Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 12:00

General

  • Target

    3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    3fbbc4076a45bfbe08334c587cc5a190

  • SHA1

    1855d84f967d46fe79877a59040eede7083fc0aa

  • SHA256

    9dd0c3e5e7eda5f6c5caf3128fbc5b5e9c24a8de165e526b2618b4fbd5461bc8

  • SHA512

    48f7f14de94ad99be65997066faa67d48d20c41a6b620e7311a513e116d91ee2e5da38a174237cd234bbc1eed1d457683ef9c94fb931fe2150826bfa6cccc2af

  • SSDEEP

    98304:8g6t0F4NvE79tc0QIBl8j2fUi/QsGG+pWIGE15L0qqdhF:8vycA9NBl8SfmsR6KqQF

Malware Config

Signatures

  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NSIS installer 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3fbbc4076a45bfbe08334c587cc5a190_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2780
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2776
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2144
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1320
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3044
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2440
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\DNSBackup.exe
        "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\DNSBackup.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2116
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c DC.bat
          4⤵
          • System Location Discovery: System Language Discovery
          PID:376
          • C:\Windows\SysWOW64\netsh.exe
            netsh interface ip show DNS
            5⤵
            • Event Triggered Execution: Netsh Helper DLL
            • System Location Discovery: System Language Discovery
            PID:2220
      • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\Installer.exe
        "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\Installer.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        PID:2320
      • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\DNSBackup.exe
        "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\DNSBackup.exe" r
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1176
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\system32\netsh.exe" interface ip set dns name="Local Area Connection" source=static addr=8.8.8.8 register=PRIMARY
          4⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:2556
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1592
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforSDUIInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforSDUIInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:672
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:988
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2272
    • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe
      "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2844
  • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
    "C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2104
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{692d7bec-bc6f-07b2-2ada-9911b4e8f36b}\sangforvnic.inf" "9" "693d7628f" "00000000000004D4" "WinSta0\Default" "00000000000003D4" "208" "c:\program files (x86)\sangfor\ssl\csclient\vnic"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1896
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{0c6094d4-1591-483d-2d96-ae00eafa3656} Global\{450fa818-94fe-1d95-1a63-fe30fe94951d} C:\Windows\System32\DriverStore\Temp\{43ada67c-8992-69fd-5105-800b01495233}\sangforvnic.inf
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1492
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "3" "201" "ROOT\NET\0000" "" "" "693d7628f" "00000000000004D4" "00000000000003C0" "0000000000000570"
    1⤵
    • Drops file in Windows directory
    PID:2196
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{9b5d204b-1463-436a-8794-4c24b7e3ea32} "(null)"
    1⤵
      PID:1088

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\DNSBackup.exe

      Filesize

      49KB

      MD5

      99ccd377eff2eb85e43aaadb29ed51b0

      SHA1

      5c87d3f53c6376361369e733b534c2c7adf3835b

      SHA256

      b2315499dcbfed9373a169ed2728ffa69847e3ddc8ce24db71387b67a8e5ba9e

      SHA512

      c72ee5df6ca7f2bb798a34c6a8ad00535ef7daed57bb8ea90635dd81b645c5e3b6f853791f990938813cfa3902173ecc6be1cb852c51a8b6d5f1a6072ada7194

    • C:\Program Files (x86)\Sangfor\SSL\Promote\MSVCP60.dll

      Filesize

      404KB

      MD5

      59a6413fb2cc89fd8651b1d2962fb8b9

      SHA1

      7e118606f03a591897e014b7693d64e6a86fdbe0

      SHA256

      fed76003f544525783796a22a07b190a8340874c11b5cf1999196c697d51e154

      SHA512

      83e7ea9905214081793c2a241b776a29dab58ba6ce279ceb3851347004c4ae99cf33fb77f12c7d7474de32d417686f8ba5624a7bd7cec73f3dcab55adae307b5

    • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromote.exe

      Filesize

      68KB

      MD5

      ce82406735b89b6e77db305a562705f7

      SHA1

      f22bad486472cd70bf33fbb5c7ada5883b83e8b9

      SHA256

      55001f1fb7437242dafa00cc677d0fc0ed0e88acc36297d467e996967442cc75

      SHA512

      dbfc77243dd12315e74d58eccab2e80f3442fbaa4f0715a9fb11bd300c20acc113ab19b52453607f48624716c92a818f95b1a4112a23e121c92697ea3b2a51f9

    • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe

      Filesize

      108KB

      MD5

      085e35e80fe658b626ee3bebb0536766

      SHA1

      cc372b471eb98e2fda09577c601aa5668cf4900c

      SHA256

      5e7899ca27f4e955da380a60ef08c14ea396a959f8a7580c116a9f5c62c68f69

      SHA512

      e1724fb9ed3ad25a17ac189a3c0a9bbd13496b4eb2dba1078485ca618230b83410591391b0fa17d9a55391b6dde8534b25c7695083fd63825535aaf944453f53

    • C:\Program Files (x86)\Sangfor\SSL\SangforCSClient\SangforCSClientUninstaller.exe

      Filesize

      34KB

      MD5

      4cb8a3a75fb92c341dc3acd7e141b19c

      SHA1

      007691c22828ffd21e0ce5d5fe62922957a434e7

      SHA256

      6561a79476ced5c71c045e4ae92eb5994dc08eea88e37a6ec2abc8c0779f7e89

      SHA512

      243739e0ebc7e57e30bea6b4a44ae2471de858d344f311e991cd04aa29a54a10d32eaeb1ce4fbb14ed4fe85f6164cdc981e58d67b9615c0a992871377b1daa2c

    • C:\Windows\System32\DriverStore\Temp\{43ada67c-8992-69fd-5105-800b01495233}\SET5EA.tmp

      Filesize

      1KB

      MD5

      807902cec10d074a89232c545f90b6f9

      SHA1

      72fc3a4c90b909aa2cca98c007f70f6492511cad

      SHA256

      34aae18c44b7b65cebd2844da1514de208f514f6a839167fde5bb359217af73d

      SHA512

      af86f1a3ee7a48c3cd6bc285de16163b5bb7d2fc560569649c8c5ee67ad00b208e5d02c55ac2b7a9ad135f43f58e305c1d9e7da0f59c143ac644b5e3bfd385aa

    • C:\Windows\System32\DriverStore\Temp\{43ada67c-8992-69fd-5105-800b01495233}\SET5EB.tmp

      Filesize

      33KB

      MD5

      b87bd17c6d3ab4a5d2621bbf71e9aaf9

      SHA1

      f2139aed3bd315f207598184fbc028353bbd6f7c

      SHA256

      4721d26fe98629324b9eb6ddbafb4991ebec2d64dd0b79fa16b9cee24ca5c20d

      SHA512

      f48607afc6046a275bd3e8de30f54e7a7b08fbb0577fc8aa550b41f127f7a6af62bfdd89216f436114ba739345b0e85cb750bee205b39e2fe5e6b220a6c56cdd

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\CSClientManagerPrj.dll

      Filesize

      236KB

      MD5

      04055853152f3d3631cf5ce3ec4dbf66

      SHA1

      1a30d2f87e572b970ad5bb06aab3c873b15b74a7

      SHA256

      005a236b692e4b3ac220a06f5cfda63417895c6c4c3b387a9269b8ca966a5e3e

      SHA512

      97a16e1c5e774755792cc1356296d83e1bada24f0b6707ad82b0d365adc69bcb15a68fb387be3d7ea3ee751fad601a5e3c3ab4a7e730a590cb514ec20091429e

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SSOClientPrj.dll

      Filesize

      144KB

      MD5

      d0bdb0ef0cdc5fcb31fb6799d59e59b2

      SHA1

      f502b98b89c4dbfad14db1156a31de05461aea2f

      SHA256

      d2d17f1c405979ecd5f24106450f5c70f268743ab6cf6f3610aea6d9e260c08c

      SHA512

      862a5def9403964ab5ed10d6a1161d06494922a83b6f76eb3f44c320a5be9679c269922b16b27f032da7860cf9099037f3b9a8a94f81e8f318e4436ebebb86a5

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforBHO.dll

      Filesize

      100KB

      MD5

      57dc36976b7bc55a37109695f3d1d499

      SHA1

      f55e66329b3b691a1c393f0cda81328cf16bdc57

      SHA256

      03676c9e0a0e59ab0b8e0a20a92cb000cf657ad5c64c86ad4d2e6660996e0da4

      SHA512

      fc2e4d81d3ba4cdc96844337d62df8566b09dc5e8643f828b6f57f8a9930f978ce3954df65c14dab9d48a5c9da909f3c0bd0f1b4f327d0da4f9086573f58cbb0

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe

      Filesize

      227KB

      MD5

      ad8a0eeaee0a600f80dc3ee1b24d92ec

      SHA1

      825795549bd36254313488eff8185b725b81cdf1

      SHA256

      fde38773cbb182ac7f5b18a2439c2c7e9e420485b48e5ab80108e064201fd5f6

      SHA512

      a3035ea638232771570f7c16253a63bbd5bec00a8f6583d3e0155ebe40c076df166157503be6f0c76a77b17ff0acfed38c312d205472542422c7317396176842

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCore.dll

      Filesize

      596KB

      MD5

      84c4796caacc1eca8b5e739f900fdfac

      SHA1

      ff33d1a58ba1a32b132444e970e6dd704d82c2ea

      SHA256

      0da9fddb51c610c98aa098c2a9460b80a89e41b1c05be54a85f4082a46b855c6

      SHA512

      1bedaa428d9686b30745f9a7f7feec8f011e522b2f173aa51e54b1cca1c800f8233c669a300726b12b2c7e50065ff756c0c2e7619018e37c2bd6404d7241363a

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforL3Vpn.dll

      Filesize

      276KB

      MD5

      71946aaed78cbfa3758eac844dfa7837

      SHA1

      a4cc9443352db832c0977339650d99d635225b07

      SHA256

      309d314886106ec5c9b276a0c28a1bf2985e27f5ce4c68c43195f45171dc070f

      SHA512

      de843d5f175aeb876e2c732c9051c572b3fd46a880a7745a237d45eac2e82481552b37c2732bdbbcc0e8052d299fa81b6d7e069bbcee1ea777057c1cafd449ba

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNsp.dll

      Filesize

      1.4MB

      MD5

      adb61575e9f50a62dc8d03f3fbe3b9a2

      SHA1

      9055667dbb312ee932794cdc7cce7720be246c17

      SHA256

      eae0415bdd3943e7695815798cd55ed27d51a6c8c99427e9dc833f726f2a3f96

      SHA512

      cc4a7f32139887c8e819b073875bfafd351da697edd0c7aa76c00ed5c14b82c70bc2db8bc33b9be6148d25fe2c24819dc9807f2e75d1d9b8787f10f54d6c0458

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforSddn.dll

      Filesize

      249KB

      MD5

      0770df7c04942e6fd1a8ebecf21f6916

      SHA1

      1320cdc2f41ad63199c56c65af72c17e80b00e2d

      SHA256

      493ff4da2bc74d6c636ca1e3543f5930820fea3a06fd02a737c01a038a501ad3

      SHA512

      d8144b6c1b0d54fbd850cba2e980ba3b5a5d42abe9595e9ad2681ac54a47dce2ca72ba6cf71a98b797b86901fb1011a59a7a7ae3d21c95b2ebb86d670128e4bd

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe

      Filesize

      76KB

      MD5

      64c803cba85b21bf20004aa3c7128d48

      SHA1

      99e5db910b9e6abcda3e0569a5c738e3ee83e477

      SHA256

      5a5f0b46bde6f2cb5b5bcd87584f15e6efb15ebd4fb57a47155cdec3b74029cb

      SHA512

      ada2c2d8cc930b74364c792bde9a5036387d5aa3ed1e64067248861e51133e0d0b48d2ebe90e12ab632a11335314b64d574d561979ac603c4c20b211b87b820a

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll

      Filesize

      1.6MB

      MD5

      bf05ee3df332861f7a7e6c17b5647720

      SHA1

      f2a93217b37dc4351bfa140c3dedd4c4cd203882

      SHA256

      3591a93f69e8b2f6e462d52dbe99a4295c179984c1b36bd43c6d015eaa779949

      SHA512

      5e79169c5e4a5b24a29c8fe2c511ff642b49fb37ebacb2b63aff8e2b19eb84a139c0a78b7388559401ae1f21312ba074e50b357a24b7a55f50a1bd2cd55401dd

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe

      Filesize

      151KB

      MD5

      cc64684253944ed963252354051feb55

      SHA1

      61e953dc18b5ddffa4826c18b946b716b927afaf

      SHA256

      15dba1227ddec28002333beccc2fc2e0b823907f012d56d29a9ddcdf8a2759c7

      SHA512

      9b919b5256fb149144b6b90ecdcb7e1814295163e72b2c623e2044993a9f8859923e00a29809b47fd6336fb25575f34c15b7d8f04abf61579ebe2c357202696c

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe

      Filesize

      94KB

      MD5

      83cec4b986a07baaebceefe885aaaae3

      SHA1

      48729bfbdbe8b612d1c5c5b4a47eefabe8ba7479

      SHA256

      440345ae2effff2b373683a944aade7461dabe495432f926bd42f48d4ff27c6b

      SHA512

      64ef1ae86099a5d772c57b46bba96ee3e10cf7e258d0b8d74d4278b90c8b44c9d5d14220c904a7a20bf49ba795fdb56e22b05499cec30ed384105604ff654cc0

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe

      Filesize

      112KB

      MD5

      65afc0dedccde336b0e32ea633b962fb

      SHA1

      87451f5045da81f2b20a02c4b4b2a0b51f770858

      SHA256

      5e82edaa5837ebe0eb7ef6b3af8409c75426600ebffd4ccd1366d145a7152237

      SHA512

      d5f55b95cadf8d8f0f9289b429db1d8e2699d4513574c9c611855afac9b8fdac82cff6c9f4020be3c46bbabdc45eb1f170df157d98bc40389a01b583f47e22ae

    • \Program Files (x86)\Sangfor\SSL\ClientComponent\UrlWarrent.dll

      Filesize

      124KB

      MD5

      c2aea24fe072430f5606889f4b0ec8e0

      SHA1

      6aa6c8356dfee1a0593d3ed858fdd9027bc2e690

      SHA256

      abbd0f4b56997a1961e682604008ae6966d6545231cf6f39b964d0f6abb8a472

      SHA512

      0b5bfebf258008eb854a206719febd468df072104d58e0753342eec9d44c9050e68b9bcf1daaef84e7d0a7b677c667ecc617a20d5299f78f4ecf372fa278e974

    • \Program Files (x86)\Sangfor\SSL\SangforCSClient\SangforCSClient.exe

      Filesize

      576KB

      MD5

      bf33dfa4bd0fe7b6aa528ed0caff9bb4

      SHA1

      b97b5528749ea41e371449ba501cdd4d2a922322

      SHA256

      c5dd3eee31e62b9f2740a9956f2406a6d078eb90afed56cc6116eca8274eb593

      SHA512

      c711929b08ee8f16cfe27cc68e15097e37a638cf83a039b5cdb0c81caa65a949e8d331d799e049c4a99e36a2e3eb5768060cce4d54553726af585d925270bb70

    • \Users\Admin\AppData\Local\Temp\nsjFB13.tmp\System.dll

      Filesize

      10KB

      MD5

      725145e8caa39635cab9899c47c72eda

      SHA1

      30478c907551bd920bf359638b091fc5c10b5a53

      SHA256

      1759e4f7777fb8c9ed356a7d4dc237a90e0760061685d44ea02d40ca9e359ceb

      SHA512

      de31286ea10321f762a3b6e7c6c82177d5b6f45a82adc936fcbbc23105708cbbbec903ba94ba94e7723e80f1828393e5395ef575b37136b19de7535e74e24547

    • memory/2104-174-0x0000000002190000-0x00000000021F5000-memory.dmp

      Filesize

      404KB

    • memory/2380-48-0x0000000000B80000-0x0000000000C20000-memory.dmp

      Filesize

      640KB

    • memory/2440-203-0x00000000003D0000-0x00000000003F1000-memory.dmp

      Filesize

      132KB