adacc03ecf3c2a0196c96067db10114b80f7ca106ffdcd849f05bb859641d1dd

Analysis

max time kernel
106s
max time network
113s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
Size

13.6MB
MD5

ae4fd4096015476a60ad0e1d78cfbc2c
SHA1

2ee69fc1742e66b741628b2aa08f3bbe380f9301
SHA256

adacc03ecf3c2a0196c96067db10114b80f7ca106ffdcd849f05bb859641d1dd
SHA512

d89c21b9e02b2b2b2308f79330c82156fb4f64ba740b9a7d1842f7eccafd235880306db37434730020256fab591679835df0f54f45232732cd4a403595877532
SSDEEP

393216:LOzFavOYTmDrLUqRRXFI/An39Kt9x3KwwV44qe7BihsJ:2Fa1mDUq3XFIq+xawe4Hjhw

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019489-29.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
1268	Process not Found

Loads dropped DLL 26 IoCs

pid	Process
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
1268	Process not Found
1268	Process not Found
1268	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-31-0x00000000746B0000-0x00000000746C0000-memory.dmp	upx
behavioral1/files/0x0005000000019489-29.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DAUM\PotPlayer\DesktopHook64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\3D SBS to 2D.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Deinterlace (blend).txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Levels2.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\SharpenComplex (jim ro).txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\YV12 Chroma Upsampling.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\BT601BT709.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Levels.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\NightVision.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Spotlight.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\EdgeSharpen v1_1.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\FastTrueMotionNoGPU.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\GameCaptureHook.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\AviSynth.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\DesktopHook.exe	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\History.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\ffcodec64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Remap_16_235.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\ATextOut64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\MP3Lame64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Skins\default.dsf	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Skins\original_en.dsf	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\LogManager.exe	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\bass_ape.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\3D SBS RedCyan.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Contour.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Emboss.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Skins\SkinSupport.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\GameCaptureHook64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\3D OAU RedCyan.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\EdgeSharpen v1_1(jim ro).txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Sharpen_3x3.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\DesktopHook.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\TrueMotion2NoGPU.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\bass_mpc.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Logos\PotPlayer.png	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Invert.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Sharpen.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\FasterTrueMotion.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\3D OAU to 2D.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Letterbox.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\SharpenComplex2.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\bass.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\DaumCrashHandler64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Wave.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Skins\BlackBox3_en.dsf	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Urllist\TV.asx	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\DTDrop64.exe	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\TrueMotionNoGPU.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Skins\BlackBox2_en.dsf	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\QuickSync64.dll	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\3D OAU GreenMagenta.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Denoise.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\TrueMotion.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\TrueMotion2.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\Sphere.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\OverlayText.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Alarm.wav	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\ColorBars.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\AviSynth\FastestTrueMotion.avs	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\License.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\Loading.swf	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
File created	C:\Program Files\DAUM\PotPlayer\PxShader\GrayScale.txt	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000500000001ad47-122.dat	nsis_installer_1
behavioral1/files/0x000500000001ad47-122.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1494B531-ADFA-11EF-8121-F6D98E36DBEF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439009377"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000e8eb77ecf8f9b8c9d656bdfbe6785688109686019b9a3cc09e6bf526b9248427000000000e8000000002000020000000e7b113fdb38cd122519a573e2bb1aed5918395b2d857c7905f35db50cedb7683900000001c5093d932acf9cdb4092fe4fb9cd7bad507a3c216ff14db19840c60b6a5393b1d3274b62ad3634dcf48f4ba36bf9971c0737a25bb9f889a258f00f949eadaa48d78ad263faa15d770382956c9e4bd19fb92695b1880f62eb276bab15c5df3c694f2376d2aad76ad3658bcf43fb850064105d72e962c162547bd0f82346439a023a8d248ea13a150db72fddfc60c3e9b40000000003f3bbad8f2e9487c03dfd70a196c64336d1b13de76f6bd5ed3c3b9e94f3e081fa47ac3d47a30a7efac2ad8b5e00d1497992eaa67364d994b6104ea40c51aae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.recaptcha.net	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40af65ee0642db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\recaptcha.net\Total = "21"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000008985e85530f07f5d75ab435d10721f27a1a203a617c661cf812314e66304da4000000000e8000000002000020000000d2618e101fea86645193200f2f0618e5adf03e24d3301c07752505b33880b16120000000d77af2a2c239d3e77c604ab2ee1add841c8396944a0f8ead85a6ae3a479c084c40000000f5d3d72d102ff9d6427c5110cebc750d9a3a85ba5dc5fef8eb46dd0cd293311568a5bf29950af3bbbde4684522ffc246b318acda39f6cb06843b08c082c1e759	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1584	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1584	iexplore.exe
1584	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1584	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe	30
PID 2344 wrote to memory of 1584	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe	30
PID 2344 wrote to memory of 1584	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe	30
PID 2344 wrote to memory of 1584	2344	ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe	30
PID 1584 wrote to memory of 2088	1584	iexplore.exe	31
PID 1584 wrote to memory of 2088	1584	iexplore.exe	31
PID 1584 wrote to memory of 2088	1584	iexplore.exe	31
PID 1584 wrote to memory of 2088	1584	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dvbsupport.net/download/index.php?act=view&id=134
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
af8a7c17bce6968a5f993e3c1bfae139

SHA1
2efc45f20fa886462be4b2f96f274e0de366d21a

SHA256
594b59309e68e49515bd350aceacc874df71b85c379b890cc8ae7f9a7c0b9435

SHA512
c12f8607cb11ebd7faaf802715b637fe4639b6e6d8fbc883937ae7d0b7a39210af254e548649970054f583a388b519ebe073cb6c1d8427d30cbee0306785378e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5472f789cfa8ce18635901158769ad6

SHA1
c5f5d2e814494712e38712b5fbbc716accba7fca

SHA256
64a5e89dc62add7379aecaf76bf3945482eb0aa125c12fe2826f33df4d27e44e

SHA512
6268218e3734ad684aed70dfba3ddb0625ed279e9bc4c8f085369dec8b1b6f850839e6b7984e7bfe35b30697c2214f23863b651021f7ca66c489ba1afb396ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb30ad6ef4bef7a2ae1dfd44299851d

SHA1
b3cfe78a3236daa4c399b193db67d5fd32ce5440

SHA256
266af82ae4a6ee0cf1ec3c2efd00e81320edc0f3081ecdcc0ab8512b784dfe7c

SHA512
e4d5183fccb71b9a912006570fdd3f9e823fb5e7fe40c0cb9edfad4766534adca1e43fa8bc2b46d8904849bdcb0d67a127b71e902b109e16e3c6559200b4ba46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52725f969ebc9cbfe4ba264ac71b9077

SHA1
7bb350f32a22f5c4bc44aedfac2d499a7b456757

SHA256
02962fd0f12a6b727b64ed63cd52e1af8fb7277dc8907785615cb8773389e2f5

SHA512
100dba08d3028ba65375fc398eb32a75a36887633943e3640bf3b02cbd0bd8aa84b6240682bf3514632ccf36a8d19c6cc41c8258b0973be6f5335cc0bd07cbe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61dd5ede391e365fe20fc4e15e598730

SHA1
ea6032e382b3094ae4aa8a83dcbf15c3bad5bb6b

SHA256
ee91a3615d1e1821b2434cb904b02814b830742543a0e4b7c888484cfce2cbad

SHA512
2814bd9dc9c0da3a6783d8882d325918c2d2aefb9b8956ff8390a79f38278a1035ff1b6dd9f49c748fab18a4b2870a412c035cee5c21d8ade1fb427aa47708a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87eeba9b017e682351ac9842d66ffa6e

SHA1
e26c071712f44924bc646908e8479caa52032791

SHA256
d52e6bb010230cb83eacaff1a4b97d1fe182919230b3f12a575fcbcc3879a32b

SHA512
bf4df638d6452d04f15af152431fe4c272671635a268264e122dec8b90b7eb25227c5167b918cd5d2a8921fb8a0b75fb0d5730159fb6b07c7ce18d7c801c0a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bac7f04c2470b059f158203cc90961b

SHA1
5a09eb21560e8daa6c335702ede9440ec18ce140

SHA256
8800da658a7f2f387039f8a6abf5af7814301be7a4a7c24fcb94b3737dfea6a5

SHA512
72f2e01b0801b1850e7895cd2786997211fbde0686261a77e8bbd5198b71e7a93b15bb9810dc983abff64a05dadff85e6af55fe034cc5814d8ab94cb2732cf4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d17b4c571664750a5dd9240341f92ff

SHA1
c1d4eb383ed25b3b122ef7eeb17d1b8bf027cd2a

SHA256
67ba2cd06847808bc48bba02eca844df29534cd0ab1c90955e8e1c2af8d323a2

SHA512
5c4d5dc4656f62dca62dd8348562122cc6eae5637dfc8140f650d836ad8a9c03b64db8fb24e88f1ea425a1bceb321dd1bec84e0627c40de769871e75a76061c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc9afbdfab74e69bd8dbf8832b1a236

SHA1
b632a2289dd37a311e2a011163acd3018bc88787

SHA256
87174edbfa0fa96024ea7ef6a8887edd5f604ae698f292e7b2f79b811ffa61e1

SHA512
c70053852cd8c9cac5d1b2788ba2365f5cfb3ca2ebb0b3ab42191e45e43315031a63010b2a94fe5fb34b9d703d2a178809e0737c7bb079ba6bb005dd4d884144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65fe53e1473fd7ccfe62d4456aa74082

SHA1
3dbc4347a6c744b529833d189fd3dacc6b81bb24

SHA256
6ed99ad33638cdb79feb0d2a0ba8abb2d87a1734563aa32d2cdfbb8e84fc201e

SHA512
5ced25197b881d7d163c85a87d614735655940f660f72e08fb7e3f8d52efa2de785e7d6659fe25128d07468b953ba1c5a6d98cc48630c33c763d0b1c144aab65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa6861b31091b068f48a7a090ebf3380

SHA1
b1b75847173245b5b2efdb23ccc600022fa8e455

SHA256
4f50bb7ddd5fbbded15253306047732ec5e8d28353651b22b12d1c4b54ece869

SHA512
123d4b18a7eb1ec4d55b6f62e383ad2728d13450497e47572ff9cb0a10c87413ac131d9da44ac48d91f65c540fd44b4c77d122764ccf388df0375db5a5dd989a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a0934551cab1115130547639a62fb91

SHA1
fd6bf94244a5c949e1af138ec1bf274656076921

SHA256
857ac0addd9cb95deecdd21da06cad3253699b81bde20a1c2811333f5cbdeb46

SHA512
06409d1ce7b70832ee23472f2d50c33a5692bb16ab5748123158abcafb88dfeaba8e2a7dc6850dc46e4fa9d577e2f6748bd22caea708e2cfbf1e51e78a72d7db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36190849a8976250fb51ad9cb8519f39

SHA1
f3a7133439c488cc6632041223c5e895f23db7a9

SHA256
ce055fc5e0a45b48ebc02cf50bb89f099bb1de941be88022dfd01a4b0519657b

SHA512
eb9c0ca26efe1e01d5310d37acc01784453c923f98b6d46643dfbe2255167368a4455810135657810059876d06c2e1e4f4c6694f5fd96b8d5e0441de9192e0bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67e4f3a915fbf006b4aa54dfe05fbed3

SHA1
25e9316e3e95d5236582dc3166db4c8159fe9d0d

SHA256
02686eebb5653988fec599b66ee76781d99cf9115680a4cc4adef082850ed09f

SHA512
2061eecba2be0560816ba259b679221a73773d73b5ada9fd64e481435f5b7f8a8773d5d0d73bfde5f2a6c68b8d26bdbf81e58ca334f4dce58ea08554348eaa0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fa8d00d2929cb6342ea970c20d9636a

SHA1
34682813efedb2d184bdf57928ff662ca7b840c7

SHA256
a1b72e8e2be109b7a5537495378bdfb9d8315c22c05045c23d0a643568e1fb9d

SHA512
114dd2008b1fee14800793b7467c08b27b90dca15155a3e7e42c0e5149eac6f5eb5c1a58be9ebb5f03fa3c678aced0edd869d38df5d7f15b75a5d46a985a29a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b69db084bb8c3d6de2ab09536f92cd2c

SHA1
833ac8df32d13e825616d30cdc989a8ad632249d

SHA256
29588b90423f5abb2eb1bdab327c1c8456affadcaa5955af17b4a09a343c63f3

SHA512
c752b114ab02deeed7cdf90ecac74161d5ba40af8c307dcbd70a4c499850680ed2dd876c640191ae6d06bc5ac875c31f2083d7c27f770983bfc7d36226ffcab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3b7046ca5457eb6958f9a06c0ee338b

SHA1
15e8c7c2c8668b264402756b9a5ae82df162c321

SHA256
d23edb29ca4ccd77f7b1cdcdb9d2b510f5458f7a481d09b1b99bb40667de54c3

SHA512
3068849efde8b647915827b3d7b9f82b6da1b5f71f5a61d07641b5a1695da7e66e55a2e99de0bd404893bcbc29086d69bdbe83397615ef760f511b4974970044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b76b07b95d5cd61abaa2e18d9ae3c29f

SHA1
dfafa9ec2672165128303c2c520bae7db9905cbd

SHA256
26a862c9b7fc5c21fe08e419c2fc019aac558da97742607b3cbe228443b20e5c

SHA512
9d2857ebd31d4bdf711077b6cf428a0fbb2bdc777fe14c5f7dc81741b7a7dd221fc5c8e4704961f01be55ef582758c637f360440555611a92bab4fe7e971375c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64f05ea0a21ff158b389c893614d5ad8

SHA1
d1558a54c9feacc88030269da9b45b1b69bf1c21

SHA256
551f9f06cbf54598e1493d2e6f6a1c3f903647c8838a0dc9688152475910ef2d

SHA512
2a6e54abb3323da5749a21ed633ee0bcab29b0554fc41186274b08498f244912c73a33671265b1a0d41e7b6294ec3145427a90a5cc8a5379e9dc41f9b0cea133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c80d62702a1d709fe32dcc02c29f00ba

SHA1
d0a8f37a613850afe561879ccf40350c8cf272de

SHA256
844f612809e49c8a5506927bdad3343a6a2bdc4795a6a91b9ba2b54d68a549c3

SHA512
c91ed7314475c9b3315f31aab7f44e0e1bbf34acd4c14ca78e907962f60f7b7c4c7f5bfc369d024716280e1044fc2fecf1813459cff27406358b8adeb55fdbb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\styles__ltr[1].css

Filesize
76KB

MD5
c8bc74b65a8a31d4c7af2526b0c75a62

SHA1
dd1524ca86eb241b31724a9614285a2845880604

SHA256
3b457e0acfb1d231461936c78086c9ea63de3397cbb019c4fe0182a645d67717

SHA512
4d7214ac44475cb4d9d848d71caee30a3872cab3957fbb26a0aca13db1933cda1e9799938ba1460581483123dd6f81c3193bbc80989cba7e555f308c212841ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\recaptcha__en[1].js

Filesize
546KB

MD5
81697e6cdd98e37117d7bddcecf07576

SHA1
0ea9efeb29efc158cd175bb05b72c8516dbaa965

SHA256
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116

SHA512
fc29d4a1fd39a7c78b7f57b221596acee9b805a133ce2d6ff4bc497a7b3584ab10e3d4ffde30c86884f1abeac7d521598ebda6e0b01fc92525986c98250fa3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCCD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F64.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse787C.tmp\modern-wizard.bmp

Filesize
163KB

MD5
8b49c446f03367d2e8d827ab88be6d32

SHA1
7bb10907c59ea930b6565f3286a7a83ae1967329

SHA256
d6051a16fcd597e4b54fb2e4f22df9e8efff33f88b486251dfe69957f7c514e0

SHA512
26a7ac652e111003cc1fd3baad9c13b593cffcb2db008d3ccb7c2800cf7341126f76e175419477d15d6575dfbd758cddc8df669573fcbb8a6025ac2459226558

Download Submit
\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe

Filesize
87KB

MD5
9fa9e7b64e33fb31ea96b793448d24bb

SHA1
731b07c086357f0fc02fd98c3e65e9b036d520b0

SHA256
4c5f62b915a9078b4b60c5f204f4bb9092b30295ac88abe70ff3bf653e195d20

SHA512
0654108bbecacc822c2274eb1b25ddb80f76327a311d6ccfef0ea2e01cef9263401c10dab0167f565fdb986651f19690873daa9da3b846c64c3e1228cfdceea9

Download Submit
\Program Files\DAUM\PotPlayer\Uninstall.exe

Filesize
122KB

MD5
eb15023c28b97e58ae8625ab59b5e3d4

SHA1
bb5793f63ebdd0e1f4a4253cde3b3941bffae814

SHA256
2ce78c6cbc93e0e2724ef96ff44badae8fcffcc337b2a8198c89436485b3bbd0

SHA512
1fc879a19a62f72aaee73f5961592bbb356ce156e64bd32c8fdfa280c9ad6f91b1a94cd459acf9addea6751822206a10f4c475e7aab9e554d9f4d19bbfeb2a0d

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\HwInfo.dll

Filesize
68KB

MD5
44e5c77cae3ae434d1e4e619bdb1c39b

SHA1
9988f020eac45207d148668227b6819a38bdafa0

SHA256
326c406116026019a41c94b2e6b4c1061154f3bc9a395638063dae349f8a7579

SHA512
c3e40499d1296bebd2b1a770d9cd1f025859963a0f6dff002eb336f069f057ac4b3d2f5819232af6d2802ba1a3770f62440136030eb37355fa6f5b6ee0bc0470

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\LockedList.dll

Filesize
15KB

MD5
c159258782ae42dd593e1dc23fd9a403

SHA1
7acc527c7fa826ae9bc316402d222dd6ed6dd2da

SHA256
32764f8901f0e953a0386331ece0a33706173de25a8cdf5752dcc5ccb425244e

SHA512
7b7184e23aa4451b0c24638c475d2ae093f488ed253fc677be186da5fb71b28475bc90337357dc18d85a41fc70e681926a294374aa7018d1df05e6248a77bba9

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\ShellLink.dll

Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\newadvsplash.dll

Filesize
8KB

MD5
7ee14dff57fb6e6c644b318d16768f4c

SHA1
9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce

SHA256
53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7

SHA512
0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\nse787C.tmp\textreplace.dll

Filesize
5KB

MD5
72d1177bad86f4df8eaee2a8afe50e6f

SHA1
c36019dfa2ff5c90c9da31c89dfcda08f93df68d

SHA256
c058f4439617bdb2019c90abd9920070a23f751b9349051d0744280cd5d9c5d7

SHA512
e0e764fcafa833f94ad2d5ae2a407f3e35bd27efa078625d5a2c9372ea28d7889c4b339e457d6fd7c3c90475b2d1603142a8c46a23f59b5784478860b06ee1b3

Download Submit
memory/2344-150-0x0000000003770000-0x0000000003783000-memory.dmp

Filesize
76KB

Download
memory/2344-31-0x00000000746B0000-0x00000000746C0000-memory.dmp

Filesize
64KB

Download