fddb4a27e827e2abc8e1609f3ce140f0b6d307252a498fae6e93a0d420794e54

Analysis

max time kernel
142s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe
Size

645KB
MD5

022b37703b2b2549bea3bcddac23ace3
SHA1

8b822c8531f768fd6b18b4cd1839f519c882cc57
SHA256

fddb4a27e827e2abc8e1609f3ce140f0b6d307252a498fae6e93a0d420794e54
SHA512

fac0e0a5a637b19cba9a846f4453034db2c0248eb96327bd8ac729d01d920909e9ff9443914bcbac7eeb2f5b355f9d81969233d8c58ba7fd55a5e947a1a0a2e9
SSDEEP

12288:YS9U0BFtvsPUkGXgDkmBxAJmKVg8zThh6XQ1xo4UA3fTX3N4:5VXtyLGwDJkJxVVzXIIxo23fTXa

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2740	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
956	ck2007.pif

Drops file in System32 directory 43 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F0EF9C1-2EAF-11EF-ADBE-DEB4B2C1951C}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F0EF9CC-2EAF-11EF-ADBE-DEB4B2C1951C}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F0EF9C3-2EAF-11EF-ADBE-DEB4B2C1951C}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F0EF9C1-2EAF-11EF-ADBE-DEB4B2C1951C}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\ck2007.dll	ck2007.pif
File opened for modification	C:\Windows\ck2007.dll	ck2007.pif
File created	C:\Windows\RAV2007.BAT	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe
File created	C:\Windows\ck2007.pif	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe
File opened for modification	C:\Windows\ck2007.pif	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Connection Wizard\Completed = 01000000	ck2007.pif
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@ieframe.dll,-12512 = "Bing"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004cc3897cec3e1b45b2f058a5415b08b2000000000200000000001066000000010000200000004ab81d1a8bf5725725a5ba39254c116bf03bc418b1c6af5a5a5dead3b9753795000000000e800000000200002000000015bcf1f352e982e705c06ac09657951c832d4995ef85eeacef6b59c9dc215f2c10000000cf61d7df5bbe5a146be12dbd64d843e4400000003c2a64cdf6f0f319e3a78d25d8a56c3ade74d6f8a768f31943ac409b95d389db42b85355405c879f4f27e546501430ffb2060ac01f238035391c6bbebc0a239a	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Time = e807060004001400020030003200f802	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet."	ie4uinit.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF = 0100000000000000a052a061bcc2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9F0EF9C1-2EAF-11EF-ADBE-DEB4B2C1951C} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Suggested Sites\DataStreamEnabledState = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time = e807060004001400020030003800c601	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{72ED0A34-C3F5-4B9C-8552-D0BD2CD19954}\WpadDecisionReason = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-40-64-3b-f4-c5\WpadDecisionTime = 60074863bcc2da01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{72ED0A34-C3F5-4B9C-8552-D0BD2CD19954}\WpadDecisionTime = 60074863bcc2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Setup\UrlHistoryMigrationTime = a052a061bcc2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time = e807060004001400020030003800c601	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "1ka9b3k"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "2"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
956	ck2007.pif
956	ck2007.pif
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 2416	956	ck2007.pif	29
PID 956 wrote to memory of 2416	956	ck2007.pif	29
PID 956 wrote to memory of 2416	956	ck2007.pif	29
PID 956 wrote to memory of 2416	956	ck2007.pif	29
PID 2212 wrote to memory of 2740	2212	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe	30
PID 2212 wrote to memory of 2740	2212	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe	30
PID 2212 wrote to memory of 2740	2212	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe	30
PID 2212 wrote to memory of 2740	2212	022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2752	2416	IEXPLORE.EXE	31
PID 2416 wrote to memory of 2752	2416	IEXPLORE.EXE	31
PID 2416 wrote to memory of 2752	2416	IEXPLORE.EXE	31
PID 2416 wrote to memory of 2800	2416	IEXPLORE.EXE	33
PID 2416 wrote to memory of 2800	2416	IEXPLORE.EXE	33
PID 2416 wrote to memory of 2800	2416	IEXPLORE.EXE	33
PID 2416 wrote to memory of 2800	2416	IEXPLORE.EXE	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\022b37703b2b2549bea3bcddac23ace3_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\RAV2007.BAT
  2⤵
  - Deletes itself
  PID:2740

C:\Windows\ck2007.pif
C:\Windows\ck2007.pif
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:2752
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\RAV2007.BAT

Filesize
218B

MD5
108ed864a2d3b855cd65cebe83964a17

SHA1
9dfabd22c1c07a57cefea98c3d1ce03b2096c14a

SHA256
e36a08e21732202ee843fd80786b45b1325b196876500234f055e67885a8db21

SHA512
7ea111d36bcd1b58b4a3a783a01387950c66a12a2b2807a4f0bf083be7078e622b772c1307424b4aabdebd2a8a34017e33b9864d1810bebefaa54916c4effc02

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
91e6387b6b3633238e0888db7bb7d986

SHA1
d179152dba4320209b95e55fa6dbbc4140740be2

SHA256
bb27408f00d3c97464697e82a3186d9008b83cd4f9cd15a0a93761228285dd74

SHA512
3775de162df0357101a23bfa48bd178c3c1a8948d22eef04828ccbc08756197fbb5ee28d9e785340b3bb0d2f39b6979cc1e8f7d713013e0b1f417017d3d3672c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dd5e40ef03dae2d863c9b48f8d24f98

SHA1
3f41c46f28283386c6a118a87a353d2722dd367f

SHA256
5c825c6a327e6f85957c0fc7b3551bccf9cb1fc1abea111fe6f6bc4d2098a962

SHA512
86297e8933896e1d041157bf79be85f970d70cff64adbedfbf122a5389d651599bf3bb9745c2ac8bb81c155b5797a1d8c94d0fabcec3e5e18c928713dd0e28b8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b16a3606a5f50d88a6dc7fcce7c85ecd

SHA1
630fa70872442679ba65888a127353c826c1b9b7

SHA256
aeaa52bf4507cf1daae8bd7282c77e8ea46aba94b0a9e7486068108de935deff

SHA512
4dc4095c692c59051e66f9d2993e1f1115f06460d4d3826e241fe46c9c0f3c29839ed1d31f4137d898ea372ad355e19a058135ed53669aacc661210ec34e2bfd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
631dae2cef2dedcf46df9339bc32d8e1

SHA1
a01f685ba2a8238235c8f7b3a8dcd915a7696616

SHA256
1f4d6309764daa45d8d597377b319ae7b0e238929288a313c3da104964148dc2

SHA512
f5370aa8f53a463f9eaf58b8c320f50ce7eaaa7f2ec7c45189114c67a1234585dcc9b0b659f741117b5b441f10e42da2f14b1f8685aaf5533c73f0b90ddf8540

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
373c9ed6d1cfedebbd67d6aece996487

SHA1
73213ecd0d6d153c5b2c09cadd61c03b75ec8e13

SHA256
0980a19dcd32de38be6ac969d5534459fe689d1b686a589e35dfb0c2f054078b

SHA512
7a63ed4a6cc317c3e94ac41a48715f9eeec6f19f163c628bf11f69dc099e90a78efe4bec75a191def3af65309d3012ccd68f6a960e6227aa326a2ca22e28643a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d2f150adc06df2b6af260fbaa92d429

SHA1
ada20c6d4e2edf0c3d9082024e5857e2cf083fcc

SHA256
00b7feec10451d990c7b62d00dd37d4d1803bc7a05045a3330c0bd64f27bc884

SHA512
9de591f48d7fcc321cb8032cec9564a50647461c3d485029192b880994ecfe21fd40be5ef103679c571a30e7eff77c4a1e74fcfd8a307685fdee3b7dc7409cbb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72b76f723a4b05cff96d1ab91fabc9cf

SHA1
f49792eacce7e1b5391442cf441ea207004a9a69

SHA256
45f908ad0decd1954cfc4dd6b5a5a22fdb2ebc67cf6183cb3bffe34df52a8b8a

SHA512
bccf21edf224ca53b4b28cd685c029f52e8cf1d4e782bc6ab28dfbd810c6fae3c6d972fa6910a5b5579fe1b9282d92886a53a213643d5025161ce68ca62396b6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edea45af7229ce9140beb41dd70efbfb

SHA1
02493ba0ce2001f6930a90fb6c1e3bd68caab8dd

SHA256
cf3ff8cdd8f1438969ecf3a3e1a11919f5116b9add477b324f41b98bc32388fe

SHA512
2f88409dd45ca72f39867dc7f7fba60411edf6a62977a1e1cb0b35fa8dce33324be11de938ff12e8690bb49bada1ce18a731fa2a4830c2e36d8c128d22c829e8

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5da818795e37168b3d9ef5f144ff7e74

SHA1
7dabe24c5812e65fc5f67d89bb75e8edc92416a0

SHA256
18439434b32833c28adb194390919d6e5c0e679854e513b5dff0dc51c3cf4f88

SHA512
30820490d11bff6c7e4f50c9d57ba5160c7a1660ce1be0d4f997edda1e4a47e344a1b6d86cc7d7eac30fed2c0841fa40a90525612bfedb2e0f76c020e1935b4e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d3fa5720dd963d218864280c016e8b1

SHA1
a61bb67551cd5555d8ba5a9d08dc95a270311a27

SHA256
7d46fa76be53ac1558cc5da4295345fc3bfa48654c452dbad6d144bbc9f431bd

SHA512
1025f5ad25ed5cf617a8c4d1a2b04ce3f2229eef0b4a2e692f55209e1a10056f45ae7f16243036c037d5c1275057b5a5f378730728012a914dc4c015d0c890b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
566845f36447602f8101f6a3575a4a24

SHA1
4fa5e20dedc153e4a0ea3ef092e05a1373e7adb4

SHA256
48de3197f57f218535ca67b9610ac7135cea7a922618086788c82522109e3d32

SHA512
fdda5d7fcceb62ae0573cd20335725e70c97c1d5ab930377e8d3b60f177717b7437f61f1ee0d3bda9cdf21c22a3c62cc5575b17d3ef9a731112757ae64c9d263

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cfe73556fb57bd586697023b250aa74

SHA1
b2484a526c3a32abe874ab2e0c21938db23308d4

SHA256
d9d2b9e1f1f12776d02b47664d435cba5da2ef008479b6debaf3944cd3220223

SHA512
18460623fd93032178e1f4939a1ce020d906fab6635a8eac2c685fb34999f6900668c96e5c6f3e9b335bfe78a0946ae9c58a26ec9b0d03d4ce65121a0343da40

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d3e6f6825aab5c99050974df61e79f

SHA1
36e70fdb723d387a5a2318b910fda740483bdc47

SHA256
8b2f3b4be7c65d4e33f552d872d93375f633f02187bcf805d1e0b1c8901061e0

SHA512
aa17a3285ef3a4362fff71bbef440cea6f90d2f9e5724a0546707777133ded0abba88978e01d92b4ea61507bcfded667c6ef376d8898d8d1391a186d6262ea7e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb2fabf87a09d9f9086ae86218796238

SHA1
77a456327c6a2636ede6a2733175d3b594142007

SHA256
97b17a09d86a84503edf10ca367004dea0e03ae1f85a84fa7b319a06fe7e9ff2

SHA512
5e7c31cbc987275945477b1dd925647257be0134836e163969db4bfd111da993fdeacc2ca65a39a4f8a5a915f4b5d9ccf923f6ac6fa2932837e401dec03c5c22

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3efa8eb89e5b9b5248dbbdbb97b0d0e

SHA1
5daf4c7d122e2b50aa8fd0c5656231ba859f53a2

SHA256
dfd0c0f9d55a1c3c4d45a486fa2c86498d22bc9f2b25d47376253bf46e2be8b4

SHA512
5ddadd9d0f6a683b35afb79f180001168bf320073edc8655eb91c23ba461651d3eef0e66e730e737a74e4ea543f18635848bda0b4af31a5e44a0e13d49242d8e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5feb46f697b075b747eaab89d773dfa4

SHA1
4ed8dc5fa3cb8010cd50f65080c32bab1cc9db78

SHA256
524da79a978375a0ccd96e28b38c174389411ac475a5839f788f816df09f3432

SHA512
4d5f8a1b32e57c1c0c0b9a68c1ef81bed0a692cdc4c9e2fc130376db444f809e1170b35ec0d7e41f1d44a69daaecb0f5c9da83b0cfd4a0e733887db5645ff9fd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5db7ea7241bd2b5207c0fd4dd5219ee7

SHA1
8343416651921c4243553f3945fdf78d051381e4

SHA256
78b08f869228ae82eb967e5f698afca11021f084b85446b1d670606c61f6901d

SHA512
467a34f0bbaa5c5c747536ef29db799fcd6b1dd1030ad404ab0698ad8d36035562b783049a0f5bda31cc6c0f02f53f79fafc0ca7f58d025de48d31763aa6a99b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d31267b586c8a2c728602a55d2325db

SHA1
331c16e493bf36cbef721efd3d73b892e89f6e19

SHA256
4cfb8af733f0d2905de7a70fb919e4b637bc7930aa3c2f72066b81b4c4f6b017

SHA512
eee923890b62d4fb9bd49bc97c8dddb3ea56840c6381ebc4180757196c066d48167a308c69120e7064aa96184dcdee5b6348dccfcbf7114d753dd620025dd5a9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17007758dbc914164f9c4c11416a953b

SHA1
72a06d3ba71e303615cb118cb500d14a12918564

SHA256
a73bf43f14a9608bd813e519411daec94adc61db3ff14292364079ee4c9075b7

SHA512
8d3e8e6e27771b5a2529314b81a70d266ea4b3407b303d78de2e1b62fe5d7e2d66099eb09c869c3ef3c2474048884722e0922946b6b58baaa836d0b93d2bb528

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cb86816093d5779314d90f90df9a842a

SHA1
14680aa2f56533673a3e9fd0f2c32a0cc5fa4acc

SHA256
f4eeb83a05b87b58097d6340ef952e03d327b291a9e5e2e996e7d6f94c589d93

SHA512
219ea3ce029b51c3c08b9dc71e92db7a5bdc019b02be871addd79d8b0428decea4bdba360cc93020a9d0acd685035e43c32fe134606263a1bd7bed995b3ca4d6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
174B

MD5
1971d71c62ea75c4f433476600caa4f9

SHA1
428e9b5498ba9746c123ebf3ffd86a14f73878f3

SHA256
3f7e7774532126e2c175de962ce9d620471f4ac75463457e1b93ab615abd4de4

SHA512
88667b670c3ffc78b442e0767ca0ea2c1409b8a2c5f18e69496831f7bfa7496e54843819fe725eda06de6deca9ba9dd769d4b5f3ade4126905ed3b1bb6f94422

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\Cab1911.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\Tar1924.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\Tar1B1D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\Temp\wwwDA7.tmp

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
C:\Windows\Temp\wwwDA8.tmp

Filesize
216B

MD5
2ce792bc1394673282b741a25d6148a2

SHA1
5835c389ea0f0c1423fa26f98b84a875a11d19b1

SHA256
992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

SHA512
cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

Download Submit
C:\Windows\ck2007.dll

Filesize
578KB

MD5
76309ad326b7f39c64dabd0866be54a7

SHA1
f2f2f987870a520c711cfd980aa40bbbc177d9ec

SHA256
cbf88de2658d34711121a0eb0aa85f620d107a51164c6046d24c8635a62ead7b

SHA512
f01df8375287c979944df84cca4fe8d72319dd0e61d8ac239cd77f31017f07c99569624422d0daa77c529f4ce0dc8b07f4a0ab9b587b1b55058f48f0256a4d17

Download Submit
C:\Windows\ck2007.pif

Filesize
645KB

MD5
022b37703b2b2549bea3bcddac23ace3

SHA1
8b822c8531f768fd6b18b4cd1839f519c882cc57

SHA256
fddb4a27e827e2abc8e1609f3ce140f0b6d307252a498fae6e93a0d420794e54

SHA512
fac0e0a5a637b19cba9a846f4453034db2c0248eb96327bd8ac729d01d920909e9ff9443914bcbac7eeb2f5b355f9d81969233d8c58ba7fd55a5e947a1a0a2e9

Download Submit
memory/956-706-0x0000000002250000-0x00000000022E8000-memory.dmp

Filesize
608KB

Download
memory/956-705-0x0000000000400000-0x00000000004A6200-memory.dmp

Filesize
664KB

Download
memory/956-548-0x000000007738F000-0x0000000077390000-memory.dmp

Filesize
4KB

Download
memory/956-546-0x000000007738F000-0x0000000077390000-memory.dmp

Filesize
4KB

Download
memory/956-533-0x0000000002250000-0x00000000022E8000-memory.dmp

Filesize
608KB

Download
memory/956-531-0x0000000002250000-0x00000000022E8000-memory.dmp

Filesize
608KB

Download
memory/956-6-0x0000000000400000-0x00000000004A6200-memory.dmp

Filesize
664KB

Download
memory/2212-0-0x0000000000400000-0x00000000004A6200-memory.dmp

Filesize
664KB

Download
memory/2212-15-0x0000000000400000-0x00000000004A6200-memory.dmp

Filesize
664KB

Download