc71f782f98002f189b63d9e

    SHA1

    22b719f5c12d4267ac9931b50357f7eb0da7dd73

    SHA256

    b2b090c9817474e0dd2e3055773009c2f0d6f829b53d16e3edca5d44186c9fb2

    SHA512

    bc7e85b1826b2c86c5dddedd40519babbac69acc0a853664c77017d13c11fcfc222758449fbab28709a4a94b4c90384212779b2fee4e10c66455d35255a674be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    329b90cafc4e5a4276eddc452710014c

    SHA1

    15302fd1c31ebc846b282d5cfebeea1a621b32ee

    SHA256

    00d2b45dbc52cccba1fe18d74da7fdfef98e267d8a0e801b667b9a386e9b23ae

    SHA512

    5f0adf2979ed2c2d14b81ec14da60f3f8e4c46411fbfc468ee6708c3e5a97f8309af5fde3b4640e8837132629e0750ad0b554ea30a6ac0abf29f374d30b22fa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a2ff1feb29cb78b3f86021ea70adbbc

    SHA1

    cbbc761d0fa295b7d678bfe0e4847101aae08847

    SHA256

    77bfb997090ca44433975fa84073c73aab6210d594d6da77d865143343a29d10

    SHA512

    cbb704330a6ffbcdb87d757f056e769bf7e965c36f2f96ee89adf3b9acc0e872b31789d0848e5a9133d5f2d47a6a029c2b7a5618e529a774fde8e81b37b076cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12fc03be29ffd5832e14b4e9227f0e24

    SHA1

    22c1c6ee75329e119535e7220eb01257cbff3272

    SHA256

    b53a991e64809f0488abcf24f07935e8b5a1f40442a54a1d94998d0439376a53

    SHA512

    f31fa91769165fccab900347443493a13e4e8853ddf39540890ac474fa5e2897adb463acf9b95c76f794e828c82236041c800651d8640c048839c1ad8fd23637

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C35F.tmp\install.exe
    Filesize

    1.9MB

    MD5

    076519c9ec2b1fd26c6c1fb2ac4675ec

    SHA1

    78567285a90b38c892e03ae534667c88f454e979

    SHA256

    300f92a1bb50d0fbdbd3bcfe59f462c9597c406c5cfa81772187a7e49fb3edd9

    SHA512

    32c96f4138b4a59e84fe354c762d5cf2dd32370d41a8864d9afb75bf641d8cb59a29edd2721c9d49e482fd04a0d76733e3ad52bd995b893e8a79beda2317ef09

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C35F.tmp\ta.bat
    Filesize

    17B

    MD5

    1ae1ab078e823ed1bd8d17e51fe40d49

    SHA1

    4eba2a9c68894583fd3cad46daf1a4ba8e989067

    SHA256

    bfbf23a7f138c7f9101deea4360630a6102425aa5aac3e3d41718e5e6c376c1e

    SHA512

    7c9103943439ecbb021018bc4146e5b53d41f40d8776a1d6ea3392169d03bbf52b24414fd622467d671fb8d17a77c92b8348be94ac08cb8abae79bf9b087e583

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4A9A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4AEB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstC9B7.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    3809b1424d53ccb427c88cabab8b5f94

    SHA1

    bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    SHA256

    426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    SHA512

    626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstC9B7.tmp\ioSpecial.ini
    Filesize

    719B

    MD5

    c54759dca87eaabbdbd93edf3c800691

    SHA1

    af4e6f35871694c8aa5caaf8d526d5db00bf0464

    SHA256

    5fa2f281fa97924f1877689c66eb2266a52e30f5139273e22895b9b7131124c5

    SHA512

    015762f88e07191514bb836ca340ad6e386bd1f33f574adfb455367b70eb44ef38b824154d52759d1cc093cfc561bd374b7dcda07cd33f4bd3a3ff67ac9c7f39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstC9B7.tmp\ioSpecial.ini
    Filesize

    793B

    MD5

    0bf76811dff66cd64b7ad94899c5d626

    SHA1

    2c9e81dde5f98c3a6226480ee6b737d1b156a00f

    SHA256

    1e5ee41faaeb7a654cbf7788be1aca6a6c57f3e2fa476e95712a79568f773b86

    SHA512

    1a9e4df19aac29acd4f873fd938b0b3af6cb4a0a1d9b401a3a28fb3a3611e92e72af0e7fff3319dc7cfda933d24c932a9876386c5473d3156ee0ebd15f57902d

    Download Submit

  • C:\Windows\SysWOW64\28463\AKV.exe
    Filesize

    457KB

    MD5

    f34b87951e1a931e01df1bc9f1b98207

    SHA1

    f3cc94e72bf7e9bf2afa7d8dbfef0ca2087358a1

    SHA256

    e6cf7cdc5895da8a65f8c4a1a1d0d0583218a1c28f66d25dc56fa67f9c34ed5b

    SHA512

    c2438d88489b9ed7c6c875ecde07411a488eac9115358c73f72d7029874f75803ebead03a41692a900648fb2b2be63b7c8b4e3a71984261185b6d5d6d7201641

    Download Submit

  • C:\Windows\SysWOW64\28463\TRSB.001
    Filesize

    298B

    MD5

    b63549d8ba271d5e2a84e1d96e2afd0f

    SHA1

    982467f4e90b47fc546766769d2814fbeae1d9c0

    SHA256

    601c074a1641ed122d5cc4c107a657848d2c8234358dcd7cc380c9c0e1d9974f

    SHA512

    7e7eb4f40dbe9cd095e17748af635f15d0f2953445b62c741976fedaf3f5fac97d4d3580ba44d3bfdaa2319fc25110f402066e8243c246578666853ae6eba134

    Download Submit

  • C:\Windows\SysWOW64\28463\TRSB.007
    Filesize

    5KB

    MD5

    15eb312db4b3e208b67082653acb8a02

    SHA1

    b0926b1e1733baa3d7f18d3806916f92704fccff

    SHA256

    72347b6d619bc7204a155486e4d09a62a4a494c35a8121349bfe2fecd5af99a8

    SHA512

    7e8d451bc9d1e83615db15d6cdf68230cdd333fa38362979f0408dc80bf680859a2bc3fc09c494805731317b0f136c3227226092f1bcc31c2c80cb73071aa443

    Download Submit

  • C:\Windows\SysWOW64\28463\key.bin
    Filesize

    105B

    MD5

    27c90d4d9b049f4cd00f32ed1d2e5baf

    SHA1

    338a3ea8f1e929d8916ece9b6e91e697eb562550

    SHA256

    172d6f21165fb3ca925e5b000451fd8946920206f7438018c28b158b90cf5ffb

    SHA512

    d73dadb3cf74c647ce5bad5b87d3fb42a212defcba8afb8cf962020b61a0369c0a2b1005797583daf1f1ae88b29b7288bc544a53d643f3519cf604aa0ffd6dae

    Download Submit

  • \Program Files (x86)\Software\m1.exe
    Filesize

    790KB

    MD5

    f9463f561469b35f313127768a6e2845

    SHA1

    76d03c9538b556258a67f34b988792a77471aa66

    SHA256

    183cc68a1f767429e17f893ccbb530a8ea644017e084b0d31e9c50adb49c0c28

    SHA512

    9da23f60e5f1863392aaa280d6d7ca1c8cfe0b639eff757904b20e6d7a8b799a946424217c5f1c74f0d8e5fc162ada856c8e1d68d89edc6f0b78dfffea6f4361

    Download Submit

  • \Program Files (x86)\Software\set.dll
    Filesize

    19KB

    MD5

    f5316f6db37f759d2f75595d690a89b4

    SHA1

    643294e25776853edabf97f1bccf1b36006fd894

    SHA256

    6ae2a7ed390227b6a7b0ef833cf3e8c2b05715df4c6ecf3b253f1a600b98f72f

    SHA512

    fff7f0722dee9b097c0a18ab7c41000c88150f5f2ac9d6fa1610690580ff95bc43b7e9426ddb79c062f1b88bf9f1bd8294f2bb48bea6b3ceaba2586b4a544933

    Download Submit

  • \Program Files (x86)\Software\setup.exe
    Filesize

    18KB

    MD5

    4526d27a0dd2e8fce6b3ab978de64ee7

    SHA1

    401f2bfb276f05adc20f0cafcee3198c8288fb91

    SHA256

    42635767b4ace3206acf65cb8af3b86f9a1dee013898d6c137f08b387b81f43e

    SHA512

    dddbc87f0bc4e447a2cf9c8b7b31f997cf91506e24b3484e75862fbcaa38a084b99bc9fffa5b0057d10023244176197e073ed2156c830c151be5f90eb7b78990

    Download Submit

  • \Program Files (x86)\Software\sktnrint.dll
    Filesize

    309KB

    MD5

    e08e0a3c797a43b0ed8e729e126db06f

    SHA1

    1e016713864b5a5195f0c8a8dedd4a601bc81530

    SHA256

    ad8f09a3efc4a93ab4bd10bb14e6e48bccf51d525c1bbcff1c9b481ff9a2251b

    SHA512

    74d4849f97a6f3c8d27b77fa7707d1a4b57ba6ce385cd7dd50ea05414b24425c03dead63a6ed9e7363a286f90e1a7c00085daeabcf2ed42916337855e1c0d343

    Download Submit

  • \Users\Admin\AppData\Local\Temp\@C929.tmp
    Filesize

    4KB

    MD5

    36400e746829504282eb26b364826aa9

    SHA1

    d39ea9da98be0c331fd71002645f4f40664288a2

    SHA256

    c7ab756437211f6e0e3dcd7482bc67cb910e504345902049eb8abe34a656deb0

    SHA512

    5fe8fae2f5fcbd42c72cc8f6dd70aeec0afd94af5cfd905441630755790dc6ed346823ee009c21537b9cdb3b7b7a39eeed933606726ffd891dae47b60465f640

    Download Submit

  • \Windows\SysWOW64\28463\TRSB.006
    Filesize

    8KB

    MD5

    98d22fb2035a26a6b9b7decc0c0ff2fa

    SHA1

    43a75cf59fc2f8b59b1d962b4e685249eef816d5

    SHA256

    fd5c03fd9ea47c1e820d19bd307ad7c4e53f4b65d288cb675b05cbe76c9b5c25

    SHA512

    3cb7f765d6f4d1dc08a0087086f3fe243bd8ff9e699607cf1e4177892576665c0c799307751cba16fd3f1482e5abb884090024431be2ce86d4080f1d1134d91f

    Download Submit

  • \Windows\SysWOW64\28463\TRSB.exe
    Filesize

    651KB

    MD5

    b181beaba4204ac3ce7bc8e6f0b74312

    SHA1

    4ab13763d2ecdf0968f15a39302aab2b1f0ab462

    SHA256

    f36bad234fd1599dd1398d20bc57499314fe96d5de20074536067b2d3c2b4f2d

    SHA512

    d1aaa2fd25e53986c8ea8213a8a02515927c9e9aa3e4d8077a138a29ba32c807ec81473b672a22ffb6ba26126ccd7e1d310e057ef964d3b21b1672a67af5fd7b

    Download Submit

  • memory/1716-40-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1868-128-0x0000000000240000-0x0000000000320000-memory.dmp

    Filesize

    896KB

    Download

  • memory/1868-308-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/1868-121-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/1868-138-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2112-0-0x0000000000400000-0x00000000005F1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2112-22-0x0000000000400000-0x00000000005F1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2360-307-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2360-303-0x0000000000400000-0x00000000004E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2360-304-0x0000000000A10000-0x0000000000AF0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2360-305-0x0000000000A10000-0x0000000000AF0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2428-148-0x0000000000580000-0x0000000000590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2428-289-0x0000000003FF0000-0x00000000040D0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2664-84-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2688-120-0x0000000002A10000-0x0000000002AF0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/2756-69-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2908-49-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3032-107-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download