b54f110fb23a1318222538de8f3682826abbb797caf060e4e9aed092712e51d0

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe
Size

644KB
MD5

3fb83521088cd165854ecfb8b290ab78
SHA1

57214cb0e01a91d99473b5fd644e7d2c3f661818
SHA256

b54f110fb23a1318222538de8f3682826abbb797caf060e4e9aed092712e51d0
SHA512

e9f9390d2fc77a6e12848be310e810c1b54d3c95ee0f78030f93d7f853eff03f023d24bf0173ef015169b6e1850f905e1635f80a7a32011d3804d17c3ebf78f3
SSDEEP

12288:JJjSKH2N8xhgWug3XQQdd1OrKHW/qPa1F3Z4mxxdSWUcOeTHfkzzg:XjlT3gWuMH1gKHW/V1QmXbUcrTHcfg

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2636	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2848	Utility.exe

Drops file in System32 directory 43 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B2B8391-40BA-11EF-A7CE-FE3EAF6E2A14}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B2B8393-40BA-11EF-A7CE-FE3EAF6E2A14}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1B2B8391-40BA-11EF-A7CE-FE3EAF6E2A14}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B2B839C-40BA-11EF-A7CE-FE3EAF6E2A14}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Utility.exe	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe
File opened for modification	C:\Windows\Utility.exe	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe
File created	C:\Windows\Mangerr.DLL	Utility.exe
File created	C:\Windows\RAV2007.BAT	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Flags = "512"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Flags = "512"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-08-f3-a7-58-46	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Version = "*"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\RepService	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807070006000d000100310015007a0002000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Connection Wizard	Utility.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Flags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 304ca8e0c6d4da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate = 3094aeddc6d4da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\User Preferences	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time = e807070006000d00010031000e00f502	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags = "1024"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f00c1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Flags = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F817635E-2F37-42CC-B04A-BEC04BEFF3C2}\WpadDecisionTime = d0193cdfc6d4da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2848	Utility.exe
Token: SeDebugPrivilege	2396	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2848	Utility.exe
2848	Utility.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2872	2848	Utility.exe	31
PID 2848 wrote to memory of 2872	2848	Utility.exe	31
PID 2848 wrote to memory of 2872	2848	Utility.exe	31
PID 2848 wrote to memory of 2872	2848	Utility.exe	31
PID 1992 wrote to memory of 2636	1992	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe	32
PID 1992 wrote to memory of 2636	1992	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe	32
PID 1992 wrote to memory of 2636	1992	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe	32
PID 1992 wrote to memory of 2636	1992	3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe	32
PID 2872 wrote to memory of 2788	2872	IEXPLORE.EXE	33
PID 2872 wrote to memory of 2788	2872	IEXPLORE.EXE	33
PID 2872 wrote to memory of 2788	2872	IEXPLORE.EXE	33
PID 2872 wrote to memory of 2396	2872	IEXPLORE.EXE	35
PID 2872 wrote to memory of 2396	2872	IEXPLORE.EXE	35
PID 2872 wrote to memory of 2396	2872	IEXPLORE.EXE	35
PID 2872 wrote to memory of 2396	2872	IEXPLORE.EXE	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fb83521088cd165854ecfb8b290ab78_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\RAV2007.BAT
  2⤵
  - Deletes itself
  PID:2636

C:\Windows\Utility.exe
C:\Windows\Utility.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:2788
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Mangerr.DLL

Filesize
577KB

MD5
541148965ed725ec3bed3cb20ff72c74

SHA1
34bfed3e65eb7743af12b8a75c294a6a0ca645bd

SHA256
b8f4ce65f855a764fb5776d8641794ec0dd44d9124e639496a442e82b1cf71db

SHA512
220bd2e71835c146bb32c9e58e12aa9f36fda7008f5afafc0111165723033a564a31867a2a8979fe72353371b7c1dfb2c7f6813372dec668fea629adda5d5074

Download Submit
C:\Windows\RAV2007.BAT

Filesize
218B

MD5
354ae8643b2c086898c0a2e14f35dde3

SHA1
36d3b079787286de39fbb37163c0f69ba7616c86

SHA256
7b85946fde080713f35fcf04dce4f2a86d1eccc3db9a9ebfe9606f50f434bb09

SHA512
11aedb221b34e63c4b51f4fd8f60ad087d1abbe1e67c6829035b0ff2fc2d2d670f9e73aaa0c3b5f009cf31a3aff4975c24bf50611f256ef14f81f65f6f7f75d4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
899c845d4f7a44fd50f7b2b3a3fb8bb0

SHA1
857d604b9e173494955319df34978295152c6d50

SHA256
83f17aaf5d6f1bd71617c275ca1da98200ccab18c494e0a7a8ccd3102d8ab852

SHA512
cc7745ea7915b19f7e597cd3d73aa3bf679a39ab17e9ef2350cf988841de5bc19fd55fca95b412efefe469b265fb38562f55bcf3dbfa4ff86a0f51e08d87e847

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e75835b693c81b88038dd794592571b3

SHA1
0a8a34ff462301471cd3022ca04cdcc4201b11b2

SHA256
55a2ba187fefb6834e8d9ec3c46594fc0b3866e66e6c6c2169e25593420c443f

SHA512
53ba03afcaf902e2797979e25a21246b8478f80912652f111875901ff0623c641864dd3e6c8c240eda9777648c9202a8693cf0fddd6710b7061077621a74db81

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13dceeb9a6083a1b3fca89d659831107

SHA1
dce70761dc76d85decbe51fbb3f96bc697eca6ac

SHA256
ffda4e1fd7b5872e49db57f2e5e3c4677d7a98082d6ee74618d8c60746331281

SHA512
7a302396a3efc88f8c76341f93c44e863e07cc6dda6980a4a3ab82199b90767e1981d7f827cffef120961939e967fc229b2b776cda174977c475fe640887aaf2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7f31781929b72b10f164d747ddbc3ae

SHA1
878b7bf5cc96c15d75ddd8b57278fdb8a148c649

SHA256
0d1f5625517cf90b42e2bd4e3f3df5a5db3c76fc6f4a56d7687d73f5a3f91d0e

SHA512
6fd85a4ba52a97b661f4f2fe842c02d66ff5296bb15f0f4f03d101e59e84fd9b6e4d6d836ca522b6c5fe9d6ffcc8c7512bd4c85fb67e5d2e35914db388a0e86f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f9ee3405dc77623cc5eaaa5d4b84712

SHA1
2772390fc9739470957e0b6c833885be354af520

SHA256
e70d622a3be97f9b4c64bd44529ca147ee56aafa27cf047c5d1806f22459cb4d

SHA512
f608073ca5a3e08a7009d82e528e762d18a7a8b78345979454e809b5e375228d121cd4036de38e0093dfe5a2f724c3051ab5d3ec4f3a919b7fb5589dd757c783

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63f09d9d8f8275e610d619d4e3f3c6be

SHA1
4a552af99b98a1bd5b0c735f674ff8881969b0ca

SHA256
c91e99291f63af4a731b194d4c35f131ccb1eb1d503a0d3ba69c596942938bbf

SHA512
05748178de92d345142afdc6006f8def63d51a06cb4c7060146515d0fbcc79d6fa2301080f51ddb9b8c1b5bcb802f24afac658f89fc86244013a71fa285591c2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bd7b92bbe2e5ea0a1f234ed3c181bc0

SHA1
20deeadaf23effad9d36404a33a2a752a817c0c8

SHA256
d513bb9af67ca95735003c53ebb770957d286fe45e2abc71d76815635195259f

SHA512
d4523c184390e59438ad044e0fdc3b467285095e49a63da71f2e3a6502e77cb7fe7a6ebf8cc3d8f9a8873a5ea810a90e033b699b935f629ff461935dbf79e29b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
490ca71bfd57e173ad2a01ec8ca1aeef

SHA1
82a637a8931e414fa5162425c30d2b2521b61683

SHA256
904af04b03b09c486ba12207ca90ad441d69cb9c432e1e389ea7a63ef858db99

SHA512
8539337074b0a1b07c5bb63603073f8abe1b4c207b897d496888a94bf363b7569e810e1b727c5ce2d8a0a44a8a5d6c09710c5bc196b1b04d93a3b4c3d2eadcac

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce3cac9d5b62c4d1d3b909cc5b9d3a5e

SHA1
3f629100748ba0e5c4bc66700aaeb24991049f6d

SHA256
e8d2e91eb717ae11cbbf2e26df91a94dc6561bc7d2c93c42901ac7a7c001e543

SHA512
7964fcdc4c6e752dd692af1125b61e5ba701393ad90368316633fe3270358dddbb35528fd3c375bd460c084c97b59d107f2f1028f0d33ad7f0d9d9b7f62f0941

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3b6edaa559ff614f695e351bb27e9e9

SHA1
33ba720b105f168c8857d55b95319174153878f4

SHA256
39a173f242e7657fad1ecb3a22a38526c3ab648f41a71b039540d873b7b03a28

SHA512
fa20f600609b6a1ef369ef26115b6c233e95c9d0d9e277c65c250ff79f9446355140353c2986cedc781bfdd430a47af031bcac25795735953ac9618fea49ba58

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae864ec975a5569a551510d3da5e33cb

SHA1
d4e698d4490e83cdcad007fc4dce095a2403cbc1

SHA256
da44c21eb0a7d586deaf9fa179248aec3c67af8fd3ae047bafc9b4e7f8dc46d3

SHA512
138422a27a2add7df90eb7458592ec3a49cb0c4f2687f8f54609930274a57bbbbba992590bbd61c1a988ccb97ccfbdbf9eef36992001bb7c50ad3c7f87f23472

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b368de90a24f6f4e5f2f0d2e33e4c507

SHA1
a087ba2c86c52b19b5895bb584bd81531d25694f

SHA256
c3c92c9d68939163e5df4854efd3993081c4cf6738427b6213f8f91bc8cc8637

SHA512
d666de1271aa20f6a04c3549ce2e8460ac221dc9d5f5a7128c13d1568b814e2d6194db73dabb2e97f3d238ef584979bd014b0313208d45675102f5e71d5df72b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
773440497c43ddc0397893c4964cd810

SHA1
2092b759a7190b07e95a80afdd0573f42b158a33

SHA256
42d045a1b2cb41a2e5f9b609072be26da64d3989f796683f23a0f75bba33daba

SHA512
b6fa4c7c5681d48372be77829def9d3676726326333a0c16d36a4adc75510bf839c683ab63e6d98f12b68791b7180bb18c003344215933123442e266bcb829cb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf0b8790c186295aec8f879fb9340b27

SHA1
c82efd9763fba08e89abbb91164e7e6474144102

SHA256
7ab5b9f70db03ef3f19f634824ada36620da33c435dbfc9afa7091c40cb2071a

SHA512
4c87f9ce1d17db5e63ce2a8be80bfe1264ff01ef03b113a64994cb4c954268cea5b3801e4cfe6509cb3f7c3a6e9201dced2dd6ff8bc9292f73cab3ae7da67164

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc99695dd9a6ec315e433ae2bdf09cd6

SHA1
3cd87ac58db1c54c3124295a70d7a6507679b635

SHA256
4b4680d7815d77ba27f0109e1a313ceb7beb830af1d1472f911e790d53520a00

SHA512
c4cfdadd9e68e87b7128594d3385ff07f99c007af4b0506d744227ae501f3b67dfc9d95677e3795bd251656147a3392ebcd73e40735e78f1d49a17dccf48b7fb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ebd98a0ac203f7d52be465b99bb96ea

SHA1
fbf623d143e78e13cfa0fe92dbcb0082b40e53ab

SHA256
4754c271203b49f5dcebd6b2217d423826532c74f7f899fe775487675da33172

SHA512
0637665fb51ad70812228d49d7bf21309365efa9ab903707cc7255b9493dcbb6e36272bbcbf9800582ebd72b7a518267540487d46430e9dfe35b43d6641bdc96

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4130c6c6816100b0ea1011a488fac40

SHA1
c9057ac50a3d342890f1a4178a8f79c83741f781

SHA256
107684a6dd04d055b564c660e710afd25b409811ad5d25564f5f0cd1282a6cdf

SHA512
106ec710741b2b8943ec8a0371b3b6674dd5072f4fb4c4b2dbb3e67efc02addd30ab6a2fb93cf61d29326428028d5e6012fbd2235b072fce8dadb057d6b49e45

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff5374ba1688cb9b5a26699187185352

SHA1
c2870a1d47254c45f6ce52b73442dca2dc84cdb7

SHA256
48ba7ea4a2ded1460850d894d4df6e46796ac2fe6164149ed770e2a4157a4784

SHA512
98bc06eff5cb27c9aa1d3d0910b645877afc9b08799b94f36f57e2f95069e14210920f2c535359e87dc6a2f8dba41415ae6c96e3fcfbfe33e71fe60c3e97cf23

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a99ff3f66405da22565a30ff79efea

SHA1
ddf7bc372a44c635846a2942da3ee4c18b1f372c

SHA256
aa19a1da3b1579be63fa241a694d386b66b8f77d029e199c9b72b1a9f1fe9739

SHA512
aaab74f315f62c33f95bcd220ccc5a3c3e8b10325227dda9b94a545eca7988b0e200cd79d3aafafd013ff33863d7d300ac674066407da813622666208d31a37f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2cd4546402d49492ae0cc0339390045

SHA1
def5af37c2cc4f266aa388f906bc950bbfa7624b

SHA256
383344fbb820a3b30d43da6048bb4817f7eee72e27d1ec29621dbd790467f15d

SHA512
067cf5bc7407b7fbeed1f6f3981f05786468fcb5e3d872ceb5cbef0fd8e383bfaccb5f2c33b1a4bf2d9c7af18b7972c154e2a927a1815b5f1160af8094ad51a0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
db96d768b0f286fd766e6de313085ecc

SHA1
a649bb3caa3b4e526b61cee11408ab0938294a99

SHA256
31f5afc2834e63c34b709f8b4e0045c8f997e0c7318f1bb5702d0c67a231bf95

SHA512
c4454d6d90f22136f3184b276a1dab6955e58119deafa9778c5cbd1a545cd42e4f7c4e30b1756f89eb8075b4dd66d060802e8138dc85efce440ff90881221841

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\CabBB39.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarBB4C.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\TarBD35.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\Temp\wwwAFCF.tmp

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
C:\Windows\Temp\wwwAFD0.tmp

Filesize
216B

MD5
2ce792bc1394673282b741a25d6148a2

SHA1
5835c389ea0f0c1423fa26f98b84a875a11d19b1

SHA256
992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

SHA512
cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

Download Submit
C:\Windows\Utility.exe

Filesize
644KB

MD5
3fb83521088cd165854ecfb8b290ab78

SHA1
57214cb0e01a91d99473b5fd644e7d2c3f661818

SHA256
b54f110fb23a1318222538de8f3682826abbb797caf060e4e9aed092712e51d0

SHA512
e9f9390d2fc77a6e12848be310e810c1b54d3c95ee0f78030f93d7f853eff03f023d24bf0173ef015169b6e1850f905e1635f80a7a32011d3804d17c3ebf78f3

Download Submit
memory/1992-20-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-10-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1992-2-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1992-1-0x0000000000370000-0x00000000003C4000-memory.dmp

Filesize
336KB

Download
memory/1992-0-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1992-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1992-55-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1992-54-0x0000000000370000-0x00000000003C4000-memory.dmp

Filesize
336KB

Download
memory/1992-7-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1992-8-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1992-9-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-21-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-11-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-12-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1992-13-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-14-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-15-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-16-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-17-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-18-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-19-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/1992-4-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1992-5-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1992-29-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/1992-23-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-24-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/1992-25-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1992-26-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/1992-27-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1992-28-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1992-22-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-40-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-30-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/1992-31-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/1992-39-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/1992-38-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1992-32-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1992-33-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1992-34-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/1992-35-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/1992-36-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/1992-37-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2848-742-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2848-743-0x0000000003740000-0x00000000037D7000-memory.dmp

Filesize
604KB

Download
memory/2848-601-0x0000000003740000-0x00000000037D7000-memory.dmp

Filesize
604KB

Download
memory/2848-43-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download