ramnit | b358b4e97cb3b87e6b40098ee707289cbbb6421122118f15107ae5034e9eda7b

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/12/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
Size

106KB
MD5

e495a653eda8bad21ad4eaa5a0f20261
SHA1

b1bc7fdb58ab2a1bcb5776ab593ec3ef34b88acc
SHA256

b358b4e97cb3b87e6b40098ee707289cbbb6421122118f15107ae5034e9eda7b
SHA512

6bc6257b64c57edf2f67639136f3eaa4767bc93471bb7fe532df4d8d0f1ad5d0534820b8834cce23fd9faa10cfc1dbb940dc5435af930804403ff82a7e24ca4a
SSDEEP

1536:GOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB5:GwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8C

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-0-0x0000000000400000-0x000000000046C000-memory.dmp	upx
behavioral1/memory/2008-2-0x0000000000400000-0x000000000046C000-memory.dmp	upx
behavioral1/memory/2008-6-0x0000000000400000-0x000000000046C000-memory.dmp	upx
behavioral1/memory/2008-5-0x0000000000400000-0x000000000046C000-memory.dmp	upx
behavioral1/memory/2008-8-0x0000000000400000-0x000000000046C000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440174267"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F207571-B892-11EF-AD31-F6257521C448} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F16EFF1-B892-11EF-AD31-F6257521C448} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2728	iexplore.exe
2852	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2728	iexplore.exe
2728	iexplore.exe
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2852	iexplore.exe
2852	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2728	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	30
PID 2008 wrote to memory of 2728	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	30
PID 2008 wrote to memory of 2728	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	30
PID 2008 wrote to memory of 2728	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	30
PID 2008 wrote to memory of 2852	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	31
PID 2008 wrote to memory of 2852	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	31
PID 2008 wrote to memory of 2852	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	31
PID 2008 wrote to memory of 2852	2008	e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe	31
PID 2728 wrote to memory of 2860	2728	iexplore.exe	32
PID 2728 wrote to memory of 2860	2728	iexplore.exe	32
PID 2728 wrote to memory of 2860	2728	iexplore.exe	32
PID 2728 wrote to memory of 2860	2728	iexplore.exe	32
PID 2852 wrote to memory of 2624	2852	iexplore.exe	33
PID 2852 wrote to memory of 2624	2852	iexplore.exe	33
PID 2852 wrote to memory of 2624	2852	iexplore.exe	33
PID 2852 wrote to memory of 2624	2852	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e495a653eda8bad21ad4eaa5a0f20261_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2860
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e04542d211737f2a92d66d9243637196

SHA1
5f98995deeb8ba4bc50e596736f1551d89dc0ac6

SHA256
a0e14129ec14599c641e779c89d38097c07ee7ee6254246b7aadef9e19534f71

SHA512
24ddedfbbb6fcab84c87c529c6010f90b68c0837ca507c713da7fd18a8c03512060855c94985a36118aae20a8be5b8799fdeb514d04cfe6e58ae4b0da0f8e047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb06e9658b7d370615d55c7bfcdcf96

SHA1
d081db6fda9d3b6078a2fd31687862ada896ac71

SHA256
55ec0a8e809f946765b9b8328cfaa52560816743fb52a9e08046e85caa128ebc

SHA512
d8e5ab658209a42fd241f7b5bed2de7c01d4f4543c0fc955260eed5f41d89412333c39a53c3532ba6d88cc5b325dcfa3f9f501c39ce501164cf81af37600d2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c1f3e9ec657e7c648958dc1bd979aeb

SHA1
b6960970be8d5890080825fbd473cf9548ca17f5

SHA256
e687756f96eaf936f9e624319ae6250c696663fbce3908db54a77b8a73fd1b03

SHA512
9256481cd19f1686fddc6bd74d71d34f434b39edc7b3fdecda36b36531140425ffb59c82eec8e5314a3e2c8e23c954a73d0a66e0727edcd86b9a3d5ed32adad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
285fdc3817b87536af194ebf9fa2d72d

SHA1
bd0f6592585d91efc451fa8894248c143bac9f6d

SHA256
58ca337a1ff2ff2e35c4a9438138b797a9d4425381d697b27e4862c2583ff694

SHA512
d16abc478b921c8827d650aa25e19ff384068660145676e0bc36aa217d9bc0641140656df3e0d4f4e5b9e84467cf21ebfae1d514fcaab0e0f55cfe3334ef101e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc5532b474ab9fd958c229f6fc79b80e

SHA1
3f2a0a57180a2e3d84ba1b41729d8b1de1e28978

SHA256
80f7af3f0452c055740badbc585f2f832039970e48b036d3ab582577d7b7a4c1

SHA512
ada1bca87ec9040ff53cb1b65eac76f61ea684cb85b1f643630f2b6a4923dbbf726810dd1e36f6c52996133f8f43648dc68057a4737640b4f0ab57d8a6f8c7dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69904343f861ab6a022563e36c1944c1

SHA1
a24b5b26c2a0b1aac1f6abab7fd936bd9d78e89f

SHA256
e830ac971478140ffa309c2e14d14fa9e9e100d57df7d19e8ff93ad1ef53a122

SHA512
f0104dcce52cea6b72abdd4898361afba96a516de4714e0ed4b9fa46814cd55acbe4bfb40927d9a3a18c1c62f3cf3e93807d119d05b294f507601e4e9055b72f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bae797b1904bdd5f6db8479ca9ca833

SHA1
e940eb5f2301dad4105cbcdf4b184108a63b1635

SHA256
4fc8bc3dd3a5b735a42753310f6ec5de45853bf47ac0928a50c9407ac21196c9

SHA512
0215023e60f6d595d6fc7458415cd450077ee4d0cf6d90db5205145a2f6209c8592a82e31e5de82fb5935431317d3c5a6c71d0958d6f8797fb3cc951670e2865

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd44d91fd34da7489dec920345553a2a

SHA1
67aa2d1fa772b784961bc825e51fdf033781129b

SHA256
201074aaf62c6f26e482f982ecf756c17f51f27ca042c4e684eb9d105618cd83

SHA512
c93c0c9cf4bfb655bcd079a0e0d38091301cdc1d12e6830bb99122f1748cae26c8bf53755d993c071c36e4a1739cefb67c566ce00030117d7d46d86dca6a0adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42fe775ff1418c3429314e25a33936f2

SHA1
837f70a3aac67ee69bb304b225a90cb3f41ed646

SHA256
73e798f33df3f221ab569f29b684ee82dcefbcee8e16a569e20d23f5171665b1

SHA512
6d297346960bbcd6e5da39ef77fb4cbef4d8acd04f175768c1ce00216a46553eaa49e4e89f45fd2a09d12671c7842a445fd0fd87ed99b1359624ff47243eb6d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7955d9c2331a4b3d12ee0307b6e27167

SHA1
fb8f64a4846e858816237c2b3c32af48d298f4db

SHA256
6eee8a523ab24c0a5d8c278acb5a31cd49796d13d46a08df187195d43c03ddc4

SHA512
5dc8279c8ad70f3684528e161002e3f0046366afaf3bfb301f801ef8a808aa6b7bafeb157c23a6925ec1a9022e56dcbb45b2f65ce9a4450bb5e084a76807aa23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a6be9c70be834f4ada9c3f77b41b15f

SHA1
d8b7c5269f216d77c6a6c53dafc24d03d5d3d72b

SHA256
407a9c95e1d702772df882e5122809b9e014327d1a87ded474d455a6b1e96f42

SHA512
b370b1e2f4a6bd208d1f65e5c0284807f2b95e5c69aa75cca563963fe977b965a184e354411998db1fa6cd6426e3ba10a1371aa4fe894a1b0999adc674a5551c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d479d46319a85dd3dca440c61949b84a

SHA1
ee8900b19f41e7a69330cddc40ab39cbfa269af4

SHA256
8fa97787657f8fdd78e4b3a5ac5332120cba98b7e60a045a75874907e549346e

SHA512
8c4d797544815acfe23586d7fb7f53bdac0888dac6279bca582817fe731ae701e3622324d2ebdc14720465214f1a795eac00954545bb9b0b3eb9ad0703b40f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7004dc3dc8e1a7a089f9c85ef50a4ed

SHA1
fd88cceb2954e121a2e707041676cf5062bba97a

SHA256
b6b68538849e1623732fc2e0982d4f18c3ca6547cbe44578928baa215f70d19d

SHA512
4c11607e4e6ffc2ad72c50c9d375cfc48f8dcb4a1c322cd35ed1ef17a7c14bba821e6da118cd06f9fb1a71e2df882912d2775113d50f12e54f3c7e3d15261aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f75d63fc5aeac9d7f0096cf9f0da2a60

SHA1
ac6c60c2d20838823e7e8f8fe1d3dd3bad92ff79

SHA256
c8c82931a3b99b08b152b04964761c6529ee1be8d622c7317ca8c849afbae6d9

SHA512
6c2a602ea9addd044e88200366034352242595b8632b28978b949adb0e9271df24b1b82234c214ffd071c3373bd9424b939ddc75c7d7fca8d69525932d6c960b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a90026da7c06f7f767f71cd6d618e52b

SHA1
885c27b10d5d95ff205338f2dcdef5f01b5e6e13

SHA256
a000de1a2a66c86f14d916eb875d19c3318140ebf5a51a76a42dd79aff84aeb2

SHA512
6498f75617eadc97050a14dd401cfcdf676b116239a4979cd72bd169ebad39caf7160e32254a04f4665ef08523d869d10e4d661a81fff5c5d1f043f43a61901b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a46440c02c31df2b74853f37375c9f4d

SHA1
c385ee87f9e4b44ab11272d74cf671911089d0f3

SHA256
94d25fde3c9f2a65d1489a4918f95d0c90395cc43ff668baaa636bd733eda7cd

SHA512
f1490f4a70844e360dbe2be19bf5e8ea78bd03cdef130ab51003d086915c694db2d4d86a2d96ff26e3a20cdb0b622dcba8e1d3d58e8018ebc41b9ebe85b79054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95a2e242c477cdcff9548b07c874c1be

SHA1
230848cd356f8c725c10eeded5922492201ed8df

SHA256
6dc9782cce887f8f741d9cad22cd545779ec0ef61a173c06f082105257687b36

SHA512
e6221d66c31de9869798b2d94b6de9b0236a69033ad6783aae5c2e7e3553eeafe5a63d66ce062abe4a1e710cd39d5b91b33dcf230572a946a1f19803b0b0cf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6023fe312280272f0179b13a89212223

SHA1
5e0a8a40bfc8f43bdf80e2379b6bf0b9e9f64390

SHA256
7b9de28095115ab3e354af54852148c6e514a7383cdbfca10b61ece3d27075f7

SHA512
2ec9073cc59090ee74778692a65d3cf3d9cf6c5a8504aec8cc59ee19da500469651e21ff07ddc2c3adf61e6d8a072a7f08e833535cb89aba2675dc6e8e625f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5310e04cc13675be3766c269785f00b4

SHA1
d725396d873bbdf9b3e2abbe3b857d20a7fe8856

SHA256
9c3bb14b957db2a3ff51ce5ed4785a6e88bf303cd3d78bea1bbc6d5c138b33aa

SHA512
8f9a75ff838959a371214db101efb2cadb74ea59bf3fef2a019c02fef3c332274f092d360ed4974e56f3a2f0a45121270d313caa56a3c6771e3617297e034b28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6e7921ff44d22234e3664d75969cae2

SHA1
a78b0d973b5f8464e13b37be8e1cc123145042cd

SHA256
9d540deb459c1306084e93b3870147d94b91c711c680a3101f5c0a6b7dccd698

SHA512
d19598c9075a90e4a6ec8f8090397c85bf094032954476f31c0b5824d8f7a42b08e097d0e0ddbd91e7fc9b1043c74a0d0cfea9fa8b695e8b0cdebfe6070b815e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F16EFF1-B892-11EF-AD31-F6257521C448}.dat

Filesize
5KB

MD5
57be3b92a66c2e50742ca0e4d4b116d3

SHA1
b473caa12fce8784fc09d8c31cca3c5879618eaf

SHA256
856181359dfde7ff5fd0ab9a23e10d978e12adba9ed670db2d93371201d380ee

SHA512
a3d94071a8846f12544c1c5bd7c8ea4bf26fac50f1df279197c97ea496ae8ccf03f09a4d7ce37459ab8135ef0abe5b00a522b756ad64e440b1f7f0b59428357e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab35F1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3662.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2008-5-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2008-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2008-0-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2008-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2008-2-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2008-4-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2008-6-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2008-8-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download