628c9217579bcbf7f38ce88f2cd2ed15bf61b01bfa77f64a96da8df4ffa9341c

Analysis

max time kernel
64s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
Size

198KB
MD5

af224d0e8636feb5e8f624df182f80eb
SHA1

76c5fe7e802b2f7658b591deca4e3c5bd0094715
SHA256

628c9217579bcbf7f38ce88f2cd2ed15bf61b01bfa77f64a96da8df4ffa9341c
SHA512

868f01a07300c1b1ecef8395e1be146022eddb137024b05cacbec1c0b33b7b89761565bcfbc5b31edf346e203bf59cbe572880bd6ad0f6e74e1b97d059b07435
SSDEEP

3072:e0XgglDdw7QCc5luhAsSpjRzzPgGqhTot9u1AGnhI5h9TGJfnlfVKKm1S:e0XgSj5wKFJPmh8TPGnho0Jflt

Score

9^/10

discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Renames multiple (335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 9 IoCs

pid	Process
2264	LOVE4u.exe
2920	LoveVirus.exe
2928	fff.exe
3004	WormVirus.exe
1156	vip.exe
2708	1.exe
2736	2.exe
2552	b2e.exe
2536	b2e.exe

Loads dropped DLL 19 IoCs

pid	Process
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
1156	vip.exe
1156	vip.exe
1156	vip.exe
2708	1.exe
2708	1.exe
2736	2.exe
2736	2.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1820-54-0x00000000003E0000-0x00000000003EA000-memory.dmp	upx
behavioral1/files/0x00060000000186cc-76.dat	upx
behavioral1/memory/2708-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00060000000186ca-60.dat	upx
behavioral1/memory/2736-79-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinUpdate = "wscript.exe C:\\Windows\\Vbswg_Worm.jpg.vbs %"	fff.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MSKernel32 = "C:\\Windows\\System32\\MSKernel32.vbs"	LOVE4u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL = "C:\\Windows\\Win32DLL.vbs"	LOVE4u.exe

Drops file in System32 directory 54 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prncnfg.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prncnfg.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\vip.exe	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prncnfg.vbs	LOVE4u.exe
File opened for modification	C:\Windows\SysWOW64\LOVE-LETTER-FOR-YOU.HTM	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prncnfg.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\LoveVirus.exe	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\slmgr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\WormVirus.exe	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\LOVE-LETTER-FOR-YOU.HTM	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\fff.exe	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnmngr.vbs	LOVE4u.exe
File opened for modification	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\reportapi.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\reportapi.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnqctl.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnqctl.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnqctl.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\LOVE4u.exe	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnqctl.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prncnfg.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\migwiz\PostMigRes\Web\reportapi.js	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnport.vbs	LOVE4u.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnqctl.vbs	LOVE4u.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.vbs	LOVE4u.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	LOVE4u.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageScript.js	LOVE4u.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME30.CSS	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01239K.JPG	LOVE4u.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Response.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME25.vbs	LOVE4u.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\PublicFunctions.js	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME09.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME50.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime.css	LOVE4u.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME41.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Discussion.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg	LOVE4u.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME08.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME54.vbs	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME17.vbs	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js	LOVE4u.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.vbs	LOVE4u.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Casual.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GreenTea.css	LOVE4u.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg	LOVE4u.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.vbs	LOVE4u.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\SoftBlue.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6a40964d5ae60541\calendar.js	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c48c8af135e074d7\slideShow.css	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_b60543bd2d988807\settings.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_it-it_68a732179d3e6395\settings.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\highDpiImageSwap.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\reportapi.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\darkBlue_GRAD.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\settings.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_48ab2da59753f08b\picturePuzzle.js	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\localizedStrings.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d6aa30008b38d10\cpu.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_de44258d81747ce2\RSSFeeds.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.css	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ef1bf7026e3473f\picturePuzzle.css	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\img28.jpg	LOVE4u.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp3.jpg	LOVE4u.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6884b0de065e8852\calendar.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_6.1.7600.16385_none_370717dbca22c586\img0.jpg.vbs	LOVE4u.exe
File created	C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\AU-wp1.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a5f3b7a6a481da29\picturePuzzle.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\WelcomeScan.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5c4791cafd126e03\library.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0212532a5cdf4b5f\picturePuzzle.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_aeae15a0d7fc043a\settings.js	LOVE4u.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg	LOVE4u.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\img10.jpg	LOVE4u.exe
File created	C:\Windows\Web\Wallpaper\Nature\img5.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_20ab2674ee3de60d\slideShow.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3687be952df5b9b1\weather.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_6c1ecf50d014f9d9\slideShow.css	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6a40964d5ae60541\calendar.css	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c48c8af135e074d7\slideShow.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_100033cd17b788a3\slideShow.css	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b7c1292c822004f6\settings.css	LOVE4u.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg	LOVE4u.exe
File created	C:\Windows\Web\Wallpaper\Characters\img21.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6aa2519d66015923\prnjobs.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnss_bw120.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.js	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_59e6a839753b16d1\settings.css	LOVE4u.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8486739b50ee62de\service.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e9ea273bf74e2d7d\settings.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_92a65a18e6532ae7\settings.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c1b17ba477234d5e\prnmngr.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img3.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5c4791cafd126e03\localizedStrings.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c1ab456ba37238a2\settings.css	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4c0c1166b40a064d\cpu.js	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\CA-wp2.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c3aeb36c5f98c70\cpu.vbs	LOVE4u.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\img11.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_de-de_330b92f4e4356a4b\clock.css	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8ef1bf7026e3473f\settings.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-gb-component_31bf3856ad364e35_6.1.7601.17514_none_92d51a492ae12096\GB-wp6.jpg.vbs	LOVE4u.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg	LOVE4u.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\img11.jpg	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_73db80f37a680574\currency.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-landscapes_31bf3856ad364e35_6.1.7600.16385_none_e57abb2f66db71a9\img12.jpg.vbs	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0028f64744b4fccd\currency.js	LOVE4u.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3687be952df5b9b1\weather.vbs	LOVE4u.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2568	2552	WerFault.exe	35

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LOVE4u.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LoveVirus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b2e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b2e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WormVirus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vip.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	LOVE4u.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"	LOVE4u.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1156	vip.exe
Token: SeBackupPrivilege	1156	vip.exe

Suspicious use of WriteProcessMemory 55 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2264	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	28
PID 1820 wrote to memory of 2264	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	28
PID 1820 wrote to memory of 2264	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	28
PID 1820 wrote to memory of 2264	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	28
PID 1820 wrote to memory of 2920	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	29
PID 1820 wrote to memory of 2920	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	29
PID 1820 wrote to memory of 2920	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	29
PID 1820 wrote to memory of 2920	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	29
PID 1820 wrote to memory of 2928	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	30
PID 1820 wrote to memory of 2928	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	30
PID 1820 wrote to memory of 2928	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	30
PID 1820 wrote to memory of 2928	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	30
PID 1820 wrote to memory of 3004	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	31
PID 1820 wrote to memory of 3004	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	31
PID 1820 wrote to memory of 3004	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	31
PID 1820 wrote to memory of 3004	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	31
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 1156	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	32
PID 1820 wrote to memory of 2708	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	33
PID 1820 wrote to memory of 2708	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	33
PID 1820 wrote to memory of 2708	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	33
PID 1820 wrote to memory of 2708	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	33
PID 1820 wrote to memory of 2736	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	34
PID 1820 wrote to memory of 2736	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	34
PID 1820 wrote to memory of 2736	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	34
PID 1820 wrote to memory of 2736	1820	af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe	34
PID 2708 wrote to memory of 2552	2708	1.exe	35
PID 2708 wrote to memory of 2552	2708	1.exe	35
PID 2708 wrote to memory of 2552	2708	1.exe	35
PID 2708 wrote to memory of 2552	2708	1.exe	35
PID 2736 wrote to memory of 2536	2736	2.exe	36
PID 2736 wrote to memory of 2536	2736	2.exe	36
PID 2736 wrote to memory of 2536	2736	2.exe	36
PID 2736 wrote to memory of 2536	2736	2.exe	36
PID 2552 wrote to memory of 2568	2552	b2e.exe	37
PID 2552 wrote to memory of 2568	2552	b2e.exe	37
PID 2552 wrote to memory of 2568	2552	b2e.exe	37
PID 2552 wrote to memory of 2568	2552	b2e.exe	37
PID 2536 wrote to memory of 1532	2536	b2e.exe	38
PID 2536 wrote to memory of 1532	2536	b2e.exe	38
PID 2536 wrote to memory of 1532	2536	b2e.exe	38
PID 2536 wrote to memory of 1532	2536	b2e.exe	38
PID 1532 wrote to memory of 468	1532	cmd.exe	40
PID 1532 wrote to memory of 468	1532	cmd.exe	40
PID 1532 wrote to memory of 468	1532	cmd.exe	40
PID 1532 wrote to memory of 468	1532	cmd.exe	40
PID 2536 wrote to memory of 1768	2536	b2e.exe	41
PID 2536 wrote to memory of 1768	2536	b2e.exe	41
PID 2536 wrote to memory of 1768	2536	b2e.exe	41
PID 2536 wrote to memory of 1768	2536	b2e.exe	41

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
468	attrib.exe

C:\Users\Admin\AppData\Local\Temp\af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af224d0e8636feb5e8f624df182f80eb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\LOVE4u.exe
  "C:\Windows\system32\LOVE4u.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies Internet Explorer start page
  PID:2264
- C:\Windows\SysWOW64\LoveVirus.exe
  "C:\Windows\system32\LoveVirus.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Windows\SysWOW64\fff.exe
  "C:\Windows\system32\fff.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2928
- C:\Windows\SysWOW64\WormVirus.exe
  "C:\Windows\system32\WormVirus.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3004
- C:\Windows\SysWOW64\vip.exe
  "C:\Windows\system32\vip.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1156
- C:\Windows\1.exe
  "C:\Windows\1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\E4C4.tmp\b2e.exe
    "C:\Users\Admin\AppData\Local\Temp\E4C4.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\E4C4.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Windows\1.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 124
      4⤵
      Loads dropped DLL
      Program crash
      PID:2568
- C:\Windows\2.exe
  "C:\Windows\2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\E4D3.tmp\b2e.exe
    "C:\Users\Admin\AppData\Local\Temp\E4D3.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\E4D3.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Windows\2.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\E550.tmp\batchfile.bat" "
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1532
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib -h -r c:\autoexec.bat
        5⤵
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:468
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\selfdel0.bat" "
      4⤵
      System Location Discovery: System Language Discovery
      PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.vbs

Filesize
19KB

MD5
74c6098c1ed97d023f2a5aa4d2258f16

SHA1
8b48301e20467aaf8c7655c397b5056247d2aa73

SHA256
78d729f5e9a3710e6ca3300589102d69e7b061bb744202db124fa3c05221840f

SHA512
6c7f6dd115ec15f119db233bbe2e133589a4d60643bc330fdba7c7c3722e8cc2fe99a6584f23935b60e093ef44e5ed5ba128f29ec87b7255b377002b9da5c7fe

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.vbs

Filesize
1KB

MD5
803a207b47faf90c505ae1652a581ffd

SHA1
bd5de7b5c8e9049c9250cb8859b39ab9cd25637f

SHA256
2efa8dfa785170498f0bd14dcc7415d31dc500086eca5393f69675149446039a

SHA512
6d12ed6eefae4802f5800def9321a6e85ef0d0bddbc4a1381b30ecb6089a5f6aaa6c9eea692d76656b087e09efcc032f35261dece316e4a16b1a6bb3f8da5807

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.vbs

Filesize
4KB

MD5
be7753ea9c0f2036f8d9cb803a0b6120

SHA1
f3c79f2e9136e24f3a86bb226298092e28cfdcc7

SHA256
e518d99125ee2af3f0528e8c8aa97de0e57e0f8aa9c725db19a85cbbecfd8b34

SHA512
bd44325c74aa23939f93049c6b20d7dd0214407be84ca08de2900a5cf80325c5a34f2c5d0573671c382a2a86023c8da6e2b836c3e826183179dddc3aef41620c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.vbs

Filesize
674B

MD5
c3adf6a62f420d0926b817bc570bcac7

SHA1
5f2fdbe6e421079dadc1f3f15f61af894875fea9

SHA256
dca69ac4afb6fe543b7adbb2645bf3df57464383236fde6d82703106869a03f9

SHA512
f34ed769bfd01eb2fbfc05386f7ef587b3d208b68943f5c2fc10ef4a705e64aff99954450013b3e2e05699f51f8335749b820742f43d5153aa586817be51317f

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.vbs

Filesize
1KB

MD5
268edb3270b37d34dd8c51a14ef2d665

SHA1
886fc50e8f6fbbaa4fa00b39eeab79f99a9d4bbb

SHA256
369d24f49576471ead617d5a8f35c5ea5d059e0da840a28100a1a3fbc026af01

SHA512
e704d38d528b71f57d9c8f782f9fee0ac927c32e935d4d1ec4a821aaee7161c23db3ee7a858831d328acd4846cfaac6f3ef945c68721f595c12226180c29ab17

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.vbs

Filesize
17KB

MD5
c678c8640b7ebe2250d1590b6aa49ed3

SHA1
b72c9e3a34baf274af26a00f8ea33497475da334

SHA256
85959807a632f0791dc6074be606a46c17a13e95324a2e2e3aeec71336cbfc8b

SHA512
cfc4433f72f10c6424cbe6598d995f7c352f1994f1484b09a3105a167d8b2b802f47ba178ed3b071a930ba06e6e4e8d2cf401c1e276d4af33be3b0390d0709f7

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.vbs

Filesize
9KB

MD5
559ecfb98fc63d046fd6240d2b09df90

SHA1
1b36d4676afd5796aa37ed7750dd937e775e7108

SHA256
cc1b9a765f597e30df92e8958428dbd39694c52c70627b777008b70b00b37b86

SHA512
643fc3c22382931583ab5df72d95f5a40f54c08a61049583be009db32d0499bd6fe8e71772453e27911682539454598c0837aa284a02c4c8d6f2b7b7652d2c60

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.vbs

Filesize
65KB

MD5
39053b6853da8972a05020728ec0df10

SHA1
7369fa28da358f3843d3ebcd7d2a39ded05574c7

SHA256
66cc94d33f120a2ca1ab63708d767b471b7dfa1c4c483d795f191fc5d7a52fc2

SHA512
59a7bc1a71ee1ba444110cc16aa9de98f01dffbee014842e5bca1126a63c56d1cb80e57f91cb304eb53bfdbb531e2217a365d01f04a6310b786ac53fac7849dd

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.vbs

Filesize
724B

MD5
9a9229799041e3654635f805aacc31ff

SHA1
99decfd163cb4f113b65e0f2729442297bdbe48e

SHA256
f95ddb7fd27e5d834242cbdb1de8ed6c0005311c585d1988c3e48750b392b2a3

SHA512
12a850170ced59d991c2756b3fc0bee5ddc16366d46eef11f9a522de08bb0017ea2354e4d6c747208ce65cf12e69bc1ba685609472e7516657aa978faa567ab0

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.vbs

Filesize
5KB

MD5
82e7206c004e0d793f27ca6fe1b68eb7

SHA1
e201cdac02106be9b1330d8f9b6d8ff01a42e0b2

SHA256
03f503f7abc328db6ea8254291c92575e6557d9496d33e20b08b8a4190080e6b

SHA512
4aa219a31e824c0fc41f01efeb3dd94486c2f0008bbd0a6495e66beb45cfccd0f1bf04d71bbf3d85397ad097a1a9d6a0e49df1f493ee777ec1961bfbe82b32ee

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.vbs

Filesize
7KB

MD5
32830f3441431dfe48864af66de41c15

SHA1
23338b2bbcb6ca77ff0515869722080e07f42150

SHA256
726b42ee090b8f9ac70cc5408d27d2547065c7a47f120da9a9a83128011c1c06

SHA512
755abec7e7159e0d73131193b485c84325bb0bfedf8341cb54aeaad720b2631e069699d31b0adb8a5075c938715d9ec7a54f8afe3f4ab06106dd75cf3f8280c0

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.vbs

Filesize
4KB

MD5
3685e6048c0c3e291328a942f63b471c

SHA1
960932c8479f7c460c728bfa64a1525c703754f4

SHA256
1b6bc2a2b8c2d4a41df28ff65d34d80542c5d531cb6f9933f5f833f0eba43a27

SHA512
c5e1b181c9de1437a1c7678cb8effce6a8d4e3372d438cc312ef4f2efbc7864499d513def72f1e7711a2e5ca70f0a58d7d5a09f7aee5012b6d4aa20abe209f94

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.vbs

Filesize
5KB

MD5
951cf41e8d54d9346e0a03a723e549c1

SHA1
0f368f110bc160ae85a77ac687454b951d6d7090

SHA256
6c722a469a4afa79506b654f37cb7bf392290868b3f8a1e9b0afda003ec1ea64

SHA512
f890322609ab186086d4f433a808c77a9a46313fef28dcd77a9189039e12d0de41fcc2315a65cf00f2e8a437a0a63a038fbb53f04f5ca9b922832f23c48e5eb6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.vbs

Filesize
2KB

MD5
fa877766d79d2feaae9c46f1cd6505b2

SHA1
25fc2079abe4a05666398092e7bdbd642428c44c

SHA256
35c48772d44ee208b4ab05d90465f58c4d5f8a9c0fc88a62ff69f07b2d0dee06

SHA512
4421309df73c12898488c0ffdf0c2548c11868901afd61ca95e55c0bb4c2b35d72093850a04183d5644cfc6bfafa2227fbcf83235290da6b5128e44a85aaf99c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.vbs

Filesize
2KB

MD5
608c9d26a0d386740680c2c528e4502d

SHA1
26dc38aa68ffaac44c4c857fe4945711586a413e

SHA256
1b56a2be7fe8ab87c1b3afbd25004f2d2c78dda085e139eb9569f5c69caf3e3b

SHA512
6d44d09ea92de4e3fff9a013d8108a6d8c8022671f6f46614e70dccce6fc60a505a769e0c53a7389409c31e4809fa3a024f1c59029049e08234e6f743cb5a669

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.vbs

Filesize
1KB

MD5
ad04cf0eae2cec98e3ed5ac72661b6ca

SHA1
0e5592d01682c718fd8d7ce8015655173d3c68b1

SHA256
6024c313590c3b875226a4dffc5f25864b5653d73feb274f24448fa6a04eaf20

SHA512
63cb5a8663f750ce185445d2e5dc8307589a256f186b02a61342098a4c27e1d3f703cb2f02d612d29f368da31415892859d2bcc276b5d9e79ad13a1bb7602581

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.vbs

Filesize
5KB

MD5
76c21b1cafda64f4e330b536ca45adb3

SHA1
f28e6dc46f91f2bd50945ca6529402bbdd65b3c4

SHA256
9d5057a6f8e28d3beb006980e365322ce5a06da71c9b765d0deb51343ef02610

SHA512
3f84e2116e7ead66f2eaca9d3669c8f20f293f064b1a4208e4c5b1b292d3282212813e4dde12a75c56e66d1e75d319e589dd30c005b410c073f4499fdc5f3850

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.vbs

Filesize
1KB

MD5
fa8af3188c7c890d86fdcb10d4fbf62c

SHA1
0ba8343b35f0896040db086f04bc07cf408c1e28

SHA256
f14a541a9130f3bd0d6d4c4d351a87ed5298596afece3e3ec2390bbae063e65f

SHA512
3a933eb3ad69e3a18bb0b04bc1759067318cd8f8d09b4ad765e65a3d72eb03ed9069483279380f73b105cf4181f87a2b0eace70b1519ddea21954f69f6c98f64

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.vbs

Filesize
4KB

MD5
f4ab06a44f9c0767574204ddd6cd54bf

SHA1
727d94b66abc9e7d5f2d5605b398f9d04bd6bc57

SHA256
0af3484552719a12be64d09519d7758b76402769a7bffe2c1b6b22b9ff733139

SHA512
7f80cf7b95d23e1267d198854896e0f3ebe88c1eddd62db0c90baf98f6ee3b7c8723172ffd3f0a6a6612c27108ae00862b1c480734d89dac7d0dc3dc44e227e8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.vbs

Filesize
974B

MD5
455e12b1a2bbfa973487f35e2c4d476f

SHA1
717c46c371efc1e70f19d32fce4347ff463a4242

SHA256
d3d9bb5c378d5a522afa38f53f8f2989b3eff089d68e14e2a70049a1af4ad29f

SHA512
15b27dea0aac91e7a1af7f836b0f7d1543519a241c4b99e90adf3d594a8ba5eb3118cf4b47c11c64f919f4b59925a77079f2251252f3a34cbe4a97eeed80a5f9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.vbs

Filesize
9KB

MD5
5008235df64e2f496caced691259c065

SHA1
af5ef7c4420e1d3e3a1a022a93f4dd7641caf705

SHA256
9263644146ea6f60654204d06d179a428c6023e4af8a3cf1794034b2819df9ae

SHA512
cdac548d0f4acbdc04ac5d5a0071c1d4791616a513dca3f4131257de1e1e82a872c1487454613dd04103a50a1458944dbb06d6f82a150b723722630eb0eeb2c3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.vbs

Filesize
24KB

MD5
feb1c5d1501cce2cd5dc52cfb10f0e9a

SHA1
b9038ceea201231e82d6c645f17f44089c21f161

SHA256
cb9a61101d99305ab26956610385093d790bd0c2145ead3a51212fa72a214a7c

SHA512
ec6b29fdd28b2691adf905a682834bb3ffa82d2da4ce2557d61b593145a9aeeb94799528b907c1942932b06a002a20eb1fe578659db1e4f2123bcc19cc4c34a9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.vbs

Filesize
1KB

MD5
ef9d56e80f446dc32e5838cfbc181dd6

SHA1
84162ef02f261fd3d5c32e6f8ba75d0d6e1b6ef1

SHA256
881d05322d7d06a5c2042256e2bc44cdc1dba02c984b839d55122e10cb26e147

SHA512
0a40aebf8cd4ad1d26ebc1b6bc70057cf4db538b302d58f49c19a597f013c91640697224196aea21ee7b673300720b90ec1788d8b65bb352d62b07d4a5aceeb6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.vbs

Filesize
42KB

MD5
fdb05ac511bb912ac9d92b046d8b36d0

SHA1
9826dd418a39f46d2b42752ea9757da2d6378dea

SHA256
d13efba10d58e54ce40add2c891cc083f018ccf5dc0531ddbdaeb9a607e8a20d

SHA512
b476f807e07d6d103bd0ff0218a49e8e5286fdc86436b6338b52a583dd1910ec21d96ce3e579fcfe035484bf3adedb26059c861d4567ad1e8a1dbdbc114b4d67

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.vbs

Filesize
14KB

MD5
3d03fea624afad52cca52905dabccb10

SHA1
f5f5e17df6b24032509c74ed1fe932e93b9412d9

SHA256
135098ee180cd12c8d7127ec361ff980b354aa02d7f8a6c3e184543a8a54907a

SHA512
a7e14d73ed52d53d34ceecb18d9b0f9ef8f80bd3d48e2f0cee3d130e771909ececd96d2afaf2ebf4d656805e8acfb2954b99bd3e03c9eeeb101a983d8de946ec

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.vbs

Filesize
56KB

MD5
023b5c1b5b1f0af894b829a5466f9748

SHA1
24fbd393795fda1499f891713f1b7153f560e37b

SHA256
4d005737e6e9df58bf2124f30c4dbdce0ae557ff7333bfd5d70002ade7a6c328

SHA512
473a405ba5bb0cfb0a16d766d0ce76b7e4787901f79efb74cb44fcc203b5b04245d38e3aa5f3a400fee41609bbea2a48056e60363fad7a5ea00aa761eca0ebf9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.vbs

Filesize
132KB

MD5
a805ed462ad9a81a3e8b8e0422f781cc

SHA1
025635fe06812ba52ba417e6e1dd880500aba193

SHA256
bdb4f2a048cad27aa3aa4d53741626eeff3919b0d80bd5ab90c3ec638b78e87c

SHA512
980753cced19520c04a0a2afe1278d92bfad6460274e91c24dad214df39ff8d45a5cf2953765ebd8a86188de7a6961acd767360aeee022987baa224aa068525a

Download Submit
C:\Users\Admin\AppData\Local\Temp\E550.tmp\batchfile.bat

Filesize
345B

MD5
517a286127745a46819221cb74d36168

SHA1
1525e612e1abc3e07897fb6573d9ba8281a96c52

SHA256
a755b57f7a1265441f3325a5ecc7a9dc49695a8fffc43fa0632c570638234287

SHA512
4dd8327f95895753dc06b01b7fe943b97573ef9400aadd0dfa89c1f76f0f20555962aacaa9730fa8bdab02a59b7f8cf41054eec576120cae6e882c287d77b17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\selfdel0.bat

Filesize
158B

MD5
ce75d11a0a81e364187f7fe829a75973

SHA1
59f495c529b73a43388719340804ea243af5fa3c

SHA256
fd2da3a7f4799466d9f566bc9c5d3ecb56281369401cef44dd0afcfe84697290

SHA512
b918d3246b4c568d1fc20f56d30004ff6f850faf97da0b6c66b29733c37c1e9d40592b193db79f0852583bc725ec64ed96398f7161ff26535cb69161dbbe567b

Download Submit
C:\Windows\1.exe

Filesize
8KB

MD5
2499703fb73e7ee1d5013941aec2464b

SHA1
b4925297fbe87d41f3bd13657ac61bcfe4601272

SHA256
3ebeeb07bc6b1aeccbea1d5b6e3c9f5a6836c61bd0879e9d30d459c5405a74a0

SHA512
b5089e816545972792d45c71d51d9d0b9467b804ed11dd17f62c3911dafef9618960f889f2f6e1673c1a8122bd826b9d88d264ef52569c1b8ebb57d4ed8b6e72

Download Submit
C:\Windows\2.exe

Filesize
8KB

MD5
c394a9601ca67310284e5caf8639aa7a

SHA1
c8a31cda953c2186a5cca406c3c81f8ca496a76a

SHA256
fd88329cb6e6c835680cd3f508baf4f89307a2a9d64f9fb64d0febd6abaa8b8e

SHA512
61f53c7005ea40be5d1792878978d9e335826a35da6dd8b9525b42982eaeaaa0a482a39536241b3877db626fd6780a5976a69b9b965a131c3bd36727e6494fb6

Download Submit
C:\Windows\SysWOW64\LOVE4u.exe

Filesize
16KB

MD5
bf592ac520bf07c387ed71dfa820bfe3

SHA1
eab23e86917365c712906956cf86718297301d97

SHA256
208a82dde65d049def5641cf63c9c2dc62f6a712a7ebbb91d99c5ad5969b3c2d

SHA512
7d38841ddd2eaf8b1711039eeb0e575aaf583859c88a329a4718dfaa9748084666b167d3da78893b612b145d125c50797cc7fee267d140509374a5a5b46a0fde

Download Submit
C:\Windows\SysWOW64\LoveVirus.exe

Filesize
16KB

MD5
d74139fbbb57f71d3af521d420ca122d

SHA1
aa894259c55b68cd313af5a7c2aaf683fc69a636

SHA256
1f0961dcd3aec70f02567333a8f4b9ab99d2f4664b8635656578e070b97870b0

SHA512
e96e3bb5fc2435cb6bfd5e934b726e0978ded6e71ffb193b686dcc07f472dd8012a713adc4f4c111ecbf49df7a4d42025d8b97ba22768fc37531d40dd3f6afc8

Download Submit
C:\Windows\SysWOW64\WormVirus.exe

Filesize
14KB

MD5
ffee76301972cacb63253b98a7917fc4

SHA1
6307082d2c89abbb73f935accb6afe48d8f1bfe2

SHA256
09f28cd2ebc898b5e3285f412e103a5c021825a3a6f142ed7c833e63b8890025

SHA512
d152944254702c0604c0216548301b9f25c1de586eed2d0e1ac59ee132fa2345ec2c4be2b5c912ebb9492b87c18b0f8ddabf0154efb4586d53973b99e6b63d77

Download Submit
C:\Windows\SysWOW64\fff.exe

Filesize
14KB

MD5
f6cb0534cc7d7bd87ab26d6e1d18198c

SHA1
5bba8eb54efc812b16cc3825e5230734a25cd1a0

SHA256
4429aab69e3dbc2d5a1d331868593e33d6696102d62eae3fa2372392aa7656ec

SHA512
e2642ac08ed65c8b801950a18d3e4e76089c3c68381d10786eb9092f4468ccb57712266fea58378f58b2872bc9345d02d4f465d723c5babe65ddff2ce8d778f7

Download Submit
\Users\Admin\AppData\Local\Temp\E4C4.tmp\b2e.exe

Filesize
8KB

MD5
db2878396d4c9d168c3657f523ce07e8

SHA1
174d115dae21a706673483a73ecca947a2c61cd2

SHA256
14b18fc014c49b97b631eb43d6063f7859c4bf7bbc5553b038a2a7a7b2281a82

SHA512
c3c3a54261e5b1d244bd46d72173e538561958caf44cfdeee3de5338e34761279b94e4a1fd5dd459079aa8ee4e335eff7b247fdfbf05f4d4fbf3dd88c4e44d3c

Download Submit
\Users\Admin\AppData\Local\Temp\E4D3.tmp\b2e.exe

Filesize
8KB

MD5
8081fcfccf21cf64bf9a190cd4de44cc

SHA1
3da77d50d6435b02660a70504eaede19fe26c633

SHA256
2a0d826b9eb367b2a338312fe05959fa11e2df5d2067334f6cc068575b94fa2a

SHA512
23a4d311851306a5e5a1427e793ecbce2d28be1d17f5ea200270f543122c497565558c9378460b333e7de165b77e1efecba887b2291f2bbf2b6ce1d5cffbf15e

Download Submit
\Windows\SysWOW64\vip.exe

Filesize
110KB

MD5
5d8118807ceccd3652d908544fd2fbe5

SHA1
c68962530ae603a4e6d188a581f7ebb1f69b71c2

SHA256
9ba3c158cfebcb80c8b1708d316842eeb3ae9fe0a1487da2d38aa8010d8e870e

SHA512
94bb2fd96f84f5065c2cdddbed696f6b8878a8d8930448bc490d25b2ad4e91ad4397e755d2e350441efbb0e6f9f7401e1516c45e37b07d7c1430809bb1cd7c05

Download Submit
memory/1156-114-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1820-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1820-44-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/1820-23-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/1820-22-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/1820-20-0x0000000000380000-0x0000000000387000-memory.dmp

Filesize
28KB

Download
memory/1820-19-0x0000000000380000-0x0000000000387000-memory.dmp

Filesize
28KB

Download
memory/1820-54-0x00000000003E0000-0x00000000003EA000-memory.dmp

Filesize
40KB

Download
memory/1820-43-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/2264-681-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2264-21-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2264-102-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2536-103-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2536-163-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2552-92-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2708-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2736-79-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2920-24-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2920-65-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2928-73-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2928-45-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3004-66-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads