182bbdf30722b06cd53ce7e8d039650b25ee616f52d6d0a7e2bba398da0e5038

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
Size

320KB
MD5

2567e2e6d613511225fc38dcca7d9eef
SHA1

8965e7706a546960a596dfea480a28c6ec8682a4
SHA256

182bbdf30722b06cd53ce7e8d039650b25ee616f52d6d0a7e2bba398da0e5038
SHA512

35d56dbf16f88187336c226753b929226055ecd5d7979f709533ec36aecc7b353447b2d248274e7cf78ad29619cf4b7ed23b57cd44c4e8b160f88a23e2324aa7
SSDEEP

6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lLI0fQgH:EHLUMuiv9RgfSjAzRtyXQgH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/2240-43-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/2240-263-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/2240-1125-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

AutoIT Executable 3 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2240-43-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe
behavioral1/memory/2240-263-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe
behavioral1/memory/2240-1125-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8904"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13784"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426246358"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9108"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13702"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13784"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000923b416fa92031441d4573bf8a01016ff0e0f792a378696c1d24717d6adf13e5000000000e8000000002000020000000f471bc150e4f92f8d90a9e2e8bebf836f54a84520baf684fe3baa02c278cd1129000000063507426e10d465119bbc392af861278a5056e054a24a8a233cf0b73790cd7e86c6ed60fc366305d307071dd3caf187a5d6f1a884eecb963d8a6d4edc6260aea7f8e8295a2365ce54a3ac55f81e88f9023e5c9e97fc22e81ed67c464e21d9f72fe0353896fece7bd2380327681a83f0ff8b65a2cae8812f98955a409a2ba9fc61595caf84101e8d03e37746110f98b44400000001d8fee6eb34e28a949f3eb03060f1f0be45ad77e51c3c51392ee43d95c599e352b89c5321ce925c9a672f3555a775043dfc8199a5ab3aca32fa9ff96f6b4c6ed	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DCEF0281-39E5-11EF-9684-CE8752B95906} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13785"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8904"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10143"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f05f7abbf2cdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10143"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13784"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9108"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13702"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9016"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10143"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17426"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17426"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2276	iexplore.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
2240	2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2276	iexplore.exe
2276	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2704	2276	iexplore.exe	30
PID 2276 wrote to memory of 2704	2276	iexplore.exe	30
PID 2276 wrote to memory of 2704	2276	iexplore.exe	30
PID 2276 wrote to memory of 2704	2276	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2567e2e6d613511225fc38dcca7d9eef_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2240

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3168a45547db53b9bab13a02f0ce3a89

SHA1
4110f00229b4333c87ec614fca259af0b56dc36e

SHA256
e9a797657f632066c1fdb5eb0f2c64e6d5459c094308434b7f7fc76c6ab37bff

SHA512
8690f502e5a218feeba83717a9657dacab4263102dbf0e5e2e9bc51ba196c083bc80547766e7ed69597975d283739ef9c2872f428144bd6f762fc2231a841dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7ff3bbe46f529f1f30e04415f9b4b9d

SHA1
53b925c2d4d2d4a132013e2f3f40f8fef5bb578c

SHA256
55717557b853bb51265462328690207900815e32c12fd2de29e3d8220aa3c083

SHA512
97eacdae8e641afbb73af29238f61702966c88b0a705d9ba7ce2037012e4d2e632b517119628aed31861b85fde829af49c434f179c2637e31c69f56dac74a529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d5e2d4b4ed5763481a721b9e61d30da

SHA1
dd931c1ba372aec66f60db09f01f91abd220c28f

SHA256
2f622cfd8ad92967f4366f153d610dbf94ca6a723ee7b1970ce24e547ce71160

SHA512
a280b50399cc91c2d45831accaca35c66d842ab521a69a68f91607c422ac91b753ab42a552dbb526ca5ba4b3848edb012afb10e5433cb496aa0c19895305c18b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a9e0c8e84d8e0d92dbb6562f876fc2

SHA1
45a4bad868feee298b949ea2f14ce954f69c40a1

SHA256
2e9dc5de0dc59d4a3fca688d27c04db17d86fb08e4174f6f375b5f22e29fade5

SHA512
d6278b4e786ea369c9f00f4505d913ff969adbdfec5242777875226cf5ae551b52457b3da9bc96daa58aa5b5c957f5d49361fa1ed6387fdc7a330190e8d23cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2c7ff39b9173f18a250608dde02792

SHA1
e3195ade864cedecec9b808a27d421fee4112740

SHA256
4459ab158edc3627c436b09d220123add03350faaea4bece0a5062bedd6f9cbd

SHA512
c59d81c2b35e817d9686a0108521b831ce84831a9b52edc761f8a0e386062ee21882b63ed7c5e3daa8bf41e3b5c1456019a8109eb4ab387242e6407b2c0173ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4a245e2ffeb5988cfaba9146d26225b

SHA1
a3735cf1a603a41b9b422229dab728d2b14698c0

SHA256
44413d3a6d40aed2aa84d2e8f79072d1362bc3190a6569194c514952c5aad551

SHA512
1e9cebb4eec8cd1f6898afed0ec6ca4a17f5dc822102e6011250c24f4e7e26349a1464132e0dd407809ee6537272aeb562e28696dbbc01850f7545670d0200a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff05652c97d52a9eb9dc435001027d31

SHA1
a87cbca156bde5907e32769d1b5c6a0854462913

SHA256
8df826f67763045dd1f9ceb4c574b49319f9ac8955204a9106c0de1b0022ead4

SHA512
a41d29f9bb4e25a1fae0b3affa4f5e7f765db97ee449edd6f61348f231404b4b8c13719448841d69a9742de2ad80d8421b55204863515707a62294870bcc78f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31586593169aa949a7435097a589056c

SHA1
f07f1dccb6297372a38a9c31c39b42310d2550e1

SHA256
70725476ffa04710f9bef21d10c8ab9bbf25b63e3141b4b17276e67ab0b6b497

SHA512
0db40dc2c3453f026394fe3646908ab09304d2dba35a1bfea419fbf4ce3d32b0fd8e97c065ca893fc25e173bbbfff6dffafdd5e19e2856640687adf69c27cd04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f24e79e078524d433f2eb929ff0265e1

SHA1
6878d1d3f3438e7fdced9637ff0adbd10ee4e053

SHA256
593cbc5ce0fefd7e2c5995eae23552ec8bf2bb0deff89aa2b9a64c5c80d35730

SHA512
8c24f12ac7071332c87b82f87f91b81db09c32ff80315be02e9afeeac8886bc69ce574bb90dcf9b7b61adbc1c570d608ec99eadf3d87a0710d248fc75eb55dbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b08f242ab54ede006b6a6ea0b04eef7

SHA1
1e01cdadb74ebe36936edcce8f77b9175cec5dab

SHA256
30cae1ed2b5fb2037c39ebcfaa5ef9f43c3e74ad14d4688b9e5db4216a4f812c

SHA512
74a43030650d63017637da6bb341f2f7976904246b34b657687b8aae833a4aae4198f4f74ece649050ced2325dc4ebe481aea1e3c49c0ce8cd90b4f326712c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4633797f8095414c202dc51c349200e3

SHA1
062b0720a561f7208499688d6c61c7212e73a985

SHA256
b9e183cdf6b3770c2c79b1f7b00794cfe9f3de4f14bd9433e9a1c9ac140093ff

SHA512
3702d131aff96218169f0bba63a9d36a73fee8ea30c53c854c87c0d97cb8b4443358a347c0280229c4fec41569498bf9966e5ae91218819235d429e0ba63a0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d79aab5cda193cc2fa433cc2e8fc7a3f

SHA1
f464c95d05dadc8599ed7092efabd4a3024ca4f1

SHA256
51c45471f3a3a373ef77a22f7bfc534bfc8ebc0b46a3d28d83ec9589ca1bebc8

SHA512
a1335ccd1e32aa9222082c7190513365f1bc5c0e9261c42735788fdec25c8aa7aee60b934aac12ad1eec900ebfd7e886e6bc051b762d1ad0499482e7d189e2bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14618c4bb6affe311a2d68bd4088d99e

SHA1
64c1c9f14bdff43b895ddb2b66b717a02f8a7407

SHA256
b09916218c7904ee951781c8a1d05a0ba20e0e08071399ee6e611838376600de

SHA512
f990f7d276ee3b2e7597e5dfad487cd7e0ef8e8367991f7615313536dcc0b2262763a02790d95489b2046dd6757dc2c79a47f8fe556a7b6e0acf664be66b9bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbbe623f19c0dae80229cc84312eb7bc

SHA1
c48de5fed832746e9ccbe098052f7bd57d2bd4f6

SHA256
eec7fea81960422de5b52051d6f686c639d2e9d2c3d8991fa8494b61c35e89f8

SHA512
792a990ec57a37e6d910a0e0ad34d62dde19d915e76f98c763a293fb4e2116f1cf6c920d24ceda86f190c38cf5519d8026be71f72b77131c1460dd4520b35ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7be6f87e480d20dde1285e5b8ecb06e6

SHA1
cdcb0008f4500d59ce99b525abac13ca4a39b46c

SHA256
cff97f673f679c350f16adb5d1aa3fe9aee5a241c8a6725f0fea69a53da85de1

SHA512
c597f850957ddeb686aeeee21fe0c2859c6c02aed394ace47af9a14833c904b0d35af9a7521d1423e058d3f5ae2bcb46bee1b35fc604255556dced0d5dc13e3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea5e02c3ccc236b9fbe5e70c505e52e5

SHA1
9cebec81dc69c65b28c4869d2b8ea2cc1769c4eb

SHA256
879a4de1d46b7266d4c7337f8d431fc743e2f989a1f4f966def8df5067f4168d

SHA512
8b3373f33f5d858a3124b781ac36e6ef8e95782529bf25eab6b4f63881aab2c90a7c6fd9ac2d911960f24530449ed20f838840859b551f5a4d4ceccc16b0678c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
266d958cfc4647e46154693bb83ecc89

SHA1
01516dba5fef580f5eba94056546933908689dcb

SHA256
0d66a99563fa80a33028e51301212eb20d912416b52d0ac721eedc5de1f45bed

SHA512
c8542e5395b05dfff776db0db5d8324bc4decb822e3d325ef99e397c69f39c1426b3182c8fb3eb2257af4e82763a69b5e94236dced5c72b9a9f7726b7665f053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3152466847086c99dfddf0e70a33cc4e

SHA1
443f9e76024b4d306355e798747556b5e4473041

SHA256
83ce06765bc45b24c5dfe65e2bcc464aa5ef2187880099eaa7e07259112c9a01

SHA512
aa8327d6602d80b06ee41af386312517d1ac12ad73ffdb5c7ace8c5a98ac6ac3feaed21749649b750777eefa26d13a3c756f1888439c254f711e195dac72b972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef4732181c8c3a8825e2d7f5735a9eea

SHA1
d3db90a4dede8cf466ed189e25723398716d4ca6

SHA256
45834c3dc2f136d5e3beb2e39eaa7d9820ad72a508d70cd55d5cd7d458d5d14c

SHA512
20c0a724fbb0496bdbaf649a34653d9d1cd64dbb7f342768c1b462d68dac114d2c152ed00eccebc562100276c1ac3c36d37085fde0f00a1b9d1840eb64c5bdd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f008aaf8620c6978dab97245e658fa9b

SHA1
61a872f258f555b0d4e2c5bd1b388c299e762a81

SHA256
03fcafc0d44856358bfbcd133923954637247a7d49d6770eda7101e4517f5dc4

SHA512
1772ae008cd2a3ec35241bc8002055f6739119b85fc9955f3fc5b1562b71b7610186ef88a424f8e16a93784615fe42e981c2e3ee69139d87c9c4c50f75610f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
fdd95d0a232ca86411083e641c541bad

SHA1
fc3279c16c0641cb83e9dda5c63a7d4e99a6041d

SHA256
90f4d54fd3645dbb52870cec6f1a32032d96424cb497f86031992d0ce2c5eb61

SHA512
b3ca4ccfaf1588c7a75055e1ae1b1f18f9c68d2492cc5b2263c3fd965685ec5b7f60c77d6c3751e9e3b4189d327f0bd10d2f0f89a505af333844d5227da1ff97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
229B

MD5
2d3a98cc3b9fbcdcfe591989a85b2fe2

SHA1
e430cc418bbd6c07dbda7f81882b659a2afab759

SHA256
9cecc52c6e79bb7424e6d2c8ed272c25b63c740dc410f0124a65023d918d1eed

SHA512
e13dd7ced4f9683fcda2ce5fd0a1061727475c0cca04fa128574430445917d615dcd33e1cb686af87dc5a04a3b6e9c1d22329982a89445b3bfcd24887e0824ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
229B

MD5
fdf6bdbbd055b47a08466e437dd54601

SHA1
22dca411add6ae2e0c3f5a3d4af1df8b07d01f30

SHA256
a02de8b86bbffb5521523333f3f465da9d5e0b4214d44410f33b9d0b1cffe6ea

SHA512
28727390d1d60e30e4f315600d13872ef3970afcfdb795a04b73b1418255d6e146c15e19096d500731e0a12bda7b2762c967f886eaaa62aece23d6877bf24da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
229B

MD5
05b93fad29b402257ade683afd696885

SHA1
3b152d40895fb86ec4d2a04b764473b18ae76168

SHA256
fd9ea0742ee0482a5c3c16bc92c6e26d00b3dea354e97a46e386c8ea8c066435

SHA512
2ca4425c81fe4b964ec7fa7cc79cec50dde67a6b54b8e06c8b57b3761086175e8058b67389fda9770399be1c40feaf4eeac425f79bb11c5fcef6408676f0d2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
229B

MD5
f19192cf235094228f4aa053790acb6d

SHA1
fb12713bfb465d045b85f65f36d88d94ad28532b

SHA256
99f0b6d6982f770938eb509833bf091291437dca981d72524a85a6f2d73e0098

SHA512
1425d8dbb9d22da7be8e4dcaeeb0a2efe0c92bf58bd58a3d99e2b55df69dac124b78d788893617ae363530abda348e581b6af38b6a91205a32c5dbbeba12b507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
13KB

MD5
885875257d884941b6a2ea50d5021d8d

SHA1
21a22e12f0945b835c1aa3f242f10c14887edf57

SHA256
bc8a5c07b2628acfa6eec7fda9ed58c6120d4ffb0fb55794fd285f5a9fa1a46a

SHA512
4760ade1aa06d9b36e29a67357dea36fcc2fd5ebbb8f7b73d8da023c66a6f1bf918c4ab1ffb7a29ce90198d814f462955a8c5c49a27492d54cb0ea536062ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
1KB

MD5
06d62419e93d139a7fbf3e8e3b8b1517

SHA1
2eb108354c9dd6066e04c6a9456b63c20177bae1

SHA256
e8a11512bfcd3c5432e771e94af28c0e2752ca7eb939aa5130f48f01aff2fc1c

SHA512
f646c197438759d31076a44eea1d962c45e49ab5b87b8ccbe6beeaf37dcb42b0305c09adc0eb8d6e0a68109393da41af2a9d24ff9f96b14ba15f39206e72938a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
6e1f50cb84473e662120e5c209b2e8dc

SHA1
a134a6d4c69441a813dce115c4dbc226c25e944d

SHA256
6e4f524f0f56976cd10a444f02fe36f9072c828061d8bf40b06df0b896be61b4

SHA512
f8d222a6bd18a16fd818696e5a1bb0ed233e654e73899f4dcbffce713e187841f2206691b6247697c41bc3f9b4aa770e78dbfc7290b9acf69ee98b0e476375be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
c6de3ab8073a332654b5616606faadb5

SHA1
31423312ac838b7e778d11577ad5d7cb7b0de305

SHA256
9edfee882391c699f576b1b3a9acec02c13f1ac5345133e9d0970200821ea45a

SHA512
a464ed91cc00af5fbb4b45536472d39e439eceb7c408f582fea8ac25a610b4d4e51ed70d68cd32213ec32bf689414c27a8f2372dc7adf33417272e94b1a4a713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
b2abd6cd6d026ca8ea4bcf78117bbffc

SHA1
c4a820b20456b3b0f8312870e8d3103662cab3e6

SHA256
79514a6eb08b24b846cd6d8c9c7c5be8fc6000baffbeb0ee925d430999126e78

SHA512
2ad39e36a0270812e001ab23c17259fefbff528d4043652f28a70f60fee3f20718b02b51a5f7047d0f42ddd5efe2aa2717e6ccec1ebbb03a3f0bb49560932af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
8da43412d7daaf36974ab5023642e474

SHA1
93cfa4e89bffc3e3624560601418f66407f4984f

SHA256
6b4269b1ab522e3eb521258f1e2b6b66a8184cfb616c657a01f3e3d0d1c17705

SHA512
e42087ff6abd645829dfc0dad86517c780d5803a90bf42bc4ade9024e09497457efd3796545ef754ea5a74b684fcba863cb1089c2244f8c99a736694cfcc3393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
26KB

MD5
cb36b8d2d5274d0dceb4d204ac2937f6

SHA1
c0304bdf9ca637d280442a98145faaf226ff951e

SHA256
ece92e7d505301cb3ba1d644c444209e793ebe52a9c71de759dd7f98c4959183

SHA512
9312a36aeac92b2cad66dedf19624b3315377ece27f6efd40d811bea8773c8842c32513a918ae5cd800e6e5f08567c53bdd045496e1b5144d6605cb05d13352d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
b02edb11f26e867881f841f595558a09

SHA1
a35e310043185b37f489736f40efd9c03edb5b4c

SHA256
f5f24a581e85c923ba481a57743c5b82753aa2bfe77c794dd644d2b2653ee48f

SHA512
35b8f463b61360774ffd91f859c215fc88b7e471d403c3281836e01f7a344aa32f2402d4a39eb94147a4db06ee0e1bba9a2fa5462babb6176db9002b7e0e23f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
c98fb6cb2d66d3979e2f50012f5df2ec

SHA1
19cf7ee054482a61fb36a39da925e50cec01d7a8

SHA256
fb4d7764c7a77ebdda58779d35684d75a85287f70d9734876de337a0d09cca2f

SHA512
70ef587d1554ea43626edb0dfc00df43a884842ed98074298ec7e9713830992c5cb55232fc1e75b16bffabcb5382035a543ed8f9cf8466a312ad11c4b961ae5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
5696ec16f57b8f05cad95727394b0292

SHA1
9bae60201762f8a461e9d1ceaf86f8e1734b67ed

SHA256
ef570ba0530cef149030dcc395f7251a24365e3e71715daaf98fc59fe2843887

SHA512
7240db7e5d1010ce96d5c6f0b2d3d5c9dc744ac1cb3774c0fd46dac1ae03771d7b6e83d776ce26556c481bc0a1f9483aec9aef6abe7411cfe74565faab5c6ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
059e26f0a250a9dbcc309f75abd31307

SHA1
2b34c65e26d841c642f5bc74fb4717d38f58195c

SHA256
9bf34f97d548e934b36d87e551145ce4db88372f8175eaff4a4110c96f2ef497

SHA512
b000b8da690a24e7fb6ec33dd66abd18266815e6ed1246bb478da69e8ababce96329351ff839e5141c8b1b52b6e82e642cfd066bda6ef2ce106808c4b1385a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H1GGXR1K\www.youtube[1].xml

Filesize
990B

MD5
08b3f3d8762c48e48d8868cdbcf0a323

SHA1
36ee0c5f79fac2c7d0f49f240910428603e82c72

SHA256
2908f3ef20524e61c0d38c14a638eafc69d72f5b0601098771b9f54963ee99bc

SHA512
56d3e7f31f7776a2b1c87b8a7d0484669887844b9cb841d31baa4c39ddd7066b163bd4e791bb7a3df460371ffde93446bfa7e34cebf5e272265b8feb49c5b225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
19KB

MD5
5dfbbac4a93c387b26ed9007e9a2e3c8

SHA1
0c71e884613e68c55d5377f9b86d06365b82459f

SHA256
3eae582bf3dd9ccec28e83c20ded63c88670060431f2538e77f583ac039b2f15

SHA512
6da4149aff6370a8c6735b48a837e355e96d41f7a14eb9827dd6dd004e6d8646402fbdeb373952d952e5a7c87a349c5dcaa3a01f2bcb2d5748d34dd61b095188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\base[1].js

Filesize
2.5MB

MD5
a0955bd75ee1ebcaecf8aa6780d674e9

SHA1
526f291fd2a13fc60d04ed4098d257fa459cd900

SHA256
029445efa2b9fefc24051d5fd28a89c903abf284c4756f0e42a5f4ca99a6ef1f

SHA512
20001a6d54826584291467dd505b2d7806d1b7ff83f379f6f95967e241a3e02709f3509953be918f6fa9d604564299cccd85f996cd437e11f44ae85a8cc281a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\embed[1].js

Filesize
63KB

MD5
b9f9680ef0c18c790f0a1d16707b4e4d

SHA1
8d7fed5d02e45c88483c8ebf2de95ab326d74999

SHA256
e99514b5186f540f8c66c390d19af9006407c31eb83970780f5e22c2171c507e

SHA512
b65edc7e269ff3e12dbb688e43abf6d7c2c28ea20ba26d596dbf74b8ad7238831e2b8098946ee95f4da2fcaf54d907057e4a20726b79398e007ce28b94dae4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\www-embed-player[1].js

Filesize
325KB

MD5
f65c984d9a1affc72f1e38c1c4db8f5a

SHA1
ed7d6c5f7d8efa327ef8430280793e4898324f38

SHA256
a7f9d511ee07df6991043d2a20d9325420308eb6893b854a993cac7e11fceb97

SHA512
8ac28aa7b257fee70f142f32fb40b53b5385cccee67b7febbf2f7e796e918fcb3a6fd1d6345eaf119b433b905e3b0bf6ea1d55f0c579a6b644548d813498583c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\EhMS5LMWNnx4EI1l5r04sTRhRpzFlHCPrIjK9dYtLwk[1].js

Filesize
53KB

MD5
c377c5fa8e0668b658bd8a64958ebc45

SHA1
d8f8898665e6fc1ab7c4416891d73c34bc31550c

SHA256
121312e4b316367c78108d65e6bd38b13461469cc594708fac88caf5d62d2f09

SHA512
d5d50622ae6a2b4e93abdb409c6ba6440641b7e0f555293fe5ae125e6888f132c57a79d3ca56179161eeef8f3135479d09ab3ffcfc679b42879402d3492a4a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\folder-games-icon-150x150[1].png

Filesize
19KB

MD5
9f252fd302bd20e5d6890e23bec2c60a

SHA1
8a9a833a93cb5e58d3dd9fdd8585bfcbbea9f586

SHA256
d8be34ff5f4c52b4284694018b8401356d04259c24a76581e5c584aa74f24c1f

SHA512
243344801ef418d4e09746442e4b21f9409c4c2f793d1e8da38eedbcc0dbf97f462407376a815700bb045b9c6b12f9a3963491583fa138fbe91f75857be5a89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\remote[1].js

Filesize
118KB

MD5
43e25947f146dc811f8d587dfcd29c3d

SHA1
1e27c12fe02f0e1b67c3df55f18582a78dc95788

SHA256
af99246283374474c1be3ea31ce96948e4b51e8396f097c04ff577aad36e3c87

SHA512
157dff2385b500761c23d565d83304ab8d555ad9c882592b168ae52af71d72b91d4820dc11d2d4ef6916ba96dd4f66b4ad8c97447f7a45cf52dcce2025021c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\ad_status[1].js

Filesize
29B

MD5
1fa71744db23d0f8df9cce6719defcb7

SHA1
e4be9b7136697942a036f97cf26ebaf703ad2067

SHA256
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

SHA512
17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar63C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2240-263-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2240-1125-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2240-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2240-43-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download