6e64e3556c669708a3ad7a26c29a7044074a559507fa7f988c0612c42519ceb9

Resubmissions

12-09-2024 23:24

240912-3dr9gs1dlj 6

12-09-2024 23:18

240912-3ajg6s1blp 6

12-09-2024 23:09

240912-25l14s1dkh 10

12-09-2024 23:02

240912-21hsws1bne 6

Analysis

max time kernel
139s
max time network
141s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mouse-jiggler_uTUBd-1.exe
Size

2.4MB
MD5

d8ad93ef2790aa264ab569f5ba8a67cb
SHA1

67b01f6a855b6c5def8863b0d2ef157a44762a28
SHA256

94375dbac8e6dfd152a3c3b9e33d1c6fc18d5f86e2b486124cc4f67dbef68ce6
SHA512

5fdc98ed246ada2f1db0335fed19eb72b776bf7075ebd3e0c4d16cdc448e285a9e63141c487e3c96297b876313ccc7ed135689ece9223e3d0d9526169e6d0d95
SSDEEP

49152:nBuZrEUJje0NQq5rISAGFncaWt+ugsv6fhcUiVoX:BkLxNNC7e9Wt+ugsv6fhcsX

Score

6^/10

discovery

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\SOFTWARE\AVAST Software\Avast	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\SOFTWARE\AVG\AV\Dir	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	mouse-jiggler_uTUBd-1.tmp

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2420	mouse-jiggler_uTUBd-1.tmp
2132	mouse-jiggler.exe
1204	Process not Found

Loads dropped DLL 3 IoCs

pid	Process
1304	mouse-jiggler_uTUBd-1.exe
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mouse-jiggler_uTUBd-1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mouse-jiggler_uTUBd-1.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mouse-jiggler_uTUBd-1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	mouse-jiggler_uTUBd-1.tmp

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66678671-715B-11EF-91DA-667598992E52} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000a3db521e1dc48504101842bffac46062a6cdfbcbb4729c202a20c1aa1466dbfc000000000e800000000200002000000097f718435341206a23da275522fa063a48965278c05ba4c948ccb08fb0dacd5b90000000946677b5ba7ccee5448c14975a88bc6b6fbbddc1c2d4e77e06e678d58fd8426ec32424e98fc271f26a25b99001a98cee804c4169c7553eb8ad6e906369d4298ae2dfe1c8e19639d2f9b086c7a452f205d2d7b0ea44e26376f8c120e602a284377d68e240a0d8221efd87e818786b1d42f26d8c0b353fa94cae7c0e9363d05a55066ec0be09d4c524adec63e52271ab8f40000000052fcb9fc050a7eed281fff3508c6d52a4fe18787a72eab56d6bae9156bfbaa3ef7a0336befdb42adf927ce80a919e9cb3c4a306b903f6c79e927cb8e4c77372	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ad90416805db01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000062d0c651039d870c82306baa2c8ebe3ddefc8670a46f84128c29072e46452266000000000e800000000200002000000011be974bda73b7465c528906ced12a2c3c843c5b0be09e60f9be97cc70f32582200000002a7916b872f8a89fc009d5de6ee6272d0ce9b7de4ff285cfd7459074250b305040000000d83845c662263f8c50bbd40974800a15d758741a56ee920099b674f72a1bbb92e745aea59c9607813db0fe5fddeacfdd33be9547c3542b197278638df2eb899d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432344153"	iexplore.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	mouse-jiggler_uTUBd-1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	mouse-jiggler_uTUBd-1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	mouse-jiggler_uTUBd-1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	mouse-jiggler_uTUBd-1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	mouse-jiggler_uTUBd-1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	mouse-jiggler_uTUBd-1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	mouse-jiggler_uTUBd-1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	mouse-jiggler_uTUBd-1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp
2420	mouse-jiggler_uTUBd-1.tmp

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2420	mouse-jiggler_uTUBd-1.tmp
2400	iexplore.exe
2400	iexplore.exe
2132	mouse-jiggler.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2420	mouse-jiggler_uTUBd-1.tmp
2400	iexplore.exe
2400	iexplore.exe
1484	IEXPLORE.EXE
1484	IEXPLORE.EXE
1484	IEXPLORE.EXE
1484	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 1304 wrote to memory of 2420	1304	mouse-jiggler_uTUBd-1.exe	30
PID 2420 wrote to memory of 2132	2420	mouse-jiggler_uTUBd-1.tmp	32
PID 2420 wrote to memory of 2132	2420	mouse-jiggler_uTUBd-1.tmp	32
PID 2420 wrote to memory of 2132	2420	mouse-jiggler_uTUBd-1.tmp	32
PID 2420 wrote to memory of 2132	2420	mouse-jiggler_uTUBd-1.tmp	32
PID 2420 wrote to memory of 2400	2420	mouse-jiggler_uTUBd-1.tmp	33
PID 2420 wrote to memory of 2400	2420	mouse-jiggler_uTUBd-1.tmp	33
PID 2420 wrote to memory of 2400	2420	mouse-jiggler_uTUBd-1.tmp	33
PID 2420 wrote to memory of 2400	2420	mouse-jiggler_uTUBd-1.tmp	33
PID 2400 wrote to memory of 1484	2400	iexplore.exe	34
PID 2400 wrote to memory of 1484	2400	iexplore.exe	34
PID 2400 wrote to memory of 1484	2400	iexplore.exe	34
PID 2400 wrote to memory of 1484	2400	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe
"C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\is-LIH9E.tmp\mouse-jiggler_uTUBd-1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LIH9E.tmp\mouse-jiggler_uTUBd-1.tmp" /SL5="$4010A,1583351,832512,C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe"
  2⤵
  - Checks for any installed AV software in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\Downloads\mouse-jiggler.exe
    "C:\Users\Admin\Downloads\mouse-jiggler.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:2132
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://en.download.it/?typ=1
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7e405102d02ca97df6c986f063355ba3

SHA1
66b3b1c604a62eb2e70d5c4919adce833222e44a

SHA256
ecd572eff4a7832fdffbb14ae2a8153189b8a8739b7da2f60353987aa65c5c52

SHA512
44d50b672e2a9263ec031f2423f261c610543e326ca598130d88d41306b1e17a9b5a43e200a66f810f67a8b9efe2350747f59907f86631ca61911048a820ffca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ef423386000c4a0402d550843ef1e0

SHA1
4ed6aa730ac13d96370f5c65352dfd2b65c2fd75

SHA256
267285a62a0c99a1bcee1059d05a9907bf4a72007d2ea8dd1107fa9595e86cef

SHA512
206f980798907731c0724eb97046ec5aa3e4183ceaa367a3356668284e0e816a305417c1a9838ae45587ada741000ec3bb00b677e4f9535908198db122fe3621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236dbebadba756c8bbcae2f9d16dff56

SHA1
91e82c95cbe80b776a49ba79d3fab92da9b3d4c8

SHA256
99d52b12619286531236d80d138002924093b6ae779315f9f7e1d8a3f0984f82

SHA512
5ad1df5ce5eabc90f505087274a69ebce780ef20c86663be7ebba101e9314aff9ceda8d1547bc59f6d24fccdd3e973e18466d880b153d49e4179f48297192590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f122060740a44623331ac2a54162fc6e

SHA1
a2bd9fff63c78b4d95d2c65f05e69215ba9d8e4a

SHA256
97802b21fbd081373cccaf0b061dae610beb6544d51e1e5833a44a6e2ed8fed7

SHA512
3ee80d140b98d32a50ca0a4b00eee23e77703e892c08298da15c96b6216e8f3e0bccf119d5d1f21e195c06fd665833601950dc67a684cc885d51ae9b6f75415a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2179e4266ee6a1ef2bd8da1b5612f17

SHA1
8c72301dfdbabc3412cd495352078dd383780736

SHA256
d36234d3927923c63f72586d7c451c645916849f63f648226b014440e853e231

SHA512
d676ff85b3b47aa947dce504f0d569ca38b5a6435cc50effd4b628e1a79b74133a8b1a2aaf82678cdf8497f7bc4b412ffb81d12e601f9d9fec48e792170249a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c793d779eeb7b2bb0f1116fccf3c6c0

SHA1
be832087b0bc5672f8d562b3fb6de504186da5c1

SHA256
1ec8586b8d6203fa2661bdc3449726b9f68955ecaa7dcf5f567a1f09d67a0587

SHA512
41823db6063ad3ff800370e1429db3b78035eab47149a21ebad8911b8809be8e6f493b7227ed3869ae79888804dcb0aed5c0e0b2e01d8273dc41fcd3b875147a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beff5c46eb7ec88d2e4f6e67de977716

SHA1
bc128043cc4261078ec992bee3d3324bef9679c9

SHA256
735db90e2a3311e46288e608fb8be9e47a48cae8fc2c63412c05db08b4ac42de

SHA512
5637149376bf2f6c197ee9f9fe6aea3aad387a9a4a6e2ddd514d1047370fadfdcf7b6f6a05b0f750894ab9ab18e6bc753a1bee54dcd4a4eaade1c9f0dc418737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9f49d29d04a00d4cc649538a2b3db25

SHA1
20f1b3e453357e37a12a76f2a7e7565569270f61

SHA256
2c7f127d948ebf0495e76f8afc0258cc6491c2accf05d9fd369e968f1c331fde

SHA512
adc494a292d34ec62ac32d9156872e02703995d18617d9c1f4150a964259cd941c03c92867c733c3cec86eb4496e12deb11a975c73968c9796a50b4b5b1319bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0bea0743bc4287729cdac8e9eb22326

SHA1
b5311f4f66083905fabe7575249a85dd1a5c1258

SHA256
130297262f01a5e5f7ebe84a917bef65d16f826205aed5613add5ad5c8d82800

SHA512
68217febf4ac30344d28b87ff4ac7717cb701400bfa3aec49269af96f079653bedb17b3e60a376d14cf78fd340af4944a91e079308682d817dc4e3d6b9387381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2cf028ad00dc24fa1a87fb6e2ebb644

SHA1
70804a4175c7576a194cbbdbbe396c5cb8619fa1

SHA256
c80daf805975685b6ccb6781ae1b98aed8d776dd49a0b137112db2fb5ba58cd6

SHA512
88625f2531bee30ed3d7e2e7d1a2895c4d35c595e6b3defcd734ca333d1bb9099a5566d6b6833cfdbfe5d91c740284e47c94f7459443f3c1e4cf0b2d605c4cc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1479089571417e396a05b6d345ec2fc

SHA1
4660b216fe4c2bd9ba4bf76435206f748846cd00

SHA256
62eb997827ad5017e38da87a8ee4a767e73499396b2f76978a537c47bb6ef758

SHA512
ab0fe28e957917ce373f4753011208a6991a513abad3585115eaf609f4b9b90c32fae7747dffb4f1f012eb5ec15a0e6b8d3d09b31ef637151143ec6a6d0b2731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d934f53487f655a4d6d9537dc9640009

SHA1
fed0bba6b0272dae386c37fae88a3eb0835ccdc2

SHA256
c5e1d7cbb83477d10490f93c28f9962914157751533f432c79fc546a5f646ddb

SHA512
1ad633569f855d5517edee012c1e7a2e6f6b878ddeb688db2b3227ec7052ae4e164b199359d4f2128733dc088b194a944efe4edf9639cac62c24e0994f1dc773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0976f227be6029266c64c2baa6f0ce0

SHA1
b1cfe059300b4fe294f307adabe815028054004e

SHA256
6ed553bdf44aa717c5a9dfece2384381a665d7fd31c832de632ff161774b68fd

SHA512
bca7b1e0665df390fe74b941ce6ff0faf96f7e8884c103adf76785b52a986ecc4040543380ce2eb1c3a199ca55db9e3b0f254e7940ddae8ec89469308c39e532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5248cef2dd8445381a3411d5a3335a

SHA1
aea24ce9c05c9eed04205c88ce2fedd6d83c1ca0

SHA256
e5776370ae5586f9dc2c680f9d1878ec4d126276d26280d15d55b742da17442d

SHA512
5a7f1b12eb28df2da9cab1a4b8b5a0176ca5a0235b74d499f01c6dc47e79eb1f839163690f9d2d03e092af03f30be4214331189049f187df40a876c4a33bba25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df824db3c02dcb6d52d981dea292c13e

SHA1
62ccbbb0973e978e593becab8bd0baff1ee8043a

SHA256
7dc29b71c621d4070df7c0fc3d233ad26a22c49d546d6115c1927445a67a084e

SHA512
423af5d4669c0ff9ec728e5e830822a3c6b59a375357c0da52d459f5f1142483df775520c41b6c5190b78dadb50512701f0b91e435f2bba7eb69580dd6534811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca38993aaaffe43c92f4a89040dc45c6

SHA1
df80ff813fdc8573a873fd0d83f6dc59112619a0

SHA256
882a593f328fb29c242d9fceaab0ca499eaaf3a34b3f0129111413fb10fe12da

SHA512
68f0fddbcaabe9ddddbdd16a4b007aa63f0a0cbccb221e68ebf6c64d4b07e5319cdb49f79d58993dee391997e30cf70ffa42fe5658d0edd9c5343469e7ade732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d8a86d1c55d3bdd14a850879a03c55d

SHA1
04e24efe09cff089e6ea1b54191031867b164a35

SHA256
368ed92c96664c4e72fadd9fde06d62691e5f79045e37bd6e470c4aff6dd73b6

SHA512
aae6e877b3874856a31e207397e72b8dc0a0b82d478611d780ada19115efedb6ae6ee00bd495e340c16d30df40d6d9818ba70daaf124bc151343be4bac46befc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
281a4b25d1f9dfc67bc4cab1304b9d91

SHA1
1bd0415b49b25fd0b4a308094b8937ba1cfbfe2f

SHA256
5e36c24a3306ffd6c4996581fe8ee374d8cab0a8cc74098f33b599d2e97b5089

SHA512
806b3e212a0bd0a1abcee4fc0372e1e026d5f2b02fc00cde60b9611a39742319f5984f5749df5eb2f3c60f7af9faa1d0534c89a6027dec2ad9378024c385c29d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f09d42158a5330fb6f7dadd18e49979

SHA1
3457a1ae72c5d357dd40bc1f07b4e9cd3d9edec3

SHA256
dac8c45a8767624210e21b847bea8567d47805e84c96249f1b0e21d25bc231e9

SHA512
710e05026ab84ff065dad3f476abf524bd80de8e36076a79b9cac56ce45d83bf115d7d694dc738e57a8b80de1f9e1a77f3a8e3f91ba2b59829557d91b970ea45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
061e2d009579ca336963fa47edf556a5

SHA1
3effaa790d28042e6be0a354f5859d661af2a196

SHA256
4b6e516c2236f9641516ed604611c4e138f138437faa2a3e4f0bc3afcea74357

SHA512
6b25524dfcdd5bdbc86ebb62935f77591d2a75c3bf5217e7963b6bda381701303aaddc78a2d833d558b8940b74b2b74c079413241fcddc74c1e9fc8646bfa2a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0303aed62fa29fff95bd49fb7032675a

SHA1
7e3181ddbee0b88a33240c0dbcf6d1b40f7cacb9

SHA256
78fa0c37c5787e336dc860a66c5b0ac29082e4fbe8d38c2e2125b3ddf5554701

SHA512
6e22bbd67553266ae3b36569295d474f96fcf48935b2725cc0ecf262684528ff7dfc46f900818df22136a91e8cb87fa61c073bbac93e92cf856d56cf262fdc37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
889b70be847e84381ecbb009556e68dd

SHA1
d9adeebfefc521973ba1ca416d568443649e57d9

SHA256
4c1277143ff972a6b946f815c892cb7af134079cd4c5d5454776da0aace58781

SHA512
2876860d6398137d86d23500f8eec2894c72f7447c3bb271e14147e69ae9ca2744c5079f61bfaacf2e4d062fdeafe19c962df11b965eeaacc871d90b3fde26b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12088d107c6a416ce6a579f9939112d6

SHA1
481b782d9fc3f9d394090646796efcf17902482a

SHA256
d6abd90a4f3766672433f8770f4b4f3f5164af85b7a942ba6225aa0f37f6215c

SHA512
1818dbeb569c1b7e226da5780b2c3a715ad51fc5ef4c21c10e96f4ca5afd46bba4cc5e7d3e12a621f6fa9d754d7280d70bc3e494eb739c3259649df56cae1d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efbf8f043b1ad42030cdcd6da3238919

SHA1
865eeedeb2d76d6f4949677b109893cdb22989dd

SHA256
be354ab95a5b5f0876b6673c23ea49d4f74bf11fb54a9b1129f8fde2405d972f

SHA512
628e20f49668c9fbfd2dea9c9aecd0ea738413e26c39281542d3e2c45f55bbc006a6fad6934d2167b6eea8a6ef9aa6d49b7fc9f90e1e21eefb8ab65b5dd485ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f294b3ad416d5527d6ca248e1055521

SHA1
9ba2b4c9085e9df065ce71db4c22edaec3185dfa

SHA256
b0103342274f579495f8a0d3535f474e1afb59916e314368e413045922e9b56b

SHA512
ac5ad1940404c40e950e8188b217bd68f55d8affb95295c1152c78a3b647b1bb406fa69a9ac1d7739edd7998ea551713125140fb234c63e719f834d0499b5dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c730652659c3d4569641804351f85e7

SHA1
92b4a5804af77df07d7e3ad52230d25d9f0d21d2

SHA256
826390552a95ff5b08d2afd90ef6daa61515a35c55cf4dc2e7b92da54e90749b

SHA512
5bb23b105e0be553a6d90e59c5bef425253ea3402b32d5af30a411e2afb3da07f126a0a8a53bba0ccb81a1df4a43536ad4e10028af727f5520f21f2afa9996ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c67bb82d6a639e201e2251369dada12c

SHA1
4c1e7b7dde3b4e3e6d30414a04ff2b1ca878eb96

SHA256
7c40fcaf56d2399aa6970f69bc0e752ee3d05156b1d5ed6ad852a84ce0ee8937

SHA512
e2b201338aa70f4f41427f071d2d40bf53bfad48b6d0592aee749f6f6087ea0fb734bfb9e7948bb17ef92929cc012cf07998a3565abca25223888b3a33c5351a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb49555add4242af9757d67af7aa4b5b

SHA1
cf2c752d8fe53534823301eb776e99e0f3df50c7

SHA256
aeb1d2cbfab45160f8e98a4163815fea54af9611e9dfe030c822a2fd4df95d83

SHA512
e416c17314685f48fc2cbefd14121edfc819feec10009dcda0eec916db167c959a1eca59a78e723256dc1831a20073df00cbc4218d389c015152c2cc500b0353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06d66c70cf1509ec1ba9db4abf1aa7ec

SHA1
0a2db8406ae7e033137cca35954f419ed3e58754

SHA256
f96502f2a4780030c7922044217c3c14b8723349275336013b612621fca3472a

SHA512
0938ccae06cb059f436ee34d25a4fcbbc8b1417bc48021dd5db9f983ad60a337bc03e6a2793d83b0a9ab3e92f435a9ef454dd5617e7b7ade97b4c33cced793a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a50f5b6364ed79b8e599d3d04828e73

SHA1
40f47531a32f93828b46a01172f261ee4165a855

SHA256
5d862afa053fd97155519e8006d5d2eba79f1dd25c65e8b4986af31c1f9eb095

SHA512
a101c31f0dcf905d41cb281c3b25f12ae17bc6f7a70aae91f9f9188a7f8952c0926b10a5ca7a175229444e314b7b9ed4e6e91f17cc95c877188793af1fea851b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b332b01d1ad368fbe3d73bfcb041cd0

SHA1
f8bb9aac41210202cbb5801c26acbff713f7977d

SHA256
7672e26bac954f987fb0e6ba28028450a4c75428e422a8d38417ac6c494722ab

SHA512
744fb3e93587450f470f552a5af8a32045c3226ca4d04ae8f874457916d8cd3ebd954504c55a3de2509a731b10528389204011c85af2d7fdc8563f8540a38c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2552d01fe0cd056ea0f53acdfa203a6e

SHA1
a34cda948da161d147e8b88646bba8c022e89c6a

SHA256
e5e2e494585f093ae04d62c68af717ca01a880b73a0b183eb86a02b76a7c7a47

SHA512
5f193cacebcb3e617ea1d620ed1ba6e0ae2903b6b675a408123c0e0494d9b8420454a34686706d776e8ba156f6992bf25f5dca05e7b521a178851fbe2598e2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat

Filesize
1KB

MD5
59b0b7cd5443f025d937a1073e67a7b7

SHA1
95378452980eac98bfe30513d52e91d712ba9dec

SHA256
0ea75a9efc478e3fdc077d0dc920732915a79b1f1fc81e832a3abbfb325e59c9

SHA512
bc4ef86b805e0181644269c93434cf3e50d185b5acf2952ca24b43f11ee872036e8cfee586eca32a631ec7cfcdf46a3214d63132038a71a1a7c377a155cb937f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\favicon-32x32[1].png

Filesize
947B

MD5
ee68a08b526f9f223c0a77ca0b1db826

SHA1
ace232139d88086f9971fd80cf85ac84bae2da7a

SHA256
486042f1d958eb079cfc0aea20ae5723d4fc39c4a8550889b9d1b13dbba1fdb5

SHA512
14febc2d48eda65bf039298f411af3ff14e1985ae60a9772bd754b19df69a5faed210043fbb33ca7737f50ade96cfa6cddfdd6ffbc40dccf77f9b0e34315a7e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE4E5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE517.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N21TB.tmp\AVG_AV.png

Filesize
51KB

MD5
aee8e80b35dcb3cf2a5733ba99231560

SHA1
7bcf9feb3094b7d79d080597b56a18da5144ca7b

SHA256
35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9

SHA512
dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N21TB.tmp\loader.gif

Filesize
10KB

MD5
12d7fd91a06cee2d0e76abe0485036ee

SHA1
2bf1f86cc5f66401876d4e0e68af8181da9366ac

SHA256
a6192b9a3fa5db9917aef72d651b7ad8fd8ccb9b53f3ad99d7c46701d00c78cb

SHA512
17ab033d3518bd6d567f7185a3f1185410669062d5ec0a0b046a3a9e8a82ee8f8adb90b806542c5892fc1c01dd3397ea485ebc86e4d398f754c40daf3c333edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N21TB.tmp\mainlogo.png

Filesize
4KB

MD5
86219ad8e1b91f227e5755ada431e90e

SHA1
88208cae6ffcb1a9842172d99502570ba2bd681f

SHA256
f3bd15f5a6ca432a10421c531991a46c2466fb5688b40e474316ff3526ecb37a

SHA512
70021a45057e0d038de8cf6fb663be906857f766cb570c750fd246bf7e6f4c76771ef71a438e16041df173963e2bacc3d11295db392439fe30b361dd422ba33e

Download Submit
C:\Users\Admin\Downloads\mouse-jiggler.exe

Filesize
983KB

MD5
27164f23585f4f1e5f63212c39c5a2cf

SHA1
01cf73eac1b234c0cb1cb74ac1d7d9cf410c5b16

SHA256
1ce344ef37998f2d2bdd6abcb121a08ef17f02ccfdc601f2da9bef6d02b00f7e

SHA512
0b664fce3b180f45b25e989986893ec05a7ed549c054a1be83b9bb66ba7d05a14d19866c3cd77f8ec893dd6416c2d916b7e833edc5cc71f99fa0857a1609b886

Download Submit
\Users\Admin\AppData\Local\Temp\is-LIH9E.tmp\mouse-jiggler_uTUBd-1.tmp

Filesize
3.1MB

MD5
52263ba53784a017b4c47b092643dd24

SHA1
f12942694efc30db81b938702af1ebc5b8d68415

SHA256
30848b34a4fba4a601332f90a6f4327ef3c1c9f943dc35c764ee3aeaba412600

SHA512
754f8f18090297ee5815b48aa745feed2b54cd6fb555645a607ea42400b6149e4556be6403b927e848e595c07377585355e173ad7f52795112029ee4f6923e40

Download Submit
\Users\Admin\AppData\Local\Temp\is-N21TB.tmp\Helper.dll

Filesize
2.0MB

MD5
4eb0347e66fa465f602e52c03e5c0b4b

SHA1
fdfedb72614d10766565b7f12ab87f1fdca3ea81

SHA256
c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc

SHA512
4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd

Download Submit
memory/1304-187-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1304-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1304-9-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1304-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2420-167-0x0000000003740000-0x0000000003880000-memory.dmp

Filesize
1.2MB

Download
memory/2420-185-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2420-143-0x0000000003740000-0x0000000003880000-memory.dmp

Filesize
1.2MB

Download
memory/2420-169-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2420-156-0x0000000003740000-0x0000000003880000-memory.dmp

Filesize
1.2MB

Download
memory/2420-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2420-8-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2420-146-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2420-148-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download