Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

faddc3f2bb...18.exe

windows7-x64

7

faddc3f2bb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faddc3f2bbd29804c67442c527a45890_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    faddc3f2bbd29804c67442c527a45890

  • SHA1

    52076fedaa0592bc81bd4bfeb7cfb90c29db473b

  • SHA256

    5a9d617e78467db2648608417a550c0cd2072708962d8afebdd865d08f4ae13e

  • SHA512

    764da64df51ddcae6641c9f267e4c00752e13e73cd4126196fed74f790deda1e98f4a0e33dd111f65d302c1a79ccddb1e89f4d1b2a1fab643f20f81c77ec70d8

  • SSDEEP

    24576:FHLI4YHHEmomR1VN0F6tr/OzBBSDrz1nPTdgdXrdBHLcsH661S0C0xytR:VAkX0N0gtr/AShnUBHLcsauCJR

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 54 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Users\Admin\AppData\Local\Temp\is-5JQNB.tmp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5JQNB.tmp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.tmp" /SL5="$40214,1119550,51712,C:\Users\Admin\AppData\Local\Temp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:572
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\System32\explorer.exe" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
        3⤵
          PID:3004
        • C:\Windows\SysWOW64\rundll32.exe
          "C:\Windows\System32\rundll32.exe" "C:\Windows\vistaw7\comrundu.ducc" message1
          3⤵
          • Loads dropped DLL
          PID:3728
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cdjspaper.com/
          3⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2032
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2aa346f8,0x7ffe2aa34708,0x7ffe2aa34718
            4⤵
              PID:4188
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
              4⤵
                PID:2440
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
                4⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2956
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
                4⤵
                  PID:644
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                  4⤵
                    PID:3600
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                    4⤵
                      PID:2912
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                      4⤵
                        PID:1028
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:8
                        4⤵
                          PID:1684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:8
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3136
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                          4⤵
                            PID:1864
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                            4⤵
                              PID:5116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
                              4⤵
                                PID:2580
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                                4⤵
                                  PID:972
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12037518300465564974,13282027079053727569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
                                  4⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2644
                              • C:\Windows\vistaw7\KAV_97_10.exe
                                "C:\Windows\vistaw7\KAV_97_10.exe"
                                3⤵
                                • Executes dropped EXE
                                • Modifies registry class
                                • Modifies system certificate store
                                PID:976
                          • C:\Windows\explorer.exe
                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                            1⤵
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious behavior: AddClipboardFormatListener
                            • Suspicious use of SetWindowsHookEx
                            PID:4036
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:4224
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1632
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4604

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_5670351899FEFFE1111FCD3D8BEA636E
                                  Filesize

                                  5B

                                  MD5

                                  5bfa51f3a417b98e7443eca90fc94703

                                  SHA1

                                  8c015d80b8a23f780bdd215dc842b0f5551f63bd

                                  SHA256

                                  bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                                  SHA512

                                  4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                  Filesize

                                  330B

                                  MD5

                                  fd222fc8bd117e85746730f20e526a54

                                  SHA1

                                  abfc94fe731ca91491c437b93f3f64710d014e1c

                                  SHA256

                                  e27265f475366f5771def4dd4b2f4711803060995850b161b8e5d07facecbfee

                                  SHA512

                                  80274c592e910188a975d674e873e134b390ce56b0ffd499fe7d55e2465eb946988ab78481673ec0ab44591a85a3ea7519e3dea200ec0d09cde554fe4ae84918

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  7e0880992c640aca08737893588a0010

                                  SHA1

                                  6ceec5cb125a52751de8aeda4bab7112f68ae0fe

                                  SHA256

                                  8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

                                  SHA512

                                  52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  5e2f0fe48e7ee1aad1c24db5c01c354a

                                  SHA1

                                  5bfeb862e107dd290d87385dc9369bd7a1006b36

                                  SHA256

                                  f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

                                  SHA512

                                  140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  120B

                                  MD5

                                  96bfa2fb47e49a55a98eb522b70f4003

                                  SHA1

                                  df9d18d730acce6a3ac0cd507058cfe93407cbed

                                  SHA256

                                  06d1f7b0698ad635a7c6b7f209790f43f7db8c4e9702244aa68ed71f36b6f8fe

                                  SHA512

                                  8cc6afba59224359c4a7d06dad48a0c0f3d187137682b22dc6da16c736253a2987c36e99f70f17e500ec610f5c241437aa1216a5b67938015689dab4228a5c1c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  871B

                                  MD5

                                  4ccf47b383bafcb9ca4bccfd27203c19

                                  SHA1

                                  18bc1dc1cdc36a9957f77980d51e597422840b9c

                                  SHA256

                                  81b511bc7e06d7c5cd3a37ca40077b84fe19185e02da4e9ecabb63ba75c61783

                                  SHA512

                                  7199f61b3782aa1ee5c19fd8537bd123205ac13916f78fe0ba5406ff70bd5fc6c4993bf9eb7a1d46e2a7e865b979cb191f9370c09149f2e116b88baebc1966b5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  871B

                                  MD5

                                  d3d93671dad51dc4172a82134e588830

                                  SHA1

                                  e923cc478be1199b2c42be44d2e9ff8d27975c6a

                                  SHA256

                                  981c1c8ca9072e75272506028524786e124dee22c4db805ec8de1e66174a8406

                                  SHA512

                                  8462f86a8df940166647ef1935d537287668bce216faa9ded31f222cce198d6c312bd0e42ab6e22092f5e339e8908db3a5899961d05f3538e90b48484ecdbf9d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  15233cb6d2c37bd020dd529ca8a1f2a6

                                  SHA1

                                  ef4605fee53858f5530a9f61cab5115748bef510

                                  SHA256

                                  520195943cec43255144be2bff45c126cf0ac9eb6dc1a223d209959946efb393

                                  SHA512

                                  dd43a906e2b8d09d2aa1b83dcb97a1e57b03fc2f7728f2eeb536170a532b5fe9eaaf0a68f0c5d150cadca3b74b0ec4f71f30f8c62ce937388a8742fd4ac3f658

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  edbd0219581cfd8cea6809cde18222bc

                                  SHA1

                                  8199f5106e13611c9ac38b50a7e1265b813da7f2

                                  SHA256

                                  e397e5dc5677c563177cf11ad79fb3d4581101923b6d780bf1d1c73787c78ce4

                                  SHA512

                                  d780b187d0c3031c20190c6c903b692dbc2df0ffadd9edf366ce44f6378d62a9b8b98eb5b89b61d4cbc465157e0ab5c17fde2916c3cf04caa605f46f66d0d0a2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  a15667ed660e11cfb5ec33ed16302cd4

                                  SHA1

                                  91943e241c9e6ee7db2986e192cd9791b7ab252c

                                  SHA256

                                  e883f27523ba98c8c141495475f10c24e37788571f62ad5ec5a36a1aac48dc6a

                                  SHA512

                                  64cc04cc60fe669fe02201f1aa2afafa8a27a16fbf1f1a29823847a848c8712e1f03a3d762ed9543932c6b2fd3e003f53e1ba039e6dac4ffca08b5ea3aad27ab

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  6052069eec3a4161efd0438b58774ea0

                                  SHA1

                                  5933ef77dceda128001458c4287f89579e9110b0

                                  SHA256

                                  c73b88395867768485ea319dca1b55851fcb118313860d6e202a448ecacbc529

                                  SHA512

                                  8cbf7ed070868fa0d4563b793a3896ea4f2e8221bf7c765ff68169bab8cb3911b5de4eec17d4a3de002476e4fb39bd54044222c594c3f09c34f54646bbdb1732

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-5JQNB.tmp\faddc3f2bbd29804c67442c527a45890_JaffaCakes118.tmp
                                  Filesize

                                  705KB

                                  MD5

                                  eb494bad9478bc28c4f8fb7fd7778445

                                  SHA1

                                  1b3e504108b39c6978e737e08d4cbd2c22d95e86

                                  SHA256

                                  e1af346595829eba017ec343cb179dd217b7991fb322cc4e8f18bf40ef8f941d

                                  SHA512

                                  8b14a9c14185d5afaba7443bf43cf14371ef3c3d524de00ba850f07952d1d18abdc62118cc4893ed2fa66570eb4098d01ba338f0cc00ae19be7bb697dc8d9f91

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-GN7A5.tmp\InstallDll.dll
                                  Filesize

                                  442KB

                                  MD5

                                  853a849864b0a11962f27832bb3cc84c

                                  SHA1

                                  dcc4aedec6a3c56483979ba4343067066c4fe0e4

                                  SHA256

                                  592c77e4ce824e191dce77ae631285443e7c2e53783c7211fbdebdb1b2af5cf6

                                  SHA512

                                  e93a2a4ade5d43dc05e2ae3ae58183e6bbd578b1a106cde6a4a8380066d9a40fd502f3f237e402a70e061afbcd9965ae45389be51e9958e65e30d92b44fab497

                                  Download Submit

                                • C:\Windows\vistaw7\Install.tmp
                                  Filesize

                                  866KB

                                  MD5

                                  dfbef39d176da6636249d8583ddcc96d

                                  SHA1

                                  7c61f1c649ee3ee21a297bb59d0c8c093cdfdc7e

                                  SHA256

                                  837503486e5ef9cd430cbb2939d29bbca76491450759a749b69ff4619d9cc175

                                  SHA512

                                  f50647d70b360698d404248ace1a18a9d25a3d9fac88715d6d984ab15ce644b220754b177bacb14b20e1eb773cdf4a1edec1efac834a1b76f5e71f036d1f2640

                                  Download Submit

                                • C:\Windows\vistaw7\KAV_97_10.exe
                                  Filesize

                                  677KB

                                  MD5

                                  e473d4d66d043c5ef07b1bc80af31e27

                                  SHA1

                                  3b33cbc5fda3ded92434f450fbdf34c9da11f541

                                  SHA256

                                  f7108dcf904c5256d8904ac2f9bc8cbd1e545dace38b4cf0210d9c3b7f10c919

                                  SHA512

                                  4f3be6f4c3ee89d8e13928ddf22edfc09c55b1a0149b8c50d4aa1999183d33ba9273dc6c26a620b40954391972f91381a7d73bc3d1eeaa8e414f232bb20b7ba9

                                  Download Submit

                                • C:\Windows\vistaw7\comrundu.ducc
                                  Filesize

                                  381KB

                                  MD5

                                  1a0cdae51e615380089b0c953db3c70d

                                  SHA1

                                  867bae67c4fb300bb30d0ac502864ebe8a0a634e

                                  SHA256

                                  c8c6ed1345a13ff90a4d08d6b0852f78423e8ddc69ae8910ce7ddae65b165451

                                  SHA512

                                  f0ffb1c91a6e771ac9256306d529b214c2a65902911422e6d820e4579fee5b02166f99725551de65b819dd0f70ebf57b641c6b3d50f333a1c3082be8afe5dce7

                                  Download Submit

                                • memory/572-43-0x0000000000870000-0x0000000000871000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/572-110-0x0000000000400000-0x00000000004C1000-memory.dmp

                                  Filesize

                                  772KB

                                  Download

                                • memory/572-16-0x0000000003A60000-0x0000000003AD5000-memory.dmp

                                  Filesize

                                  468KB

                                  Download

                                • memory/572-9-0x00000000007C0000-0x00000000007C1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/3292-111-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                  Download

                                • memory/3292-0-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                  Download

                                • memory/3728-172-0x0000000000400000-0x0000000000466000-memory.dmp

                                  Filesize

                                  408KB

                                  Download

                                • memory/3728-46-0x0000000001370000-0x0000000001371000-memory.dmp

                                  Filesize

                                  4KB

                                  Download