ramnit | 55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe
Size

92KB
MD5

ace39dcc73a69dc5acaa647402223fac
SHA1

006156927c376266eacdec774f1e887078da235f
SHA256

55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34
SHA512

d2ca315cfc6eeac501a473ca48250e8523f3d012f613a82321aa19dc00ebe7a9a30afcab59b104d80145adac790f8b93a779a59ba9179213028553b0b47499ac
SSDEEP

1536:bVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:znxwgxgfR/DVG7wBpE

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Executes dropped EXE 1 IoCs

pid	Process
2836	WaterMark.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4948-134-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4948-135-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4948-138-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2836-141-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-144-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-143-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-149-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-152-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-153-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-154-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-155-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral2/memory/2836-156-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxBA0E.tmp	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe
File created	C:\Program Files (x86)\Microsoft\WaterMark.exe	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4300	4860	WerFault.exe	82

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000311"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000311"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1281195160"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000311"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000311"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000311"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1281039413"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1287603166"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376823663"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{77D02CC7-72EA-11ED-A0EE-567C1489C33F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1281039413"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{77C6A657-72EA-11ED-A0EE-567C1489C33F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1281195160"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1287603166"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000311"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe
2836	WaterMark.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1488	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	WaterMark.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1488	iexplore.exe
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe
1488	iexplore.exe
1488	iexplore.exe
4620	IEXPLORE.EXE
4620	IEXPLORE.EXE
3640	IEXPLORE.EXE
3640	IEXPLORE.EXE
4620	IEXPLORE.EXE
4620	IEXPLORE.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4948	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe
2836	WaterMark.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2836	4948	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe	81
PID 4948 wrote to memory of 2836	4948	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe	81
PID 4948 wrote to memory of 2836	4948	55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe	81
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 4860	2836	WaterMark.exe	82
PID 2836 wrote to memory of 2548	2836	WaterMark.exe	85
PID 2836 wrote to memory of 2548	2836	WaterMark.exe	85
PID 2836 wrote to memory of 1488	2836	WaterMark.exe	86
PID 2836 wrote to memory of 1488	2836	WaterMark.exe	86
PID 2548 wrote to memory of 3640	2548	iexplore.exe	87
PID 2548 wrote to memory of 3640	2548	iexplore.exe	87
PID 2548 wrote to memory of 3640	2548	iexplore.exe	87
PID 1488 wrote to memory of 4620	1488	iexplore.exe	88
PID 1488 wrote to memory of 4620	1488	iexplore.exe	88
PID 1488 wrote to memory of 4620	1488	iexplore.exe	88

C:\Users\Admin\AppData\Local\Temp\55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe
"C:\Users\Admin\AppData\Local\Temp\55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\WaterMark.exe
  "C:\Program Files (x86)\Microsoft\WaterMark.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\system32\svchost.exe
    3⤵
    PID:4860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 204
      4⤵
      Program crash
      PID:4300
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:17410 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3640
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:17410 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4860 -ip 4860
1⤵
PID:3408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\WaterMark.exe

Filesize
92KB

MD5
ace39dcc73a69dc5acaa647402223fac

SHA1
006156927c376266eacdec774f1e887078da235f

SHA256
55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34

SHA512
d2ca315cfc6eeac501a473ca48250e8523f3d012f613a82321aa19dc00ebe7a9a30afcab59b104d80145adac790f8b93a779a59ba9179213028553b0b47499ac

Download Submit
C:\Program Files (x86)\Microsoft\WaterMark.exe

Filesize
92KB

MD5
ace39dcc73a69dc5acaa647402223fac

SHA1
006156927c376266eacdec774f1e887078da235f

SHA256
55be2027b96a62dd5e2819200d0c6830f6bd9067038c9ae12a799cb9e9ebcf34

SHA512
d2ca315cfc6eeac501a473ca48250e8523f3d012f613a82321aa19dc00ebe7a9a30afcab59b104d80145adac790f8b93a779a59ba9179213028553b0b47499ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
4132c54f59c529167c112e7f519120fa

SHA1
94cc9036fa031258aa744c7ee88e3c0b6c7a73da

SHA256
e9f456cf8bb8cc4a683d1c2f792feeb4c83fff24a86e6bcb260eff8fbff126fb

SHA512
e8efb8e81a90ffbe177301fbba4470ded104fc6d12cfa0123938b981d612eb2c4a66bb47b585cd43ed6ed4940e0ad5a1e3a5d9d18f8cb643e741aae694c4baee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
4132c54f59c529167c112e7f519120fa

SHA1
94cc9036fa031258aa744c7ee88e3c0b6c7a73da

SHA256
e9f456cf8bb8cc4a683d1c2f792feeb4c83fff24a86e6bcb260eff8fbff126fb

SHA512
e8efb8e81a90ffbe177301fbba4470ded104fc6d12cfa0123938b981d612eb2c4a66bb47b585cd43ed6ed4940e0ad5a1e3a5d9d18f8cb643e741aae694c4baee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
4ddaca6c38ad8b05fa1de9eb48b47280

SHA1
74ee6c1f699c1093d5ce1b5eabee1d5b10f301f8

SHA256
d75a151f61b1588e06b93251344200419a937f6732bd72ad5c4cfe04b9296aea

SHA512
9676b227c11b120b58c9743f5a393114c7b73eca192dab03b26dca406a48839fc9afe54ddda2b9880d926969ceacffd9670868ed113810ab1543ea15376b1e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
d5780a08cd554d57f133d1ad9f770a18

SHA1
1734971dfa5a8c38cb0932a7c7eb71f73ba715d2

SHA256
a27862e58370e4ab629c39fcdb99ad4342abf41e9ca9bc3e7e0a51932a6e1cab

SHA512
de3236a741eb721b8886e11d97cb752f867de437caf4af698da2dc3600b399514e65e0f8483df097cb0f6358c36903f7013a1ba09007fa6cba0b06262f012c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
d5780a08cd554d57f133d1ad9f770a18

SHA1
1734971dfa5a8c38cb0932a7c7eb71f73ba715d2

SHA256
a27862e58370e4ab629c39fcdb99ad4342abf41e9ca9bc3e7e0a51932a6e1cab

SHA512
de3236a741eb721b8886e11d97cb752f867de437caf4af698da2dc3600b399514e65e0f8483df097cb0f6358c36903f7013a1ba09007fa6cba0b06262f012c25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
d5780a08cd554d57f133d1ad9f770a18

SHA1
1734971dfa5a8c38cb0932a7c7eb71f73ba715d2

SHA256
a27862e58370e4ab629c39fcdb99ad4342abf41e9ca9bc3e7e0a51932a6e1cab

SHA512
de3236a741eb721b8886e11d97cb752f867de437caf4af698da2dc3600b399514e65e0f8483df097cb0f6358c36903f7013a1ba09007fa6cba0b06262f012c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{77C6A657-72EA-11ED-A0EE-567C1489C33F}.dat

Filesize
3KB

MD5
dd1bd46f04b0907c31750a4fff8ab4ff

SHA1
f30bb7f6949c642f8e3f9c1c8376cd1491c9acb6

SHA256
76e8de764932c9a74f7dea1b5c28fcd0b5eedfdbf504799e417efc00eb74ee7e

SHA512
66a3ca4fac7cf5b0a6376bd9fb44dc7ace6dde81fe63f2818f6b1e663ac32a519ea21dc8d8f9601297d1a20dbd18d05943afc59bf23cb435cb16d48a919605ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{77D02CC7-72EA-11ED-A0EE-567C1489C33F}.dat

Filesize
5KB

MD5
6b41b78a3d4300752e8079e43dd3ec17

SHA1
1517a6bc577b321ed7b8a1befc9f6f21dcbf580f

SHA256
d126640e42ec4bbd0425192b54f6ec952bde98825519a885e0ba1801a2dedb79

SHA512
be0946337adffe942e620536f5fa742dfa4e8aea5a93dd7a3a9f2b7de0bd6408309a5d8771c59d7fd248989c3dce6f55101eba468357f018fb513479a4e83f55

Download Submit
memory/2836-155-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-141-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-156-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2836-152-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-153-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-154-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-143-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-149-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2836-144-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4948-138-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4948-134-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4948-135-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download