Overview

overview

10

Static

static

3

JaffaCakes...c0.exe

windows7-x64

10

JaffaCakes...c0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20/02/2025, 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe

  • Size

    353KB

  • MD5

    0e01525d20d82472d8f4f4baeceea7c0

  • SHA1

    735ff695990bfc7a4b926297bb2c925da5d77da7

  • SHA256

    b5880746d859edbfc53d9118d7ce6bad58c20e9f67270b1ffcfa4cfc177cb655

  • SHA512

    65b350c6c28b66aad48f2427032d9b1df2926b50d8dc6868d4135dea49a26fc02d321b560b663198a856129e4a1893850e5c73b5cd7b3a95330137cb100868c0

  • SSDEEP

    6144:2JD6KarVGMX0mNsVvpyTpZY63vwPOj4LOAhz6tUIBwWcOUl2jXQcXForOM/m1n6:uDGRsuspipaSSW4zhSBwWcODsc1aOM/Y

Score
10/10
darkcometokshadefense_evasiondiscoverypersistencerattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

oksha

C2

fuck-all.no-ip.info:277

Mutex

DC_MUTEX-0RTF6BF

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    FkQYb2bTZw5j

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 3 IoCs
    defense_evasion
  • Modifies security service 2 TTPs 1 IoCs
    defense_evasion
  • Windows security bypass 2 TTPs 1 IoCs
    defense_evasiontrojan
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    defense_evasion
  • Deletes itself 1 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    defense_evasiontrojan
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:209930 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1656
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe
      2⤵
      • Modifies WinLogon for persistence
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0e01525d20d82472d8f4f4baeceea7c0.exe" +s +h
          4⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2908
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3040
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
          4⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2340
      • C:\Windows\SysWOW64\notepad.exe
        notepad
        3⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2700
      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
        "C:\Windows\system32\MSDCSC\msdcsc.exe"
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of SetThreadContext
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:332
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2324
          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
            C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
            4⤵
            • Modifies firewall policy service
            • Modifies security service
            • Windows security bypass
            • Executes dropped EXE
            • Windows security modification
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:2764
            • C:\Windows\SysWOW64\notepad.exe
              notepad
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2488

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Create or Modify System Process

    2
    T1543

    Windows Service

    2
    T1543.003

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Create or Modify System Process

    2
    T1543

    Windows Service

    2
    T1543.003

    Defense Evasion

    Hide Artifacts

    2
    T1564

    Hidden Files and Directories

    2
    T1564.001

    Impair Defenses

    3
    T1562

    Disable or Modify System Firewall

    1
    T1562.004

    Disable or Modify Tools

    2
    T1562.001

    Modify Registry

    7
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0773bc9a850e2790666bd9908c697710

      SHA1

      7d946b2e8e36907ef694271013735e977c85b2c2

      SHA256

      790487efaffc65015762934cf27d5ba037fd1071ca6d91c51ead2b6ed45ddf2d

      SHA512

      6cfe69a94dd4f416e00eeb8b93b19bbec2972e7af34555fb9d74ac71cf97aa60ccf309147fd63fb624d9735263ef5eac8df038c25d6134c5284c257ec73e7928

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a62597a010f74b233cc4c6e9b9f29688

      SHA1

      363702d2532977c60ed625723aa0c7b9a669eab6

      SHA256

      305b1f6cc4c7903c50df07e68cf4b138d988e34c4fd2bc9ce61bf7fea0ee09cd

      SHA512

      aa32a0bf6e15de3a0dd50182488c5de316b15e046d6f645cb9ec6530fb5af0d36c9cd304aac7aaac61de2214fbb4625a11c394af78c8646d26527979767bd68d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a65a6ca8b7fedb7e15c2b122de2fed0c

      SHA1

      b6b74394fd2ea044e4f26315cba8db0f5eba2568

      SHA256

      0fad50edc304dcd060d9b6ffabee992d8e375d7a1241af75106697f9c971a896

      SHA512

      2ede1ee41163a73c75424d3952a2806e87bc73ef2c4ae376eb71f3fc11363e38a63bd59fb067d3bda3243b5e64f5815bb63791789ecc9fb95a38f7009824e858

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      67498858e722823effab316a9ccacfef

      SHA1

      56ff6e5f0aa98cf3768cc5af64b904ad9c47908b

      SHA256

      31a47f386e207febc03e81021ccda71325184247735f921cc0dae28df204e6a8

      SHA512

      1990f71915c6403253a99e8455048108f65acd758350c1a3807fe3bfa94cdc052360a9471b613dfd8246c8304c77d36c2e48c19f5018812242be6371f2ef2a0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9b4775b56da768cbae675f2582daa80

      SHA1

      9a04c6b80d46b9752de10edce3ed37773289bf9f

      SHA256

      3446fe0878a84f3206ead219d2fe0dda78a9df2fc7c7ea39af789a70f4eff9d8

      SHA512

      1b04a0f07595e7e4e9d3f1d7467548d0607a25183441ff06570a93c75ec92519c590d777c93afd09e4d9a26c908f9e46c69925930fb3cff2c61556471959d1ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4ad24dfd922a2556614f955829c1ba4d

      SHA1

      6550212228c958366739b5da6f9d2ce994e5e2bc

      SHA256

      14fbaa2ca63e12a55139fd9ab885a12e7ea583ecae5aece45ae54a048b9561f0

      SHA512

      4de44691ac445ac392aab72dedfc3c07e679a413ba91862fff7a146eb2f76e2f5ed3819e6bc64e61490f64fe22389c9cf3f4cd3417ed73c71b237e2c1eb5cab6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46678af79fdd0f326522f46a398ea4a8

      SHA1

      1b7a5164c8a51e7f3411ee518978355c1e89170f

      SHA256

      f53b31faa8be05e790220a2b7f95bf0e7f8fda6038b20fce369f56a5204f58d6

      SHA512

      44e4ad2a0b4685b53de151d99208e83eb45e4f56275d7695fc5f9c77141fd635f659d3a9ad09a46d14f26946e8344af2486c5f5d328736cb7cf95696336cc5f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      512744f0849dc3c9670ea3bcad9a77e4

      SHA1

      2541f58f87df57f8e957bfb3428ffa55369326b0

      SHA256

      0558ba1aee58c0fd9c3a3f961e35dc05cc0dc31d02532bc5358c09b625c7c534

      SHA512

      8ab9150f0349bbdbcc403e000a7fb69299c875e5c1f6220fb1370cf5e18ba37dd8a7f988c5640c82bae89d961055c9225cbf8aee345903dc8f530d78f8aa1823

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c44f1fb65ca64d89007ee8f62a646ccb

      SHA1

      a4d5ada6d3e573e7b785ab793df8ccc30761bdf3

      SHA256

      07fd3a30d0982905f9b405c7aecf766426d7487513f427173b4096a1c9ea383b

      SHA512

      f65a106923bc976a62fec25c709da66c49e5ebd1da7868c77a3fedf85386f9704b1fb8bbd6f567644e19d539b076765756fa78858bb0322208e78ef5bb2e21cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3cc930b8f35815bedf2fc872120fc07b

      SHA1

      b6362a60ebf64341868ec900502bf88d37deb024

      SHA256

      7e0c69175bcaa2294e2651397fbfadc60ae9f9232ca83b591f6c934aa060b640

      SHA512

      d50ebdd03d4c91e8a50e53613e051001bea5ee1d67a408b232df9d9d34583a2f6065002b6ccdbac8c37be9838e54b77f8a05359d0dd6a7554b0539353233683d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      194a0287c8cb3048b297d57b503069a6

      SHA1

      93f1765c691c63c79e0442a4ccc2c4381ebe8577

      SHA256

      22c2f82308cf4eacd5a4d4169792d39af637856714cdc7e5ec52ff0948c7c398

      SHA512

      4ed4304be08d99e53031debf75fd4094e627aa9b6858024d685d8123f4cad66ee8180fb47ce5c30ef3d3169fdbb7fce3dd105f8002becac07f323a42ac1878c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dc85df7727e342983dbcdf01cf2c5c79

      SHA1

      62e1f8dc39efce549524e6b39d60d764db81b591

      SHA256

      399f4d3206858670944a2517fc675802481cf2e5eda3002f7ff2d052df6102d1

      SHA512

      d3d17889cfd2213e5b28bb9c44c60f75a6e7037754096c87d3f7a8678cd6e44b8edeb01c7f3fc55b3ad7a2562c2f622a91196d936532a60841f027774bf8a5f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a0d3a1ece5d2aaedf5589afa00ffe79c

      SHA1

      ba711444f9d2e578b3df673106cbfb3b229a95df

      SHA256

      db9b68a4ddc2a0b51299aef6cdb2d2ebb8c5bbe832de0a4cbb78d525cb73b32d

      SHA512

      4e5ac1e92ec6131b6836af33aabf8eda4ad680cd9f17eb0e03d9c102e38c1538dadbf6b6da1019dcf97fc114f33723b30fa0f76124ae16605ee056ec565bc194

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      061435bc23d1230cbeeca4949935d268

      SHA1

      c9f84110fab1b5b20b56cfb2f1fdb31348eab656

      SHA256

      ae9b11283289274891d2ff4ff87d4f7126172e899fd8722d2cd8cde053a6d098

      SHA512

      c0096df8d4301a80120ad812eece5156417ff2d5940b19ea715f3194fa4d29dc17e7666d5788736b2ef40cce96a2db2313d84e6a0c6a1368ee529ce0abbaa059

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a1faf1232a8748190ce58e296d2bd04c

      SHA1

      2a92827d4ba3d23ddd7c7727364ddc12ad528f91

      SHA256

      7717c58de72d06d8a05104f6d57bfb2ddf60ccc268934306cb12f20c1a86601a

      SHA512

      26d677bcc84fe3916b87b18df3176f370440d8e88bf8f98c5e0b5aaf341bca1bbd02ca57b5c31843e61d1e67a9ece2a9b2fc420192e685c83d62bc17dc7e2790

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      23923ee05d837c518d408487a7107f6a

      SHA1

      c7421603f1ac8be6bf2833ce59085f8987b44c21

      SHA256

      df4c24aa2c8fd91a6a5d291f857ff31f6846ec8d8bb187fe505ab4582aefb1d3

      SHA512

      809a4e6b3bdc5b33b71fc6b8eb736f3ae7b7aa71f78676163343ea6e65a7da3af3da6478347419c54a35dccef19ad508bca608462fb266e7e431b06cec16f234

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47d33e46b8c7c6e37796eee24d4913cf

      SHA1

      f079cdb5b90dabd6b6d08105a4e9d3ac49b79dbb

      SHA256

      a936a1528e385efadc303b150d954645482d76767e3a3ec0449ffdcc337f6577

      SHA512

      cba8ff942733c4b2e3d0d08c3070ad020a1fa5271ec2272596a7abf759b04c4a3a2ae1540894d3f9ad3207f36c90a8c3e943cb37c0eee2ad91a5f8b4d3cb98e3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9e00e6a90fc3fe076d3f5f88282cb39

      SHA1

      568e42b1b3e540c3f7775ddc7ffcc68f514f9eac

      SHA256

      8a5ee61f10ef9d067b16c7c521942b714368ac3a6210b45ab338fa59a8791403

      SHA512

      51b78e13163d6aaf8f413aee7ee3a67807c7c8582675601a0000427c8610c340e8ebec9c1a37d441bd70f589651f53c9108a1ec9a2861d34e497bd530e4c11da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a3892d79da3e42151d37a5708f72e953

      SHA1

      b4fbd9aeaaffb914330d6149d6ba1a30e9dd616a

      SHA256

      f32dedfe109ebda496255c79cf059c910a063d7da5fdca820b70325fb9b1fea3

      SHA512

      ffc4f08d51392656d26ae61afd9e8247946a57838e6d0abd8234934ab8ec2a88b441b02e3ba6942640f3c3090b9ff7dc6ff03c7c59df9cac61b18a993a26a063

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ff348676da09c6fb52b02ff05dac1d68

      SHA1

      864c912cd7c54d1265103fab84a93eaa5a0c07d7

      SHA256

      22dab0140bdf4365f24846c3b25a39a2778161e9c47d40835866a13f257cc165

      SHA512

      949703f1d651d8aaa5e50fb6464182d701af524df15e938cb3544f44b34adb107e4daa22f96fab0c3e5a390ec55da4d11a0032522a813b3a816ebe1d8012ea10

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ecb583070339c32931326aa5310de550

      SHA1

      3f71ff2938473dc43ef781df8d550318d17ee592

      SHA256

      fa5654a74c8c70fd47af9c52932e93a8f3e8f3ff932130d525870053b183aee2

      SHA512

      54f5c2334b376456046b4d429332f3181f97637c31dd7a311631b1c4ee3ef48766e3abc6603d7c015b186f2992ba36cb833ec912e18bfb713677e5ce3ffcf9cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97875e6bb2b308a91a73f886a87a0ad5

      SHA1

      4498b54a2278498c171e5342df356b67fcebbddf

      SHA256

      7ac11179a0306b6b273e11104208608868063ab7941bd62e820d0852de4d4c53

      SHA512

      7124368d0906e358085092474ec6ce3d0afca117965c1f8a8b3f424dddabca5de80f7e51a95b75167ee8931bcdb9b48cf8b8ca110a86ce870a425963bcfe5bbb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabEA9F.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEB4F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif
      Filesize

      353KB

      MD5

      3691430a0c6cedcbb5b285d855d58cb8

      SHA1

      04a35debfda1eaaec8a0a6dedd73f047857c3ed8

      SHA256

      3444e5b3cbfac2a6b4e28d03d13007ab3dd5eae9c01660f05af073be3980692b

      SHA512

      1a841aa1e7ae85ca57de32dabe88b3292f15fc82d920afa9dcac4de49e5cfc2b03fec893c933678f29e499a5df918e1a75afd894d5bc6e499e259cc525b48684

      Download Submit

    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
      Filesize

      353KB

      MD5

      0e01525d20d82472d8f4f4baeceea7c0

      SHA1

      735ff695990bfc7a4b926297bb2c925da5d77da7

      SHA256

      b5880746d859edbfc53d9118d7ce6bad58c20e9f67270b1ffcfa4cfc177cb655

      SHA512

      65b350c6c28b66aad48f2427032d9b1df2926b50d8dc6868d4135dea49a26fc02d321b560b663198a856129e4a1893850e5c73b5cd7b3a95330137cb100868c0

      Download Submit

    • memory/1080-1-0x00000000002A0000-0x00000000002A4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1080-0-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-6-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2700-22-0x0000000000080000-0x0000000000081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2700-36-0x0000000000150000-0x0000000000151000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2764-65-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2764-66-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2764-64-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2764-63-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2764-67-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2764-539-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-18-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-53-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-16-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-9-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-10-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-15-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-7-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download

    • memory/2968-19-0x0000000000290000-0x0000000000291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-17-0x0000000000400000-0x00000000004B7000-memory.dmp

      Filesize

      732KB

      Download