Analysis
-
max time kernel
143s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 22:46
Static task
static1
Behavioral task
behavioral1
Sample
abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe
-
Size
334KB
-
MD5
abd5737e0bda9e6146a0eb31d7af51a2
-
SHA1
a8a37be6e078eb7c56e8b28449f39f49e5974f93
-
SHA256
db6887835f962466e55411140bc58905948252d695760999a713bcfbc08954eb
-
SHA512
0734f234c45120b781d1d08c1e655f8c309200632d94394de7654532c1f596373a22aad82591249d6527b50f2874a047f5ab141684cb2a568e622cf7ea989b24
-
SSDEEP
6144:L2hCvdxeH3yjOjrEL8fHXF8nTlTdkw7nH8/:L2cdx8Cif/eTlFnH8/
Malware Config
Extracted
gozi
2001
http://yyytttkkk.org
http://185.49.68.106
-
build
214071
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Signatures
-
Processes:
iexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fd7c528d6f32de6749038f1addae6818eca53aee19608eda87bd70fe3244b664000000000e80000000020000200000004d4cfe273f41bf21030ad8af80509c5f8f7e510840fb594854ef53069f962a8b900000004687d9ad80dad5542acab7372206638b9c0945e070871b380ec71fc459f4038b6992b10ab323d42e3d487d5268a01909c73a89c9929d148d1476e47dd53bfa2d70c0344f7aa75784e876d76b2a1e1e784319605b2895c4ebcaaea124b903d8d1ea3f052819d1b282d51cd3a1016a50faf308d7fa61c4ee7ac54a5752e21089f0b15d78b664d0f940ee0eee381d059ce640000000006eb268b6997dfa43df70b823d2f535ea6a5d731cdf0223cd17fbfa7dcb502a632ef0b61cde310f34d2d6497e16fd293939f89e85cc1ab38a0e6ff37971ec95 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F46466D1-2A9F-11EF-BBA4-D2DB9F9EC2A6} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000004337625a344f59e50076304bb38475b48ba3077b698707980586624b65de90e6000000000e80000000020000200000000a3538cfc0186cec340bfb3030a15acfe66dd023806bb6353ac0e6c3c2f4ed00200000001561df026faa6a395cbef02117bd683fddbf8ea30a9a4ecd2cbf7be1fc46bcda4000000000a7dbbe78064a5b7c7e012f37b898b770b234e2af9f3fffb5aeda8d1d7f81a5ce26d050212598a2c8db437ddcf64c8baf60d244c0e06624ce5c5cbf4e6fb6a2 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F1E34F1-2AA0-11EF-BBA4-D2DB9F9EC2A6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8003ebcbacbeda01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exepid process 2692 iexplore.exe 1856 iexplore.exe 1072 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEpid process 2692 iexplore.exe 2692 iexplore.exe 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 1856 iexplore.exe 1856 iexplore.exe 768 IEXPLORE.EXE 768 IEXPLORE.EXE 1072 iexplore.exe 1072 iexplore.exe 556 IEXPLORE.EXE 556 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
iexplore.exeiexplore.exeiexplore.exedescription pid process target process PID 2692 wrote to memory of 2700 2692 iexplore.exe IEXPLORE.EXE PID 2692 wrote to memory of 2700 2692 iexplore.exe IEXPLORE.EXE PID 2692 wrote to memory of 2700 2692 iexplore.exe IEXPLORE.EXE PID 2692 wrote to memory of 2700 2692 iexplore.exe IEXPLORE.EXE PID 1856 wrote to memory of 768 1856 iexplore.exe IEXPLORE.EXE PID 1856 wrote to memory of 768 1856 iexplore.exe IEXPLORE.EXE PID 1856 wrote to memory of 768 1856 iexplore.exe IEXPLORE.EXE PID 1856 wrote to memory of 768 1856 iexplore.exe IEXPLORE.EXE PID 1072 wrote to memory of 556 1072 iexplore.exe IEXPLORE.EXE PID 1072 wrote to memory of 556 1072 iexplore.exe IEXPLORE.EXE PID 1072 wrote to memory of 556 1072 iexplore.exe IEXPLORE.EXE PID 1072 wrote to memory of 556 1072 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\abd5737e0bda9e6146a0eb31d7af51a2_JaffaCakes118.exe"1⤵PID:2872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:2700
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:768
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5096b303bcd5e0ae623611362f5b98cba
SHA1f5b783d1b19ab7cd4e95095ce805651ee3203cd8
SHA2560a89d9d07d3e6ff4cc1be4df559d1351b8a5bdc93673a8ecdf9768efe95b2aa4
SHA51272fb9bfa3c5443fe8720979d74f10338190efa090393ec1c9be28536d62192b7b0237527c146f662522be3ddd1518a9c5bebe6539c5332a6afea52e17980b264
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5640b15ca83f77916f55b3614e0e41e83
SHA1ca410f52b3cd4444b45c0c2c308cb06cec7b8334
SHA2561a3804bab17dd09b108f29299670bf3f8f4c3d0a5550bbca53259e3de1fd4194
SHA512e4126812f8ec9663d8e718790c8e281f0dd7afddfb6f2e74fa6c993f0f0f2f5c5477ee54497e7892ce356221c2d872e624b9fd72fcc80defcecaeb4c446027c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58c13b328d6cd952789a10da76557958e
SHA17ce6f56f15820137851428f528f910fbfbd78630
SHA2560e5098ed9c3d994490b4cfb7f096066ef417345ca64f60146fdd1c46971ff434
SHA512d49de9dec59c3980968a663d715d1b9ecb4b58c98c54093353ed3a52773a84a7fecc22db1d4c275af7fbd72d43dfeede6e71e25f273104f96bc04e140b0c35c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD564a1d6075702232f176ee38368f984bb
SHA129a721277394fd69efa46b3bff9ebb71a63d2026
SHA2564bb18c19b10369711873cce70c1e1493b9068b66249c4cbe4137ba3323cb909f
SHA51232112dc40786fb2ba69038c87f5d6a63e984443e105ab7182088d1cf521d645121323ebfbd74c32176141178e5a87e01c3c6ff3cf5fad1e4ae454926c1494b59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5459e061c578c300067940462e22a5a35
SHA1d34a61c33bf0ea4744d94f726243d35811f2f65b
SHA2564a17d0441260201faca16f6c5d22e4c822ed9c523ee27f653ffc9e53c852f9c6
SHA512c9f795e6248a78c70f90eae40bf5d5d9ef2d35e2537cb3f8711176ddee5392ee64238f2898d1b8f4b2aa201c2cb186535eeea69c60b92c9f343be3467968a903
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b543df49dee668bb7bae598e7cde710f
SHA141dcbf5036064bdc75df6abed62c406e2f1025f2
SHA256ec409fceed0584685d7de5050bc7d9ca00c698a664a0ab6e96bb4845ae7d82e0
SHA5121e0b4a44819e943ff7469b6a630bc7522ff520ba67fbeaf7f1ca8c277492528e38b323a982d7825e6592b97801e63878ff21aa6dae87dd7754e28eb6f4f00df1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5f1b3179ab76dc250cc35fd2ac09bb919
SHA1fec7d618b5dcbd5ab70a52b1e97a5b7f547154c9
SHA2560607a0a94f14fabd249bde498dd9a497b7b5d6ab649cfc4de37d041b048e46bd
SHA51217fc017ec534663c61dfd4d601c87fc03a1a678e1cc16793bcf0bdcc0d1ee1833d22e769b17a73c583f239390c3cf094e4307d6d597f733b967898a3b764c2fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD502912a0e4800d3e5f4e70af068c7c618
SHA1d2b53e82c24d15002452a43c01c690f2bea4f5eb
SHA25694b8d9d8eacafd27f8eaf42a745b769189eb2b54fabc7bdcb63a2fdd7a718a8d
SHA512bec0e91476f3a9b202f52f14686c056095bc63ca1bacb405986b88c41b1e6efb786ed9bc315221bac27305f5fb907640f5e68953f0348961d8e66122a60b9290
-
C:\Users\Admin\AppData\Local\Temp\CabA8B1.tmpFilesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
C:\Users\Admin\AppData\Local\Temp\TarA973.tmpFilesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b
-
C:\Users\Admin\AppData\Local\Temp\~DF1A08FE550C2BCEEB.TMPFilesize
16KB
MD5d496cde30196ee4387ccfcf35d9af0b3
SHA1ef5ee4d918ee7f60a943ca82fed4146dd07170a6
SHA2564c95047d8cea9bcd9cdc0ac0a88d5cb801880bf4c5d91a62237ad461f01ad8bc
SHA512c6566d198d2d6c2cbeb21add50f3779ff98cd474b868341c1cfacc25dec3c183ce3e3cd43d3c6e7ab5aa63f5b2121d948f35e61b6f7bd781453a1772293048d5
-
memory/2872-0-0x0000000000E00000-0x0000000000E64000-memory.dmpFilesize
400KB
-
memory/2872-7-0x0000000000220000-0x0000000000222000-memory.dmpFilesize
8KB
-
memory/2872-3-0x00000000001F0000-0x000000000020B000-memory.dmpFilesize
108KB
-
memory/2872-2-0x0000000000E3E000-0x0000000000E43000-memory.dmpFilesize
20KB
-
memory/2872-1-0x0000000000E00000-0x0000000000E64000-memory.dmpFilesize
400KB
-
memory/2872-396-0x0000000000E00000-0x0000000000E64000-memory.dmpFilesize
400KB