ramnit | e45c7b8382e0652f6c36b915877fc8ee999e1ff1dfb6e95b317a09c18425cce8

Analysis

max time kernel
134s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
Size

133KB
MD5

98db6a64e0fe74a68f148b581ca8fefa
SHA1

b65b0d29774b82a979d9705f4977df2709d8b4e6
SHA256

e45c7b8382e0652f6c36b915877fc8ee999e1ff1dfb6e95b317a09c18425cce8
SHA512

2c58d6b49cbb0b66a56de0d74e6ea8026bf5d05e015ba1ea6dc7de4d1e4358ded2c0e5180176d655660038fd95abbd9f3b727e27b61eabc056aebd63af7eaab1
SSDEEP

1536:WOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:WwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-2-0x0000000000400000-0x0000000000478000-memory.dmp	upx
behavioral1/memory/2116-0-0x0000000000400000-0x0000000000478000-memory.dmp	upx
behavioral1/memory/2116-6-0x0000000000400000-0x0000000000478000-memory.dmp	upx
behavioral1/memory/2116-5-0x0000000000400000-0x0000000000478000-memory.dmp	upx
behavioral1/memory/2116-8-0x0000000000400000-0x0000000000478000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE9A3A21-AADA-11EF-BF61-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE9C9B81-AADA-11EF-BF61-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438666144"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2184	iexplore.exe
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2184	iexplore.exe
2184	iexplore.exe
288	IEXPLORE.EXE
288	IEXPLORE.EXE
2364	iexplore.exe
2364	iexplore.exe
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2184	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	31
PID 2116 wrote to memory of 2184	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	31
PID 2116 wrote to memory of 2184	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	31
PID 2116 wrote to memory of 2184	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	31
PID 2116 wrote to memory of 2364	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	32
PID 2116 wrote to memory of 2364	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	32
PID 2116 wrote to memory of 2364	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	32
PID 2116 wrote to memory of 2364	2116	98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe	32
PID 2184 wrote to memory of 288	2184	iexplore.exe	33
PID 2184 wrote to memory of 288	2184	iexplore.exe	33
PID 2184 wrote to memory of 288	2184	iexplore.exe	33
PID 2184 wrote to memory of 288	2184	iexplore.exe	33
PID 2364 wrote to memory of 2632	2364	iexplore.exe	34
PID 2364 wrote to memory of 2632	2364	iexplore.exe	34
PID 2364 wrote to memory of 2632	2364	iexplore.exe	34
PID 2364 wrote to memory of 2632	2364	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\98db6a64e0fe74a68f148b581ca8fefa_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:340993 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:288
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f69f54be8ea2f8847cf322fcce39d7

SHA1
66e95179f740053ab48969f773e53539b89e1278

SHA256
980249693960809d2142cda3be868895098adf71341ebcaa0ef8e76c9b3c63eb

SHA512
e6aa5838846e1a1b939f1178aef5d1c46de1b78b48aaf56520abcd2b3e3250f8b072ca8916341844b17ab66f3125811b9844c495f84341049f7c751ded8bae8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
504a34b55b5e1da46461113aff9b0d77

SHA1
f03f14b8f36c02b6290e4e96667c2c0e28636271

SHA256
31fe7722c0e32de67e582affe93d05f11fc3efc0f3969f0a9b32910cae0f977d

SHA512
05ee5ab4a3145f84cbdf6ef0a7afcb3476b82809bf1309755b247bb4d3c192c65c06ffec1ad89e58620f50f5198b494253bc5509a453ed25b1d4a68857b8c902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec7a6183a34f63a7615f8b2f20c22f29

SHA1
a1947256534e0cbf20b33fb6ec64ce8cc9905eca

SHA256
1b927a805973b8668670557c64125fdf33215869880b3203d230289e193c2461

SHA512
cedb183f739eb3696fb912e64948f137fdbc09588b25819319b1c42d35577992682ae05e5e6287cbc159458a33b10981baa9e483bdfa64ee3c6fa437dce4750c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbc78931401b57b18cc5e8c377be621f

SHA1
81fec7473b589ccef84bbdea74b16af19bc2d25b

SHA256
06c495818391c2c10229c70d7d27ce1be0a5705fa2484fee3861de568da97fcc

SHA512
e093508716e47f2fc8f08a4e3200e7190f3b3e41245ce7904c322074e0547cea73dbcce5432d0a68ca4026f5a22c546a7b357925517ce5235faaff13e5025b44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50cf81520b8b2c16d3e04e42f52c559c

SHA1
362dff4267f6cd94a65dab5988e7d3533e6e132b

SHA256
934d8e1bccb2ad759f1c1bc1969a370d0476e67b983c2edd6a8b8cfa0d2dc554

SHA512
bae69ae67a6e7eaef5a1b7822ec676b81c16e870ae71d850055b1175ebcabdd1ee36064e0348b1dc7e71de982dc332c3e6ca7790c98b87732b38870f07c0b88a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
239199c3abae978b2050887d85b2579a

SHA1
7671ab1ac1614ade7f9279db37fbe155236f8c29

SHA256
10a144c46d9d9aa3681881c95e364ff49d455e86d544e23870510f110b7f8f78

SHA512
d21b72892df9bb93eee420ca9ce59405928ecd9e1a93ff10ecc46d60ae81c85452ae49ba04ac1eca583e1aecaab949bca520649355cc11ffe12a608457eb3645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c358d8bc4b9a9e83495f7fb5967b522d

SHA1
7d881a0a083f4daca22a1642549a4ab1987ec222

SHA256
9d2fca1cd837fe2e0fb32dbd01a49060288ed06d22098eaf1483d156b535a8a4

SHA512
2a5b092ed2ebaee15a72b0fceeb8452436583d339c9410f06a990df1d02b48aca7cc0b322e1a38adbcd50a3a0105b3b1222cc0b580cdfd24be8fde273961804e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ccd35f2cd0ee39cec90b934571fc96e

SHA1
af347aa94b822de9c6bfd607c65a117b52dc1013

SHA256
f31ae6e5026170af826a6f57c1a235107a6ca8fcfe88ae1caa817cf5491bf04a

SHA512
e90f629e8c1f81eacd3c505659253a5cec6438cfd64b9da0de329874aa2fd8c6c4ff0149ecd341cc00aa8b8d8820e90671ed6c38d3318015a07db8aed0a3d1ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e154d0d3c4443dbcbe22524ed79c339a

SHA1
4a1509599be9d936356826bf69dcdbfa4a11f437

SHA256
1650be49231f5ddf7c2f88ec06b0bc577b85b4dad2f178a8110393a208169cfa

SHA512
190cbd4c1a8186884737737aaf865c2ac4660dbc4f46a78c3c6edded667aa19813f5a5972d6c9d33f8563078e0bb2ac8702676d122343f35ee5a2f473120f1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84cc0aa93538d37d687434ebf096dd3b

SHA1
fbc6369b96f9300c539e91c8b14aa6e48ff8ba44

SHA256
783dd1a9c1c2eab33784427b968125218f4cf5f5a2a033a65a6d6363cb889e3a

SHA512
4123d144695897ba7539141415b7cb0b882a5a2ffdde9ea7674a05e03fb05c4ba4ca26073938c5cbe015741fc6eacd0f684272a38707d01279e384e8815a0437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c442813a0179e6eb93fd6afa3089257

SHA1
f5588e3dbe42eff0eee33da50e80de3dba21721c

SHA256
b7f7883ce9c826f2c9e36f912f123296b50d29fc5575426804c63650b6a8e617

SHA512
071d863c6056980083e9ee052209d1ec3fabd087d709bd91dea90d9acba947ef267c8122a7d041354b7a75b86e263063a9a716340cebe8d5f575c4c92e9c9b32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e972a432899b81e583385701bc80f93e

SHA1
aae80b7dcfa22cebeccc747196ed9450fa9af225

SHA256
7b506a140ba5bc36020f7671a1035e36a60b586fe7b1936e77b9791c5a4a7d8b

SHA512
5f4c37ec6e7ec8a7ff095a33abbc80baecffb75bd4ffa6b9233e814726501d6dcef1830ef9e97d4fd7a55882afc0ee59d7ad2bac15689ca6be0037e7743c24c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ac886869eae0d392168f5774b353383

SHA1
94824f35bad22f3e68aa29a8a6471f8401b7908a

SHA256
1d5cec7073ca485b35362085ec77ecad9495a68810d16f1e2cd0a2734561dfd1

SHA512
0764089ace8888fc7afd253e259a9566dd078f3faf1265c6739dc17a7e3961340a5c899d6fade00998fca9d2b8525c089070374308f74e097d1a943ec856ef8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6865efb371f5aa4cd5b7dfbbd622e8dd

SHA1
98887ee898eb947e863f015034f4b5220c439a92

SHA256
69156f0940ef0d0c7dbd0bf0b1db52078c99c3f14f5a3e9c13a9d64468e71d49

SHA512
7053c7bb64907b587b203db38fd1852502f6a2e16e954b1a2133d336b6b5769bdc58066515114a4911f560705edaaafe0140c2449ca71c4ec8334dfcdbff7013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f6e9949dd4c3bb4fe115daadc0126e

SHA1
0f5d06aee999de84ae7e00d76c67a963fc6db206

SHA256
2f7380647203c308f9280f4bb68f81c9350b5656047bb27bdbf74925707fed0f

SHA512
9442c1a216c2fa145ff24179a58447f7e5b51c387710ec5897287ba24fb088f156be28227afbe395ff04b821cb65a7b75abe963013cf65a8b7817ea3d3f90633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6e1ff8ebeefa8955677860d33288854

SHA1
5407ba4e9781679743aa399d2b3e6f2fdef626ec

SHA256
c48c10d7fb681d685e4050bd7404127289f2f18568392ef927cdaf2ea5c2e934

SHA512
6717990b5e2a0316128f91513ab318422373161017fce37d56c9baa8037e505110e1a61addac95388bd77dc8363b826d5b97f1b0f99f5a3986ef9e9a9c44882c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f039901aae0611e075ad1da2f9a95de

SHA1
57988e49ae800c64ea9082b41c6620478b8f73f7

SHA256
e5834559fb4b98cc1b0a7b1c6d97125f8eb7de8ff486aeea89c7b9b506a0fdc7

SHA512
a065a2f226fc50c577fbaddd41212377cf12236110ab5e6804f04606590a022f2598de600aae1128831031f91ea7178221dbce0585df517d3b5b31bb3652a387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE9A3A21-AADA-11EF-BF61-EAF933E40231}.dat

Filesize
5KB

MD5
9f3cb953f446ccef3993462f09049e5b

SHA1
5b49fb5afe328104b1f8dfe670077946e0eb94bb

SHA256
55a5b1b11392132be47e725c15951e0b0350d9e7ae0da41f36841a3fbc7b1b63

SHA512
06122cadbf7723799eb1f6a2c69cb8affa73ac968dbff5b0aa2da73135148d24d7de1a3bea5bc29e1b0732e173bf13cbc6f876f055d14f8d52ec07bb713559e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF1DF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF251.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2116-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2116-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2116-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2116-2-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2116-6-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2116-5-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2116-4-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2116-8-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download