e16e3f81d5f628693fd01ac3780a81098d96d705e06d6f4820d01975b24eb068

Analysis

max time kernel
74s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe
Size

267KB
MD5

3f5d2e34c50170648a86570f0062b61c
SHA1

2e96e5d42f4069d5babe92d4e762d4877a33de25
SHA256

e16e3f81d5f628693fd01ac3780a81098d96d705e06d6f4820d01975b24eb068
SHA512

8fa3305e2f70c132be3586b6f7fbba127e2d0fb3ff11b2d5f363f4bbf9027df50c190b00ce53728b3d32ecfc711e0784f8e43775acad7b496d5a2b4a048aa5ef
SSDEEP

6144:wdHC+0nnZPan3ceKJuY8UX2fGEvmblk/8os3UtI:wdHC+IA3y87Olkz

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2260	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1440	svchost.exe

Drops file in System32 directory 43 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7FCC12DC-40A9-11EF-873B-E28DDE128E91}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FCC12D1-40A9-11EF-873B-E28DDE128E91}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FCC12D1-40A9-11EF-873B-E28DDE128E91}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7FCC12D3-40A9-11EF-873B-E28DDE128E91}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe
File opened for modification	C:\Windows\svchost.exe	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe
File created	C:\Windows\svchost.DLL	svchost.exe
File opened for modification	C:\Windows\svchost.DLL	svchost.exe
File created	C:\Windows\uninstal.bat	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-36-ab-4f-88-ba	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate = 702e6242b6d4da01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Time = e807070005000c00170032001600c800	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Version = "*"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807070005000c00170032001c00f60102000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807070005000c00170032001900e20002000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Suggested Sites\MigrationTime = 10cd5f42b6d4da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags = "1024"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeArray = 00000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\OperationalData = "4"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000064ad6ada68c2274e9d9e31a96f8b7e4000000000020000000000106600000001000020000000a61dee81a67b382fa8426a0efb0fb0ca5fca0772ff5c920b1b51d2c1e8904058000000000e800000000200002000000044a3a323853e8d3fe2c209f00af73ac6c24e22f5e6ba339debd77c3580cc87a410000000ab6c72952b65750bafbfbd209726e60a40000000e35d3351d83472497c4b53f4d5038c2c2d092ec2f0ba8364fd984179bc6e83089bd50f51e6734c5aad5a49003040f2dc51bd8e13b6186f6b3069dca8c072ab4f	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2300000023000000430300007b020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
820	IEXPLORE.EXE
820	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 820	1440	svchost.exe	30
PID 1440 wrote to memory of 820	1440	svchost.exe	30
PID 1440 wrote to memory of 820	1440	svchost.exe	30
PID 1440 wrote to memory of 820	1440	svchost.exe	30
PID 820 wrote to memory of 2180	820	IEXPLORE.EXE	31
PID 820 wrote to memory of 2180	820	IEXPLORE.EXE	31
PID 820 wrote to memory of 2180	820	IEXPLORE.EXE	31
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 2520 wrote to memory of 2260	2520	3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe	32
PID 820 wrote to memory of 2592	820	IEXPLORE.EXE	34
PID 820 wrote to memory of 2592	820	IEXPLORE.EXE	34
PID 820 wrote to memory of 2592	820	IEXPLORE.EXE	34
PID 820 wrote to memory of 2592	820	IEXPLORE.EXE	34
PID 1440 wrote to memory of 820	1440	svchost.exe	30

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f5d2e34c50170648a86570f0062b61c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:2260

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:2180
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0f09717270925a8f2765b0f85a69329f

SHA1
cd40e1256a951de62f6ccc454a876adc20ac828e

SHA256
db8cf599338a978389c71dfea07dd7bb2e3a49cb12a08896ab2f2e13435919f5

SHA512
e3daa95db11482dc2fbbabeeca7b7dfb4f37996c267176657c05a2fe2f0b1ac1399e2eacfb21f3e7e76122b893f8a50fc58631dbf7d39c60dd8bdfe985aa8e69

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0035fb717809649d352d83715ae6e9d

SHA1
327230b0b91a431a65df176e95979d7bcf583af4

SHA256
870e5bba3be67d1a18ed85cfc9671757ddb6af000c726dd0ed20aaf02ea023eb

SHA512
50c894d7179b0081971c04052167c126a09de719b471b2dd89968f382eeac3564a6bfa817b4230d79e54fbf92fdabccb8ce81b767f05f7951a716ff9701fc98c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1e8f51a61b2de14d8591d25d51bae32

SHA1
17099a8eb02aaf47185003cd4e999c455e9a904a

SHA256
d29d4b19e5328086bab788316669715fd0e6a0c27703a638b97b2f84ef11f3f6

SHA512
62f8249aba9741b3db183e4e25e4d71ac4f7e30f4cbc2499a82b2557c6170db0c7dc1283a935447ac97e4db268830508f88439ab14ef2b58832625ea3beaee3b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7783bbc42a51fba9f80f3f77586b0223

SHA1
270baf638f2de4dd9daca4e5aaaaba9e3f120d51

SHA256
ea5c42ea2a6fc2e9baaf4d3f20de23820f8b60984b0585b7c111691b54a40906

SHA512
9f5ab52092ba7f6f2f85b8a8d86c948c6c99516f16f55e8f50e1e74cd1ec234b2eff2dc6f3b2c17155fd7179e09b0ce884e56357f09bcdd0b9df84c81a242bf0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac4ab664700ff9d32ce6b099c77fa0c7

SHA1
a824acc50905ff8f3b5f1d29a5f4366142526718

SHA256
be211e2614e7a6ce923c3700380e215f770ac046786155ff2d4f055f933b34f2

SHA512
24ecf3b835b1d64271e882adb8b908cfe5264239884beaeae082fe7e230bb553fcce77183e6486c888b1280a7ce9da6f80c966c0901b3d721df153a7c80f94a2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c391227335c21af14f5bdf9b253b583

SHA1
04d4f957a7c1e5f5326c1a10005f77f212f35118

SHA256
bba94eaecd4ecf1d399ac939ce9a23169ebf1978aeb16cf2972476f7cc7c4d57

SHA512
df58ef4d85752b4ca239f63ec7742343b8299f1eb266a787467a7a08c20e39b924cc4d0d6b7c60bc987bedf10523be36647b687438cec09bcfeadb1ccc609c61

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47745021624fb04c80385a68039b8f3d

SHA1
d63ef21a97ae9d749bfb106b5c8ca4ec9ad66333

SHA256
3e1fd55904ed73c7c73e6acaa3fd0e5260bcc41fcc54114d0ea9128e8f344daa

SHA512
1cc30acc56536be943f96c57ac38d3f113f48578ff146e9ff0ade1fd0f36da89d4b73340f62e6bcc4d6db97bc7e19d8cdc99f051f83fbdd751de9fb7cb2a055d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edec4075e1da7bfbecd25b49733af799

SHA1
97c89d90be592f3c3d9735dba65e3472ff6b480a

SHA256
b13041252a1cd42e29eec40b63740eaa5bb74a5ab35aa1f3fafd1368a0caba66

SHA512
845a54820ed1941259d99e725c8b191ec93d5eb3f9b6ef1bae2796e15a208c3cc3449c3d3ad51e996deff13ae74f5ac4025b1aeb9875ca8fd151078e2d3d4f41

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1143129ceddd8c72d4ed5a35664972c6

SHA1
335f6c9585870917bc3e04ff079d4dad3963be2a

SHA256
a0e39af4cb1521a393d57318c8ad1db5358e7c5bda8c9836fd45a3db42c54c83

SHA512
60518eced7ef08b9a0a174cdedbc2e3fb953449f24429c0a5b6a7888797f91b409869e6f57f985ae21bb5a9f6c0267822a70e3f600563c6f19b760366560408c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a28737dae0dd5340bbfd0a81e9a7baa6

SHA1
d5da6a570e543df5ed9cb9d8aec07eef868c1441

SHA256
d584edc50e065f75da5303d834c1820d44a5c3eca5ddd5b782de36bdff55e678

SHA512
8075ff7af2960da667f95b17c9ee9a000a419fd8bf6919d8b338f276a2359520d052a1c4c0bcfa4882faffa80f2e7bb36ecc86081ef26dad535842bc235962ca

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35f5b8af52dc9a60723a74cd9158789e

SHA1
041df26936cad2dfa123730c906a374ee2c6e135

SHA256
48b0a9cd52b6c6a27d78797b01de9985a953ab5e9cb7af57ceb623b745bdfcd5

SHA512
d168c3aa9e01ac2a63539cc39ad6612fc3c7951dbf9d57b7e88491277bc80ab50d82c791afc05ecedbab9236da8b2de9aeed301700751234d7db71e3a5f366cc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74d27fbd468a6c1ec132a2349dad3593

SHA1
4a983f3d369c7da6345f979bab13cf3a0a3cc256

SHA256
0cd53fe6bbd942ef9cbbd41602a0ed36e23ddfe345a5e02a5805b88681c7fc9d

SHA512
2c975ae7076f84be2b93b65194e73cf7b1150b59e4aef8532fc69bf0c927de6b405d373d1a058dd9cedec9091d921260e78244e15113e96c6f8ba60c51deb572

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4dc4a840e2531b30c01fa20697d1368

SHA1
a40d624a0ae4ee871448541c909e19ccb637b416

SHA256
e5eb0609850dd909eab159e9d4d335194614357424626775a029fd2d2ba60f0d

SHA512
eacea4ef32fa461a71b9c26fe97b8d983249794660279f49ccf28f9c189174eb1b9cb3bd21e5fd96c7a5f33c6f7e08cc9915ccdfd959bd39599219a66c912192

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78a5351217bbd4d888cff9b62a24ba64

SHA1
1f9bd2a8ab9f3abac83f2c95086c6d12959e80f5

SHA256
d047806fb7ea7c6f088c7504db32980d7f5883bf5d81a088ee87647ddb4a4246

SHA512
87570941018ce1b69a731a4c00ae63998217b5d7246774eff3a69276eacf1beafbceb5535c42a726aede089075e93711a87c7ed5fa721658c391f6a64a7a0fd5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
577f9761c9f3124b18978550dbc378fe

SHA1
d5a8f31aadd11328e0994a6295e98ba5351b4a3f

SHA256
59213445d79b09c322d76ee9932264d19732570b6907e345aa4adc374cd70f66

SHA512
265ce9a6a7164d57e543c76680c4f18084b0ada497d3726c75bcbcfda43306f7c027d6d2ded5c5716f6105ce362771dcd51fcbe6abbd3c71aaa8f51a080b1e49

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2e7b121ebbfecb9d98c89eeb9ed440b

SHA1
56f240c6ad656c7785ff6bda7568aa02fb9fbbf8

SHA256
02b5548067c8168fde26cce778e563a7dad0d6d42905efca07cac618a3346572

SHA512
31d4fd87b8711e4dd07cd0f604738937c444528709c854d885eaccf1d5def99f3022f50186203e9310e8a588a2f17c0435add1b5501de417b978fa06d0625303

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf1dbab0b66f8f65faed8de807e1cf44

SHA1
7a29536702499d725d741a891ff702425a9e9a90

SHA256
f2a572fda70548a97f01526df634e363014a5f15cb2177fabd893f5845050cf1

SHA512
58a29c6915933b5c1674cc7f1937a69a6e04c8f1a11ac94afb07c368820f9e8943fdcf156c6fcdf567e7b2246db90d4819646a4388ec5a73f4b644bd1018fd8e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8516bae1a41847906f1ac74fb59c69a

SHA1
3095787ecfed81a1958695f37a467f8c2ace1eee

SHA256
059411a809d558f2e56d57a78a8b94343b7850119bb2c9c1e12d6901fb49310d

SHA512
22b2b51b738268ad4e07a04ecf5161d2a76098352f9648f8cc05ba9596860c3698f28852bc97520b8a4566b64af7a5e378804f57d6e7a3e24b8065d16f0575b6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b55f374a47354ba5bcc35a330e387123

SHA1
ca43d355db2485be63cf02b55efd85396c42e2ec

SHA256
3f438c27f6492412cd43dcd9ef6bc9af2418ab0c49b13d62ea2ded9bf50fdf53

SHA512
51ea8f24a06322199d7715ae801a62b18006a6bf701a10163f6be55dfebdfc2079d14a1e28109c05d8af382e7c8ab1c03a42bc4336001575281ab92af8bfe818

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
645f2b055fe4ee1c050b2cec414cfad2

SHA1
299414057c9648b1a4a543e33e6093e7b4a99bc5

SHA256
f7430b2e8ea32ccc2f283b2cee497fc5b21d859fc14c8afc3064b81f60fafc58

SHA512
0099c986decbb216177616840308b0df3dc155df7f955d9d2e6889cb31d2efe470839f3c414a7902db5095ffe40717c3eb1390a8767d9aa18df2b54a02966d72

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
97a2608c6fc48f706a6e601525697d47

SHA1
3a6548cd4f21802905dd735c4a535306119cdda9

SHA256
62e3df25461de831c3ea01e28edba3b84a97100315d42f2520a34bc274cad0f5

SHA512
c6e935760d256efd6340d9d1b6d7fb750527586c0c93f753e0f9dad920bb155b3560042297d58ef41e563c217d3951dd96cba783a290fc3964dfb36fe51518db

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\CabBAAD.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarBABF.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\TarBC4B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\Temp\wwwAEB6.tmp

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
C:\Windows\Temp\wwwAEB7.tmp

Filesize
216B

MD5
2ce792bc1394673282b741a25d6148a2

SHA1
5835c389ea0f0c1423fa26f98b84a875a11d19b1

SHA256
992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

SHA512
cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

Download Submit
C:\Windows\svchost.exe

Filesize
267KB

MD5
3f5d2e34c50170648a86570f0062b61c

SHA1
2e96e5d42f4069d5babe92d4e762d4877a33de25

SHA256
e16e3f81d5f628693fd01ac3780a81098d96d705e06d6f4820d01975b24eb068

SHA512
8fa3305e2f70c132be3586b6f7fbba127e2d0fb3ff11b2d5f363f4bbf9027df50c190b00ce53728b3d32ecfc711e0784f8e43775acad7b496d5a2b4a048aa5ef

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
8c9638bbc05f4e380e08922f8e2363f9

SHA1
737ab5f1dee605fed3a7836fcf1627bdbd4646ac

SHA256
6fb216f86153044a344ff1a9d85742bf8aaf81e539e1b9d02d10af20b2ed2ab0

SHA512
6b47ac9872287204697d621f02112267703955243e93b7187305eaa1c2d5704008d2127719270d64bae303403c120389fce44fa5da450f6df134a1f65c4cff86

Download Submit
memory/1440-5-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/1440-581-0x0000000013140000-0x0000000013202000-memory.dmp

Filesize
776KB

Download
memory/2520-16-0x0000000013140000-0x0000000013202000-memory.dmp

Filesize
776KB

Download
memory/2520-0-0x0000000013140000-0x0000000013202000-memory.dmp

Filesize
776KB

Download
memory/2520-1-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download