Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 06:44

General

  • Target

    dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    dc01df3c40cb4fb0bef448693475ea1b

  • SHA1

    a81ba37cce6201f5ad4d256c1eac55976cbdb5ac

  • SHA256

    422ba6dae6752430a2e52e1efb327f277e912ce551f9f1408ee6ab13ebf3717a

  • SHA512

    9160928492dd4ec28bb00fd00657cd05d104f4e4938dbf25f2acc65a5a0b0280a67a503e58713191a8b95709bdd2fd47439f61529733c7242792c59141359e29

  • SSDEEP

    768:DAbj35jVq5PIZtsUD0oc75LXf+Dmu0+zaEMv38S/A6yM+tX/1M5F0knS3qXxDTgP:Eju5gQqhYf8m2aImH1m0uAB24CjFlKE

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops startup file 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\netmgr.exe
      "C:\Users\Admin\AppData\Local\Temp\netmgr.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1956
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2376
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2600
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2608
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2668
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:880
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2112
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2344
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2672
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2160
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37d88b3e6094de42fa65a0f79b10462c

    SHA1

    6c07db120f25876d91fcd8d6704e76861d3ce7a2

    SHA256

    b6aa3c13b83b894ea58cf29da7e9b3cfedd68f2c95180386497797c78ebcea6d

    SHA512

    0f259e812717c6c40fe478fad5648e411aa7cb62f39c1a012049b65c0c6c11c8c50303b765459947cacf9313a6cd54d49d6c6790e40e3e3f4034a5b5c61bed9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b0d200c886167c4012f1ae6593910144

    SHA1

    583981a67241a9bd89fe5ba41f643e1e7d07d005

    SHA256

    54e80d4d111e72fefd28ac690097ad98bf12d893fb2e6e75f26296bb071ceaf8

    SHA512

    dad1bd32c95db0be92c7d055b72cc7a00bfb4faa143de78417fbb3eea60248240ae1500b4043a581e513c9c442a94b415ed3bae209b659a8bfff676ebc6da271

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    590ba50829d8256d34079c603f8e59a1

    SHA1

    41f722848b34a3c201fc2b9ed66e633bff10fc91

    SHA256

    968f3c64c3d2f8aa2c16b6e2e9a75b72e1254877d867113199194935a33fb9d8

    SHA512

    87fdbe6efb5113629be688325e9248f79ad3bcb13c1e3f7d343bd0e0c3d88b5a752e6c1d8f4365d5db10b7d554d5638e24bc5078bb6f0cbc194ea59027754d92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    241dc6510b95503d25d0b7a0fd5cf0f0

    SHA1

    6cc9982b5a6ad5b20681b0802cbe69c92da082b9

    SHA256

    cbf7fe00dca464ab28670a54debf5549dd63eeadec663804699938f47d0a60eb

    SHA512

    d495d4552d233727eb5cfcad8d9d7d7c156c57fcfaebadfac178015bb6eda89941e5861a69b1d2cda0ecbeb00c5f3820a5839202bd24e77f47f76873931e0bad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c08dd85e87304d028bd86f5ea5d90fa

    SHA1

    69ad3e21934f731417fe38d728121103cd57831e

    SHA256

    77e7f1c217a019e760d8c4dbfe59d544831c1488a67e858190cc5223f66c85f4

    SHA512

    39c160bb75159a36d600b97d2e26ddd8b115aae71168aefd6db2bdb811af2ec804262f8444675ac468c271b0272101fd498dcc2f07caf51f0c5e7c14c9a92b16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d2f1f12e5099e735097522a2db0d217

    SHA1

    63e052bb61673b721ddcae97e1b8f23aac757e6b

    SHA256

    f005595b8dd796869959112d99ff7cc9e240943f4809a790366f4309ab38b3a9

    SHA512

    82ed01e93ebe6668d6d849c5655db7e3d99f5f31f9a69793f508ddc48edc9abffde432a1fee9680bff5b6d68425cde94bf88ce3cbf619e74970356fb8af2edf7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01cbe342ec72feb1f11803a40503c26c

    SHA1

    72cf0e348787ec1d9748700311b817551fa8e65a

    SHA256

    12f91427e2221c7f1106295fd4d6f3052bc228bbefa7f8297c5c9772625e6640

    SHA512

    d73bcb582e7f780d16b48e85bdba09024dcd642e080192492c8fe2bd9e5f4f1beaf278d1a0a05ea9646617cbeed6309d86e6e1c21f65290b4981622831861071

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6895383fb8ed0517b10f7d4de6fcf323

    SHA1

    2e6acb8c11d064b16c17d079415af79d3b8a0c31

    SHA256

    205bbfd43e129a52cc73b3f1066fd1c037e396cfb25e1f779a33479b82613493

    SHA512

    c95ff923e0f004f39a16f9d94a418fb7d25ef414b5272e1b298e7247a34c8410df0a17d72ebb43d1e30366b1dc83b7fdf793d03ea754bf77342fd1ea4fe2f79f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d40b9c1e5252bcaf92d4e9129a00f1f3

    SHA1

    614cf15c00c4801a3ecc4fff9607da7f97a07b83

    SHA256

    56dc8bb3fb33f48cc0dbbfb9184701c07c7ac1609d785bd6de95119e93d7bd04

    SHA512

    4c886bc3aa96a016d52236c3022a9b697ed3dd1e9ed4e4a9d9f20c4fcb87a837aa1cd4e31e0a26292a31a0b34a5d5b86d61a73fb3a7d29ffdf8bead2f441095e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e518a4efbd3e6d9be75c2982fb06b84

    SHA1

    5111b9535f54bc75d58cd989dd415c294f454ec3

    SHA256

    0671034bcc4742736d2f2e34cb0927049a11f9842c4a1dae7c7a8317fd5d2637

    SHA512

    b0943fc3a6f7883dfa5353eb5c7d3e5d0854184d0ea812ca7a107ed7285063395cffa1f14a20d61c389ed5bb139a9fe7db126b9d4df18e657ca8525b587eb761

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f628c487c6067d660e2f1838b788d842

    SHA1

    97c203e17a0a35313b327c4098e7bd25b75b5650

    SHA256

    bddd376c14076271f5c72e838c2bef07e1d6aaa57f63ccb8d15d6e7a840c4245

    SHA512

    fa8d3ba2f68bd81e2b25d8a65821324cec7eddde1223b5fc66cabcbcd92ed2100a7e829a03956aa7b3c3ac349c0cab20fe48935c19d9583e8b1707163b9d91df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9ef5e8cb0812a69496ec1254a1e69e2

    SHA1

    3e6843079268dce197a2d551715af1998a12ff87

    SHA256

    bcabc77b05317c68cef0b435f4354fbde7bc21ed11499f66f4ccd4692f3c29a3

    SHA512

    2b53dc819ea0df5b8c7d48ef9814d6b71215662763d979297bcf23c1c5bc64abb8c8e6ee8caea215e0ac5f94d0efc14436f9d2cadca463075db2d07bba9de91a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    87aab4c46106b80d6b1d85ba7e5c0cf8

    SHA1

    d40472718eae3638502257a751ad7d47416ea82b

    SHA256

    84ecdf6e1951cf8ab96570a0381ed348021cfc2b51e651dbfd7396a3edf517b9

    SHA512

    cdbbc812e839c0e336106008e90f1dc7118349e055ffdb7a0f65f83a7be5c9dceb288cc72fae34eacea7e40f8d94e9488928715b6b24071411d0fd053553d999

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3de177c0b5c853ba5dd28500409ffbfa

    SHA1

    832173c9bf9577dcc9cfb5ca286884fdfb0a8ab0

    SHA256

    f37637fea12e5196e13ec36aba4e6136dae35f315df757c256f091893443fc34

    SHA512

    235c344ff7f6432e7d453209d2cb9fedadba570c66965be361881c28045d686d1b9886e86c8d44548709e25360b18da5c6c775f1a401089d858381ac3c0cf9ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04ab3b76239547cae460fa739dc91b5d

    SHA1

    8a51858ca1b6dd3cb534a8087ded89f993a7150e

    SHA256

    1a2118937ac77ca86bd44a4d3169dea281a3473ef5013b19b53ce076bf461a2a

    SHA512

    183e80fe60df527e731e23f4efc50c3efc55a8407c20ae4e75f524124af7e642c1f353f9118b5c40eb73d60da92d0be6b3eab17cb966d09dab65de66acf898dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    841e74aa67b718cd19d9da518e35a331

    SHA1

    6cecb5f5fc013a2c1a528283cc2b64a3d2120d0b

    SHA256

    5a81abb775e161d36180958fad03f92b1ba381121ac1d3e13fbbfd754e28bcd8

    SHA512

    aa282be20cb761d93de1aee57c0f2024ead25a9f5ff16897c1e321cf2f7c0847df415ddda21b16b33309f5c82ad574fd949e20a84d1a1c4962a75540089a74a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4553f7ffafa5e7936be29a894a4dd0f5

    SHA1

    07a6d206b0b8c6b941520202b528e11279bcf818

    SHA256

    74b13a55592e6bca7f779d4a7e3df63a175a430d274ba3c1df602287c4eda97c

    SHA512

    d8b422070859a7495454a83d41d0440d441a83b57eadc3df011c53c43d41247c1fc65141b0cb38aab678e70c20ce70300e10838e930347af5d8e8ee696c6a958

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b1983bdd284940499dd843714b18010

    SHA1

    cada1cd296d30242bd0bb4cae6f691c68244c9d8

    SHA256

    e07d2e620f556d8a473b8104be4c3ca8b15562321bda7214f10f02263f0473bf

    SHA512

    c51cacc10aeaaa379d0fd8f137abe2923fec2de399204a02a1d944fbacffa1a402cf7a4692db5b0a736c53fd8a756e0aa3be90cdf1a47edd73d0b36ac1c8df8d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b19ffc8896a8c725398e9598378ddcce

    SHA1

    114304a2028a7013b47aea7be155de5695945c8a

    SHA256

    ce98522458c13e70ff235393d53aca810e4136db3b9287c8892ddc59c0342796

    SHA512

    913abd87ab8ad1c220c659a94d4082ac573e92878755c573a9870fc4dc18786a3c5994253abf20ee8efe5c6424c823f7ac0ecec1117e02bc7e151267b01d1619

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89A32BF1-70D2-11EF-8B05-6E295C7D81A3}.dat

    Filesize

    5KB

    MD5

    bee1aa46da88dff2de265e03d20c23de

    SHA1

    2fd7e8035d4418722a7ef47e5bdd3900a966dd5d

    SHA256

    2bd8ba7820071c533aa0207623a415166c356ddc6fdfbc79aefd840b811b5778

    SHA512

    3de8756466ba9795b1d6aa7f05b7edb2efa3b30ca63bc1b34603a63537b4217c171d522a96d4f927c9e1c3036fb47f8e8458069b4eb45748e11f72a148a12332

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C9CE3F1-70D2-11EF-8B05-6E295C7D81A3}.dat

    Filesize

    5KB

    MD5

    11cc6f395b4d7eb1a5e15b3baa39aecb

    SHA1

    5a93fc922cbc1b2a0ee7f0e0f52c589273a0b5a3

    SHA256

    68833d8b85209cd41d61c6b310e184ac51b08bbdc6c3247ea9e617696f7693f5

    SHA512

    b3261c0ad405b30184e29a9b8f4b09bbc1ee2e2b839509dcb718c47ab48ba35816e68e0f2a485604f32e64ae1d7cdc5c425ffa69a8869f4e73b3bdb8e769a13d

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C9CE3F1-70D2-11EF-8B05-6E295C7D81A3}.dat

    Filesize

    4KB

    MD5

    fc5c2bae174ab86ccd7412f26d4537de

    SHA1

    4344eaaacd43f5b6ef7ae2756fab4ba3782a7572

    SHA256

    17da30d2dafdc3fc569ccc11c28fe87b603fe28f63f8c3589c1bb1b41ba3f1b1

    SHA512

    ad836aaa1b1d84da3bdcce0bd919947bdcc6592f75074ce8134f63737233aa6341c463d987cfdf9e6a63db2b599d41516d3ddf5e48b8845a94b7887baa43d82a

  • C:\Users\Admin\AppData\Local\Temp\CabA6EA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarA79A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\netmgr.dll

    Filesize

    49KB

    MD5

    d24fa8bc709ada9af8d4d755c132290f

    SHA1

    6dbe09062fd25a7c05002bf72ca86da35777b47d

    SHA256

    9a62e435a04486c6acafd602f782cf1ed0ac65a0159c6c47ed4fad996c1799ff

    SHA512

    6386ee31f577ccedc3fc50a6224f07c10fd0a019eac8c8de940c46a7ca56386527678ddfe080f59cf33ce44974273f8e93e1f65a680af1ed55a56f3c4cb26ee2

  • C:\Users\Admin\AppData\Local\Temp\perf2012.ini

    Filesize

    145B

    MD5

    3404edfd6310bca1c2e0b3d49281b267

    SHA1

    e845182b7ef9d7dda499ce5806401b8e063ed7fc

    SHA256

    8330f32dff8de2a6d6bd38a3b4081ab7bc8aea3595b2ee6382c93c93ea571c60

    SHA512

    89c8af65e3d6b1a4932ab77c851489e4a39109c559caac92506dd84b78a354d101e32fe16e8828ed22260a90b3b3df613cff0c20cc51e10205dfb1e9b3ee870f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk

    Filesize

    923B

    MD5

    49b02a47170a0b9a749569f0df175c24

    SHA1

    bcaea2cfe023e72990f28975eeae825ec0fbc525

    SHA256

    3dac3563e0f3d708c86f969e7344af9818a7a1f1f067c7197527204520529c57

    SHA512

    9b6907614559bcbd0aec4941ffce05b08e1f66d889e4779aba2140aeba7c453ed43d9f116157feb9ad17752d683758d41e8e39accbff5565fc7293c79fdc80a1

  • \Users\Admin\AppData\Local\Temp\netmgr.exe

    Filesize

    16KB

    MD5

    ff04126a5d61a10c81bfd0a6d0a643d0

    SHA1

    ffab0d227b67c60de19af0f3b3b05c7e6fa7eedc

    SHA256

    5a9d84792a06b3d2037f567e0f57781722a950d485854cf5e4042cbdd51d82af

    SHA512

    d22771de0ca11e2efcdcbebae6de8fbc4865a45a3e3aff8eafab8da2fc75dab8a1256ae62ed7463d039c4fe045d4f9d6e161b5fc225583334750f9613199cd56