Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 09:17

General

  • Target

    c06bc6914d0027f75bb4d381a806a193_JaffaCakes118.exe

  • Size

    532KB

  • MD5

    c06bc6914d0027f75bb4d381a806a193

  • SHA1

    832f2ddc005856724f646bb6f32b9a47e37fd39d

  • SHA256

    a1c2da26a3aec23b7d2caf96d5b5dbf05bf8c817e6b3d48522a2403d4f8e1eca

  • SHA512

    16cbae77a71904d7aa0a89d305659ec5d73854be0ef92070f693fafc817078e7845ad45e187937c16fb83f006352432883987cb3ce17d19714fa5bec803ac941

  • SSDEEP

    12288:EU9Xiuiqn0QP5vpBcRFIh66M5XjQ5SoMyF7+crn580L7:EUdHNn0a5sRWI5TQMNw7+a580L7

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Drops file in System32 directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c06bc6914d0027f75bb4d381a806a193_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c06bc6914d0027f75bb4d381a806a193_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\system32\6095\listo.vbs"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Windows\System32\6095\inicio.bat" "
        3⤵
        • Drops file in Drivers directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Windows\SysWOW64\net.exe
          net stop SharedAccess
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2656
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop SharedAccess
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2932
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://srvr.timwe.com/timwe_prod/PROD_COL/PERU/CLARO/minisite/index.php
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2824
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2220
      • C:\Windows\SysWOW64\6095\server.exe
        "C:\Windows\System32\6095\server.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3020

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          162f3461f9834447edf31a3213d71a29

          SHA1

          777a0c517bf967c1d7e4e4e4541dba54e2115146

          SHA256

          55b1d9f5dbdae16e29933f0792f48d85163410654bb93b61047f058df3b9cbd6

          SHA512

          199432b09e4050955d61daf8d2b9253d77f18680dbc5e10301ec7d8398d124a1833dc5946e0ccb827c8ec3bf9192e42830b6276cb3c0bb6ec95dec7fea0bdb55

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          543550372ee202d1fb5be5498f3e3f78

          SHA1

          da84753329ceef76c8f85e059062cccd96675f05

          SHA256

          5b7acf205f6ff36900f4376dae14283519b2f0e4f79a1fd8094e106ef4fdcde3

          SHA512

          b6eb6579f2ccd0554cc238016b1a35ebefb663e181dbf7e3897863612be1ba93d4423437dd0931606c783af0080bbd39079fdf961e18f56ce90dcaba66b5d18a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ecd38af5e73d6f1c3293ee97e002829e

          SHA1

          69040ebdb72a6a679cf3d3ea1523698eb51a5e42

          SHA256

          dc9c3485de418f631d870acc8e6e723648f24cc20cc0e6264109a0f6552f127b

          SHA512

          203c2636eaf504ad93fa069b142824c938371110f0edf3a6177267b108efc6b27d106f7aebdefa6d3ef0b22c3fa7ea8a84519262878f429b7c84e649dbca8edf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          51f5dab44284ec6244f7b385aa409296

          SHA1

          1cf1f833554cf1413d612e4a4d4daffdf8faa74c

          SHA256

          bca225a06e325be96416f72a237470330244b7b276d621f2e660dd410a425e0b

          SHA512

          515a1f8d96422944957f000b8f6a0a88a6593221f24ab83e2130d89166a646f35d00620cec23a92117e96e49bdfcb4bc664039d6ecc502c0ab817669181f9505

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b745f57c2806a50fbfe09ee1da376afb

          SHA1

          8ef9736d25ca36ca11502ed9e69d4c06147ad3fd

          SHA256

          5238a12fd26cd0e0f3dd42d4a492aadffdd656004eeb14d7c2bd89404c539961

          SHA512

          64a3be2b1a3b5a9e4c0d4369f31d9506430c72c8663dd53b6fce8449a452c692cd1fee4e9b1eee325b74ea0f12bf5be2dee4549fbb47f04da103725075b1a1af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          084155b45750bf0f0e3cfcb495f1e979

          SHA1

          c4d1c9b82f03a3e2c254f9ed97619db1a83bf550

          SHA256

          ee0abbcff0068738c0ab4c73a9806a38f4dc9445adc654bbb248d1719714be8f

          SHA512

          d5c21ad61317bbe8be9c96cfa9dba9c9fe89e8dfd630c4eb149144c9d161deb27d9da7044544edc47d3b090daf05a19ae25b369872c96a84a0c94cd3915d1af1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b3e1ed73894321cb86921e444f14e859

          SHA1

          a4cecbf174b8b56bc8d948f4f8a02fe88ca9d6e6

          SHA256

          523918a06108a290fae6ba0716468918568a9007968abb80f64331cbeb36d302

          SHA512

          01b23f864a7d6fa7a32a5b03b66b40d467673c19d7fce62530671914a46dbb3c89fec3d7f507359a189028ecb376e8712a3c5e256a3f6f4edfa076f0c711f460

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          81061bcaa67fbc618945aa0255ab6e74

          SHA1

          b62c7d0008652f71448592b11fef901c5e2fa640

          SHA256

          e9d8bef0ea8575a0c01888667f0803d6088a641142000e48f38974b3bde3e87f

          SHA512

          da6c909ea931589abe105ac75b6775e70db10a8635da6336594bd1f84cac0e6b61b4b7f5a5b84b4f87e28af0b232a185bc670e729e774e57b40cadb5aa875037

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7f7fb351e370fa863170e5d5cae29fbf

          SHA1

          2e419f88e7a34bf77a34d4b2ee69878d8cb4428e

          SHA256

          53bb47ab427bb4c35deb573c27b794539e108b712d02116a2030e6530bfcb803

          SHA512

          f1e3311d60d8a8098872e14b739861db7745045df5bde392a5014937a25c8d7063d5edd92a0862e24d0af5d71824f03b2acdf05e628bb59dc5b174fc6bba02a1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dacdb24f9362bb89073837bf2c1a3d71

          SHA1

          62c877bf55b52bc2bd931081c19b08f2f3aedf65

          SHA256

          5f57ce0f542f4a99d0ee8b5d45460b18e489beb879d2becacabc30b973d5359f

          SHA512

          27835de6827bc50595e4317f950689b232783a5374bf3beaefa438d03ca8c9107c9057e223973a81cc227edac82c23975e2f5d8a601b068a9b54fc6147c63b1d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          97eb5b4f3d28c5ba2535ad9b5017cfa8

          SHA1

          4b6f9c9a464d5e44f61f64e0255c1fc720484323

          SHA256

          97ac8a3ffae2930c87372bd89b9c09f3b764ccfe75ba9e19ce858bd7b17ad9cf

          SHA512

          dc469e8673b0d248289cba3a529f8e45a3a1fc84ad1c38ca2309aa7ce10226f4887847666f7fac1885492126282d412dbd76d6bbda5e3cbe52e4e7aa5fe82056

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e779e2c3f524dd94aec03b9b9dff3978

          SHA1

          061435b3a764aadb1658b54635256d588d878e71

          SHA256

          59b07287d1dcca41589dfd4e3138356247b8fd982bef369bb96eb21de68c6b17

          SHA512

          9a8dafaef59c7db7ae21da814caef25014a03c7dc01d00ffabc37fe505fef7596adb8a9e607e41954faaebf6f2e747b823caeafe0242c4475cfdd9a277105f36

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ce772684c9d8cb0fa9677f345afabd66

          SHA1

          1223f62bd1b8e6fa3d69ba894ecc362f45e9f118

          SHA256

          bcca9b26a949ceff644233f44e8550b19b862b7ffeb9855bad8a1044c55a8516

          SHA512

          a7753c9e11825b2b319ccc582b8807689876c9e24d6db61c5f6352c040dae65c387118170be49a3200a4a98f005066fe574c4a3b4c56d460f8cd5ab2337ff96e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          30d654359c901139364603642bb33902

          SHA1

          e3053cdcb138cd451011d7efd38f73fa942bfaec

          SHA256

          3f75c854ac86bdea326c307fbc1ffd27037a17416b89e1bafb3b755271320cd0

          SHA512

          ea4532abd01d554aeaaca2e5313b2df79f42f79a75e0e16dcc8d46e9fd834c5979eaa24ee5f7e07b4414c01d3dde31e37058fae847f2b418c4911aaa9c1dc2e2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b91e803e50704135cee27107763a1a79

          SHA1

          cde25a48b8ce8c650a6fb71fd791a9786c7e6d65

          SHA256

          2beea81c5af23b13bb2e0c80734383162fc4d4494db9197f804d22b9cda94b9e

          SHA512

          67b1fae92f49be8cf65698d03385c0c02e7f10da88ea3e066862a23c1a18e5d88f3cc95dd724793b0d9a798fb1505b2ab7084096b5836240601a181efaed2297

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          561701c696426a177245d68524fa6f22

          SHA1

          e6c4269791951824a9a0559723b4d76d30ab4716

          SHA256

          1f2edb9361ce424860101d00a9adb65ef71ed8f31f634314b0d555d6e55ce457

          SHA512

          239412be20b0fd51241bd3c510690563f166909dc936fcbf9a93114bbebf0891b795393a220edb6b5cb836e9d46fd28e5709fbba200047b81ab48bae0c618566

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a19816f6eae179d5654dce0e6ff56bda

          SHA1

          d5a7ca5ea38aac661e9e35f5f4cfc03825b1fdbe

          SHA256

          c6ce9a68a73ad0fc7e78add616fdf1d1b4411c2e2af74b7b448e2ccd2a5a8bc2

          SHA512

          b8d31eff107ebda0cb483d5fad1e746285be950057695d267e48a0e2bd16dad4f7ea394b919f1ffa720a046dedd8ad011b0958e2bff5c2c0375f2270371035a9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3efd09acde32b8b89a914f406e7ddc2c

          SHA1

          0d50fed1afa9d951303b1299a9b60913c03ca92d

          SHA256

          e2b279931932e7a6ecf25d521971b51bfbb483901c55424ff3d151c8df47271a

          SHA512

          1806580df468a84e02e3f4a1b411e757d2e8e9d617f671735bd801ea3b821cd1b5897714bade4ec31fcc934d8d0261b74781e5b8275c93df6a5e9b340b91e1c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          afa19d5ec926a7c6c178ee1882cb72dd

          SHA1

          72cc9a6197bd4148be0b42fd0550edb7642a9872

          SHA256

          e1956e9f58becb2538e55434b6aad002980961afe5c3952dc2ee582893f82210

          SHA512

          4a6ba32298109d297224d198a045dd69edc2931355e628dd3692c11bf84e0f590953a50c32396f97aa30c03afec8910b8d9f0ba4e6880a0e689b607b2d21f1e0

        • C:\Users\Admin\AppData\Local\Temp\Cab9954.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar99F5.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Windows\SysWOW64\6095\imagesEdit\bullet_nara.gif

          Filesize

          54B

          MD5

          b70875abc68acdda52465961e52d7f22

          SHA1

          a1e96c97fe86f5c920f3b4f6a55eb38d6f42979e

          SHA256

          7bdaeff8903cd47126213fad77a50309ccce60039dcd3c24491912c5961a6274

          SHA512

          db7d0a5f750cf4f27e88b0f65633097d662d6c7045ae5adf6b82f9891f2c1e18242d75d57a939d7dd9c1e7f91374fa928ad34b5e3bf605cf9c8caaa3f0786235

        • C:\Windows\SysWOW64\6095\imagesEdit\fl_magenta.gif

          Filesize

          152B

          MD5

          8588fe42b88c8813b38b4130b50263e2

          SHA1

          36293570a1ee26d87b4924f74001b3b9db09f8ce

          SHA256

          c444fd18800314f402b3390411b766d8aea965b2b1196a85e8a382c8a4021984

          SHA512

          a0b6939ae213568316f6d6100a20043cae333a86593c7326bed394d6069ea71fda385561c2b74b209f5bf64b36717d191238f855aff15c1b4c81c7362e5e599c

        • C:\Windows\SysWOW64\6095\imagesEdit\fl_nar.gif

          Filesize

          56B

          MD5

          8e7e35d6069b7f3cfffc2552366b8d77

          SHA1

          eca95ebf49cc4e5ebdfd1c5898b08c761786ef48

          SHA256

          2483283737104c74a80a0d87aafda6158380b8eb5b320dcf0dd16f1bfdca9b10

          SHA512

          12e69f747206795fbaa83d47498a589fafc9e7b76e6e876d12d8b94f990a11b428093bdc6a0030d0101e5d50b7b71e184d1909454935300d65054d4fd8e36fb8

        • C:\Windows\SysWOW64\6095\images\fl_blan.gif

          Filesize

          55B

          MD5

          4448424a0727f28efafa40d30149c379

          SHA1

          636da7194bcadff563932b4de1d5d66c9abf80d3

          SHA256

          264e559dbeb149890848186acbca26f2bd0232c3eba38694bb8c36a85a663872

          SHA512

          ece247d66a2940fe7fe724a062e0c69344822ed8cade60bc95663432f9cc37f412986dcf43ac8a9e214e1afde83f786d063ac7b663ecca30a0ea209b7feeb097

        • C:\Windows\SysWOW64\6095\images\fl_nar.gif

          Filesize

          55B

          MD5

          6ce0387d66549f45f0881bb9077e192d

          SHA1

          f6b41cd1c0598345c71a65bce08e25bc6da9d70a

          SHA256

          0a12e034b28fac8e819b5e9b1cce37b5e831834b5bbf6e9a64070b53533e6a8c

          SHA512

          462782de67b91ba3169bdaf47b65db4b26e020fe68e43a3bfb9e17e61925e80cd58c9100a9277e1db09e90a7cfce34c458216c79440e0ba83d44fee9d9604d66

        • C:\Windows\SysWOW64\6095\images\fl_nar02.gif

          Filesize

          53B

          MD5

          bbefc514ca3b7b4e1ef7e1c62f9b1d3e

          SHA1

          7d9b89999b7fb235bb9f0759ee63ef5f73c98627

          SHA256

          2dfa7d8aa4d292b6c84f518b69f26be52b06c5104f0e527e8a295f66e1730e17

          SHA512

          a3155a4e06c32096774cd37d6bdb59252f2cdfeb14d426b14b5e471bc3850ed1e8f6517e2bfbdf4ee7c23864aec4f9d5c050f9b43c880dcdfbf61395e282a8bb

        • C:\Windows\SysWOW64\6095\images\herramientas.gif

          Filesize

          48B

          MD5

          ada7ea4a9123bcee2828d3520a514c06

          SHA1

          93f1b122b57109081ff4c567c81e177981800a7c

          SHA256

          cca4e955402ad5f676f2e7f56782812526c4233538b15957436f4b2c1feaf60f

          SHA512

          473b0baec60d55cb4186f66fff8606711f480273a8b2d0c78580e90fd52c47d40492ffbefe34693b1eae7b3967c50d9f966c1f35f28e848361d49e0a84ced1a2

        • C:\Windows\SysWOW64\6095\images\ic_candado2.gif

          Filesize

          76B

          MD5

          9b769432f88cdba9df37f3bbf5680dcb

          SHA1

          c394c97606ad96dfeb00a4c12756e2fe8b54240a

          SHA256

          041e15100772ad4aa977949ba324181861a6c9e25b78e702a80801e20d9c5f8b

          SHA512

          02f96f5df2d5c9405b6a4b9117e99f255496a87d7ca4650e36871d37e1c2215a0bc96577b6b0f161e694b8548d4507896b12deb819321c906ccbf84cbf3f7029

        • C:\Windows\SysWOW64\6095\images\logo.gif

          Filesize

          1KB

          MD5

          0af4ea969033d065c1d9e1e00fac7ab2

          SHA1

          dfc0c441493178427875d13f8738eefb328745bd

          SHA256

          5bd86f0c7b9488952472273d994a2c12fc50cf7293825df767bcc5218be5393f

          SHA512

          310c3f05542af52950232d7cb4a15c2cb086f21fc7899184e12114ce8348fa5e49f684999ff3a6ba59fcc587b05dfd1c6127629d64794b685d82e6c67a4a0801

        • C:\Windows\SysWOW64\6095\images\spacer.gif

          Filesize

          43B

          MD5

          325472601571f31e1bf00674c368d335

          SHA1

          2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

          SHA256

          b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

          SHA512

          717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

        • C:\Windows\SysWOW64\6095\images\tit_ingresa.gif

          Filesize

          1KB

          MD5

          174a762ede78de6b9f2aa8ce0d39b060

          SHA1

          7fba4fc75ba3e9dea1b5eb098c1a33939f1bcf46

          SHA256

          41450915dcebef37b44954f00e96de58391db1b2f614d82213554e5467b53885

          SHA512

          d5c4031784e59f7bacbfb0f42d14409cb912dc25964991b0a8ec9bf1bc05a5bd5f97c2ffdaa1d054dfd758e32f8914d5d3e1ba089ab742715ae7253508d352aa

        • C:\Windows\SysWOW64\6095\inicio.bat

          Filesize

          626B

          MD5

          159eee2c69357c834edb81cf878184ab

          SHA1

          3ed002de0f2a06025c4443bf3f2989cfc2f3685e

          SHA256

          2c5a687cf8efe6c7617470c70ddfa817c2a14e12a0fd5e045950759f3dabeca2

          SHA512

          3049c7bd6c7cf6e2eae72ddd3c65087bbe3ad1197a47e654318fe8378bc183200e49ce8558eeb16848c02f557cffa27d444c6ef2a10baed2335d88bbba1fcc25

        • C:\Windows\SysWOW64\6095\listo.vbs

          Filesize

          106B

          MD5

          ed9ab547e8782ae58904eb302b508bee

          SHA1

          e0c674b714fe356860cbb2706b3d313a10bad21b

          SHA256

          59c4d73ca93def31d0c496f1c7e66360484de1053d9c084faad280adad12666a

          SHA512

          dc63f4db230e5471e14ade740b748f7317bfbfd5e641ceb09c88cdc2c2e45f6906fb5a3744daaf950c7e95ac898f3f3934b86dbb4082e3c2f60beb5115e9f9ae

        • C:\Windows\SysWOW64\6095\server.exe

          Filesize

          16KB

          MD5

          d824fd5dc0fcb7d8b685afee4335ecdf

          SHA1

          365f4667af283423bb730f3041293896b3198c34

          SHA256

          f76aaa2369bac454921482500e332b451b890e1f56bced1c166d8037bd79f441

          SHA512

          8025d2d457551c304910b9ac76c1db5e69d1a67b27389e8dbcc2529c90bb031d4e27770715de8836286e9388dcff3d56e21edfcd3779e7c4f3b528f7fbb0272f

        • \Windows\SysWOW64\6095\MSWINSCK.OCX

          Filesize

          105KB

          MD5

          9484c04258830aa3c2f2a70eb041414c

          SHA1

          b242a4fb0e9dcf14cb51dc36027baff9a79cb823

          SHA256

          bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

          SHA512

          9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

        • memory/1052-401-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

        • memory/2404-406-0x0000000000410000-0x000000000041B000-memory.dmp

          Filesize

          44KB

        • memory/2404-409-0x0000000000410000-0x000000000041B000-memory.dmp

          Filesize

          44KB

        • memory/3020-410-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/3020-448-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB