d6f4894aa506d227139cdceb46fb0103c03bcdb4d44c0898d147a2a32a0b60f3

Analysis

max time kernel
142s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f499cd0fb5bc167491c154a9409ed741_JaffaCakes118.exe
Size

585KB
MD5

f499cd0fb5bc167491c154a9409ed741
SHA1

7e54931cc48d47bc1e0cc2d45cbd9d65c36d985e
SHA256

d6f4894aa506d227139cdceb46fb0103c03bcdb4d44c0898d147a2a32a0b60f3
SHA512

ad5c2ba8ff2ea6cbac10c8ac98ae5c3f738875f847bda88ef485a3a2360f466856b382a4a7966aec10bd3c0c1f03040245dd9dbdcdaefabb7620e4dfce1b2ad5
SSDEEP

12288:aLf+60UUOaRrGf+OxYTXF3Z4mxx7oEtlK+kt9T2MF:aLnlflxYTXQmXsGo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2376	G_Server2007.exe

Drops file in System32 directory 43 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41E4ECE3-FC4C-11EE-8A7C-66DD11CD6629}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41E4ECEC-FC4C-11EE-8A7C-66DD11CD6629}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{41E4ECE1-FC4C-11EE-8A7C-66DD11CD6629}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{41E4ECE1-FC4C-11EE-8A7C-66DD11CD6629}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\G_Server2007.exe	f499cd0fb5bc167491c154a9409ed741_JaffaCakes118.exe
File opened for modification	C:\Windows\G_Server2007.exe	f499cd0fb5bc167491c154a9409ed741_JaffaCakes118.exe
File created	C:\Windows\G_Server2007.DLL	G_Server2007.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f00e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "ey3nfs7"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\RepService	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Flags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1781abc686b654391a6c7e84b8f4fde0000000002000000000010660000000100002000000035b7183f21679cb3160a1fa8e407c386a89473d55854f5e5a6644c122c4a7af3000000000e8000000002000020000000e69066264655104e22929e603040c84d12f5d53c2a0d22d970228a2791a38adf50000000eecc57c5812e90b7aa84ec0825e1b00ae43ef25793e7c619957e911d13fce61bdcb3bcb6696c96a2abd244c7c275ebbca85206d14a6311fc9edc9aa9c670ea8448c282370e7cef1ac5a971f8c589352b40000000601fbd761b1d570894892156edb6d3d92f251f78021b964e443a7d17f29f65d64c7fc3266d4e9aa56585a586b987bf3eaff29924bf60dec76cec96033a1cff5a	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Connection Wizard	G_Server2007.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{41E4ECE1-FC4C-11EE-8A7C-66DD11CD6629} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Flags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData = "4"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main	G_Server2007.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Suggested Sites	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags = "1024"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807040002001000170033002b00250000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Flags = "512"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	G_Server2007.exe
Token: SeDebugPrivilege	332	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
332	IEXPLORE.EXE
332	IEXPLORE.EXE
2376	G_Server2007.exe
2376	G_Server2007.exe
332	IEXPLORE.EXE
332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2832	2376	G_Server2007.exe	29
PID 2376 wrote to memory of 2832	2376	G_Server2007.exe	29
PID 2376 wrote to memory of 2832	2376	G_Server2007.exe	29
PID 2376 wrote to memory of 2832	2376	G_Server2007.exe	29
PID 2832 wrote to memory of 2988	2832	IEXPLORE.EXE	30
PID 2832 wrote to memory of 2988	2832	IEXPLORE.EXE	30
PID 2832 wrote to memory of 2988	2832	IEXPLORE.EXE	30
PID 2832 wrote to memory of 332	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 332	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 332	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 332	2832	IEXPLORE.EXE	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\f499cd0fb5bc167491c154a9409ed741_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f499cd0fb5bc167491c154a9409ed741_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:1912

C:\Windows\G_Server2007.exe
C:\Windows\G_Server2007.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:2988
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\G_Server2007.DLL

Filesize
577KB

MD5
541148965ed725ec3bed3cb20ff72c74

SHA1
34bfed3e65eb7743af12b8a75c294a6a0ca645bd

SHA256
b8f4ce65f855a764fb5776d8641794ec0dd44d9124e639496a442e82b1cf71db

SHA512
220bd2e71835c146bb32c9e58e12aa9f36fda7008f5afafc0111165723033a564a31867a2a8979fe72353371b7c1dfb2c7f6813372dec668fea629adda5d5074

Download Submit
C:\Windows\G_Server2007.exe

Filesize
585KB

MD5
f499cd0fb5bc167491c154a9409ed741

SHA1
7e54931cc48d47bc1e0cc2d45cbd9d65c36d985e

SHA256
d6f4894aa506d227139cdceb46fb0103c03bcdb4d44c0898d147a2a32a0b60f3

SHA512
ad5c2ba8ff2ea6cbac10c8ac98ae5c3f738875f847bda88ef485a3a2360f466856b382a4a7966aec10bd3c0c1f03040245dd9dbdcdaefabb7620e4dfce1b2ad5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
30832b3410a6bc7305e1c9a876a292f8

SHA1
1bb68bca97318c82a9b350d3fed2aa30f66dfaaf

SHA256
84de45cdecb242eb7c0fcc56e7f84846c7481c8901a45f41c24afb7bfb4f5cd2

SHA512
8d5aaa01e8dd8267659d49ad6025a130f6b4b8578b892177e129531ac124b0c2a4e2ab58c71f543191c6a30f8e2d5b3ade7d1c118f9cb02e03d766e7ba5fa410

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c57ab87d0a662fb485b247e9343ae9e5

SHA1
8cc4d7da073e7017eac8933869283500ca85c99b

SHA256
ec63a6a05d2da5d88ec37b8ffa1baad3180d463143f8c17966c5400c8e72300e

SHA512
1a0f0d6c221422b7688e28f118d6f81e82f8ead865a72e6ff70fcb7d906139c80c4261a12ee473799421ada4dee2109f053488beeed740b6859cdba88b8b5615

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
839413606f4ba9c0289708e8d6d5bf04

SHA1
ce7e638f3174f0ae7d8dcfab677d140105f8ff0b

SHA256
d99a6015906508067a49ab8ef5781018a5de84c628705a2261a061a71c958232

SHA512
aa3f9c5ba7642494b3d115edb044b76ccecd4f8cc67595ca03abb8c6354e9b1106a50f387fd7c7688be88f9777cf8afa888f08ce76434a96573fcde0b1c37cf4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eb79607e7a00b45eec25394fba9e0f3

SHA1
50b7bdae6b12820d9856d2f8a874ad036c350654

SHA256
d78166a0bb6997ae03f672de6381538529048663e446444ad629a37eab46b7ce

SHA512
1f51b0c501333de465f843a4ab62f2eaeef5fccbcac3e3a902b1317047405cc8825829c06280f8defe4ef06d3937e413d4ed53bbc5fba134417f4b7b4cea60e3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87691e21fb725f2e43b9113ba7ade132

SHA1
3cc3c82828588a243143d004d13835d0d44552d1

SHA256
b6a6c724142fd5b7cfc562c4ed2e99edb7260693900ab8a5d604e9928be12706

SHA512
b95dd25aa05a61d4133ff122afa0633386280caf68dde58c972e61c5c58b6688415dd26024543c640d7e8502fd69c4ef47bad804732156e5c92ef51f4eccdd73

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39219a84ceea9fe45582df557e79b6c4

SHA1
65949a33d4ba57c35a47f8600c7b4a9483708309

SHA256
ced2fe61b69784ce7ecbab41e7301ac56ce15a46a0f49fd23c35b723b6a35f66

SHA512
b1dae00ab957edcf474b58d6cd7263f12b5196ce1964ea6016e1b53b4276198b966f8842853b70dac0e525704dea8c8ddffac21623d098d3505e75f7caa761bf

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f314bb44b89dfb46f4447a12dbd265bd

SHA1
85bbdc12b8bc5f62e29a8bd6f1e8eb25459f9afe

SHA256
f99e80d71f1887d93bb59fb0317633dca1a8d271da40aac965bb5f1f7587d09a

SHA512
7a9fd1a97b49f29955b7abb9f3def741e11d29b71b1d989d5c8ab170c3c824d2838d3d7e4afe02c239ee05f7204c5d6a6f1d486910b46ea2ed499aa94038b964

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec2682b1efb3eebe38fa4d606562d1c4

SHA1
b33d10514213183e7d697b48e6bb228dee7b3993

SHA256
582da44d7a7404499a755ddb691b91df77122085c06bc36db5cf56ac65913421

SHA512
542a7b58078c2cf99c9662f474441dea5466436ee514d43f4abc5b1e7cef314399d1b5b4f8ab35d372292d8102e0ffc94d9f78e3df1798c23b069143966f984b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fba90f000899f1deeb25f60cd04deeda

SHA1
fd7c69e25d7659336a0f955a67bd8282b0061147

SHA256
46cb68b8498897400214ab5a856dac083d4445d9d5d8d3b2abc35b0f5a57e1a4

SHA512
48e69f7c5b3533cfabb97d685045536887548e9fa246d7225130c4f101cb8a3b055d8f0a5ae47deed34a9c3588ff8356af969af3478a3c1720e0ba5fbe8c3c79

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e460e6eaf4e6965af5be1807dd2f7250

SHA1
0b452e446aa04da1cfd0830dd9e479500c134b2d

SHA256
fbe69f6061eb8979824cdea20ba4e2e6a5a9556a6abc49fb4dc4da6102cb7650

SHA512
15df588ee6d8d14c9af4da0eb0595e356277d3d045911f1b8d79b7d2133712bef5b3b2bfae2ff5ad1bb09f6979b6b68355b091b1cf437b807450f0644be85b62

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7756cd79e1f00f3c5547344f4d2b207

SHA1
6d00513913e4d188cc038a8a741cb0b92d59cc7b

SHA256
b5053decd96b45dea86baa4df4945eddcac191ea21649376b68c4a423859b2d8

SHA512
fd8b337030c3449b44ae6cf9277fe6e8def2ec30b69d9fe0218244ad1eaf720b3739f938492f4ba49b8d684919f8d3f25cdc958e9cada50a4ec9fe800eafa890

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c44eb8fbda2eeb6501fc0bf0a6487a2f

SHA1
ebcd923f09b39c20a2fd8091162b70db49a3e3a8

SHA256
6ec8e38e5ec453092cbbf827bac5b245f0dfb5b8fb6c8847c62351926ad8441c

SHA512
fedcd40421bc5162fdfae98b362af39f914e4e9f659600ae71b9639f656e51224647504b3d3a376d863ab38aca0c3d15da0ea28a841c4dc028b3c0a6cd29e5c1

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12709e3c9a2e05b67ecd5796268e7468

SHA1
43172a99f5190658f44be330cbbff26c002e8c0d

SHA256
15a23ba3f5fc73f90ba6b2657daaf68da662736da13a91226f943d95bff6fe47

SHA512
de1de462a44f85103a0b1cfec74ed80827c515ddbda7c1f77704dec865d92fba8e368ad8c2030eee10cf497df8590f671e17a1e51ff69a1dde244075b4b959c9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be39e10ca758ba7443f00a38581cd424

SHA1
aabb13fa8dba8a904a781babad9c4defd169f2b2

SHA256
b2afab9fc4eea01d5b4f8349f83e2e0fe26e6461bd6dce0e933db9807e68e74d

SHA512
f1c8e977246883af2b47e7f79f9f679b0de7c81f15c30fa57d803fd5bf031b00911936e89f8cf3b5d83965c8bce1f895a4679da86f92856d01ee58251391781b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37351ac15408ee6effc261b8176101b0

SHA1
eaa0bcfc1be1cac9d5fac03cef70ee971243480e

SHA256
be25c3afcc67d677429ae48ad06897ce6e194adc438ca205c2ceaff05b4ad874

SHA512
023666fec31a1f8bd5cb2e69ceabb21625fe8ec0d71e469ffc08ada61dad8ff67b67c32a7df62662eb0f3dda4e25719f84d2a1807aa9e923c3653f8241aed7bd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69aa7ed912b16e80191f2c1691ed1eb6

SHA1
2a95870951695d9e4355557d3beb96556dee7c7c

SHA256
117b41e6787f012df2a6a9be63ce81845c68d53690193af345187702df1fce9a

SHA512
e6c91fb435ed442e0ca3b6b0293177fb2bb2fbe1075eab97e6527dd7b33ff5c46835ca0d197db42e99ca1b2db5d471679ddb9f650fb1ccf698697e82510dbe81

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdb0d0866daead511f07946e86ed68db

SHA1
f3d9a1651b207a2ded3a7aca21dbe363b4b5e0ea

SHA256
e4ecd76e1e79fa8a637a060158c49f9d07d7c8c6ab24a5dc954d19e5182f0016

SHA512
6798ed44c46e6d4849948257694737f51db5ce1262d61be33eed2d2c232fb2a22b536872fb46ac42fc4137a914313e9f96160b89b23c86df05b3a95e1be07a54

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43e0c7c6393ec0b04d4c9e6c7a047cbe

SHA1
37aeb163b7a8a99e990ce547df7a67802be670df

SHA256
ee95dea18015cf1258baa2b838b192c7cb8ed60122408f1bc0b5fc38b64c95d1

SHA512
5fb9667a408f0385b6056c1b0119cc8544d535cb19ce1c44c1d2a2d4e18e58c9fd86ef5c2df5b03f2a21ef410358c1891b6339de551ebf4ed8e008106252cbf5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcb37a859f7a79472e7ec5f9d4522714

SHA1
f967fa72b279099b74b0f701dcdb3bcd8cee59c9

SHA256
e8af7093b945de98876b381c4f0422fc57feaea977a9576bd58ef1c1c6797b0b

SHA512
62deca2a180b80478eac70b66bcb44d6292cf2e831d6f49540adb1e202ac9f9ecc69d79a52dc78fa3bcab2f5467cef3009e509c4d157dc6b792578ed721c4104

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
43146a19c13d4f4cd60b166c2a5764f3

SHA1
3c2fea043266eb56ceb21cdb8746c14e6eace7ab

SHA256
91995221d028ab5be4bf05d17c20d9725748f4b20d2a68fa33f7689969750b19

SHA512
7df1b614d83364ad727805c3a4b82c7904808c5905287b60a2fcb6558a852588dd674e05ff896a82793c28b754239ecc21adff89f2c214c0e1d60d8e84dc368c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\Cab1DE2.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\Tar1DF4.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\Tar1FDE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Windows\Temp\www1297.tmp

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
memory/1912-30-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-26-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-41-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-50-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-53-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-57-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-58-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-59-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-56-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-63-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-64-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-62-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-61-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-60-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-55-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-42-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-75-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/1912-27-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-54-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-52-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-51-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-49-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-39-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-40-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-37-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-43-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-36-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-38-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-32-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-31-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-44-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-29-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-48-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-28-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-0-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/1912-25-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-16-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-45-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-47-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-33-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-46-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-35-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-34-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-23-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-24-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-17-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-20-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-22-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-21-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-19-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-18-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-15-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-14-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-8-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/1912-13-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-12-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-10-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/1912-11-0x0000000003250000-0x0000000003350000-memory.dmp

Filesize
1024KB

Download
memory/1912-1-0x0000000001CF0000-0x0000000001D44000-memory.dmp

Filesize
336KB

Download
memory/1912-3-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/1912-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1912-5-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1912-6-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1912-7-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1912-9-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/2376-835-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/2376-811-0x0000000003730000-0x00000000037C7000-memory.dmp

Filesize
604KB

Download