Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 15:13

General

  • Target

    e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe

  • Size

    341KB

  • MD5

    e2d1fda785669f8fb843491a5c110efc

  • SHA1

    a2afe6d6e5e4cdd98d84bb2f44561dee0cf1e96f

  • SHA256

    e93ff48a56b972395fae83b84f2d8ad1ae60864cff663813ae22ecee5f2baae5

  • SHA512

    096be38c19d3a7a2ae455a0ba381b9d4de26b5ba8fd69ed10e8f1744014f8838fd6db7786b928560baedc9f5be90fcb7b1d06e59a1eff167207ee01c9e693d54

  • SSDEEP

    6144:hG1RlfGH6xTaBxS5TYl6CpDN0pZosGJHjrDxk0cAVUSBiwlqntENlxG+jCESLbw7:hYPuH6xsdl6CFN0fAyNSwwlqn8szwXr

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe
      C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe
        .\setup-stub.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2068
        • C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe
          C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Modifies system certificate store
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2648
          • C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe
            "C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1608
            • C:\Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe
              .\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2960
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/
                7⤵
                • Modifies Internet Explorer settings
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2676
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
                  8⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of SetWindowsHookEx
                  PID:2568
        • C:\Windows\CTS.exe
          "C:\Windows\CTS.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:2520
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    c26da2d1b231266a9f5a28eb7db561db

    SHA1

    d079c96e775116130942e195fb82dd2d61303b47

    SHA256

    96748e92d588171886d3594523e9e1df14cb8664d3b9b8db5a49c72829f5c482

    SHA512

    25eabaf36dddc853cfc7911e27458185a0f50aedf9ba732c298bd0f5e983c2ecd69f8f77caf98edd665a87637e6a15126766f180686de6bba7d8eae48a7ccd72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a3ae01630b9fc7b16b9a8c7b208fded2

    SHA1

    9e8bacdbc755b12181a912e329bdfe20eae91a3e

    SHA256

    d5831de1957c0321ff00bd2f83944dcd3217077e37c6cc027a450a60689f8c0f

    SHA512

    8108e2af2a440aef07439ae746ee610264f5486f0bb6894b70b048661fba8b8baaa863f453a7d6325c337952d36e61cac41703d6982f088faaeb66c0bb6b201f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e98d523fc06d5bfc2ba79a8111f5c33d

    SHA1

    9d12dc65cebcd9de3aa40b28afdb3e7d0b795d98

    SHA256

    2e969814389fd8c38874c9669d0e526f1f9c7d4faef24fadf6b159bb5c4427c5

    SHA512

    767b25e283e03e3ebb2e94fcd3d59f547b63c512b4facb48b6eed0adcbb1bf4f771719867c3af73431bdca9c09aa4c052f774bb4f152fafbcf37bbbec2e4f0e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1a93da1366f1db1d85eccfc14b8214b7

    SHA1

    fda33679b065233b31fdc505dc008aa7217c5cb9

    SHA256

    c2afca0d531250b8d941b750e46d4f5428141bbac259acd9d59f8f0c6cd42e36

    SHA512

    e46e050f71446a4e38be1834f28cd292ad365d59a38a0c437f738c974d33a19784adebdf8b2ff0f601d4e11a45caa445e52a53c7cf256a818046a0d17c50fcd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b274e709f390e6e9fab9eee3a065710c

    SHA1

    4221c18184535d6cef667d486a1fca7e771485bc

    SHA256

    32906e1f28768999719a5757977f4fcc1ca995de64f4f27278d524a20257bd50

    SHA512

    8032e9e71aff62458978dbdd2ae66c220c4b9e942c17d6daf16ea19f0d3670df540f462dc3ea92c7c2207efee811c9cdcbf3cf4f8a3b474092fe9d3fa1d0d661

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cfcaa6e963ba55b4ba86ec3919f20f8a

    SHA1

    ed6395218ef038f3ddd8293b3f4757476169f75d

    SHA256

    bf1ad27b657904bf7c08092c3ee2b8410d945d3dd304eeb20540a06206caf989

    SHA512

    61ce999e36b1c88b495e3de8ecac979c9b7e9403aea584644266cce90ad76994a8fde38ec9c3f195ddc98c7fccbe07f9b7a1d8d1cd8e1f0e058ea7c34b2d9cc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ebe074149267bc849236d8a6a9c602d

    SHA1

    a8aa2e6ab5ddd59e0be6053985da78e3241f7ef4

    SHA256

    9cf2d8335cf53bc3f3360098b1c4f815203915a484bfde84f94aadab73116be5

    SHA512

    f69a1fd4a37478e2b418daee2fdc9d9dd1112c4349bfe5cf81575055756df0a510e6c00e4dac570b1978d9f610d1675eeb9350dd5895200b0b75a56023b1c97c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb87f332e1733aea1dd6751a81087b03

    SHA1

    0cbab4343a051fbf6ee600ca5e80bf837f739923

    SHA256

    05c98587f4ad78daecf78da01ed1fd6abca5e056091e75cb1903eb55f1ea424c

    SHA512

    82d41a881c978c02eb7c02bc2914556e0de14a7732e7cf6d039542b4af773a1ddabb8979eac78807eb0301f04fc5406828bdd9a5f57dc2c28ca56d80052be511

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9e94fe798d27d91cf372d78673188eb5

    SHA1

    f1c862b0f465f163c772cf1005f26b563f60e8c5

    SHA256

    38123618445a203f53875e7961d72c7a6f25b7f486f1bd169ec22f518b2b3c78

    SHA512

    2846bd709d975c0f79be5d576d93b25a3b59a23e35a6eeaf0b50d4cfaf979a108a5b034a7c23ffa9c40ca2d75e9bdcea4c18aaeaeb2e35b3e10b21c026d59fd7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b57490106f632ac2f2a8b8fe661f5258

    SHA1

    6675b04d0fd8706e8606548a0d5bb50513bd1d14

    SHA256

    86683109b3e41d48fb5f3148c66374665fab1c03b3d744d755c0c1c0180b5d47

    SHA512

    6175bd880f35afdc04b9ee143f7883851070e902fcf2db3166c448058c4f616313941d43b4a9dcaa40bccf0773a6101f1cdcc44b3a9d56fd1b995b341a28a574

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    df4c0ed6e597303e98e8eeff1403be3e

    SHA1

    4eba9484bc909b646bbb7f74a162eb6af5b169bc

    SHA256

    12b0425026df36ea54c23decbc9225b2888c1ef4cf75bc343b589a1d10e2791d

    SHA512

    eb8f7986c6060830f8fbac29cef5fd1131bb84c3ec6640de85d83811cd1550cfd56c916ef7f3d084a1088f1af3e74aa435fc96710d025225247dd8985ad5f859

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    faec08626f6ec14bec7c5626d145e2a5

    SHA1

    88f8ad92fd32f63ae7342708151a6b30cc06590d

    SHA256

    71d63e5f5f1eac3f9bc4f4c7b600b0e59fb609c27d8614441b7f051d1babac6b

    SHA512

    be4f3997fb71371c967c77dc10c04bb4848e00a6d80280bebf6d71cd4b1bf9485bd95705d6ed6c5a076593619c6ca7b317315074debc702c4fa82412677f529f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64e0062420874357725aa52a9ac85b7f

    SHA1

    efd94e6bd8a7796ea8b0c396506f4a36c373a3dd

    SHA256

    27a8a789045503f5c02485ea9e9b73d34760959b1fb1b1ab523ed681c6adaf0e

    SHA512

    46b3092d64d34fd36643ad6bd623ac842dd13c5fc083e2f956df08b1cd6cafaa0df0cb3305f630e3aa5a9b7696c1ba6ba0f39ac31bf5c43d223660f7fc7a421d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aebc25814310b7546a60365999001a4e

    SHA1

    3f9b0c8d97f0da2a472a90a0cc67bcf1c756bec9

    SHA256

    65cb09be353db6324fc4fa1a0f867aedfb7c861f8b1969c08f7062dbfecd1397

    SHA512

    c648c0fc9980562549bc9fdb6407325030ef6a5dbb91e5f71438db126d4f9fd8516893e92dd683e29534beb3bb893b190b57b8635419b174669ca5a22690349e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6d3e08245ec9b8987b8e94dd1cd57715

    SHA1

    14d593d0b2b6e6ab15708be048097faf23fc40c6

    SHA256

    d96a3e8c6be05dad05273c2f40bee2bf075cf2735814ede276dd326051d1a26d

    SHA512

    2a9ff25f8e58fc56ef792aac492746b42316ea186c559d4c94c7979c3f3291c67c4f2ede35bea73c70146649b27c8d421c4a8c4502c1d0ef068f971eedbe3743

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c8e461cd508b513c2d20410e6198847c

    SHA1

    88f533a548a78eab58f87e170bb70d20feffb6f1

    SHA256

    b38b4ce8bbf8b293f9c1d6699229e3e50b7b1203a694e31aa801cbb08c8b7850

    SHA512

    79af3926ad9f9864040725adba5126d6bde854c28eb3c9d55671076eb5e2644374790fa68aedd2d0be51f550094ce927622323c351a9e46c3d84825de8a775da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ecf62f63e6f6f79184d2358585eb93d

    SHA1

    18dd20f708ff5f0bce40b011e961aa0cd1753d94

    SHA256

    b8d0107bf9eb2225ddd95430d641b78b3f17a3df3f1b441433f1a119813172d6

    SHA512

    85cba22c9bfe0a6d4f449681a5360edbc79a59fc75a34c98944340f88eff974d9debbe812c1ad7ee14e8c27c7775cbfa281fa85ecd24391fe6f46562561ba2d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    20ebbb6813dde7edb84aeecbe9e3ea99

    SHA1

    10baaa8e2c91b073108c6bb35fa979edf079bb40

    SHA256

    bde19fec953a7e61cf23e0da483a1129ee9885606d9f3939841cf78815784d9c

    SHA512

    b4775ffb6504d16138f071aa4f3f5d1dc119bc1f4c4d164ac75ba518ab1295f676ef9ec9f74183d80ec01e47d5aa3922888c0d7463104b5a7430294aae1c8e3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa12d3dd0326b62839dde564942a223e

    SHA1

    365d034315f6e2d390a2cf42109abf0ba477f4f4

    SHA256

    9e92192601cdd41c4ad0caafca4d27634eee39c22feb5e49c2d4349b970a637d

    SHA512

    c9ac7ffd8aaacbdbd1e4fd0f0731a653334b5130c4b4c5488dda5f1e951e9f4c6788e9c7db3b4daeda314cb3aad34dce98a614f6d8b7fe12e1279cd9b4ee951f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    328ff7127642473e0c4d4b1d08916ff1

    SHA1

    6665bad071c92f22b3fb98d34425707379867e70

    SHA256

    578c9d058c6c6d270e8e90f6221e0235506a359173e20313a22a6f139f8c6084

    SHA512

    26eb22926560884e2d2dbf65bab4e90b2a6e51c8c6e9605b0620c727682a6948171ea6ee07a786a22b48bd471aedb4707ed1424a8132a1f6a0a9161b27bad24d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e70352b7d1c338ae441d823d3f6db36b

    SHA1

    d03835e9b6f26c582941db4bc26afd3a2270fdd3

    SHA256

    8981ba0f5c7d5d9269b29237b57375ecdb80b864adc38fd5a99f01e67985ff0a

    SHA512

    c7de7152ef377f5b231d02512248f8d2f3f4011a84353073b856e17df2116cfc26b52447e2bd069b6f3ceb6943fb0988bd9889d73cec07d59e36fc203fed8040

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5237f14c12f3d2a0c2c99547b1a1c2d0

    SHA1

    0866c984473f0097c8195b5a3ce192e47fa7f7a6

    SHA256

    873ebebf8a8c6673f4b793784758a96a1ddba4bbb73d8139636dab3a5bf1bd14

    SHA512

    a88aaa489bb736fb315575fb7013be805cb2269931bd1faf8d322b129f2869a1249f103eb167ff0d910673f0398e631a5d0185ad7289bf957cb317f99996942b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    27d38cab2daeb32d44c373d678316f63

    SHA1

    a87cdc650f996219ad1437a5fceff101513c8f2f

    SHA256

    98f58e704a6a96b436474fcef6a7a48785cd3c2af3e70d3f3a06953b687bde32

    SHA512

    cb33fd9e3847f1009c6f3f7b25de9a5accff86f5669164c22ab48c506d190650c533422e613d2030f8f20e2cae5afbe09c17a56c43700c570f630e1043b0d418

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    83c8c221194934d6ea3f7f4f8ce7af05

    SHA1

    ec5286cdf40c6eb44abbc71bb20a505aa3654dd0

    SHA256

    e4f2d7945663b08fd2697662ef2d86922c9b9e4d3e966e7a77d6aac12e63c5ad

    SHA512

    fb1339b14423b62dd6e0626444f73790a29a5b1273468fde4705f3e1c95fe75a5433170c92514b15e82538329da971267f33143d44a969476f415a150699778b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    233b87f19a5f0e36b43c03c8a4948ec0

    SHA1

    e43a5d5fbf0605175bb82c981bc0d45e5c13af6a

    SHA256

    2682266ce41964975cce46999e8aa610b898fba51a93a2a645785c797d97e0f2

    SHA512

    08f89e371f20855f065f94d51ebbd2e46ce1d888a0a0ed94c9087774cc9090b8620ac8a434ab1af2754c71b5af7e74b5fb43dc59d19275af6213d612afb25cf7

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\60nmxlj\imagestore.dat

    Filesize

    8KB

    MD5

    58a3964f08ddc05bddc4982091830da5

    SHA1

    9ae52bcf579d9d1f8a8e16aedc4abd356a2f5eb7

    SHA256

    c64c79db16258532d3ec5c28d6965d961fe0202b1ab99a58375a7888ff33dcc0

    SHA512

    ce34908adc92429f583ed40e143f1e404e03f948ca7bcc02b4dc892a6223557894a31bc579a8923f0c016bde030b4d1d68e2301693e9b112a778c9ad46a8dc8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\favicon-196x196.59e3822720be[1].png

    Filesize

    7KB

    MD5

    59e3822720bedcc45ca5e6e6d3220ea9

    SHA1

    8daf0eb5833154557561c419b5e44bbc6dcc70ee

    SHA256

    1d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805

    SHA512

    5bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d

  • C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe

    Filesize

    442KB

    MD5

    5e8603920f9fd39ecede163aab0c53c7

    SHA1

    1f686ce223269087e4b036e8fdfd9214d9b8911f

    SHA256

    f3a9cdd9ff511cd504bc5ca96e280bbc166fa1d87e749a86a5d73d05cdd1f879

    SHA512

    935b7e57fa7f2798f0ba1b9a0481a43ae60339886462c9010328335e833207755046449dd97885df86ac8d4d46f471d557ea4585223765120b9401b57bf04705

  • C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe

    Filesize

    472KB

    MD5

    adb824f8f58ed0388893da04f9a1b57a

    SHA1

    bb264f2110211abfb3cf33054b6c9f41df27b190

    SHA256

    4359be2767eb11a1ae7387947c6542dfc5c5676fbf38ad8339f506b62843ae94

    SHA512

    be24cb9ff23eeee96158df3b3727b2c9a8ac0bddc344d17930badad2b233251d9bfea393d84cddbe5ea519c1a5f88cec06068e96db4094f922ce64dfe9b87e24

  • C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe

    Filesize

    472KB

    MD5

    5aa572fb0291f7502da43467e0c56243

    SHA1

    a0675c785d8c2ecde47c5cccf958898048fe3cc2

    SHA256

    f367ce14664eb7f07e6cf99853697209f7c1abf470c501b30efae78c0281e5c3

    SHA512

    16c3c0638b5ef21b3bfb84994365be3db3cea9ea6e4c8f04370e1ee2746b22c9ad3cf3ba6437e283a44285de46c67082fae6b6b2b4f747a05f470b2d3ed9c2b5

  • C:\Users\Admin\AppData\Local\Temp\Cab117E.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Cab8E05.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar1191.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe

    Filesize

    312KB

    MD5

    78275c405670e0d9dd16481f26f5355c

    SHA1

    8581c6e6e7f239dbbba5083c65a76b3893515e3b

    SHA256

    0d5d6ea5c85bce2ae1e9dd5a777a35cfe21e9f9526630d13cf1795c4fb32eeda

    SHA512

    7cf9c4aa805cc0f161200e1e71f09eeb525d03d57f550062c880d63c13f7fd616613ab3630c7ba28cc84141390e55eb45bdde8e757c9fd29bbe8ddbcfe3a2d35

  • C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini

    Filesize

    187B

    MD5

    ed23468cb20f1f37a967eb26f639faef

    SHA1

    5707e3d394b6a3e36e8b1e23317ec115bafa1e9c

    SHA256

    812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913

    SHA512

    9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

  • C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe

    Filesize

    57.8MB

    MD5

    1e27e7745bba839a11fde43ee09614fb

    SHA1

    8ea7d0013e5f4327adef0384427f14adf8d2e9e6

    SHA256

    3d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906

    SHA512

    bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e

  • C:\Windows\CTS.exe

    Filesize

    29KB

    MD5

    70aa23c9229741a9b52e5ce388a883ac

    SHA1

    b42683e21e13de3f71db26635954d992ebe7119e

    SHA256

    9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2

    SHA512

    be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5

  • \Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe

    Filesize

    939KB

    MD5

    43947976824aa63f057de1ac7a99c377

    SHA1

    5f6d978b9bd3ad7e435848090d7d53e27edcf66a

    SHA256

    c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531

    SHA512

    2c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\CertCheck.dll

    Filesize

    5KB

    MD5

    2979f933cbbac19cfe35b1fa02cc95a4

    SHA1

    4f208c9c12199491d7ba3c1ee640fca615e11e92

    SHA256

    bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f

    SHA512

    61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\CityHash.dll

    Filesize

    43KB

    MD5

    737379945745bb94f8a0dadcc18cad8d

    SHA1

    6a1f497b4dc007f5935b66ec83b00e5a394332c6

    SHA256

    d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a

    SHA512

    c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\InetBgDL.dll

    Filesize

    7KB

    MD5

    d4f7b4f9c296308e03a55cb0896a92fc

    SHA1

    63065bed300926a5b39eabf6efdf9296ed46e0cc

    SHA256

    6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83

    SHA512

    d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\System.dll

    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\UAC.dll

    Filesize

    18KB

    MD5

    113c5f02686d865bc9e8332350274fd1

    SHA1

    4fa4414666f8091e327adb4d81a98a0d6e2e254a

    SHA256

    0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

    SHA512

    e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    1b446b36f5b4022d50ffdc0cf567b24a

    SHA1

    d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    SHA256

    2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    SHA512

    04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

  • \Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    42b064366f780c1f298fa3cb3aeae260

    SHA1

    5b0349db73c43f35227b252b9aa6555f5ede9015

    SHA256

    c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

    SHA512

    50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

  • \Users\Admin\AppData\Local\Temp\nsoFAA5.tmp\System.dll

    Filesize

    22KB

    MD5

    b361682fa5e6a1906e754cfa08aa8d90

    SHA1

    c6701aee0c866565de1b7c1f81fd88da56b395d3

    SHA256

    b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

    SHA512

    2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

  • memory/1608-297-0x0000000000240000-0x0000000000286000-memory.dmp

    Filesize

    280KB

  • memory/1608-194-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/1608-176-0x0000000000240000-0x0000000000286000-memory.dmp

    Filesize

    280KB

  • memory/1608-384-0x0000000000240000-0x000000000024D000-memory.dmp

    Filesize

    52KB

  • memory/1692-50-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/1692-17-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/1692-27-0x00000000002B0000-0x00000000002C7000-memory.dmp

    Filesize

    92KB

  • memory/2068-32-0x0000000000020000-0x0000000000037000-memory.dmp

    Filesize

    92KB

  • memory/2068-41-0x0000000000140000-0x0000000000157000-memory.dmp

    Filesize

    92KB

  • memory/2068-42-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2068-35-0x0000000000020000-0x0000000000037000-memory.dmp

    Filesize

    92KB

  • memory/2068-34-0x0000000000020000-0x0000000000037000-memory.dmp

    Filesize

    92KB

  • memory/2068-29-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2196-0-0x0000000001380000-0x0000000001397000-memory.dmp

    Filesize

    92KB

  • memory/2196-11-0x0000000001380000-0x0000000001397000-memory.dmp

    Filesize

    92KB

  • memory/2196-114-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2196-4-0x0000000000260000-0x00000000002A6000-memory.dmp

    Filesize

    280KB

  • memory/2196-14-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2520-48-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2520-165-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB

  • memory/2648-246-0x0000000003710000-0x0000000003756000-memory.dmp

    Filesize

    280KB

  • memory/2648-159-0x0000000003710000-0x0000000003756000-memory.dmp

    Filesize

    280KB

  • memory/2648-76-0x0000000000590000-0x000000000059F000-memory.dmp

    Filesize

    60KB

  • memory/2892-20-0x0000000001060000-0x0000000001077000-memory.dmp

    Filesize

    92KB