bfd8d8fd660aab5b452b1e26e1d1611a45cf508cb06496ba1954ee24db3e0a6c

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Size

112KB
MD5

db5ef63ff0e15f9081c09aa75fe1dd37
SHA1

f87721675b1bc7e99626f7eabfc58ce6dd0c8a0a
SHA256

bfd8d8fd660aab5b452b1e26e1d1611a45cf508cb06496ba1954ee24db3e0a6c
SHA512

b4e329f7916ed3ec2ced7f778b3a2c4c6d845e519b75a91ad7bd4fe51b8216bbf838757a697bb9660b2f3e33e27294edc74e2583beb258f17f5efd35b184629a
SSDEEP

3072:74eYZ4+1JXJJLOa1siyUpKT+/8j4NE0D/:05O8POaSiXT/Nya

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3020	installer.exe

Loads dropped DLL 33 IoCs

pid	Process
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
3020	installer.exe
3020	installer.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
3020	installer.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\taobao.ico	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
File created	\??\c:\windows\xyx.ico	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b6d4c59d04db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000c0e8398938bfb8eb22d0c474f5fd84e1db5b053bf4b7205660907cfd7c3ec1ad000000000e80000000020000200000005bd665f990a6896029f0c91c88fc8a8c55411f38fd86fdf1551497e273d3ebb190000000bc68808395109c1c6793a3c1086758fe07d3b3e1d1d14eeba61f8523334993344b23d78861d82fc7012ed3b37e49383bf1549a6a7da14e6b6c02e1e5dc574ea071ff7db6451b07f7238bb8681728f07943960b7992f76be4d368adba054dc6dc572c4733bb5b878b22652a0519695fcee5d7d5517be4f444689477a2c5a7a0c0e6dd97696a2e7ea829ef057cbcba9ffc400000001d40604e5a6d6e9029be99ee27df3b8d4e429b77e95e32b2a44bfbb1499036cbf459bd2364631d2b65ea4bb21041070cebb870b861055c1c8639982f7757f053	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000802ad9a870af74bd442bd057fb1b10d6ee4eb2dcd708b7716e9b831e41cc9724000000000e80000000020000200000008a2e1f662d75bb00676a68c4374e273887eaeecc13d69631c3bab5c73e13ac862000000047aa5cd46a1dcb50d55412de63079b88a5739524b5747dec3c54c5f23ae9b9754000000006f99c52b151a16c439698456dd71988943a182c730db9dfad8c9c34be3a865d93970c4608e70571f891ea50dd5723eb7c4539f50c8ac8a9a7a02cdc9ebf67ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E981DBD1-7090-11EF-92B3-F2BBDB1F0DCB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432257187"	iexplore.exe

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\InfoTip = "Internet Explorer"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\DefaultIcon	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\TypeLib	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\DefaultIcon\ = "c:\\windows\\taobao.ico"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\Shell	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\TypeLib	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\InfoTip = "¾\u00adµäÐ¡ÓÎÏ·"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\ShellFolder\Attributes = "0"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\Shell\Internet Explorer\Command\ = "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe http://www.131.net"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\TypeLib	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\Shell\Internet Explorer\Command\ = "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe http://www.toulema.net/taobao/taobao.html"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\ShellFolder\Attributes = "0"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\Shell	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\ = "Internet Explorer"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\ShellFolder	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\ShellFolder	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\TypeLib\ = "{DBEEC126-4924-49C0-9872-B2B57FCBC94B}"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\DefaultIcon\ = "c:\\windows\\xyx.ico"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\ShellFolder	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\ = "ÌÔ±¦-ÌØ¼Û"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\Shell\Internet Explorer\Command	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\Shell\Internet Explorer	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\Shell\Internet Explorer\Command	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\Shell\Internet Explorer\Command\ = "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe http://www.pp2345.com"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\Shell\Internet Explorer\Command	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\DefaultIcon	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\DefaultIcon\ = "C:\\Windows\\SysWow64\\SHELL32.DLL,220"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\Shell\Internet Explorer	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\ = "¾\u00adµäÐ¡ÓÎÏ·"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\TypeLib\ = "{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\Shell	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\ShellFolder\Attributes = "0"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5685E73E-59C4-416A-862B-A6CCC440EE59}\TypeLib\ = "{5685E73E-59C4-416A-862B-A6CCC440EE59}"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\InfoTip = "ÌÔ±¦-ÌØ¼Û"	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\DefaultIcon	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}\Shell\Internet Explorer	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1476	iexplore.exe
3020	installer.exe
3020	installer.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3020	installer.exe
3020	installer.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3020	installer.exe
3020	installer.exe
3020	installer.exe
1476	iexplore.exe
1476	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 3020	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	30
PID 1364 wrote to memory of 1476	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	31
PID 1364 wrote to memory of 1476	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	31
PID 1364 wrote to memory of 1476	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	31
PID 1364 wrote to memory of 1476	1364	db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32
PID 1476 wrote to memory of 2148	1476	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\db5ef63ff0e15f9081c09aa75fe1dd37_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3020
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pp2345.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1476 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4ECCF7BDA10BC4DEA49859F14121B199

Filesize
504B

MD5
641db5579c8494cfe689984496fb0fbc

SHA1
491f7650b7967ce44691c92e5e9b3e9d69637ca6

SHA256
96a76c16cc5a6aacaaf5543f17e1fa972c0d25c4984ab22b46dab426ba5ca82e

SHA512
95207df3b68e72cfd0321977803a04794ca689883d9d90f45fcf29a8b4f659c6c4bb5c600b2311e3ea2458319f7f114e3d8d6608f3c1ef6931d0371f7d310916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191098685e83ea456c635d11a1037d3a

SHA1
5fb3facfe38ce16905561bb6f6fc3b21254915ae

SHA256
756cb5ecc342d92933fbc3284207a38780bca73bb22a251d779085f2ae52f5d9

SHA512
d28c81370c19d505d84973c9046f0ae9564ff9df9e9db41e9e6506c7c3831a783b96633a0319b67d3f47488e27f005953515b55c33f1d73c3a353e00335c9187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c5ca2701ca639036e0bd607ccc8054

SHA1
f6ec7f00dd1b2975420b12f27fbee4989536d96e

SHA256
92bc593b4a5d2741ebb032883fdb51ac6f12b5c96b416e0532f32ec47d2b9594

SHA512
c0feea8687050c4451a33cd4ebfe9f19ba1efeb7aa38141ea7f8f50be342adf0c218f76037407933cd2da38a805c81c95fbcd2ad4f7cf92c2b9a1ff89962d8b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b7dc24abf881103853025837b07c0e5

SHA1
ee5927afcc8b54e939f3cc0dfe6aa762ff6375a4

SHA256
d9f0e00916b35e3e78e44e07e60145be32741d73488830643b9d091804ee0c5a

SHA512
6aaa4778f9ec430566d0165d6d10985b9a39dde7238f7783e77d7fdbf52e5781413040d51b00f17b128fecefd4926d0a484c45c089068c23e340cab4277b0a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d601ea16b149624d1c1052fc9001a1f

SHA1
000a2843e010332eedaf0b29f248b6958b18366b

SHA256
ebf95ac6d28e751ee8967d1b8ee0184c6cef09a921dcd12b278b69695096a611

SHA512
1e37a810def9bebab67a06ff894c2d611fe1a1a841939f7f6527af3a1b9571d065143b09d3e2e2259d731b6fc1fb49f5e0892898b1b1f0bbb9c2c50a5f030750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce864fb06489e72416310c64682e30d1

SHA1
c1e0c15c55bd13e9ae32dc8377492c47bd07b52d

SHA256
3820cd2ff7f5dbe59cad8536474d9beed2cd3de6c78a1299eda79d617f6a0acb

SHA512
05c55f1e69e78d4f8d1b63d9b398a8b463232ab2aa9ec13ce01e5f06c67952a9de0daf5ca2eb92700251f91d01ef08692f359e5501ece6c0109eb124cac6097d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e3a5d320d48fd65b0676b975f8d62da

SHA1
cfe1a9ce06516090163e4aa75eee61f910df77e1

SHA256
521b0ac932383ec1b0432a8712570b40718813b20423b02e4a59cf2d10ed5416

SHA512
255acdf9ba79c47f0c877fac18fa71dd54e5c716c22f0240f4db20e08886e1845557e0bec9c8eb97b158bf6dce35b1d8baf20b42b11d01f40403f05353070c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf7966bfada12fd11b47e5e174efd917

SHA1
7fac7921c8cea395c2bbedc64abd5b8c96eeb1f8

SHA256
a9b0d4a0d859b0ef9fbd10587a24d69269a61ad9419d5bcc8c3cc90890a23381

SHA512
d1c4d6ac5205bf30995d9a1117cddddf6d18297e824e488712a6249eb64d32b87ef9c1060d7504679b55b13c8e136184b89e1eecbb174c618219891565205b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b000e625cdc7bfb527c9f2e07e629fd

SHA1
0016ef793088f7f7c653f735317859c4589f855c

SHA256
a24dc18b9b3b1bb8dbf318ff610b5efa94ea07d94d812003b770f7a6d19fa21b

SHA512
0da13885915a365c07130447d8aef0bb79d2165e9d6821b92d395a6160924fe667d55a8b8f4ee16f67d8e9d7bf359355c0d648d52c2db349412e5815a5dbd33d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e79f72b479d646b24a463ab54b4c4d6a

SHA1
9a63fc690eb5ebd65fd1a980907059e99500afbe

SHA256
6c0ce1dc6d383575df174695d67d3d40d7e3fd1244d54ffbc04530c2c3a614d4

SHA512
237510d4a45cd404cb9b9d393cd2564a8bacffb5c886196becd5e7578265da4b8a950ca1bd77835e9467e2521f8a08329f035a6d511a3b7a95d2b59ad2ea4065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ead8285e5e930579c1cc562b983eba9

SHA1
1f67d3ac1b8aeb9f6e7a257e9ee7758c6c1ec158

SHA256
d5d108a10c8c5572b241767d388dacf488e9276a935595c15951236429c06ea9

SHA512
839e864afabe484284637289467da14581d4200c9a0bdade2a02c90a506acad644a879dc99aed591eaf165ecfe0981115f361ca979b818f8554fbca03e183016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6906296c82b4b7ac76b6a7bad7556217

SHA1
0390019011c66b00ed7b8a2a5c396296bb72cdf0

SHA256
f1535ee225a252f776693e8a1b854321cb689aaea4fa208f36d99eb839813123

SHA512
a9bdd20f32bb9ebd9f97a6eb5864eb2f2b6e65f57fe16f8c01ca71d781280c70a11149051be7ba65e468a70b6cde31ced010f319d87a30809e4a11528143fdfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
164e01e2b5101f6f18b1fcbf2d6d878b

SHA1
5cc27734c42174c22e7480c7f7aa6f1783ef094a

SHA256
9b70010cd36b3d37140b5344246d29387640cb7ab07c04f065b5498b5fb12349

SHA512
a5cc88ee8acf8a66f9a5fcaba02aca6c9ea42576d7ea7028331181cd276caad4d6d6f43543b516047a3b05058489d08953459ba364f0b96ac03e95fd92b53c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51311d96dcfa18a3b04a23e063ea9107

SHA1
ac16fba5972e1ab6a676d14043720c5e513c61a9

SHA256
598bf7fe91889b67aceaea702cf6068f1ed0220dc760cbf940f14a1dbb7d8331

SHA512
3ecc1ab9ce3307a073b3893887798a19191d0094d218dc4550b8dfff7c4ed9aadf594f9f8046f6737128ee0454a84a8fd3fbac1cfdf65701d4d6fba5582bb6e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c29ac4b32a2202f3984d9a70ea5c71b

SHA1
3b6419cd60e304982455c4aa3ef160946b5c2c74

SHA256
caf5b9a1fee95d180f60add9e2907fa50c3d8ee3b4abbbf56add4d4988b94917

SHA512
8c74375c63be8bc26c98c32eda115ba5f709815484f35e4882b59487fc31e58f1cc06d954d36f5b752719188ba8e9eea1d0c6a5b4506285ec697e41ca1f95f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c439d4b0e16d246c78c0409c82f569c

SHA1
b02b2f84ae13caa047bfe2e3b5b98902b30116cd

SHA256
4ffb6845f18e628049bd8b6fc0833d6392827c2b1dca59c4727239fab089f367

SHA512
0350e4e7d2dd715e268c6f6730c1623b787111b597edec4543112197aa4c09d131604b14870623a723e7bd2150e8d39bd367674ec0de54463d213c28a733db46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c7ff7fb6bb2b05d2a0495e4a61a0020

SHA1
ddda265c993136cb2fe8969e580c8c7acaac4dae

SHA256
369f1a3fa17c1009db660c39cf94ffa88a58f66fc5817557be0c3fec4c33d19d

SHA512
aecfb87ea9760305c4cd6db0b888d5e44220bf70bb5a925b13c4dee759f2a976cb272616901581e9fc20acdb314a3d3405a5a138bf9781522dac78545a1accf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dfa839af2c46ce8d25bd078c8ebba7b

SHA1
049107dc58860825aae90f1d3792a8b93d4fd8a8

SHA256
958feb8e408e9a8d53b2b3f804b785919aca3399202c044776505510e85c1bb8

SHA512
1c6a05b42d3b2403798f8d07c77234f7f035dc7792d52545442c9276e8957ee364d06eda1e548236d565c21eadded1cccff9952ac6d0a879e3b57009bf25529f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3a40905571bb7d34b5288594866241b

SHA1
8e1c859df9efb2cf193a0e96d85f50034c02a349

SHA256
d0c053d3aa10f7426f9c994d9a00715e41cc50a7d0a6125752f220477319c2ff

SHA512
78226741d2e8e261425d257aefd6b811beb66d532d8c4f2f86a69e1c97e73765f92bc8e3352d761663cd1d91672a72e4f330ebbf3418b7723a5bc5984e9007cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b36f52dae937192bd5c16c4acc0604c2

SHA1
44ec0d442e5124ab0d6843b1359184d299339e5e

SHA256
756ec2717f6e343f698f8a6e96fe997af343516143b9db46994e79a6e6277bea

SHA512
5053d092887dfd14055bced48c34a5dd3f3ccc39a0df3e91f29a569ed655daec5963b6c41fa8acbbacd1f3b15d02585440b4ce7a6e6a27a2685b0cb4aeada7c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f916d9ce464ab3be0b728f791c7f25f

SHA1
a587e492daef697c3c384d24a04a2ab020de969a

SHA256
a8c8ff8faa80f8fd388cccf0c83c1fdfb9af05e0345d329b350a2eb3da72ea3a

SHA512
ecfdfeea4810c3fbdcfd24b32ef8948cf410c70d43b8425d902050a0317e1956b618e42105a293a74884d13004eecb3d306dfff4153c367baebe59809b70a35c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db196598b1feddc594010aa950f2faa4

SHA1
8c1a009e258b4d97a47121a69a9835de377a2ba4

SHA256
616fd3cc03482a9dbd6d5aa1e3b464176cc6e00f0668222bd9093a41fe5b181e

SHA512
efcb697daad7b855df2d00c423dc52c895c645d6192a96862b5e5985b31c801b9eefc468207a18af5eba98b8e124ec903cc59501c1b5a45c68996bddcaed73b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4146e88106b3d52339b462d20a32da94

SHA1
5f813df711545adfdb9c0a8ae866ff5980ca6d60

SHA256
93ceecddc337d292f1cda6b8981b10833915ce2858284b678912097eb0d1456f

SHA512
6d53636a9baf21f25267abf21f3d5b17b1386d332ac7e5e03a699318f9a259dfff23e60194a07a15b538d2fe9ece0a98cf0bf772ef608653f6f914c47f10c7b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f05e54f413dcbe1d09edcf86e2abe58

SHA1
d1dc2e38aa9b34f3c98c1c59a012a2735f7db0a0

SHA256
8c0a5f2b89d0ed65b4783e538c6c67b1bbe9d39e0fa2e577aa523edd8de9eb17

SHA512
951db9c585a114a25b638f42204fda8fc6c2d6d06bb64c0c1c0193eaad6bd82ccb96ad476ed48b4442270a807167cb52ba0648028cf0a4a3d393f5c1eca3ec5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat

Filesize
1KB

MD5
8b559d72d368cb72eafab84697d196d9

SHA1
c49ef2ab4c8312c5e968684d998276dbbbb3ed6b

SHA256
6cbb135758f79a35bea0029518dd0432f65db081a25b9fc8505140384fdbbab4

SHA512
3d17149de978ebd33b1564cdb74443f0e1671ce7f7f94a795bb4d7aa500352aea32903b2aa55b63935560a41ca286abd9c2e7653b8c332d248b9c8aedd916be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\favicon[2].ico

Filesize
1KB

MD5
8a27c178ea3c62ac7ddfdde135fd43ce

SHA1
63b296eee039b764bbb3a2986fa56032460f796c

SHA256
8dded93fe6a6bdcb0819e9608fc98c91a9ac105746cc0135c16408759241866f

SHA512
38f57c423ab6b277b9c0f3c34e6d1205c5d5cccedd555bad40b285f818d50c915be9bf95b16fa11fdb68cd6b41e0729431e4a1997998e95624141aa370ee2092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\jquery-3.2.1.min[1].js

Filesize
84KB

MD5
c9f5aeeca3ad37bf2aa006139b935f0a

SHA1
1055018c28ab41087ef9ccefe411606893dabea2

SHA256
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

SHA512
dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab601D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar601E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Filesize
1KB

MD5
9a98019b65f8ead6c5b7bf818b6ecaf7

SHA1
7a3802b9d2132462c3c84c6018352e3336d0a692

SHA256
5196df1ccd6cd351eedf27e86736384bf557186a63735c431ba324f4979b09eb

SHA512
2c5db8987e12d053d251026ad547fce791877cefe6a5dd086bab67dbd4cd558a456cecbedcc2701ad52bc6f9b63f52e136bb9648c77b52c7f52f60c7eba07fe5

Download Submit
\Users\Admin\AppData\Local\Temp\Installer.exe

Filesize
69KB

MD5
13b46e31155369478e521dc134eaeab8

SHA1
02a01ad356ae67e7684e14ac1dce9f03014a4e13

SHA256
7b337643cd379d8c8d8f1c8efcdb6bcdc82708d79cbd64cead9bb0f4bbc380b2

SHA512
673b6c6159bb660554b54f9886f95ac6c05eceb6d89ce1e9bff14a76a92ece77f4d931a9e8dca6fe35ebc6ddf28a9ff28ef3802acc1926a3f7c27aa0353f9b9b

Download Submit
\Users\Admin\AppData\Local\Temp\nsj452C.tmp\ShellLink.dll

Filesize
4KB

MD5
073d44e11a4bcff06e72e1ebfe5605f7

SHA1
5f4e85ab7a1a636d95b50479a10bcb5583af93f3

SHA256
b96b39cb4ad98f4820b6fd17b67e43d8d0f4b2667d50caa46eff44af245d75bb

SHA512
e9f99b96334764ae47aa026f7f24cfb736859a9131bd1c5ec7e070e830b651787f49910911f82e4ade0dc62fea0ad54ba210b07e44830eb2be6abb710a418a98

Download Submit
\Users\Admin\AppData\Local\Temp\nsj452C.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nsj452C.tmp\inetc.dll

Filesize
20KB

MD5
8d8fdad7e153d6b82913f6fdc407d12c

SHA1
aabbeed33cd5221e4cb22aab6e48310df94facfd

SHA256
e727c8bba6686c4814602f2bc089af4b4cf3498d1dbe1a08d8c4732da5ba046b

SHA512
42bc0ce1aca63904c34025307fd4b1d9f480ae47e42e7dfa48bbbf8286d947de2989435ad7a748951291307949217afeebcd31d10a1356c9366d3187085773a2

Download Submit
\Users\Admin\AppData\Local\Temp\nsj452C.tmp\md5dll.dll

Filesize
8KB

MD5
a7d710e78711d5ab90e4792763241754

SHA1
f31cecd926c5d497aba163a17b75975ec34beb13

SHA256
9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

SHA512
f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

Download Submit