b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b

Analysis

max time kernel
147s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
Size

224KB
MD5

fad8f37c9bd5420f49cfd5960a60fa24
SHA1

6c97f91f77e44fd7ada5d09e2bed16744a3efcc3
SHA256

b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b
SHA512

e93ead6e855994c1024dba6a259b1630d6d247f639887877b8d47ddf4c7f42809fe903d4f185956f9f8b12b18bcd27d38b1c0c0ca87a4c7fc5d0056b226121a2
SSDEEP

3072:t78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:t78yHp9rQ85RZr0ku+cD/cZ

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	cmd.exe

Drops startup file 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netmgr.lnk	netmgr.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	netmgr.exe

Executes dropped EXE 1 IoCs

pid	Process
2780	netmgr.exe

Loads dropped DLL 7 IoCs

pid	Process
2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
2780	netmgr.exe
2780	netmgr.exe
2780	netmgr.exe
2780	netmgr.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD213881-7D0D-11EF-AE85-F245C6AC432F} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B8D4541-7D0E-11EF-AE85-F245C6AC432F} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433630232"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2780	netmgr.exe
2780	netmgr.exe
2780	netmgr.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
2324	IEXPLORE.EXE
2592	IEXPLORE.EXE
2780	netmgr.exe
3032	IEXPLORE.EXE
2780	netmgr.exe
1140	IEXPLORE.EXE
2780	netmgr.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
2780	netmgr.exe
2780	netmgr.exe
2780	netmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
500	IEXPLORE.EXE
500	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
1560	IEXPLORE.EXE
1560	IEXPLORE.EXE
1560	IEXPLORE.EXE
1560	IEXPLORE.EXE
1140	IEXPLORE.EXE
1140	IEXPLORE.EXE
348	IEXPLORE.EXE
348	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2780	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	30
PID 2892 wrote to memory of 2780	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	30
PID 2892 wrote to memory of 2780	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	30
PID 2892 wrote to memory of 2780	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	30
PID 2892 wrote to memory of 2668	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	31
PID 2892 wrote to memory of 2668	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	31
PID 2892 wrote to memory of 2668	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	31
PID 2892 wrote to memory of 2668	2892	fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe	31
PID 2780 wrote to memory of 2392	2780	netmgr.exe	33
PID 2780 wrote to memory of 2392	2780	netmgr.exe	33
PID 2780 wrote to memory of 2392	2780	netmgr.exe	33
PID 2780 wrote to memory of 2392	2780	netmgr.exe	33
PID 2392 wrote to memory of 2324	2392	iexplore.exe	34
PID 2392 wrote to memory of 2324	2392	iexplore.exe	34
PID 2392 wrote to memory of 2324	2392	iexplore.exe	34
PID 2392 wrote to memory of 2324	2392	iexplore.exe	34
PID 2324 wrote to memory of 500	2324	IEXPLORE.EXE	35
PID 2324 wrote to memory of 500	2324	IEXPLORE.EXE	35
PID 2324 wrote to memory of 500	2324	IEXPLORE.EXE	35
PID 2324 wrote to memory of 500	2324	IEXPLORE.EXE	35
PID 2780 wrote to memory of 2068	2780	netmgr.exe	36
PID 2780 wrote to memory of 2068	2780	netmgr.exe	36
PID 2780 wrote to memory of 2068	2780	netmgr.exe	36
PID 2780 wrote to memory of 2068	2780	netmgr.exe	36
PID 2068 wrote to memory of 2592	2068	iexplore.exe	37
PID 2068 wrote to memory of 2592	2068	iexplore.exe	37
PID 2068 wrote to memory of 2592	2068	iexplore.exe	37
PID 2068 wrote to memory of 2592	2068	iexplore.exe	37
PID 2592 wrote to memory of 2136	2592	IEXPLORE.EXE	38
PID 2592 wrote to memory of 2136	2592	IEXPLORE.EXE	38
PID 2592 wrote to memory of 2136	2592	IEXPLORE.EXE	38
PID 2592 wrote to memory of 2136	2592	IEXPLORE.EXE	38
PID 2780 wrote to memory of 1140	2780	netmgr.exe	41
PID 2780 wrote to memory of 1140	2780	netmgr.exe	41
PID 2780 wrote to memory of 1140	2780	netmgr.exe	41
PID 2780 wrote to memory of 1140	2780	netmgr.exe	41
PID 1140 wrote to memory of 3032	1140	iexplore.exe	42
PID 1140 wrote to memory of 3032	1140	iexplore.exe	42
PID 1140 wrote to memory of 3032	1140	iexplore.exe	42
PID 1140 wrote to memory of 3032	1140	iexplore.exe	42
PID 3032 wrote to memory of 1560	3032	IEXPLORE.EXE	43
PID 3032 wrote to memory of 1560	3032	IEXPLORE.EXE	43
PID 3032 wrote to memory of 1560	3032	IEXPLORE.EXE	43
PID 3032 wrote to memory of 1560	3032	IEXPLORE.EXE	43
PID 2780 wrote to memory of 876	2780	netmgr.exe	45
PID 2780 wrote to memory of 876	2780	netmgr.exe	45
PID 2780 wrote to memory of 876	2780	netmgr.exe	45
PID 2780 wrote to memory of 876	2780	netmgr.exe	45
PID 876 wrote to memory of 1140	876	iexplore.exe	46
PID 876 wrote to memory of 1140	876	iexplore.exe	46
PID 876 wrote to memory of 1140	876	iexplore.exe	46
PID 876 wrote to memory of 1140	876	iexplore.exe	46
PID 1140 wrote to memory of 348	1140	IEXPLORE.EXE	47
PID 1140 wrote to memory of 348	1140	IEXPLORE.EXE	47
PID 1140 wrote to memory of 348	1140	IEXPLORE.EXE	47
PID 1140 wrote to memory of 348	1140	IEXPLORE.EXE	47

C:\Users\Admin\AppData\Local\Temp\fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\netmgr.exe
  "C:\Users\Admin\AppData\Local\Temp\netmgr.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    -nohome
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2324
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:500
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    -nohome
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2136
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    -nohome
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1140
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1560
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    -nohome
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:876
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1140
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a8a02b96b4599d04fd20b4ac2c7014d

SHA1
95198dc9af92cbed86a06f99d3e1cb3db862c775

SHA256
761758003ed795f46f664e7cf785808ac7d28df01b9084f6475761facd2feccb

SHA512
415aa58b78e86fef488ddcb8e6e054f7d2422ace7e3c956793c0dd47d1fc1553d8d2dc6e5b73c6d0765b2e97489b93d34a1460bb22565623bae3d85cfab50f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c36f63093e42859a8f1c00680dad13cb

SHA1
b18d7d867604b3bd58947dfb6baffd8c7043ccd8

SHA256
8b00b02016fa5455722b32da4118268f56efeccf31ad2868ee66483c4ad6ffb2

SHA512
a7e2582b913c687a7a7b8ff8bfac590538f1b31c9ae7671bd9666618476ee2d2202a6586740b6c3c5ee6a52ea280c00bc8c81f71dfe6f4012545bdd00f48c2ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5a716072011dc720ff0a536cbdbb03f

SHA1
a94676c5bb96b04da48050b2da84d22c9892a87c

SHA256
d4f1cb93420d838fc10a0ffb8d1b7e21ac482bc247a98e4fd2e2852b1db31f7b

SHA512
83792e5b982c5c15f7825572da916d45711ceb28803a88062216ef45effe36e5a318066052649c4a506e8276c28cb71a42bbce1583e9dd0663caa2eb08f15782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce3badd825da3a6352af1bebcc4d23a9

SHA1
f0579ef17a27f95360f1c2611291febf521a71ec

SHA256
1d72343f6164b8657c063f150c46a64219094f59d60663f8a99d170e70f77302

SHA512
052c72ceef91fb4b83a04a203a3f28d9afeae17e6c161cbf450c86c6544d5c478858a38cb497b84e62328b19a537fae3b165fd6b2845043e305dff84a54ff215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbd8ba8b5a0fe4e96905fdab87cad6f6

SHA1
34a57fcfe58f1e0496230041bab9611c7d8cc92c

SHA256
3355d7a692cd700f5828cabc720921a0ac0228ccdc0045fe6351cc9dcfe39124

SHA512
0fbaf868fa3f33a93646837763bc28a6caf6cc6755fce6addf809ea44d4f0108f32674a9849f7aa6bd69da1c80dbefbb90440c93ee8a5139cbc24f266380b5f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d70fe18816942e47272bb2673c2b83d2

SHA1
33fd6d0ef8936482e56964555f3b55e835d8a92d

SHA256
f7ac59704d536123175036b5d8363125978fc605308086edb29e30d1e1467df7

SHA512
9c5f841fb3d0d11e4764a7cc21b8e5e382b612b8bf981f7368b5df1d040536ac67eefdc45abfdd3f8ed43243ab11c8173fb648f55b480f9a1cfa802c6327c20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddc634e5e28131821f1d0866cf1aab3a

SHA1
90c377f62dbebd4423c1869a4931e6132ef693a6

SHA256
9324b001440f1f0725ee14a31a2a34ff0a69d01e9fc7f3940089ed76409a96ae

SHA512
4274966e818a997cef234f5a2d690e92132fa1bb76e827f58426b1f20a404fcdd37e3d8957abb697a2092650ce7cb3c4cf243b697915fa3c67f8c1607afe498a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f739eca25557bafe2fec5ad786fd5ec1

SHA1
5763037f7a4917a6add01fc62b22357a354968e6

SHA256
560d1e1964b514939ba91dd6dd986c0c9c0d3419f8c0ce47817c8b478a306c3f

SHA512
f7bcafc4ad87ee3eb59203d45e285d717df900cf312b48f2b980d272ddb27de6260c3b9f28f00aaf8bb508a12cb2a72c3831f9ecb5618889ceed3f70d4bf425a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16ca0e658f03e56f8b1100524e9a4a95

SHA1
0ecf63b54338722546608189d5a13f45fd00967e

SHA256
061a15e33636e76abb7cb469cf3b97abe35a25f1ae78690b0670cb7dc146edaf

SHA512
9012d941b20f6c7365c5657ec6193a52a0bd339a06da5f6538590c6cbabe7eed0376e73473284d9bb6702dce21af399863b62ef8c85eee485de5e92a0a5f1817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
016e25cf17ea78c41a628d193f423e7b

SHA1
67459d1040403b3a489ba36c0538422fc4c65a98

SHA256
9a26e41f8650f710e3f09fc7ee3297f26be30c8d17d5fe3e3c86928b266d00ff

SHA512
addda30185197ca5c62baefc26a5b82757e0f65f3f1a21d03404286dacf3c0aaf0aead95a297c4a420eeb30a24d40debac88a0e57d834aac5d29e282eaa85c6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0ce42ac13bb64d0a73c475e9108648b

SHA1
13bfa31517db5c2f0426362f837e579910d25a91

SHA256
691c3055e57db701822add5e597cc06ce48ced407c9def9a1861fa59c862a909

SHA512
9a0b5690f73fbdf95b0ed6e030a00dfae92ae1986df2c6462f4a9b7c9529fd71fc4aba434e8a001ed1b03928e86eacbe4651709d3bf168e68952e35888155598

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0ddd4e69bcec797620a3df7dbde6c7c

SHA1
c79d7b71c28d4e6cc26b7d3b95872663df0b9654

SHA256
cb0f94420d1d526d58e4f928cfa7aabe57f0b8607b313ffa217a96362ee09172

SHA512
7d4a67e0e8de2e81a4f837b8750f87298e81a5de502021465e596d0543d34f4a1cb0cee809452cf6efe79f0d0c3a989a71cb5f8101b579ee6f7e05c757eacab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90c61cca2f65e4b437c44f937216e231

SHA1
37b615ce1686a428f81e46407885a043d470a1bc

SHA256
7ae6dd977903c8cb480952a77364f5e20fb5644a9253f2fa23121797b8dda9af

SHA512
74a0664cdd86a412ad5abdfb1e86eaaf31db0c34149dc0978cc487d279c23c6df9eed2683466d23f0a00aceacd68de45d10815ae832fb03b496301c1ec08458d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7911899099370f87b8ab97a0dfd091f1

SHA1
a0f91765fbc9e577062e095b90023deb51b04786

SHA256
4d0be12067ee13189f545f6758351652551752bdabd5f46518e979aa2fe8d6e3

SHA512
c997f92c70393b0ac845fbf3042a8907edf09d496202282a11d3be1cab6820962a267467ef94e69eafc0d57f9cce6e03144445590569dc485a8b7f2a70e55a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24b497960c4c1f81801273ecf19be66a

SHA1
2ff2e42e04ebc7c5a41404acd0822eaa0d18570f

SHA256
4e7f1234d0e15962f2f824f9b3a6f8d6b3896a37ad6741deb791e9e1ff7cfe21

SHA512
d275e48217981fb6719813fb79d44c6a8c71dad271f77db64e9b48b3c8340141135d21f5626b96458835b838d9422e1a34c337b78000a5c57d163ec6dbc80a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73e279b6efd8744d171884107bc204da

SHA1
00e60a092fe56a47b94fd04b97ec88331b477bba

SHA256
b9adc80a19285641b0b7c87b94aaee8fa3ab566985c91ec7338b3f3fbb57425b

SHA512
c7cf5f8481e7a6726cbbe9bbe8e1b3a52f4bbd8842ca46e0ca7a64aa861e18842b02c76b15343c0d98589b90c47fc2e377eebbeb0240af51ed7fe1c82ac52881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d3e0b3803a0e2421ef50a670f43f686

SHA1
73aaedc8c0b75c78f5dac9032ddef54c8f3fd9c4

SHA256
a5d2de12303c0ef482a027bfeefbdae5c4c6f1d653f7c6be040bd2ccc82bca39

SHA512
613955e2ce6e76ed5ceeca78d125735a43178506510070074d9f01d3d461cd7d7d26cc54e9f925d0d13b1d8261c297244cc5d1a9d88af0995be73cdab49f7aa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
049cf4b450cb1d56ca1b700b1f95aec9

SHA1
57a917f186ade00027edf6ff2f9eb7f8f09d43a3

SHA256
1cd72e3a0f435f5fafc5871acbfb4db475f33df34c40ca56a8180e6b9e64b3de

SHA512
5677a6f79b350f5f8d669f2335c515a50a16c31f6110b47efe9ded24ac8671e910ce9a038786794bfac7b69fcda8e4e5a0d28221277cc7da99dfb26e8c0cc87c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac27a0984e908f275679dbfdf85203f7

SHA1
7624c194d1f0783dae19ced5ad8ec76b64827cae

SHA256
00b02d974eca880f6b5fb12c373e04f638f34d94b443d43299973b908bc526d5

SHA512
31cdd6eb3aae8e7327116c7b0ca43a1925889410b5cffeb5673aafced44df9e524c9d608dbcf37b0b097374ef928cb3cb64d057f21d49cddcffc38b0b6ab4e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
364a161de6cadab15c1caeef02509d6a

SHA1
62edd51c256a787e35cd2f6b91e8d1c115ca799f

SHA256
20e0dee631d5e34098b1bc34e07ebdfac856e871397bac7b0d3e11b694809931

SHA512
c37688542ff32c2e04f530eedaa0bc255df9ea0c66953fb0dda1e39a92e130c82ac53a0fde2dcc426499b01e2eb680d256495aed78b4f501b4717b74c8b3f000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8892f16c03c8c6edc562616a74df21c9

SHA1
d58660213bb70c85c46ec8007684c915b1b4a065

SHA256
498644a69fdbd7fd5849ffde89f388dc46628f6b927376eb6ab5d969c4e695d9

SHA512
4cabc08c6bdcdbbf2ac78b486fa443eceafe09386426a363db27dc517c0a67b2a47b97c56c9172899be3281062c163b0630bd17a9c9d03d03bbed59ed77e7141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e35407d691c947a095ee329f74790e83

SHA1
6a73f1fc363fc3e555b5fc59b33256c315d0e218

SHA256
05205ed836f475630547d077cc52cc0ad32e231c58b3206aa503bcf9156e78c2

SHA512
d031ccbddbba3fd4186457dadf8d2c0e79d66c768e2dc5323644cc14381ab874208a842bc6f4e7da7feda0a8d30870e79d0302c6568e5e579da86dac160aca40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4f1ec6a281bdba710bcd76dcea022cc

SHA1
3f5536e75d4ab8fc529bc3b7c853a0b467f444af

SHA256
045b471be00166ed3fbbb50985b20f0018579ceaa2b1f1782afff6499ad08357

SHA512
c159bc7661202c886c8788d28206724ee40c1ec748e9890d24326dbdcd164b85b633ddcdac33689bc3e8923e3dfa20f6fea0f8a0432d9eb2982893e0914222eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a39462c3bbb32b513350810594162b87

SHA1
b5354ea356c51e90a1a2093440152bccb5b3963f

SHA256
2a1a48188cc0b5faef74370e93632242189c6f9eb24e1027693059d36c0eb069

SHA512
20be9add7bcfe3b31ac938f8b635259e876ea138d3b7fd0f2aa3f0ea9bfc3807aac7ad68949a7732385304e501bda063f06ebd8cd3c5dcd5ebd203350d618955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e0ebbe6325c72f9db07396c69ecf25e

SHA1
78906fb61a355752696bac1b5282b9a0e0e2bff9

SHA256
bde1c3f9bd014d7c6aef1858e17bc6c96e36b5073e0c76a29fb705e9a8d3dd89

SHA512
a6d545d649d0583826bdbac2209b79ed5e2467f983b36de5abe7822a15b8f4135765d477fc037b8f39f8fc9bd84e7b8cc94418ce1e3c89757c367b416bf4b3ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
073e0aba3283b2d5e349b108869a6284

SHA1
5eca5372fd69fe0204d90a82de7b1ef61591a790

SHA256
1adf4697baaadf6c78491509da96ee45716305f1a13d74b41a76f85c4d0c2937

SHA512
dbcf331b528cd9feb45c79cb9e8ee09c5542f0bd39881e78a5ec2c9e04c2ccb2abc60529835c31984892fe4ea2df49f28af0fb97ea92910377b6c7afd90ab159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2d6da0f4ffd3be6bd19f74b615c7108

SHA1
1014e8d5d6d5eb44b293f0cbf5565f10ee3001f8

SHA256
306f956b2a586995ed03edb812c3fffe50af796fab5cda7658e99d52913cc03f

SHA512
7acd99192b72c4fa2469856ca694f05b765fedab8d4f0a5dae60abdf81611d40bdc5f1266a6db726609837e6bfba3b884fb9b8f2782c39789d9f9011fd0ec9e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f14cdab094952fe08fdfe7ad412e790

SHA1
17f698edbc164311c84002af842a653a830d4e2e

SHA256
42d205bc7f29770eacecb1010dbeab983197b59b7fcdeb88fb5af3310c2bc772

SHA512
8db294981947f1b278e64955d4cf1c46e2a4eb0ed33a7bb1dfac8a9fbe33287fdf5053e80483d1b48cd6b1dc0cb834c641ec8b2f265e982fdc3ea259afd4100c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9DB5481-7D0D-11EF-AE85-F245C6AC432F}.dat

Filesize
5KB

MD5
9d9fe826071dfeb6fc4dbc525aab3ff1

SHA1
6c1418f58ef53f1a4ff685acaee9245a86ab1bb6

SHA256
792ea28c13dfba9b4fdf9d7bf3e86070e3afb98a6ba7b6071ab8f48481e1a643

SHA512
562ece050a0ec721a2f7dfaacf8e1442d30d005eedbb9fd4c8059e07129f16f89acc20a5994b00606fe29d9264082010a949e5529a7faf7e3c569896b6b40699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD213881-7D0D-11EF-AE85-F245C6AC432F}.dat

Filesize
4KB

MD5
2922705827f1808ffaedd7cc028f9df6

SHA1
bb46f66be5b198e294907a9f950bd5e217c6aaa8

SHA256
454002f24c4f884506eab6a5bfa5b72842a4df57c4c453f7914184cd5c6d4c2c

SHA512
819649790472cc252287393e50bf2239127b0f6428e71ae548907426d014b9c32e59ad44c75df0bf94bf916724a18685ced30b7df4c486bd0ff3d247fa80d0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD213881-7D0D-11EF-AE85-F245C6AC432F}.dat

Filesize
5KB

MD5
33895423f9b506e6db6c92754fcbb80f

SHA1
1c66e0a248e7218640c82730ea1fbaa9748f4c1f

SHA256
23e0c466155d7f11118e7b0157aa93ba75028780d7ee27959d7bd0a37bd6ae37

SHA512
c833fed954b868fb7766969301b40688f2837c252657002b9b855f5105e5662359d26d9b5f120f81bb77a999c67c874b360e69c5972ded3c80bc56ab21d21216

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab756F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar761F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\perf2012.ini

Filesize
150B

MD5
73b3ad270f45c5b8e5297b5d96c52e83

SHA1
edbd267780fdf12a5813588fcfeeda4673913835

SHA256
e2113254c4ce66927e35873a0d8034e0f153bee13da136194420a76e55771505

SHA512
d815d6f8181736ed3d1849c696e32dd733bf6d81f77365b7a0dafb43c1dd480e2915593e1a68e5e339d0884014c1440f381911acc397b9a9c7cbcf41d1b9165a

Download Submit
\Users\Admin\AppData\Local\Temp\netmgr.dll

Filesize
130KB

MD5
3fdd7a1ac800d5f0ea46e3a5bd46a6d5

SHA1
3e68e322fb1eb8489fdfbfb91edc4839076d7b0a

SHA256
4c84d0c716dca56e0c4b7974895e2c65672760f4dc6df77824cc23419911d993

SHA512
9d249c39b48c843c489b6f03978f0b7bbb19868be1f231871b2502ee20ab2a81c8be6f9c446cdfdcbc96a2cad2526329f8636b4992b5b009499568d361f6c9c2

Download Submit
\Users\Admin\AppData\Local\Temp\netmgr.exe

Filesize
16KB

MD5
5e7c5e8d9f5864488ddf04b662d1ad8e

SHA1
84068ec5e2f11f8fe80ac91f04fed2493c97243d

SHA256
4f55446d65578f9c0ac2694ab2f07af60694a8d96e0acb484aac192d58e819b6

SHA512
c8cb92ae47280392b81ed1b6182ebfa3e7015b718ab8e18f60b8887671ae4f11a956f47c5d8b285107103149680b115f7894aa5c7ed9e1874d5d5524d721a17d

Download Submit