Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 15:42

General

  • Target

    07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe

  • Size

    18KB

  • MD5

    07665c23ca68173f7490e11482c898ae

  • SHA1

    358bfb2d3f364d99b7a0699e07a763d4b06ccfb5

  • SHA256

    a6de0c5b37fde764b88464df279ebef8f98dcb55e2972240be32327837987555

  • SHA512

    086387998f5345121e1bece26e93e33381dde4a39bac3ee5dae561d822d5a9d860aba5b2572d957fa84a3960a00448c06f0a67cd57acaaf39d66042ea3160ef5

  • SSDEEP

    384:bwM8LEwbriEgjoES76z3h/jpiT2fkn9fHiSNf0ve0OxCGGqrt8YKvITtK9C:k3LEyts0GtdIVfiSN820OxPtrHKK8C

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 5 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 45 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\07665C~1.EXE > nul
      2⤵
      • Deletes itself
      PID:1136
  • C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
    C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Windows\System32\ie4uinit.exe
        "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        PID:2068
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe

    Filesize

    18KB

    MD5

    07665c23ca68173f7490e11482c898ae

    SHA1

    358bfb2d3f364d99b7a0699e07a763d4b06ccfb5

    SHA256

    a6de0c5b37fde764b88464df279ebef8f98dcb55e2972240be32327837987555

    SHA512

    086387998f5345121e1bece26e93e33381dde4a39bac3ee5dae561d822d5a9d860aba5b2572d957fa84a3960a00448c06f0a67cd57acaaf39d66042ea3160ef5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    909534b5b147993eb7add3ba951e8bc7

    SHA1

    83ea3d33ab12d8c784977f266dd4f92fb96fe73f

    SHA256

    bcfd90156e7fce7c965141633a8d4aa240ff6eb5b55a7782cfb0ea13b5105723

    SHA512

    91e7f897f2865e65ebbdf66b15c5ddbcdfa12107e010e8481a39112344b3ceef48087348e52518b9eb06b24b9386be981e41ac4e6af3663d27bcc52bcbba0f50

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    013f96198e9738310aad7da61c115553

    SHA1

    186323016afc06a0fcf934860b78cac0b48d359e

    SHA256

    69eb74c7efd819aa84ca7b5475434b31980cf4b5feced64693a1111cef0aff29

    SHA512

    e83950582503f1971176718cd3a56898345bd84d832305ed0f277882e5ce32f42af57967d652d740025b6f96b9f9e0e94365da3424a0b51d6f59ad41ae1a6370

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e0433e31f770cbc50fb5fda6d471123

    SHA1

    49d4baa897a45ea529b61c4f5cde8f37466caba4

    SHA256

    13b93163bdbfc69c52361a0b495b8620a46c6836a0ce714d9de8864a0c085b65

    SHA512

    7d6bb77c187cdbef959ea47415958ec355b6283485a2bc216a37ddb0c6eb8cdb6bcd4c4cb430b5159c01e0df97a2fb54dfeeac099f50f0071d3642a664898282

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d371575c8692f5c1bd37dff67cc007e

    SHA1

    aa2ce93f7ceb3acdb995147f4da906cda91d1710

    SHA256

    0efa1ba283d1fd51e3e30c29173bef3f0a8fcda0dc0b3d1420e876980c09e05b

    SHA512

    5ec4515e238007669aca039624712f1087a4e28b52dbc3a5e229bdb9499813db6362c1f4feca9ed2bc1baf7345de4f42c04ae0c9c689f45b8af58fdfe7ab3cd0

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4065e7aecf917e27ea778cfb7f35b3ac

    SHA1

    e3022c5a54b90bb3e1e3adf2166119258dba25f4

    SHA256

    2878e122a769054b4f47a5c6f41c864e4ce03ff6b99b7f294215533b3506400f

    SHA512

    048bd77a0b5703be01844a6a15781a99f893ad1610acca66e5085dd97fb1eff0f4d666f85c9a14a786186b1fa5cd39e8f8adc98d40fc0725bca9a76c0532ba01

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a763ec06f392716b03a6422db1749af

    SHA1

    afdcc0efa2583b21126cb2f509017a732b014662

    SHA256

    f65349ed9e04ffa4d64294bd6a5c91d1a39e976711f156043c14ad29b2af3e4f

    SHA512

    7f0834a10ae634fe8c9c319437033d9b0e5fc89e1c9e7dd380145a95b18d63148deeedccf77e3bbf9732b6bfc96739b85aeb1e4d016ff6baed1a54a5b87d816a

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23f3bc940741d204efa026146b4d13da

    SHA1

    3787ec2f224297448cc0a7c6a01ee280189bcc97

    SHA256

    b0da38e30f8727078117c435294dee8c282357583724c90e395df4ae29c6abca

    SHA512

    bc0c431e478ecd885a5d77881a01d4b1b8cb671ee39cfd378d282c4b3ffefb45a47caa56049e038da7fa2f83fd5fec599e81976c35752107732103c9524718f3

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6d7226d8b0645fa6c2d896f8dbfd6ee

    SHA1

    04948d9c74d3a2bc9f0fcfb59d5b5142440ecba7

    SHA256

    90875fdea636c4c96453d4f7ed805132a10b2f1be8c0e8ed5205eaaf7c444a8d

    SHA512

    e32ab74ff8d906e5a2dd7f33198bce5606f2c29d5b89a877f4f301c55555b22b281ca69a37775ad0889215b8f8800dd00f5642e453d5dc084f6a5c8e43555f37

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a3700ca763912b586c241dd64ee03d8

    SHA1

    fca28205b32543d35bf90bc06e83534e9f743c8a

    SHA256

    bc5eb91f1bde13fa34128ab67e8e1a5f74c0b7f4213ed70023e6cdcc3db48c6f

    SHA512

    f439e86ea3aa60275f2b43d7048d04b365136b0d472b24e676df61e2cc6597e6ae9c9bc1af56bc86309426b8d0b11b497111a26bcf119ecf8cf5ac48f08ec2d4

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    acc55d30b38b8602ec34de3ea387d9ef

    SHA1

    7f7d6616d1a574cdc5d7b263bd230b18041be533

    SHA256

    382bed5c9b5cd1b446e2024abcc0e0de9c95b6fedb07bb988aec5c9f6e35867d

    SHA512

    f851403be6ebf9ab4cc758eeb906b67b3306220543a095599ba4245b572e540076c9b9e5f6e2a099862e0f22ecf211067558655cf3ad416d4885541edded3db4

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33c9392704a82dd23a530227cd6c538f

    SHA1

    7028505e004af7ad27574da1c9f2fb3e44a5ec30

    SHA256

    fa0f03e8022ce2bc8452d637d4063a2edab933511e8005e56fe96f9862982bb4

    SHA512

    be3997f4baebcc7229231ba9e28612feef0a584831fc60952241649526bcde007d1facc36c0a123f1aadaf20c14541af6396f460c35531c14a994da68a05a1e0

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2bebbe33799721c1bfadcf9f5aafb52

    SHA1

    e1a4618687e03023098015f96569818302b6b743

    SHA256

    3d5915c2e50b423bfcc0c51c4b3e7e8934c3b77b08c1d84dc2fbed4a7ab4e45b

    SHA512

    6e270fde3e9379ba24a0d7dc155dc326366b89c1b20361a28a3e0e0d383ae562b4e023da8bee175bc51ea68e3482c3cdb3d8ef218a839d1bc07fd4f9b038e228

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31780e9a1d5f39d7256583eae208f8f2

    SHA1

    9de5bc1e75bf3742bf6dab696c716661c95b6318

    SHA256

    ec03f9e7dc6b267df1b57404f151f5554426797a6ae41c31d73c137fd8eff719

    SHA512

    25aa45e2d65fa01dc2d772e30fb3121e70bd554acf7cced8ed11ce111159f88b6b331d8790b9b923d5f23d1a643c662606748c5eb6ab1239ecc2596240d061d8

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9ca163643116719e0be5a8f59f3aa1c

    SHA1

    5a6b18414db386ed39eea624526b1981d36214fd

    SHA256

    53f7e0dc1fcd6aa969f70586fd54c12110a93e43059ea7d8835ce4565922010a

    SHA512

    6011e9553a9d07d34dd14e91ff390de91bc6577b93124fdc847cff3ccc447c4ed50789d0ef62e6a10b4f26de2f76421833394839f01b1d1732a281ce9f1d2fb1

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    443f7edc3380df31faee27e4b969bbb4

    SHA1

    d8d32c05a79ef07fc77d9451ddb81e5222e8e53c

    SHA256

    33883136262189c8435aeefd8a00b850b825bdccb3019c369f6238e6154a0caf

    SHA512

    2b9a474bd26740bd9100134fec8eee62bb7679d139fb0fdd29bcc71d9143f816ea0d7ed8d258c91798b4363d114dd3c2ebb5f4636a2332e955801616edc37279

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    371423b224dca6dbaf5af51354b7aa40

    SHA1

    60630728b9977151f366f641fc588ff17efa8684

    SHA256

    f55acf1146d0c58fda3dae96825cd3f33bab08953e6960a23589f514d0fce396

    SHA512

    b39e9d33e8d9e78707fac9708e37c5fdc286e31de3ebe9d6360f38943785a81918a1ca3799115cb3c1a747d71a749a4bd9c013d8992517af1de7e4e5a7e99251

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae20fd84aeb886d25e95b6e416f8a4c7

    SHA1

    ff682380e1e495ee9a4e34b57c453902c1b181bd

    SHA256

    84402e7ada62b7303edbbf8fef848429f0802485b08938e24b8d4f02a8815b9f

    SHA512

    11ab1efc9777e016e62db08381ac1a51da7d70b63b2bcc7be64d7cc077790fc404be7ec517ad648397329d44dc34d5fb70d8fc0343e5045a0138aa12e7fef7f2

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00d5aee12a679294972bbd5a559d6a70

    SHA1

    ed8bd2a53f4cd7203c2d0f0fa5a01dace8fb987b

    SHA256

    583ae6372a0e60c2c894af8931e04307a576eaf78c01ff62f6709dff9f04b277

    SHA512

    972997d22848f47fc90828ca14270ce186d6b24e051da323a6c5224d7e263cbdb082a8367ea19006cf24d16c2c85aeb1eac328f875903e444e54d9eeda979e83

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ea5515773ac1967307501b44067ebab

    SHA1

    b29f5d2ed787474692f7766bf5db610a0804a124

    SHA256

    70d1ad754183b9b168e86ee2817aaa9457c262bacf8a61f3a1ae993d13c02aa0

    SHA512

    0b8e6e2a512e04b7f98817fb6ff6de484c3b7bb5e23670d6c8b9a4ff8276cca3b0b7408bcc197fc0748db11da5f675ee1bdd3679ffddb127bf34d4573e23460b

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    572cf098c6d7f815cc0352e9998cb588

    SHA1

    bd5134fc9da096b701290825cfffe29932c32f71

    SHA256

    d82a88023ae04d24e46b4fb44b5bcd86ef00116b791f7ac7c8c476dc7ada3817

    SHA512

    9c03136eda02ae661e7153911cd337cef88068ec43955c658be4534daf7edc2d9ea800b3d800e737f57c0322037df3ad070bf3b33a81fc68cf57c0fe16282cc5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ad7186912a8369b6330e87748223ef1

    SHA1

    2c2676d6f495cf6b0dc9e12758790c5411178299

    SHA256

    519d435450649d68365f71f660735b1ea4ba1b1dfefa7fcd15ff5d7e4b06f7b7

    SHA512

    fae0f6930caeea2d436ebdc780fe20dbe4affd46677c5d9e1cb3d0eff35ff8d0e8638800264c5b2d7e09372ebfb713114228bce186f0d12cdf89c464add04a83

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    cd651f3d663b018d69355d4b6be53fa2

    SHA1

    0d885b239680230c1588ae6a11c73765302fdda8

    SHA256

    fd18ac07f0e666167c6abae5dff2c23c306b358012ffe8b666992d7227ff7d18

    SHA512

    0a364b857d0ff77d0231c459e22b5e48820ff69c23b669637f78340964fc7bf155d6bbb261220b63744ed8de32eaf6fdbd11bc91f7c48a7b78877d421b3db2e1

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

    Filesize

    129B

    MD5

    2578ef0db08f1e1e7578068186a1be0f

    SHA1

    87dca2f554fa51a98726f0a7a9ac0120be0c4572

    SHA256

    bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

    SHA512

    b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

  • C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

    Filesize

    236B

    MD5

    11cede0563d1d61930e433cd638d6419

    SHA1

    366b26547292482b871404b33930cefca8810dbd

    SHA256

    e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

    SHA512

    d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

  • C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

    Filesize

    80B

    MD5

    3c106f431417240da12fd827323b7724

    SHA1

    2345cc77576f666b812b55ea7420b8d2c4d2a0b5

    SHA256

    e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

    SHA512

    c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

  • C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

    Filesize

    402B

    MD5

    881dfac93652edb0a8228029ba92d0f5

    SHA1

    5b317253a63fecb167bf07befa05c5ed09c4ccea

    SHA256

    a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

    SHA512

    592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

  • C:\Windows\Temp\Cab174D.tmp

    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

  • C:\Windows\Temp\Tar1760.tmp

    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

  • C:\Windows\Temp\Tar19A7.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Windows\Temp\wwwBC4.tmp

    Filesize

    195B

    MD5

    a1fd5255ed62e10721ac426cd139aa83

    SHA1

    98a11bdd942bb66e9c829ae0685239212e966b9e

    SHA256

    d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

    SHA512

    51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

  • C:\Windows\Temp\wwwBD4.tmp

    Filesize

    216B

    MD5

    2ce792bc1394673282b741a25d6148a2

    SHA1

    5835c389ea0f0c1423fa26f98b84a875a11d19b1

    SHA256

    992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

    SHA512

    cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

  • memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2180-6-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2180-1-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2288-9-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2288-5-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB