Analysis

  • max time kernel
    120s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 09:12

General

  • Target

    0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe

  • Size

    276KB

  • MD5

    0d7fe071063a202175727ab894d0cb27

  • SHA1

    d25194df2d0979b36080e6a83f3d4ba1b6edaf29

  • SHA256

    f6d134529b7f58db0f8bafb337b8e98ebd4996e85dbec70202dbdbbe4de17679

  • SHA512

    4bc579234d2d04b2b006636569bd8584350edc05f58aaa58a2e0c8de9be8a1991ec5576de22d63775cfeb2e51f22c757d67aca7d9b4f946909cd8e466eebc16d

  • SSDEEP

    6144:qW3gTCC6pLLioA5aW8UGAxfce0mtfSblfLEEM1lNV:qW3A6ZXSaWbGAxkUQjFwl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 43 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNDEL.BAT
      2⤵
      • Deletes itself
      PID:2732
  • C:\Windows\yassish.exe
    C:\Windows\yassish.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Windows\System32\ie4uinit.exe
        "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    b089aec4f8b20c44e7ad5c4213941300

    SHA1

    0cba0c1bbbbdbc057a689ad5ec10209cbe5a7bc7

    SHA256

    655be1f60f45132fb4b5dfbccfccd69aba62ca71f478ef7dde11c76bef037f9f

    SHA512

    974209c5962c243c2a642fc2c41b79f31dad2604cdbdb7aebb27f573ad39bc269262f7f29e0f76cc4eead5b4b7c0f5808a8cbbc521e24b331533cca35a7bf0f5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d26833e4e78a641c016336e765779cd9

    SHA1

    920307b80d940b36501f2d890ee6cd580aed204a

    SHA256

    d7c4b33c6f24bba7c5abc79c5b09eee340ef2b975d83973a8e7f387173f4ab9b

    SHA512

    e917db1bb1ad742d9999a9705689a05c9067783e64189eb50989f0c9f7e2d6d52ff8a41cd53005b0cc4adf663e4fdb2d4fd888f227521022eb1a67ca1f47361e

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bdc25ea62e61d1f1433ec04ead8b61bd

    SHA1

    8190066fc337c35c7e097585f6f55aa65ebd4427

    SHA256

    500efd5f119b7fc7531d96fe3a3da5cd8c7bb5b888dfe54f919619b062400514

    SHA512

    0811738c4a20468ec48f9b1d7edbdc8c4bf9c3d5eca898202ed19a4a8e2af1cefe5c015e526200cc9bd87b8418163ef81812bc030b033b1a71b3d4d96dad8892

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ec20a7adc04fde64c64ebe0ca7780d2

    SHA1

    7bad5e39d4519e645225fbdfe566c0d746bfec16

    SHA256

    f5600a735d5222ca1aa22c3b4e377bff7815eadb63eb494bd1c0cf67d0ee6e87

    SHA512

    2d10ec3f144a47f061025817ce6a02cb580d4835a4454c2b7e65b0a6a46d657c2de3d0df4e14af92991e9f02da61b2b07de504b51f81ab330bd4bef700818ca3

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6bf60712abcbd5e7e8a1bc9f5d92888

    SHA1

    330baf4d8fcce7c5699a9cbad49a41f997cab6d4

    SHA256

    d3ff3a46d10253160868ace620c38c9776b495b7931b525145642ec064015e70

    SHA512

    3dde7244fe2c84a2f5196e6d5ae7a4c2556b7405f6f2c1eaa2749312417cbf6d2eef3913f31a91cc95a14cbdf881481619761caecb59efff0e7bc8dbfb8ddf5f

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    312021794698b63a177b16d6f688079c

    SHA1

    16c6357a051b64c10e5975c7029d0e22b6722375

    SHA256

    08e2bd2313b8389bd3fcf2461a57fa41719f5b2303775b4672c5cb32fe959903

    SHA512

    318988e40d95ca6b47d781d7f35226d0f2dac3f00d925e6e969efee993ae7cdad226548137186658e909ec3692413f51efb7dac560a61aabc33c215a3a22e1aa

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21c64679d09bd2f1d3791cee20cb9686

    SHA1

    aa33702fc4fbd89653b9726f8019aa8daa4aecaa

    SHA256

    f3006daea22f8b06409228dde340dc47848c3c8bf1332c137dc6bb32dd15cf89

    SHA512

    a563105d687abc54b7fe2b4b400a69b5c91569400ad4f5688f59d18d35506a8b2751ced81ab710176818636cacb5f6aaa0b6b9efff3f6d26911ea848707eb4e6

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c76bed9d2801592d68a2ab9d9b318fd

    SHA1

    d4667e1eaa2a4b093bbe71169eaa097c878b1ca5

    SHA256

    b59497f685b6b7c394d132cb1eab70c459cb63d4ee9efc20632c38dbd54b7242

    SHA512

    896cc9ca3177612b0814752163dd8e7f02dc1dd7de1d723840558c13bec1acfdd5cca8497f537d16362f80a9036fed5c7e9b079597840d3bd27ec10354dca79b

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    305cd4b04a28a5843df39cfc1a7eb636

    SHA1

    2aecb981f4dda18c0400a3758c5f5f03fe7eb1cc

    SHA256

    d79422036489619b8576c2c026d82f65370498668edd3ec06c4832a74af9ff04

    SHA512

    f6a91ef8993d8737fcfce06edbfcefb2243baae5c0d4d2859df925a2b4f29211b7c8dd4393056d1ccb60e50dc1d18044a139cf5fc3f88cdfc477a3f64e0d9642

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    71f9eefa96a116461a63c7c676cd1290

    SHA1

    56bf10ce647e97454ce7a6d65aa97081ed7e4519

    SHA256

    f5d567c33a339c8850b5f7840663a40c4d78dbf23085dab88ae4d4b574d48e63

    SHA512

    66f959525e5ab45a801d7b3f3ae65935fd8a5a7f2d39a0507f8def4b08b0d35f4a1163576c806833ca9548cb7ba7decda9ae40091bb310c0a949d2c35fd41fc5

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a974ca4f872a3195b7cd7d66dc9735b

    SHA1

    fe3544207b8bb586b50bd0bea83405eb53e9de37

    SHA256

    2f87dee6eec80529b56f09e332b7d4190dc5dc1cf451b0e0250d8d1d757adf03

    SHA512

    fe84110866417e789c23e92e73ea0dd78c52974283acdc35f613826a93830ce1992002203249dcc3919b32ff5ebb740e308da54914e7dcb5851d3f8e8d23d095

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08b8415e82d8dadb5a8df4489dc683d0

    SHA1

    e8c6646ee5cb305d4cca1296a500f7cd3ae46446

    SHA256

    6db407bf177ed5b8bcddbeea41fc88e9509666e32ffddb5c2ae4a470b084e392

    SHA512

    602770d1129e10df6b925a635b5bfff8109d50ba6daf9097073a0c5995e14b7e6b4c242149c62a478a1e1b2a302e3372d4649b6d03110835244e8fb7158629ab

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2cce1d5a25254fb940bd8e7df6da841c

    SHA1

    56c2ebc53dd0970d73997bc9270f406fe388babe

    SHA256

    47117479669a664b80fa945beb61d29f8897953d375a96092be252b8dd8df000

    SHA512

    01ac8c89d9ce7f3b0250f28f623b4b65d14b96872d909d95d5f8cac599dbaca175f6ddec8104bd72cf8985269d51addc23ba109eac9e355845da4fe93ded0389

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa9aad4700f2ca56046d1229113a3069

    SHA1

    b8eb9b020058023da9fb13a7e77dbb73dca294f2

    SHA256

    df1cc556810b2c0b8722a9766f7dbdb937ad0427b8354931697ef3881c619823

    SHA512

    886361878c1808620f9540b4b757429040edf917d45953ea856e3d43d06c006f2be64b1c5b8e92dbcb5f84509a33600631ad06a754facef3197fa3998e2539f3

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4543f04e77a3eb671bdaa1bd03de585f

    SHA1

    dcceb6b47d35f6239ddc8b5c7bd0297e1c76dacb

    SHA256

    14c09df16703d1296948cec901a0c6cc243015780cf9c20d3976843819bbdad0

    SHA512

    3c944ac932d53f7fd342de3e410fd06d3ec47b4398a787f6c149549abe022f3ca7afd5493c4d8f77a0c83502d5a2a3a1eb015482e00e71f433e80ceabf679873

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b15aba6bd8fe416319f0bd42a7b694a

    SHA1

    87a83f8fcc4b070ef9ca275b03101d6f68fb8306

    SHA256

    e7ee7cb725c17b24af43332245abc2b71855b63de9149a433c59fb93ea205700

    SHA512

    ccba88d5f2d8df10b44cf5826a1c67785d793a15fff672f443c7c325122927756f58b3ff594fa01de18ef15ccaa819e94fb8cd408c39823fe06f2f2adbbbc3cd

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    799bfa1344c30bac1642c59c2dc0820e

    SHA1

    48806c297078a21db957fb19f6202c50a7057978

    SHA256

    735dafb8ef3648a4797fb087560b919556924c718a9a4701c3fe7f04e041c56a

    SHA512

    15690935293b8082255216cf366ba9feb82869630d6db8444bd4f0c6f3e432992378e0a2484cebe0b11d726fd2b13fc55f6760306bfc55d8d950da5af28a54f0

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9bb74f423bd2d3e47860ce6ce2e5fa4

    SHA1

    c06ef81b648d41d3f86df3d65db4bb7750a2c553

    SHA256

    8c5d1082b3ca9296a0495ee189e6adca542716ff393dce3a5bea440eaecbd619

    SHA512

    ec7d6842663e1f60fdacf904257012b7221eabcea6322758f18b79d5d5736d6dc3ed98e70bce3ae95bb1acf00c6b5995ddf6d08dbf76a085b411f7ec60a0bb82

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3ce48670ace8882ca87cb92d98ee619

    SHA1

    467e1b837435e1d99a1864699a0c92ee38b94377

    SHA256

    65c086b81ce6609d01037b17517186bac354b6cd1cbf8d6996f3fa6a4c812b86

    SHA512

    4232d2c32a80a632f4a15d860228d464741e641869b3a78ffbdb8432e28debd58a0279d42a478c458b1763239e102c270cc3b0e6d2e3b5c27823cd632f5450e8

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    49a1f868e6f02ce7b2a1a43cbb11bf3e

    SHA1

    fde83c7f3e9ebd7e1ace6c9f4b5cafd4db0a1074

    SHA256

    ccfe2bbbe2f72704dae46349f5719cafc8fafc4df917408663edcc9d7e721551

    SHA512

    4e321856ada5e5bf25e59ca87aa3ff6cb3790ede68511fb6a8e2cec7030dc9417e72866914ff959b65d1d6801417ddf08d876afe46fda7edaef595933116f905

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

    Filesize

    129B

    MD5

    2578ef0db08f1e1e7578068186a1be0f

    SHA1

    87dca2f554fa51a98726f0a7a9ac0120be0c4572

    SHA256

    bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

    SHA512

    b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

  • C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

    Filesize

    80B

    MD5

    3c106f431417240da12fd827323b7724

    SHA1

    2345cc77576f666b812b55ea7420b8d2c4d2a0b5

    SHA256

    e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

    SHA512

    c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

  • C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

    Filesize

    402B

    MD5

    881dfac93652edb0a8228029ba92d0f5

    SHA1

    5b317253a63fecb167bf07befa05c5ed09c4ccea

    SHA256

    a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

    SHA512

    592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

  • C:\Windows\Temp\Cab7FAE.tmp

    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

  • C:\Windows\Temp\Tar8001.tmp

    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

  • C:\Windows\Temp\Tar823B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Windows\Temp\www731D.tmp

    Filesize

    195B

    MD5

    a1fd5255ed62e10721ac426cd139aa83

    SHA1

    98a11bdd942bb66e9c829ae0685239212e966b9e

    SHA256

    d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

    SHA512

    51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

  • C:\Windows\Temp\www732E.tmp

    Filesize

    216B

    MD5

    2ce792bc1394673282b741a25d6148a2

    SHA1

    5835c389ea0f0c1423fa26f98b84a875a11d19b1

    SHA256

    992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

    SHA512

    cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

  • C:\Windows\Temp\www733F.tmp

    Filesize

    236B

    MD5

    11cede0563d1d61930e433cd638d6419

    SHA1

    366b26547292482b871404b33930cefca8810dbd

    SHA256

    e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

    SHA512

    d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

  • C:\Windows\UNDEL.BAT

    Filesize

    218B

    MD5

    8d4dda64a2bcc46868d8a567e90b4f13

    SHA1

    eac854f671de7e4604569907ef253a09cb12a1e9

    SHA256

    4b3f73bc2e587a89550ba8d0a757d66abdd8a89543fca78554c746434972dc84

    SHA512

    a791f62953ac7777cf792fff669dab30e44d5e1011c9073a21a35154ce79e08d97c156c9c4ac9d158190df5596b34b34f2ff5b1a74534ce604295b3a64e45655

  • C:\Windows\yassish.exe

    Filesize

    276KB

    MD5

    0d7fe071063a202175727ab894d0cb27

    SHA1

    d25194df2d0979b36080e6a83f3d4ba1b6edaf29

    SHA256

    f6d134529b7f58db0f8bafb337b8e98ebd4996e85dbec70202dbdbbe4de17679

    SHA512

    4bc579234d2d04b2b006636569bd8584350edc05f58aaa58a2e0c8de9be8a1991ec5576de22d63775cfeb2e51f22c757d67aca7d9b4f946909cd8e466eebc16d

  • memory/2784-96-0x0000000013140000-0x000000001324E000-memory.dmp

    Filesize

    1.1MB

  • memory/2868-0-0x0000000013140000-0x000000001324E000-memory.dmp

    Filesize

    1.1MB

  • memory/2868-13-0x0000000013140000-0x000000001324E000-memory.dmp

    Filesize

    1.1MB