ramnit | 00ba23a9ad1982a913cbb1116a77db23001df70579ce6406504d5ad4a4184003

Analysis

max time kernel
137s
max time network
140s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a46983cafe7d3ccd85270e494a6426e_JaffaCakes118.html
Size

346KB
MD5

8a46983cafe7d3ccd85270e494a6426e
SHA1

5e94ab0bf9e7b5458482a9e627fce25abf5322e5
SHA256

00ba23a9ad1982a913cbb1116a77db23001df70579ce6406504d5ad4a4184003
SHA512

9cfbef64c962a5376afb8f5da4a9a23e70179b5bbd3022e031d0c928db7a9c4513ff1a3e1a9a35b4564b2a192ac69f1d7db1e4501b35e07bc41daf0b72014645
SSDEEP

6144:SssMYod+X3oI+YVsMYod+X3oI+Y3sMYod+X3oI+Yw:D5d+X3D5d+X3J5d+X3a

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 5 IoCs

Processes:

svchost.exesvchost.exeDesktopLayer.exesvchost.exeDesktopLayer.exe

pid process

2972 svchost.exe
2804 svchost.exe
2692 DesktopLayer.exe
740 svchost.exe
2792 DesktopLayer.exe
Loads dropped DLL 4 IoCs

Processes:

IEXPLORE.EXEsvchost.exe

pid process

2836 IEXPLORE.EXE
2836 IEXPLORE.EXE
2972 svchost.exe
2836 IEXPLORE.EXE

pid	process
2972	svchost.exe
2804	svchost.exe
2692	DesktopLayer.exe
740	svchost.exe
2792	DesktopLayer.exe

pid	process
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2972	svchost.exe
2836	IEXPLORE.EXE

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\svchost.exe	upx
behavioral1/memory/2972-6-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2972-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2972-18-0x0000000000240000-0x000000000026E000-memory.dmp	upx
behavioral1/memory/2692-22-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2804-15-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2692-26-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/740-503-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 7 IoCs

Processes:

svchost.exesvchost.exesvchost.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px2E22.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px2E32.tmp	svchost.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxCACE.tmp	svchost.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2008fce113b4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c9464a6632f81bd120a1cf86ac549c342b289711ba75365f231557ce1eff4d19000000000e8000000002000020000000fc4bacd5ab001a4e33fe9e9f7262bd51be520c47eac76c5b087367302fbef2ad20000000dae1cb8f7fbc52b2e6d681b1fb4994dcd4e2510328b94c7704bec7b0a471aa6440000000efbbf7dccc85bd3022db76f60608548bbc0dde2e7306828a620c9525dd9b6cc1b9c89fd31c2e78403bb26615f1e07db3a1fe4a9b829b80f10e768fab71f2a468	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDA41D41-2006-11EF-8C89-6200E4292AD7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000007a693a099a9e5d0b921722b836f9dee38c50f430636d8904062807162096e97d000000000e80000000020000200000000fdb82c668ec6ff698dfa54c3c6e188029e6df22deefe7c6b7c7ebb8b88d1f109000000079b6975c32a6afcdd629f548ab30033f7341426f59eb06eb60d3e627a27aabe11894350ab473f6afae6c66aed086540b08cbf501b264af7b50fba8904da0377297638e3306eeef208bbcbe9f58544860979a13db8ae63976e2fc5f942fe26666d0531f4d8d7273735aea53cdd8aef3e134cc48a00255731c2abab32b468b2614363c3b7563e6a71d6ef556b30e4ce320400000000a1994b617caa65443917157246622663004bf6c0ceb4f2cdba330ed4b1a1ae1b178ade74bdffe2af9ce193d9c2a897ba82abb5c38fe9e9649b63677b225ac3f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423401774"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

svchost.exeDesktopLayer.exeDesktopLayer.exe

pid	process
2804	svchost.exe
2804	svchost.exe
2804	svchost.exe
2804	svchost.exe
2692	DesktopLayer.exe
2692	DesktopLayer.exe
2692	DesktopLayer.exe
2692	DesktopLayer.exe
2792	DesktopLayer.exe
2792	DesktopLayer.exe
2792	DesktopLayer.exe
2792	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exe

pid process

2244 iexplore.exe
2244 iexplore.exe
2244 iexplore.exe
2244 iexplore.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
2244	iexplore.exe
2244	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2244	iexplore.exe
2244	iexplore.exe
2244	iexplore.exe
2244	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2244	iexplore.exe
2244	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

iexplore.exeIEXPLORE.EXEsvchost.exesvchost.exeDesktopLayer.exesvchost.exeDesktopLayer.exe

description	pid	process	target process
PID 2244 wrote to memory of 2836	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2836	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2836	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2836	2244	iexplore.exe	IEXPLORE.EXE
PID 2836 wrote to memory of 2972	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2972	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2972	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2972	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2804	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2804	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2804	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 2804	2836	IEXPLORE.EXE	svchost.exe
PID 2804 wrote to memory of 2824	2804	svchost.exe	iexplore.exe
PID 2804 wrote to memory of 2824	2804	svchost.exe	iexplore.exe
PID 2804 wrote to memory of 2824	2804	svchost.exe	iexplore.exe
PID 2804 wrote to memory of 2824	2804	svchost.exe	iexplore.exe
PID 2972 wrote to memory of 2692	2972	svchost.exe	DesktopLayer.exe
PID 2972 wrote to memory of 2692	2972	svchost.exe	DesktopLayer.exe
PID 2972 wrote to memory of 2692	2972	svchost.exe	DesktopLayer.exe
PID 2972 wrote to memory of 2692	2972	svchost.exe	DesktopLayer.exe
PID 2244 wrote to memory of 2680	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2680	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2680	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2680	2244	iexplore.exe	IEXPLORE.EXE
PID 2692 wrote to memory of 2568	2692	DesktopLayer.exe	iexplore.exe
PID 2692 wrote to memory of 2568	2692	DesktopLayer.exe	iexplore.exe
PID 2692 wrote to memory of 2568	2692	DesktopLayer.exe	iexplore.exe
PID 2692 wrote to memory of 2568	2692	DesktopLayer.exe	iexplore.exe
PID 2244 wrote to memory of 2576	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2576	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2576	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2576	2244	iexplore.exe	IEXPLORE.EXE
PID 2836 wrote to memory of 740	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 740	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 740	2836	IEXPLORE.EXE	svchost.exe
PID 2836 wrote to memory of 740	2836	IEXPLORE.EXE	svchost.exe
PID 740 wrote to memory of 2792	740	svchost.exe	DesktopLayer.exe
PID 740 wrote to memory of 2792	740	svchost.exe	DesktopLayer.exe
PID 740 wrote to memory of 2792	740	svchost.exe	DesktopLayer.exe
PID 740 wrote to memory of 2792	740	svchost.exe	DesktopLayer.exe
PID 2792 wrote to memory of 2212	2792	DesktopLayer.exe	iexplore.exe
PID 2792 wrote to memory of 2212	2792	DesktopLayer.exe	iexplore.exe
PID 2792 wrote to memory of 2212	2792	DesktopLayer.exe	iexplore.exe
PID 2792 wrote to memory of 2212	2792	DesktopLayer.exe	iexplore.exe
PID 2244 wrote to memory of 2748	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2748	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2748	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 2748	2244	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8a46983cafe7d3ccd85270e494a6426e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2568
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2824
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:740
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:209932 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:668676 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2576
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:603158 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cb2e1962e704efe8fd1bb283296993d

SHA1
e1e259e93086665608bbb33f23c0bfe94507f94d

SHA256
d2d02732649898c725e9a87c5cece64f2bf2bc6e9996c980377d5ab5868beca9

SHA512
b0312fdfd967750e812e4f96249704b9d603ca8e6e1542c6746f21cb2d372caec64374bce14e866c97cc1011f0ec3a0498a764d4bb4713310d98d58e9df53e30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1d9f7e48e5984b5c14ffb53724225ce

SHA1
96c4ac0d67a14eeb12caf60bfb4f61f28f6ef643

SHA256
14ccb015a2a86d5d9264c9d10b65b9802e90e18094b70c9ea953a7f783362a2d

SHA512
808498b46ca0317b4dc31fc516711dd0f32c51772c55bfa931b7e05d11d15b32e4bffaebdf77778bad2e8d35de1f8121d9db06a2e2e484c7b28d24fb7947f105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ef0d31b312be9bc2aa9d29067b4c5f0

SHA1
7d0111776ed95ae812968ee1e847d45ee6790630

SHA256
895d057c2d7a996dcb8522a67de5edd8e93e7ff075a624db9dacfb1961935b2e

SHA512
8ceb19308eb51ab7922711dd568f4307706377f276ee03b8aebd88bb97ce8e8fc929ca6eedd77895fc96811b9980ecb16c4ad810ce5262d8cdfad2c33fc2c91e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87490166b461d00dd42299c9484b76b3

SHA1
57b5e663ab7d013fd396ced64d6b9d87d595d72b

SHA256
fcf5e205376ffeb32d9363a4dd1898891af8b1c5abe2668ff91c46605750a2df

SHA512
5d019990ce2c552fd3ab5898f5ce8bb42f2cac0803ab056cbfabfb16072583aa3f275debef0f5ea70c0a491dae110b68a185db7638135fcbba500ada0cf4afbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d8a97dff33968ba41d29f3a7188e894

SHA1
6cc5246cd54fcc6f4a40bedc1085f1060fa44ecf

SHA256
c53f406a9ed72c7548dbb1247805ba9602b27be4d12953b012533e25ac62aee4

SHA512
bf3093d097e0615c92d6145791a0e05f8e8ae3e4a99e9ca5504a603ebe16caf5f8b7ee9a866a25d97cc94e8cbd6888da0c03e13af8cc4db31003b26c1d19c972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dc4a9605e721a0afe6cfd78341d3961

SHA1
391f4ea953b1da39e8c94c4a52d86fe52538f1f2

SHA256
f77a3e14990525e132c209a1da740f419b59cf18e0fcc55fc193ff512ea4cf1a

SHA512
42f79b8c164f0f4a2f4a0ffd44072486ecb58e8e1a5e38339699d91a46b57116aa301a5c0a9181dbd39c704b3efc1e8459f360867c1eb39673c6d52131389487

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be38738ae0419341a1330d27da42dd61

SHA1
90ac08e972259d4a8f8d0244354d683b2f9e1f0a

SHA256
f58af6e5297c08cfb8a3364472ba51b27455c4331b4d5378673f929eb5db7393

SHA512
f1a765cbded0f9e63fc7c953a1ddce278ad2fe9861495cca3632603e65ffab3171f3300d9003dccc2d58ebf8f6db7b866f38733bac20941c75e826b736204617

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54f8c9331bae546c4b6193baea125527

SHA1
a57c8b2eaca31d5dfba31e1e326e8c3b2e80c33f

SHA256
63e876a23be2b792e24be5258aef922664672a08beb5b1ee4b130dda7952fe01

SHA512
a23759abd518a011a3f21ae610622e3a2b27dfbc7e440beb62b94489327f8ad954702bf41fe93a126f8e4721231d6b459adf8cc17e5e2ef49ea91036cf05e98b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cc74886a39f0822e2e892067207d9e6

SHA1
4606884b8c29d20066ff0ff8bf020c23c2291d17

SHA256
5098290d024c153ae6df937e3ac7088aea1d2e6420da1e1420e0ae395e960d0a

SHA512
729c317ac93cc2be368205b0f0f0226821275d63be6f1ebc0bf5d6542b24fc18632f81a7648a94668586cf376cc3d5da7aeabb6d638f51e1296619889bb3c657

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
941b7f3014822138fbb2a938cf4fc514

SHA1
9d217139d50ca7bb0c469353a84bf55002296d70

SHA256
2db7905f116691f9c4d558f1e9e83d5f03b667dd7cfaa16fcd842959f2eaad6e

SHA512
79facc66e0a8e413a4ff0372d93639736745f5ca653cbea1636273ea0f5596ff6f60d8a2bbbb591f3bf5163f37223ef9cf3b79e751869166115387cd80b7c33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29E0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A73.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/740-503-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2692-24-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2692-26-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2692-22-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2792-509-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2804-15-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2804-13-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2972-18-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2972-8-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2972-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2972-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download