ramnit | 229ac4e75cb2f9cdf2975fe61cd7aa6426d0484894ed9b8f7ff714013d7e1c03

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
Size

120KB
MD5

e85fd679fb7885fde7bb3c57c34c285e
SHA1

371480c20d197c77c026b029f3be5c2b7e0ec334
SHA256

229ac4e75cb2f9cdf2975fe61cd7aa6426d0484894ed9b8f7ff714013d7e1c03
SHA512

3429cee75e85c1c5587bc01ee3bdc68134202637939d2f76c8eab65b3a828c361d90d34b8dc1e7144b15ff7b523beb45a251bd186d1587b8c48550216716b0d1
SSDEEP

3072:vwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8ZzH5Ufe:vMzzILGFkzhr0pGj9oNH4e

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3052-0-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/3052-2-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/3052-5-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/3052-8-0x0000000000400000-0x000000000045D000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A350C2B1-B8D0-11EF-97FC-EA7747D117E6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A34C7CF1-B8D0-11EF-97FC-EA7747D117E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440201038"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2800	iexplore.exe
2816	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2800	iexplore.exe
2800	iexplore.exe
2816	iexplore.exe
2816	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2800	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	31
PID 3052 wrote to memory of 2800	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	31
PID 3052 wrote to memory of 2800	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	31
PID 3052 wrote to memory of 2800	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	31
PID 3052 wrote to memory of 2816	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	32
PID 3052 wrote to memory of 2816	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	32
PID 3052 wrote to memory of 2816	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	32
PID 3052 wrote to memory of 2816	3052	e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe	32
PID 2800 wrote to memory of 2752	2800	iexplore.exe	33
PID 2800 wrote to memory of 2752	2800	iexplore.exe	33
PID 2800 wrote to memory of 2752	2800	iexplore.exe	33
PID 2800 wrote to memory of 2752	2800	iexplore.exe	33
PID 2816 wrote to memory of 2640	2816	iexplore.exe	34
PID 2816 wrote to memory of 2640	2816	iexplore.exe	34
PID 2816 wrote to memory of 2640	2816	iexplore.exe	34
PID 2816 wrote to memory of 2640	2816	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e85fd679fb7885fde7bb3c57c34c285e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2752
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6061855d47f3f20f96b9a5106324f4e

SHA1
d58a029457d7f5647ee8851699b197a132208cef

SHA256
e2d0d89e81fa9b66d9109e1d7fd52be2d7175e6efe33bb01972d6805cccb855f

SHA512
1c2a582d3add2b8317bb63bb6f9b40f74c24e36cd69c7fad090d27c0255e64f2259676166d45b8776e21ca2b9dbf7db2ac62130d8d35aff64cc9da0c9fd48709

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8b2bb034d6c6fcf4f51cec93162f027

SHA1
a9b1f1c4bf7b4fba74cfc8a70a89d1c8c961a20e

SHA256
86e5e02cca0a991f38d8949a3cd65a34335679e0b951e191c8dab015f92768fd

SHA512
4c01a36840f4d8553f01876db2e7ae2739befac6f0704f93c96a55417ed8039e18eb03e25c8325a09159c53f7b08d14ca060382780736313ce7fc69e6cb17b0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d643c36614538e89596fe63e3eb4bf1

SHA1
d949cc839ee61e9b91ca6261400ef58867771096

SHA256
ebd55f8352e73a215fad1c13fd4b8a281ff95353b4fa3e16e63444faa28464a1

SHA512
8742a1c715d410bf8977043bf606433c3fa73b5734753582c4f1e53d073b9084a9b2194c9f2546e9c32b7998003a1a3616338d7dcdef9fbfb0db603965a5642d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a237300d29aab8fe6f8a41c8c04e022a

SHA1
c2ad4e6d4a8d5b3b45cae592c311784478be7026

SHA256
053f8b9038efcd56622543e43a5eabc591f5ca7f7c683e71589ff754b749c238

SHA512
f493c4e6df166f4dae2e92f19c991321b445e30241527b9c534d40356cb09f590263ddf5d9e91177fd15aa60ef80f6de2a20256308b76911e8cd72d2d9cb9ed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e0ed9f9398aff8cbb26e3f1de0a7d1d

SHA1
f31abbdcf3d76d2c02c8ca0d8d78e2f117e08db0

SHA256
0469c75c4251412b367bc7dd27f4968fe4adeaff1d4b706bb50cd4627ab39142

SHA512
0075479db2ddd9ea3f3d71cda5e66dab8d3950a1ec83838c19d312fec76d383861fe78c156a85962f3a047f6667769167af832eebf90b3ed4fb9dde7ff66118c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73fb83cb7da5d4bce091bd00ad72f4cb

SHA1
ee8f9381fdb1483ee1c4199df07f5bf2cf178fb6

SHA256
622a7d5ae5e3f7f1f75c818b03a3474b4090dfc32f6992d3c424ab74e82304cc

SHA512
1729ac4416434153091b86a80e7a87192db20e90caef97d82b1db1d87afaaf00422958761d9e8d35fb1c77fff0a9752f115483669aa4051f2b2cc3fe2a3eb24c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e24f7253027f02e52da968f53dd5ff3

SHA1
7538e51bd61438d662e438649adc13fa543d0473

SHA256
14f6ccabdefadf5b7ccacd2c34550a720d15b592143989a8a945a19cf497f7a0

SHA512
d799ff00f4aa720e6baa4cabe21a29b72fbb03dcd6995b0b8006abef4a48e4b8294d9c7bc47b81fc2a66aa670ed70d01e5822d1fa3978763ed25fcc5d1521931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b952b9fc6a4a60062d332dc2a1a02001

SHA1
ddaeba31092648dbc9549cf9b0390b45b71078e4

SHA256
77ca0aa69aab3951d2bdd91241097ecdc037098e1333927d108ad5295b0da23a

SHA512
cad637bff7415ddbc3bdf2a4de67fd8e173d58c87ea6aa35fc11c03e6872ef387c4412d74ab35a8f755f9e8f6c71b00515c61856c2ffd26df9548e5357c8ae8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c5e64fb0a7a258f107c7fb9e45590b4

SHA1
1c111fd372f38087c32921feafccd3b2cbe8121c

SHA256
01b91d93f25e65d1ec342ec651a03a86eb26b4b31f86683e83cb399d535aa471

SHA512
3b73546a89e2d1c2dfe954149bcbffe2d741cbc37720039a6f4831c126d5412a2f228f3c245a8897fb14c1fe59c7ff4f760801d6f183d5ae160526735da9acef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39a65be317329768144f96f9b97357d0

SHA1
70acaca088789fd53779aaddf37b74b607ac745f

SHA256
06eb6433170426077e4176301487920bb279523b6159d3f0ec30d4536879eb2c

SHA512
a01664c823ecc56b86451f1a1fb75f90acc73ebd22c96da4bac80f1ef73fef89e806ced36c6b6b71899411f069d8a4a17e8a4fafcd165de238f21fa8bb4e2b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a76dee31aef1eef99265429c5ef99f6c

SHA1
a3fc0e2f3f0d79fb5d8e6b398bbd8732c99f5ba6

SHA256
c6c1e0fbeeeb386fdddf67391a29c14b1e273b50521ec9ebe7b6fd895a4c56f3

SHA512
2ddb37955d74f9c5335029cd193badc831e0bec5bdc3ce2007ae9d29211e17cfebf8ba974c19d3a0fc6e233b1633c35ea17b8f61a26f83f5014c01947f0ead08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e3ac7ae730681b506397b1c5670b661

SHA1
4ab4e85790e1a89c45e8fd77cba1a7fb6db6bd95

SHA256
d07ca79d1aaa77c8a383087bdefc422dc7360aa3afb1600f81346587ade9aeb0

SHA512
e8fedbfda1aaefd7ba650c19f387ab0f6a3697e5df16f0ed21d0f776b07b711b1e7dee59c1ac8ac6908a26ca4ab2044b9d099e98221fa03b16aa0397640d8ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eab82817c0dd8234d4e0d0d13d618b14

SHA1
444eacbda747de039c34fb6477fb4512dc5c608d

SHA256
8b90b2a6fc9e3d99180d3cf355164883498124d970bee977fac6b4b07a3815cb

SHA512
1141d1f797ea0dfceb22fd1aa86a5366a951501f492096985a1ad0ed374bf4293e73b2fe046f8a6b6b389c4a5ae70aad615a350547f0fed9209cd4279bb5a429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ec268d3c86decc120cfe58e2672b91e

SHA1
90aa45e3f55b401b8e4715e23729a67473107d27

SHA256
06f673fed23f6be90d1ac7461b011a64f659d288a50a79f7aedb85940c72d1f0

SHA512
85844be0e447e0fe257786541981161f3805cacfe4e30645ba5a61f66d3a60dc24c74a2be3049b1311903a3fc84d710521a2e7f789e320d68417cbb3a8571935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be78522217f7629451be869e192d6f77

SHA1
54318ea4724bccfaa8bc5d6860c79acd7ffa5e8f

SHA256
636cce302ddc85678db4e51c3692e2ee90ce4aaf1f8d54e0e9a5efed8a071413

SHA512
44ab5844ddda996b22c7bf9e6ceabe2fbc97b5006f13893707e13aac9a2ad7cbcfd8667888ef90ca1d226c42e3965665be83ad919c709b14612fab07dbacce6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff43c06e0a73003b0e4cebbffa87c3f2

SHA1
1b06e66b6cceb8ffff9f03476c371c3e013b13dc

SHA256
689ae745678750ff2e37ad2166787a376aa9708dddd797afc30dfcd4184efe2f

SHA512
e5b13a3c4b2a820f6a9c1faebfa6f1127b67da079b6d082e30b007e5b02c8dd29e5d231a04c11142e26c7f40077e4229cd0d1b5f6bd1bcad6d43bdbc05d7d12e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cde4850cc6f6e18fcc0e0c334f50b9c3

SHA1
3f15319998e77a5b93fb58a83827921070caa117

SHA256
29d38e6f881faea15c41b0861239a0dfd64117f9cb79e2e555119b5d5f645e16

SHA512
8753125c7d55aef5c29cc80382a5ed5476f087b3245f4726bf7a61652a3424b01a78aa5f116916c5fb0a6323712f03f7b8c677ca537fa868d84e9a08a1f0e1c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00631f269150fe618f79adca06b077e5

SHA1
196ba8a990400a7e64c2040c91c88040d1ea472a

SHA256
3419e3211656c87935710fd919e2499b726011cc976d8a3efff94a142ff2def8

SHA512
927a8735454e8167b933c7a08dff5be27e8fec78f14ec82bca8759c0e85f6d023fdd8ea8c1a1b6d54a156c107227898932e324fdd21a24361b83c87a32cf962f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29ad4a7dca1ea14dc9c9f96488c282c6

SHA1
b4c068ab38133546a8f83acb8bd3c15c785fafd5

SHA256
83b637e48633031a437b16f331093943c27ed57e6993096f0188bd30b30f3b6e

SHA512
15cf1aadfb529c9854696a5f9a128477b93f5affaafb44ffe3e8c64c9e7ce71488fce075f07602373fb4482ee367eec76e99ed6d99393379468b70fac744c7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9ea7ba3442f285613aa0808c1d102f7

SHA1
7171ae1ff79b3cd14f65e2f11f633bdaf7eb3902

SHA256
05e3c5a0f97f84d36325cae7f83e8feb6941a8f2cbb415ea650871dd1116023c

SHA512
cf69f83c81a964f063532d04be87f7e7151eea14106f420d32a9f15679b83b8cd7d8f17f652f7f725dafc61747f478e050d2e8c9b49018af0598c2769534eabd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b260ce8fb30b7f8d9bdc8095706166a8

SHA1
05282ef036567014fbef23c7a0bf6cc9242c86f9

SHA256
013bbcff61fd3ea5c6ca307777f7fe4984f12017512f62f857e8eea167d8ab82

SHA512
9ff6466b8578c7a7abd619f823eccc6d80c269a8b2f4be36529fa41166788df69e36c9b63cad3a921d14660b1c6efa83e7d2c1bfe6ecae9e25c875a569af56e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A34C7CF1-B8D0-11EF-97FC-EA7747D117E6}.dat

Filesize
4KB

MD5
fb25812ff171a11902dc3d0efb8661eb

SHA1
94d1514a1c2b25a444a74ff22bf46049438a949d

SHA256
1c71a4423bcaa33befdb98f17456e596c198eb380bea9c0d7e02253669a860c9

SHA512
cf12fce808413528dc7370c5d113a09b01a4516d3708455173e9b16bfb9cf34827c3c84ca111ac9a6e373735451eba8790267412ac4cd1b8ad5312f8ab962242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A350C2B1-B8D0-11EF-97FC-EA7747D117E6}.dat

Filesize
5KB

MD5
13828e244588efb55cbe6e3836454ea5

SHA1
05be3f4b37f948ed1f9808d2c67f6647f4e7ca2c

SHA256
45ba83a8ddd8a3c4348af96776cd9365f0a439cc9e97d8270daae0a6cc4430b3

SHA512
52f17e7887adaf2778a0e182e49396d590f60f330dca10a70022750837e3d7fec58b1ffea7561762ae333c98ab184cc078f9a9ace852db282571c0f847119390

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF49.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFC8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/3052-0-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/3052-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3052-2-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/3052-3-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/3052-4-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/3052-5-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/3052-8-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download