ebec5ecc637b1b5814a49f61ee4c9df2955a5f137bd8f1702aa91c5ed4bb6d87

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
Size

1.3MB
MD5

41271d8e48f31c65c9d0984c3d36c68a
SHA1

d7977c0616ad302034b05d960831392ccf582d4c
SHA256

ebec5ecc637b1b5814a49f61ee4c9df2955a5f137bd8f1702aa91c5ed4bb6d87
SHA512

86f5eeedd7d184510c8a789a1ba6f9955b7d971b922609d007d16ea2c5921cf03216ce553f1389b1d288c441f17d814a5f1a0f817b100827345f3b0d7010d08b
SSDEEP

24576:fIJxqG0518qT2cCm4RwJPTMgASq0rjX846QZ4DQpe9OLbRnsJYbQn7I:fWH0519C3Re2SX784bZfWOxnsyK7I

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/288-0-0x0000000000400000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/288-1-0x0000000000400000-0x00000000006C9000-memory.dmp	upx
behavioral1/memory/288-2195-0x0000000000400000-0x00000000006C9000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\windows\SysWOW64\galex.dll	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10135"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\hugedomains.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b000000000200000000001066000000010000200000002657caca6b11108873981804821f01a9517220843dd0ce48584c9b149a55b381000000000e80000000020000200000000e4b12412d931a7a7e31efe701f249c425e48e144ca6cfa5081108f25ac4ce2520000000a7138572b6578e633d36b06cfb4472f60e1d16802212e8f674897ba39c71e237400000005c5de71a03bdfb286f9b139ae1c739347b8ee1a6c789baf56c9b431b87bd4b819550599b8c385a0282884405aeae6d5767f72e0fa417af34058650e81a2dca32	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10110"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "140"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "307"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "146"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "222"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f006bfe408d5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\hugedomains.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10110"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DB50EA1-40FC-11EF-96C0-CE397B957442} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427025571"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1656	iexplore.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
1656	iexplore.exe
1656	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 1656	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	30
PID 288 wrote to memory of 1656	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	30
PID 288 wrote to memory of 1656	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	30
PID 288 wrote to memory of 1656	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	30
PID 1656 wrote to memory of 2840	1656	iexplore.exe	31
PID 1656 wrote to memory of 2840	1656	iexplore.exe	31
PID 1656 wrote to memory of 2840	1656	iexplore.exe	31
PID 1656 wrote to memory of 2840	1656	iexplore.exe	31
PID 288 wrote to memory of 2744	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	32
PID 288 wrote to memory of 2744	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	32
PID 288 wrote to memory of 2744	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	32
PID 288 wrote to memory of 2744	288	41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe	32
PID 1656 wrote to memory of 2144	1656	iexplore.exe	34
PID 1656 wrote to memory of 2144	1656	iexplore.exe	34
PID 1656 wrote to memory of 2144	1656	iexplore.exe	34
PID 1656 wrote to memory of 2144	1656	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41271d8e48f31c65c9d0984c3d36c68a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:288
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dnf1100.com/down.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2840
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:209927 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2144
- C:\Windows\SysWOW64\explorer.exe
  explorer http://www.93dnf.com/down2.htm
  2⤵
  PID:2744

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
36448c480534210db6424ffcd2aacc53

SHA1
7d82a472b25109da35a12d817056381b3683b7aa

SHA256
4ad6ca3dd01e82332246a12463ff07749774ebfb1b12af3188b97bdf10b23964

SHA512
7bbb1e1acddc280d19c99e5f02018a4329cfd3d420c952309374a424d8cb804e78ae1e51d5489f4f98400077c5b538f7c82fd5ee7ac5cb36838904efca1d2402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80338b34be63f0bea9699e3315f0800a

SHA1
bac56bc6234c0eb699f13cc6c7349c495a605a92

SHA256
899ba284a0877a747eb7ea32037dd2f2fba2771c79942e3d3d049e52b786489a

SHA512
4ddc80aad41b25d5b47f89c6c082b5f3575d589dc4d928579dedd1d406b55e929d5fb0203ce3fa4db03c0197ad36c150eaa4c95a5d9acce7d4ab9400d6fe868e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4e3c6c679a4b0de744d2c4fdc74b835

SHA1
205ce033bba387c93d3b5bacad32b66517304d16

SHA256
1011e142cc2aa28f117fe1f0a60e7b1f320535bd65ea0abfaf1e0f1ef3f0d9aa

SHA512
1751670c010d0752937ffa3f249836ebcbf746eed78e3d8a3a88e8c5f7e961359283e02cbe90de4816b598991069e7acc07fe63fca49de5313d33b4b5fb94a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70a1fd1ae861f9b8dcc9b7860e5d6513

SHA1
59626dfdf1f67f48fa766ab7f3215bc3d0cf8af4

SHA256
0cad95ddb8f09e62b3a602fd3f5036fbdf3cff8cfada5433d9732e46f062471f

SHA512
93562ed57a909e83f237276b4c9c685dd6c8777b61325bd098e1ac79c9b7aa362ac27989e4de276fef5a9a176e243b7e4cef49e9ccebd6b7799f94e0f3150512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72f97448f3b4555d51338afba1253c76

SHA1
fd27b13183f2f64b2b4c7276ce8b1d2d38c5d14d

SHA256
ab8219a20de80c06e050fa211b5d4b7e19ced6f802ae9ca20a1f45ca3c3c20d4

SHA512
682062b097e6a260d5d8e4420567e1f1c1cf0d4c07616a229472d30b9fe46c80eb5a8531d676a8fec393897d340611da2efeffed8a6d1fb68301739d331196e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae832dcb17828f012b4b5d1cfa842f2c

SHA1
a39410aa173314f8b1315343d8c35c9959527fe6

SHA256
5e24328336a550cee757975ebb1c66190c037855b6059e56b601db8de17575c4

SHA512
8cb690d31a51c8bbec3be580c2c3db6e3be1cddf01370cba889cefd81a92e2d7c847ebbfd8b8e53ed6ec794c2ac4004e9af1fa2f325eb77721efcd0bfe9e0bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db8169b4b9ab1765213650675a7ad224

SHA1
fb92dfcf145c23d27f12a08c8a52424606598452

SHA256
12f55a2a45f40b89e4d92c85cb6f1569766a3c8a068cfeccefa80848353c44f3

SHA512
5f4cc78fc0e4360d4d97bbe7541c93a44022f529226c145571a62d83a417e59137af2fc89aaf28d68cd14efaccd5842d686553f70de9b08ba3d9b1e6be63abbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6d47932a5f683d89fd4f2682a6e7e1d

SHA1
a8940ab76016dd80e3fcf673bd6131e5e7bc6f90

SHA256
a588b04c65e8749dc8738eaa3221d7e782815da328f72cbd6f5e677685352f48

SHA512
914b60241b8c000b3b967ff5e4828d94b6935af95f6c1bb8342f597f780f768222a7c9683053fde0196e1b31dc05e309f0ae95aa4ad21a3eea863401c1ee4729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d4723682b6999eb32bafc07d5889e4

SHA1
d4db6a65c570860225fc3835ebc810686b77ad0f

SHA256
108d448df7dea392e24e8a331c32b9042eeb093c8c77fbb5db732137d90f59e6

SHA512
bd11e6f3d3e96221e9720d7c79dfaf692c8296219dff10349596b800de50b2967ca789c9ee80fd5ad9b1e8c45805ccd9dd16b0ac0a8d95f1a606d18ad4c619df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0acffeabcf9acbdff90476013b45657e

SHA1
54cbd0824f5c3568615635398000d42dca97ebb4

SHA256
c0af2ead95de6c9d1a275450022f7417ffbcaba5c6fee7b84b616ef390020325

SHA512
8d6cb33118833efb1a8d45fa01b8e8a9bc16c3b38c6f74b450838b539ca673fab229bf0a02a2730f4171b84f7a5ed94c310b2f9928fedf5537c853f8ac121ea1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c738bd991164263965e28b101899e392

SHA1
5680d0e8b7d6dea69c01f3488d9984b76ee57c21

SHA256
b753abbc5ed28a43eab1a7c19c5ec6dbe7a0d5ef5a693afaedffb1d17f7e4599

SHA512
3053ef1670bc085e3ff42c03521f3273ecbd6d6e462b637567f25af07ceebd6fd9a16cddd967dff379d06ce831b1910879aa3ad97998a06b60e0aceb85ed90d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
514529866fb92c7d423032eda8e9b21a

SHA1
b6df2cd50ac5663e457667d3009aba8aba5e18fb

SHA256
477ecb52cbf463f88696d634f88416d6c092c87d0ad56de2b64c88b1414f73d2

SHA512
3f14bd468465c4e08abcce2068adc01ca78cc8775c6926dd1220ddc2b05185947e775c0c3bef3e7f911e8c69ecb5a05f2f2025e63d874738232d4520cde016ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
762f406fb048d4e448dd3718e4edc2bc

SHA1
aeb561eac58f50af831d49153e0375d5be70959f

SHA256
96887bf0ff0c4e35d4c25674202ef977e7865014d154e272db0bdcef282a8285

SHA512
c3a4adfe418d6114d936d1b8aae2377c1a6a59f86c36429e1bcdf9bbb4396edb37890b463a96fcee08b71b028943b86ee0b40fe7c0c5a25cf5aed36f2ea86f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
149db6e3617d99497e3ce447fb667246

SHA1
8a7f15d428d06c3162ceeeb6fe4d76bf8d5bdc45

SHA256
b89264943bce9bb14ff426b61c5741ceb1d6ca426f76fb14037270daa5eb4332

SHA512
9bf27f9ea7d69600f20464b6daceaf332ef4c157e91bf3536f87e9075bd218d3b99bcb34dc7aab127a9b172c88ea543531178243eb48d2fe4641952f0a111185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ff5408cce749f3fedf9987a888bd46e

SHA1
ebbc9b4b3f02333202109abf5edeeeeda7deddd4

SHA256
69f095dcebfc12bfd445a9bc3e0aeae80683d0dcdb39499fbbbcec742aa490e6

SHA512
c8853d7275e0c22b8e3588608fb173a50171b3f042fb450db74dde31b6baa56caa4538c701a96bde6ca955d2d903c3bebd649f7077bb3465f7b203481e3516cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11b24a83e6b991fe5878a22a65814f54

SHA1
996702118a085a1826d220726ab8a38e28e52726

SHA256
a222dbfd3f889e13cbf149b2aa849ff9a562c6a4f35c8933c824a44d6546c7c4

SHA512
6f3e16d68a2a7765649bc32fab4b599612440661e197f40cd3414b1d19d18d1c9b952836090ff6bc4626c32588875f369569780cab36d21657e03e22821d0719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
514d4df99c2d85203037bca7db867d48

SHA1
492cdc1267b08977c6642499a9b31904dfad8967

SHA256
f37544d9c443bec5f7b6dc6af61e533d7a7c3ab3e22d9d3d556866e22f012a4c

SHA512
4b180388b1e7c50c8dff6a54ef1cf879e2025d78035de39e37140a8fd29aaf08b704aa15dfc0b71e7f02949941078065b6cc9bdb0fc9bd7c9df9671eea94be79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35d48ed1f3bdc641460146c5afc8b721

SHA1
e386a88fa9265ac57dd6f000d07fac79b64d7d4b

SHA256
fce24f147a2be312722b861380b36e750a8e0bf002bd995523f26675217b50db

SHA512
5de69546aea088c5b2af02644439d8f16dc9e2bfda201d3b472286b2d27e04dd5748ec98091c955bbf00b63c8bde32187c3f0c403dd899beae9fcc89181f78c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5befd96da12cfce03efd200b84d7c12

SHA1
daa04cd3924c62a70adf69d3d810217924fd098b

SHA256
1dd952c60529a0af7644364242c03751f65c898ce0fdb8223d72d7d8e20fa398

SHA512
d5e1fc394664c49fc3cde0efeaff5f0d4b7036c550fc2faa61eb2e74fb4ef6c8237a2117d4cd59026853590d26d83ffe190802124ddfa624ce73f7df7965aec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b466745d2bc86f5baea64b62856a3c06

SHA1
deea3ff492ac47673d2f8a17fc0b465843b2bbf8

SHA256
86b0ab838550938077575afc83bd1038b7d45fa86410593007c5efb1b7d2e38b

SHA512
42eb32435544a16b8ea7cb4a0a425b9bb05448da03be82a6ada71737ecd374b19e6eaf487b7174969965a6a08e62bcca6b8e52af8364706356168de2e07c6e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e0355851f729ff0fdff1e1bdd403677

SHA1
42a41f22ea17e838e1f41b974015c617b8b85d0d

SHA256
999f1057312dc417d3250cb35f2e4166d0d8baa274950949790187351f615f4a

SHA512
d286260a5b2c624c2145217485177c5f204dbad378ad9ec4ac8dba459f2b7c6da57e0a54f16f7cd093ac7767110e77b868ae84524da402c68118bf15464edd26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72fbcf3dcd4885ee372751f9c0e41dba

SHA1
7e65bd1873a8379a7c712b222756dbd37463a729

SHA256
e1110586b735e8f0a964f9afb6d39bb47e7bce208984fb4b9a4f5a02eb45fdc7

SHA512
581dfcde2b4459bfc04df2c46c5e46ccc09d6b9a2180ab4af0236432091e898c5e4b9f60a8136456bf2130e3a2ed994d3b76a750e5a78bd405ccf45e0423de58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3241114af3ba7dffbc8ef6e033611746

SHA1
5d170e75677ccd43512728b790b56accb0625e65

SHA256
425e7965cc6ffeafb834d887f9c97573cf5779664e70308b6e96ebd734cb66e5

SHA512
2161e4dba2f434f91523cc058d13ee8da5526b021c19eaaba70eed25456fdb91cc461c88f7d5bc7948c2b16d01f75494e110862226c0a2ef8055f1d257f3a1a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8972b2bcad294de6312f7a15ba434cfd

SHA1
9057575bce1fc56df808dce56d54f8a63a9cfe91

SHA256
be8f28a64bdf3c6665a570284570855e8701a1b912df8e132dedd4dd06101d95

SHA512
b7f1ddf4d10a8a43698c932b49b6b19d441f5ccb3b37d5dd319edf00ffb42ea4bd9d76c5795a613407bc94d40eca9e4d39763acd640af77b8d7675a57fdacea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c15f1a53bd27b973fccb475c861689

SHA1
e2ba748fa27edad28d66ed357177e082ba57bde6

SHA256
2501abbac83206f84265709e51788037d2c3e382c0c3c989287f026070e0be18

SHA512
87b19a9fc274cbfd919289c621373c2cea659185a2ee5439745879534bfad40cdd4d717c321bcd731fc6737c673c847da88eca52e6915d057fb5eb12a0a22e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33f5e33a8bdd1b37344c1568c83ab100

SHA1
fae4a0592947388bde5dc91772c063b64fc99911

SHA256
bc320b755b93365853ec4511d01401f97983af9637c0f115d1a99d94e242dd47

SHA512
46b2fdd13fb7ff5f4615abed9ded642874800449cff355ab439ac0224d48c6fa9ab26f4fee27d1c425366deaff2590e1379224b1f44030b7c6f7e6c7e1b640f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcdd190f8649f36e48c9867cd37d5187

SHA1
099f6b4adef126e21a2cf0e6b0d58feeb42eeb8a

SHA256
142714b6d7be48c4b13b1e62a634fb265b0d944d5d53771a63b7debf6c52f588

SHA512
ece65ec37ceb2629716c0882cbfd822401a0922af5acc20d59954f0b3947c6b0bdfe4fac3c565016976004a05f0514fa0ef49f873b3b932fa36c4258056f114c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ded26f7acbfc8967969e12a2eaf4b6e5

SHA1
9c76610589090e80c90465de24897bf99103ad97

SHA256
e0f55794db17f031d57c9b390e8b9d45ae5c818818c2690383aba79d5d94e96c

SHA512
a25f292969facc36368778ab4f84d1c6b75a6ec908f76a74a633f954667541010cf6253b66f5c5178ea2cb2ba7ecbdd50b85f75213453aeee82b9f6623310644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1bb432f81076e0ec3c197a0bba54940

SHA1
b933b55d73302df66a3c2dbe04552ced2af3b9d9

SHA256
8a9d02b5921273711a82380f6c31abb3c41781f53466649b78c36ac95e0033c5

SHA512
2dfd1b123b752ca86764e6157538b6ae725c936cb35c04c14ebe0afe2d7262e969e1a1b88aaaf78adde13a8f793d5e274ea8557637a24f893464fcae1f0959db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
271f17848bd59f03a37c7db446444cfd

SHA1
faef472f0dd09466bf7ba9e48dd565caf65898a9

SHA256
06d45cccfba972ed149c8248d4e3014fcb99e2c14853ee056cb09616def0fcee

SHA512
832c81a545fae950d81dd9db056a7daf873d9f57fdee483283d06e5925feed253bdfa718a3d2e402dd87d34fe6afbd75e6ea1a915f08c1bf3495dc4c2417c162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c5ac3a8906cc63d4f6af160bb43b26b

SHA1
2f2c9ae8cf642e3851e239a26e1bf03e6f4ddd05

SHA256
868797113647b68f4edc15b2b6f06dfdff3f566a861e2b94fd0f8f94d71acedf

SHA512
15356aa4cb00dc63fad87566076d17da61e608e334cc08d29fc40124a8e0faa93b25eeb406276fd847493ccde544743169fd16f50456adb09090d0311623e28d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b59e95171299521fdf8d6df9a57fc776

SHA1
205adf5277123d6f5f758b0f98d75850b6287525

SHA256
c6e359323fd8c1d2c53fbd3e1938c01100ac9304c12a881be48f11307ca7f1d6

SHA512
175fc52e69028ad111c72d2726f64eac48f956da1a26dbd96d1fd2d09f01b9454ddf9a1842a7b86dd0a6730d3bbbc81b2fb1f033f7463a569a74ee7ed2d6c331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a1ef07e3c16cf3e7849ec7a466ec6d4

SHA1
7ee200924898436768ad0e54a3b4212b0c6775c5

SHA256
fbf93b00147ae9cc1bc75a2b7048423d29067d493e358eb4f8659be8cc60ca77

SHA512
e26a50058decb7673d10e09b91d1a6849603d5128526e3fc1276741d6c40e1af3ad54d03e545eb4f27abc6ce5e7eadc15679c3ad3db7bd025c36b81bcc49e084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43ac83dad35d2d1509650395b727f217

SHA1
d731effa5fd8ab4dc8f30e6f71dac7f6e18c3d2b

SHA256
29551d8f90b4811a8e93a66629ab9ad574bf13f98d420249b060927b7306b322

SHA512
a3028c9e1fbc2765acf212040f9aaf832fff7afcfeec5402a01201960c3b1c3b39b392a2ba1e4791f163f36b5ec763e372c124e3cab6484455c77367a8c47e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8236704be7d879d10e3e29762f69beb2

SHA1
ebdbddb722554e850e38160c46fea157762cb2f3

SHA256
d44a6d39941a4352a97c50ffa1d808d5144d6a2e9e1321f2253ca484dea3056d

SHA512
19a88dd7440b080764ac725d4108046a9924e4940a7bc0a6bf4fcad3d6079dcb3058b9b035f2853d58878726945b174c7f20839c0b8511a8676ba71757e17b4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b83dfab1d752848b9b59afd1d58fcecc

SHA1
f9fea9c64dcb9994fbda75acad49172931604e43

SHA256
96d0254c1d0e2e70a22531b08d422f010f3e45c191ae530c2bad8765cffca530

SHA512
8a6a149c700acbfdd71f0ea25deea962d2ce989715f4d990aab0ddfb67c43251fabaf7ad016391cc5848ac6e58a549aacc69878fbe9e399a95b44b5a6e1e4d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42d7a985b6f87bdffc7b9605bffa90b0

SHA1
ae38173e24c7cf99a89c1b0f5267aa8021521614

SHA256
5054c854f14a34d5dfff2090329e99e16ac96d96d808547d5c983fe9ae86486e

SHA512
4e621af53a2a8cf062c656c12f40ea6e2b464acf046a67b70771ec080375c48769e594d288d25c2cf7dd55ecfa48e3e691e1bde746d4b981b72dcf2de91c21b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05777f47aa84154f42442f313f5825f6

SHA1
68ad51fda95d2918fbce5aec5ef83f8ba7201c7c

SHA256
8e4de5df153b18b6ed7e6e4cb900cd95b5f8a3836f8ebd4d87a0631654239bba

SHA512
1bc4933edd0f63406926ddb30e666523cdfd3d87efe15be3e661fac0c7544c48b230b778d2102f6ee845f83d9b7411cb65887632568ce56d853bb26794a68dd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
542e572e915175187f6daaebaa2d8d01

SHA1
362a5c949daede7a4be24056385b569273abe9b1

SHA256
47d8ba46a6b357a822b5fe4b6a1f7f9c76b33817553929c818443dc142c633c8

SHA512
b3d86296c3c6c33fe8ac172289530e9996d8b02c0c2199b380e1047ab11e362fc53cea5b224a0642fe3145cd76a107423db398fef46c82e698e71e126a88f235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
489739322f5a139fabcaeff17c7da013

SHA1
bd2e49f8a4a93807e8d135850419b001b7b5b0fd

SHA256
1c6492a58d08e5de5a7b73a9e619fa523e3bcf4f7da5e6c1ee99905fe481d115

SHA512
d12be9d60a4f7c7fc527c55b4bef1817912c850e4c10c2c9ad8a1f4efba94fd478be1a8d5845672cb5a6a4327cb7a8f3c6835197f0a06148a178a024ff8f1644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71fc2512e0f72306ce2f8e5aee7c2f6d

SHA1
6ed7b3a47c4c8862e993c343e7f517f2aec4caec

SHA256
15b37f25bfa2139612f6e7886e2f98787161980ed8f4675dc81d5573c50135b7

SHA512
20a7b9fbbf7c29014db886176f4c3a8f892f6b9c5a159cd92d2b276220137e7da8deb60b2efb4e705311057adfe95a0793cd067195e222b3f27920c1afdfbe5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
336c87da03df52836fee172721c7dc50

SHA1
61554ea35c052bc096ba745233cb812bc81658ce

SHA256
7dd8179f36ad914b52b7a45966850809571fc274d18c359bfa756d9e5896944a

SHA512
4af4159bab174a82c27cb589a7853967679bc9148ddfa912b565a8555264aa7b0783a2141153ce9ad713afca02b383b9b62dc923359654e208833fed0c39cb9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5914e3dd8ab6fd91dae5ba75b8e558f

SHA1
0dc34d7cfcfa8b2a71d7abd5338c981a28414c38

SHA256
9857eec757faa134bc1fb114049aee3ef5859f88239d912dac70cf49cdc3d027

SHA512
cfcf57284e3da12fcacf37a25835661f796044bdae1a84a717fc7f8c259c40035b6b5ab26b13627e27a1d35072eb4157f57ffc69d25d77d3ca140aea56e91943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
2fa9ec655a94e67460fb6e1f9f5d0e6a

SHA1
8cb94715576f12929984821d1f75ddf024a78769

SHA256
e7bcd06af1a613ac7b753faa2667b7ac831506c50482cc0e88f78fd11de976bf

SHA512
dd794716cc82defe9139d57d07f569d747e4127a43588f48c47d367c07791536690cab9691ca919fce2d6c0b6c870bdfbf54f34a6fe15b1b3762c72ff49c539f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HMPPBIP0\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HMPPBIP0\www.youtube[1].xml

Filesize
229B

MD5
f9b8fc4ed663408081b0b129c2848560

SHA1
b7c819919ef76abe720cdba23a05a2f44c03c1b0

SHA256
dd6c58a59c2e792aaad30af1ba636d301bee291009e4b3be769d3822896d7435

SHA512
ede53a0c87568735a25ece465f47c2e0a55f752b7b614167a246539f187a7395b46c9705aa8a4bb53fecb50b30e5865636b01149e0fd4b7bb0324a58b08afc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HMPPBIP0\www.youtube[1].xml

Filesize
15KB

MD5
698d5a8d06730859606056613b317723

SHA1
17f3ea70235223ec670a1dacc354907babfe9105

SHA256
99df5da6ab55af56bc9d09b708b489ba27454ffd7750ec39ec78d4d3b2ac7218

SHA512
ecfc6d0a46a318f230f93ba1fe85f8aa226827ab815115c653a0d95ba4fa493ba8f8abe7584c94d130aada5064eca99c92a74462fc2c646fbb55b08934c28b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HMPPBIP0\www.youtube[1].xml

Filesize
578B

MD5
78f102128df2ece92fd93e2661f41bbe

SHA1
83063b1d00da2d284197b6b72816dc1965cec1cb

SHA256
8d544e3df0911bca199d0ca8a1a3e4622b0a473566a7f4e18dd9d231d2b0a712

SHA512
194f3305882230999c708fb2e0b6679d3dc8077fab6928e57b2bd14236baffa3452f59e10755388e22b71ffcb0702a02390786baf8e2ac198ab5abbaea1acc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SD5HX7GM\www.google[1].xml

Filesize
99B

MD5
3d67a34fd97e6ce694317120873197e7

SHA1
75d6d0286042c265781bea9f608b43ce068c748c

SHA256
1e5b94add91ca47e78f89918fb524ef45bd5679fb558e8fe3e5c42b1891ad1d0

SHA512
d81b1aa097220eeab5082aa761b37733693f8fb9e41fc6830c8bd987a9028b60175af70bd297ad598d4da87a82e0dfd617c40616b1bc402daeca9dff248ec954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mr225z1\imagestore.dat

Filesize
1KB

MD5
da671300db36e53883304ffa5d92096c

SHA1
99860b929daee27f783de8cbd92dc195c0003a31

SHA256
5066d5a210a105aaf88c75e157e91f1dc593e4059479098f16c6dfa32808cb77

SHA512
1c193d9aadc2b03c23ad44ae169436d752feba03c3ce761486e4a66d1b22a44e6cb14ec9ff9454d60d0c53585ee4f3def33728fc3f8f334343d991434253d795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I31L8UE7\recaptcha__en[1].js

Filesize
533KB

MD5
93e3f7248853ea26232278a54613f93c

SHA1
16100c397972a415bfcfce1a470acad68c173375

SHA256
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

SHA512
26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIUC9X25\favicon[1].ico

Filesize
1KB

MD5
0106d4fd24f36c561cf3e33bea3973e4

SHA1
84572f2157c0ac8bacc38b563069b223f93cb23c

SHA256
5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d

SHA512
57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD192.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD2FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5A7C0TAU.txt

Filesize
654B

MD5
e8bf57ca7eed133e1ce7a1de5d6cfd08

SHA1
fd5d2a60d18f1160bf46a452507ffe64fc0e20f8

SHA256
8610eee7ac715f859d476681f0c9f1766e38bdf254d35ad2e4c139bd2a636fb5

SHA512
3820cc724463cbb278c9e88a14b9ba0bd5fb08cd2981e3d071bfdd1481fae2e474d63b3dfe2ca59c1362c30f5ca0248aec84fc06f019d63370c3120fa4a47ae0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OGQ5KRYX.txt

Filesize
209B

MD5
36025c20170464d747bbfb2feab5ce54

SHA1
3c64171b663d30a116e8ce940a87da52e18680b9

SHA256
e46973222bc1f2a8f193d3ce0ce4e98c773ee9ef0939dcd39df5403c766db594

SHA512
40417a9a88f5cd94472a6857a38df19216b1a1ee09687ae1142ab688b5a1dc6c7f6b3d6b76034cdc9293b9bcfae80f7b4d1d474f86576c7ff827bda6f8ab0293

Download Submit
\Windows\SysWOW64\galex.dll

Filesize
1024KB

MD5
d55f271f2bcb46387f1dda1cb70e3394

SHA1
9d3caca92db0b8cc6295f35df1f741ad6145abe9

SHA256
3f71a586c97935cc7b61ac4eb42cc375a51af371235f23444bcdc49eecac0ddc

SHA512
854ff1d5853259510f7efeb1d2c1a1685f895a30c4d10d51c2147b5960cbce47c16ac4ee2a88b42f3c9082c26146436e395ad487c518f1779f4c37eafc9b26ef

Download Submit
memory/288-0-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/288-2195-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/288-2157-0x0000000010000000-0x0000000010103000-memory.dmp

Filesize
1.0MB

Download
memory/288-8-0x0000000010000000-0x0000000010103000-memory.dmp

Filesize
1.0MB

Download
memory/288-4-0x0000000004450000-0x00000000054B2000-memory.dmp

Filesize
16.4MB

Download
memory/288-1-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download