54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
Size

118KB
MD5

c1a9a9bfab40e1c6929aaa5d48cad68c
SHA1

41772b810e3d27f0ed6d18e1de0c70939a95e04e
SHA256

54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96
SHA512

f88493ceea94c18906f6c9007b72b96866f1166ab548336aa5157e0c832d0a49b47c3cbcae5dc45cb1c6f5bb6e8b439787509e6223c6f270115381c5a8ccf2e0
SSDEEP

3072:UPfJ/VZWdAUjdxjZrVyu8YT+5KPn6l3FVDE6WVvS:UPfJ/+AUhxlr0+ScSl1W6MvS

Score

8^/10

discovery persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	sgcxcxxaspf080821.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\minitnyus = "C:\\Windows\\system32\\inf\\svchosd.exe C:\\Windows\\wftadfi16_080821a.dll tanlt88"	sgcxcxxaspf080821.exe

Deletes itself 1 IoCs

pid	Process
2800	svchosd.exe

Executes dropped EXE 2 IoCs

pid	Process
2800	svchosd.exe
2160	sgcxcxxaspf080821.exe

Loads dropped DLL 3 IoCs

pid	Process
1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
1692	cmd.exe
1692	cmd.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\inf\sppdcrs080821.scr	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\inf\scsys16_080821.dll	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\inf\svchosd.exe	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\inf\svchosd.exe	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\tawisys.ini	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File created	C:\Windows\system\sgcxcxxaspf080821.exe	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File created	C:\Windows\dcbdcatys32_080821a.dll	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File created	C:\Windows\wftadfi16_080821a.dll	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
File opened for modification	C:\Windows\tawisys.ini	svchosd.exe
File opened for modification	C:\Windows\tawisys.ini	sgcxcxxaspf080821.exe
File created	C:\Windows\dcbdcatys32_080821a.dll	sgcxcxxaspf080821.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sgcxcxxaspf080821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchosd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25E87971-632C-11EF-9E0F-4E18907FF899} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Check_Associations = "no"	sgcxcxxaspf080821.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430784543"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe
2160	sgcxcxxaspf080821.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
Token: SeDebugPrivilege	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe
Token: SeDebugPrivilege	2160	sgcxcxxaspf080821.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
3008	IEXPLORE.EXE
3008	IEXPLORE.EXE
3008	IEXPLORE.EXE
3008	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2800	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe	31
PID 1864 wrote to memory of 2800	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe	31
PID 1864 wrote to memory of 2800	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe	31
PID 1864 wrote to memory of 2800	1864	c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe	31
PID 2800 wrote to memory of 1692	2800	svchosd.exe	32
PID 2800 wrote to memory of 1692	2800	svchosd.exe	32
PID 2800 wrote to memory of 1692	2800	svchosd.exe	32
PID 2800 wrote to memory of 1692	2800	svchosd.exe	32
PID 1692 wrote to memory of 2160	1692	cmd.exe	34
PID 1692 wrote to memory of 2160	1692	cmd.exe	34
PID 1692 wrote to memory of 2160	1692	cmd.exe	34
PID 1692 wrote to memory of 2160	1692	cmd.exe	34
PID 2160 wrote to memory of 2256	2160	sgcxcxxaspf080821.exe	35
PID 2160 wrote to memory of 2256	2160	sgcxcxxaspf080821.exe	35
PID 2160 wrote to memory of 2256	2160	sgcxcxxaspf080821.exe	35
PID 2160 wrote to memory of 2256	2160	sgcxcxxaspf080821.exe	35
PID 2256 wrote to memory of 3008	2256	IEXPLORE.EXE	36
PID 2256 wrote to memory of 3008	2256	IEXPLORE.EXE	36
PID 2256 wrote to memory of 3008	2256	IEXPLORE.EXE	36
PID 2256 wrote to memory of 3008	2256	IEXPLORE.EXE	36
PID 2160 wrote to memory of 2256	2160	sgcxcxxaspf080821.exe	35

C:\Users\Admin\AppData\Local\Temp\c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c1a9a9bfab40e1c6929aaa5d48cad68c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\inf\svchosd.exe
  "C:\Windows\system32\inf\svchosd.exe" C:\Windows\wftadfi16_080821a.dll tanlt88
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c "c:\mylstecj.bat"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1692
  - - C:\Windows\system\sgcxcxxaspf080821.exe
      "C:\Windows\system\sgcxcxxaspf080821.exe" i
      4⤵
      Adds policy Run key to start application
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2160
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2256
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b40ab7175ef45050b9543f3311952e90

SHA1
c6711c2e60d19747d9f0d9a0c44689dcdac3173a

SHA256
7101be668f2e0abde746cdef1f81099fcab87491960ef2db6741ab386f03f59c

SHA512
d91107a39c5a9d418377bc80cc8c8cdaa8a71fbba226223bc2b2015cf234a9e06010f98e4912f689dbc72833406a4f5e002c60ca3b3201bed4397a3081fe3581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3215825ed6821e7216e845dab854b51a

SHA1
3e2ef0c402d1c8cf6e3b57551fc0189506f8f3c1

SHA256
30539f51d999f5129fa99de277c80454031e8c96565ac317c0ff4294bf3c47d5

SHA512
b1c7395672c990ffa89e3dfe690d01048dd31c7b564b2ce46e64e28cc493e9aa06c0d584fa8fe78d661daac47500336de7199bb3b933ea21b593cf7019b54fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d76e415824cb779d272609d32e7c04c1

SHA1
a0a7a51d892c519a488f09a2532305fbd68d28ab

SHA256
221a7f72c7b39e7f3d8835c8b160bdcbcd24ff27c2fda916fd9394040afa9785

SHA512
a5716e25d60cc072f21e9c6a3c36d608d5afe27a61f407ab4f36bb0cff641cb4279e271e9284aa73e1d9f2c9dc7d815da0983b54b23df91b6f0631115c609428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebc0decfc4cdc9bdad642ae5b8488022

SHA1
f54f00f19a66243c2ec2f3236cec6d0666632cae

SHA256
3a03e63db89641d6cf7f5648ecfbd278fd780a43bd289a1ee4c0085e487fe05d

SHA512
71a5244a7501eee02ad0f7e3a35095df0cb38014bc91ec71f97a6f75014d50320980ff14d55298bf1cc67c8a4349d5b311f4f69852bd6a91d33e54e638dcb272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2bbd239acbb5c1759392715eb077ec2

SHA1
2b8787c43e30bbc908eb7007a178c45a05bbe4ca

SHA256
65ae19b508b1966a91fdebe9419599d57a617cefc648728d445c7ae42f04d04d

SHA512
5f7604c3679ba2f4291d54bde2acbc011fe36868ce422b183028dc364f1e3de90cccf08ceca99e41b33d93442ecd5a4449d3e3f1fdd945c179f284ebf7e723b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ade2646a69bf501be57999cdec8c53f3

SHA1
5bbe683e2b0ae9106b1e2fed9eb26ed344ad762c

SHA256
006bbdd4af0ba60c5899d7fcc6b90e25981b84d077e7f51e9e56d92292d1d889

SHA512
23ac500cf8ef1ef1109c8d168ec3ab3d7c18b06b7da62658aa79b73028bc2cfc62c0a54877a94214dc12f6fd999664724aeeff4aa21bb2e6256a06dbd0671aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eecc70de2e854379bf2be2741cc307a0

SHA1
b227ed3c1c84e6b78e3e7d8443d58e2745ffd312

SHA256
c0cb92c09fe342a784d9f9366828060248c784cb10d7f02fd0ecda3403e4f563

SHA512
9d493abe16a4601a21c39d5b0a337efe94a700ad94949c2232e9885949ca36ba776b1da2d4f7a535f104280e67374d536f7a1ef29f1bcdf2af90843b81163e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e75ad1fdc8bde305a12db803de1aed9

SHA1
df11109e6fea01e2ff47d9b5e78f5b13f21ffb61

SHA256
8d441b2e11ad79683668468eee16b7e185cf0b57afe140ce89a7248a6c87a0d1

SHA512
2209efde1f80a0018933781dda34cad5b4a2a1a8d7196d8a120d9784b29402858db7560249944bccd483902499faab3bd2e9750bd124019b38b70adfebf3d01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5979.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5A56.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\dcbdcatys32_080821a.dll

Filesize
235KB

MD5
33cfbf6dff6d1774fe2efae2bd88110b

SHA1
c167cd0bc0d76118d6618216c52b13655fb79909

SHA256
8a67c63bc21f15a27adb29e302cba845370d40a6fd2e0bb99947fec73b5f8263

SHA512
8cd1eb29c5fefeb6706e09333af5619de208916aab78a3f61e8fed5d0c0bb7ec1ab06c1156a5dd6f950ff83bf6e436ea41de1c5e1bfb0983f5d48be72664d3fd

Download Submit
C:\Windows\tawisys.ini

Filesize
112B

MD5
01d96dee2898aa88bedf3b8de3f0d52f

SHA1
9d9c8429b81373c6979312cf84e82e15811df80c

SHA256
913250a74a35389b011dad4e8fdb6ecf6532db6f10c7c07e7b6558e5684145fc

SHA512
a721020158642643fcd91af41dc889cbaef1a87f4002aed3f74b248f64a322a404f7a98e2b60716deac8fa4072db143bb7da3ef709371c6e3ee544fb088f7551

Download Submit
C:\Windows\tawisys.ini

Filesize
462B

MD5
3b48b67396db9a92a77ec0c989c78b09

SHA1
a75d3f87318d9eba74d91c794e84589e27b45028

SHA256
53cbdbde268b655bb382e2170fa5f30953121b7edae43ec0f65eee4809fe72fd

SHA512
03408da54390d1c668593a96f8b6f7d80f13b341843d35c82bc8356e477c9ad3a76f9b8cd55ed2711b40f2b407a64ab4a55cd904cc545f7d0598932ba96361b8

Download Submit
C:\Windows\tawisys.ini

Filesize
378B

MD5
8d6bedb26378029d14353b38c4ca0b8f

SHA1
235cc3cedab802e418d91a1ab2717183454ed140

SHA256
79ae568fcc73e11fbb5348bb259f507ffc1d451b927e7115aa48fdaea7beede3

SHA512
a8425a9f20765b7aa8ebf49e4d57534796ecd60d6dfe272d379b8f4085adfc0098f99b32878ffa024e9bae1346520f4d85c32ac3a199465ca57dd1778401e5b5

Download Submit
C:\Windows\tawisys.ini

Filesize
428B

MD5
74d9ded31d7eb185586ab3951e10a44a

SHA1
9706c840b31779f19176733daa059a93181943b1

SHA256
e92858cb319cd0f7cabf71c9c0442c5e4db1dd72187f780bcda2bbc2e08da567

SHA512
d5f5e5532588ee5e971b337c56183a1ac4e38895f4d5f3b00d739255d56681140f046f7ac1fa1f0555ba3dbd06161c9c1212ad01900dddc25bb1770d91474846

Download Submit
C:\Windows\tawisys.ini

Filesize
49B

MD5
29ba9f9d07429e35ce77edb971a5f349

SHA1
5e76645272cc2fddcdfe3abae2fdd0809dc0f526

SHA256
716a3bb87f7cf28f75ef529ec374882e5af6e485ca7d12447e8780af0cbad3fd

SHA512
1861bcf94e19a1e3d3a98355b67f78ee4d21b6f06f8f5395f49751dde72d0ad22d578ebe545f29b2945d583d214e964e72ecb9e51d90b6cce263d61b9c52ada3

Download Submit
C:\Windows\tawisys.ini

Filesize
461B

MD5
82a8df225c693d6f0de231e4b14d815b

SHA1
e189fe916da656d2f90a7d40284ee70df699b38d

SHA256
60f1023ef00a15591992fe6802a4e31c5139297447849ffb95383e315927554c

SHA512
7af29dac5c64c82167a21d9a199f11000e2fc0e96eff76d7720d8db78a9c0dac536c76dd3de588a416eeb7c6dcb97bf3e466e48926cd77175d7ef8ac49453fa7

Download Submit
C:\Windows\tawisys.ini

Filesize
488B

MD5
e2951ee04c615d3d6af6b69cf4d5c320

SHA1
731c75ea8918635a646e69ef148fde8d3d5325f2

SHA256
c08a174e82b32795ddc8142e0a40f5033c035204e0a34c4c0cc8075452852d87

SHA512
662f4cf34034d64688024ab085f7b36cb8beee662e22eb6535aab88ed7df338eb636a095fc362b119d406002478724756ac2a4a1856f6b5cbb8e10396ca8607b

Download Submit
C:\Windows\wftadfi16_080821a.dll

Filesize
35KB

MD5
00c78fe1bd962ad544fcd917002351df

SHA1
9cb19c598360101f253565d42d3f853184a582fc

SHA256
d8a9b53e11936f327faddf2e245c0a59e5c7218dacc7df08e6ad3a74d8d4f515

SHA512
6861ac800be07992ccb44f4f4e961f20c057385990e63f7df6ba2a2dca63d1d9b3595c9bd9e9a315501ee7ba19af7701eab0de4f857438f249da61f596f1d473

Download Submit
\??\c:\mylstecj.bat

Filesize
53B

MD5
61fa1255e51665ae34e18c202e9ddbf7

SHA1
a7cdabc39a8d5b83e761e1c95c58a19a23f0152e

SHA256
b5716c6f6320c03eb8e34c0e82f8f7c35dbd7eb233bdd32e45bfe4adf3ef1e8d

SHA512
ef9efcba0ce1a6610f39ae3505d3359991a67eb37349d90ae827bcfe80459cff7f81d38c7fc6f6f44abc2995851ae783bdd50495fcbd386ed1a8d915ca8baedc

Download Submit
\Windows\SysWOW64\inf\svchosd.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
\Windows\system\sgcxcxxaspf080821.exe

Filesize
118KB

MD5
c1a9a9bfab40e1c6929aaa5d48cad68c

SHA1
41772b810e3d27f0ed6d18e1de0c70939a95e04e

SHA256
54f04d6c4766eae6428494604c320c071b7981a6c236f457904c9c79d5a88c96

SHA512
f88493ceea94c18906f6c9007b72b96866f1166ab548336aa5157e0c832d0a49b47c3cbcae5dc45cb1c6f5bb6e8b439787509e6223c6f270115381c5a8ccf2e0

Download Submit
memory/2800-82-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2800-76-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2800-68-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2800-952-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2800-953-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download