ramnit | d0e61135382303eca92d3e66cbd84621c2a9e92ec9d8f9fe3da0e7361f3ade9d

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe
Size

100KB
MD5

423ad0cb669816bed6ea51e1d675fd40
SHA1

fe5556fbe1d7016fd687729e4070fe83d94a761f
SHA256

d0e61135382303eca92d3e66cbd84621c2a9e92ec9d8f9fe3da0e7361f3ade9d
SHA512

4005bbc07222f4868ccbf9a7cfadd11021baabcabccd6e203770df92b3e64cca7442d00a838dc9e5497aee5ef4b10996aab962cdec4da998a7173723defd478b
SSDEEP

1536:cnEaoFtOl90eQj/WOLiTCu3y8dwjbBNv1CFvCNwiO2xBCiMladwvb:Q+FQl9Qj/D4K3/Bt1CpbiOSwvb

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
780	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2364	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe
1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000012117-2.dat	upx
behavioral1/memory/1728-7-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1728-10-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/780-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px9C01.tmp	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441856701"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87F46531-C7DF-11EF-B9BB-7694D31B45CA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
780	DesktopLayer.exe
780	DesktopLayer.exe
780	DesktopLayer.exe
780	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
280	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
280	iexplore.exe
280	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1728	2364	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe	30
PID 2364 wrote to memory of 1728	2364	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe	30
PID 2364 wrote to memory of 1728	2364	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe	30
PID 2364 wrote to memory of 1728	2364	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe	30
PID 1728 wrote to memory of 780	1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe	31
PID 1728 wrote to memory of 780	1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe	31
PID 1728 wrote to memory of 780	1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe	31
PID 1728 wrote to memory of 780	1728	JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe	31
PID 780 wrote to memory of 280	780	DesktopLayer.exe	32
PID 780 wrote to memory of 280	780	DesktopLayer.exe	32
PID 780 wrote to memory of 280	780	DesktopLayer.exe	32
PID 780 wrote to memory of 280	780	DesktopLayer.exe	32
PID 280 wrote to memory of 2276	280	iexplore.exe	33
PID 280 wrote to memory of 2276	280	iexplore.exe	33
PID 280 wrote to memory of 2276	280	iexplore.exe	33
PID 280 wrote to memory of 2276	280	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:780
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:280
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:280 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d8cd0300e14af0ceb06cfecde0fb1e3

SHA1
0d9d0333dd581450c3e1d61a84becff93af838f2

SHA256
9d8ca9b66295b73c6e1aac7d75c4f072ba76919b00182128ab547dff4daa156b

SHA512
0956b16c70eac9f6522c26031a019bab0a6671db398f9d1cdca2e24e66bdfc4b9fff1b231efacea0dce7fc922d9b084eec4a9c24e2eac4ac95e9334f481b961d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fd5fdb53f90deed1d4824b43f3295aa

SHA1
33a3364d05aeef4dc357c51ca6fc6cd493c09615

SHA256
592a35801eab5bc508dbd40612bef109120867efeb6370974ba4431e8b4a58e4

SHA512
e4b2a17ae12bd87b6808ea03d435be9b875b09c2632ab23517b2a99eacf228fbcc7ca4a19fe4af79fe76ee8b4dd12324b7168b35a7f3a729b69bbadee194d7e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a02ea26dfa003a8993f1e712b51a2dac

SHA1
8fed277ee9c4f00b804d59bde88a367f9a41b031

SHA256
d28ff454539b8e3af17cbe65920354878f8d77744ffdd8f365ae8016259a1ffd

SHA512
0ca79e4e23e2ee863978eee0124414cc40318c6693a8a215982de2f79d4e1995662e01fb579c568b7db8100ae960da5492abb18d985949636fb73451d95bb85b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7fa4087f2d010c05ec9a1cea874252d

SHA1
c1a415b4af8fcc99db2cd80b8103da9188ecf7a4

SHA256
62f0fa2659f4d7ab48bd0632a5a040c0a9282b961a6c726626e5d4160c784c6a

SHA512
bdcd5feb15605f8771d4a79c9d3497f8ed603695a1f23089f537f814e145b14c5349e06dca2e39ebe5b70f3125a70ac540b372681fedfaf917134d79e9b56c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7d1e4cda0e452892862aa16520cb1e7

SHA1
1f33eead84538637c9a52fd4e9c9e971587f3670

SHA256
873d9b6dd686bb7d028983d5727549a1b72b1818c180f335a1cba990691fb58d

SHA512
c521c7006d9d589b015fecaeea8c6adc73d8008c64dc56d7a373ed8b68010262fcc26b77b908518ef041098add13c0a81fd109421541941fde14a4be40b2be57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3873ab6967410c94cfa96709a3697c6

SHA1
f11a092c10d59c6e4cce5f52b306db017f4ab275

SHA256
7c6af86fc06920cfd077c44ad36f340e431384c96332f49e7839676a448090ab

SHA512
d856c5e4f4f45e063f8639dc6a123d0ad8d26a5ee87747aae2c4e982ff0ae2bf65a7473ed10af0fb2139cee3fcf56059474b63be28c3c9c0d808cff745c3bcc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89793fafec3c9bc8a271076551c1b905

SHA1
e52fb1a8d99b696b16e495c0354547240a4ddfe0

SHA256
e1aeb35b14df75f1acaf93d71b8dc9720147a5f2df74e7cbc3516aee4e4b2162

SHA512
19894648a67a681dda5d8a66b88cf6066fcfdf1c8add92ea3f97466607114f7418da5fc7400dac6a65f3b8f1d91d0aba7d085961585c04d47ac73c8638aff34c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8e3dcf7bac6234b608bab0bb3b168e9

SHA1
ab7fc8ac68ad3a462c100de38b8d0ed590b5eddd

SHA256
1c5f9d3dd56859778f0c327577ccd4de7bcc535385a1785d8cd56c8c7157beaa

SHA512
6710ee355420b41806e9673ac37f04656b91f98029a6a2d79d5936e2804f982e71277f08373378e2a8860fc88027f5c296100721a6e3961af67347730b14a265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
117a1e682adb83beffd5dd0a851cb04a

SHA1
682f1314600af4191c72459d22b78eb0c6fdd79a

SHA256
e9882fafa34ec5ea79dbdd9ccea4a3acbfb863e87dfcc093947d2493f95d4ec6

SHA512
3c7a52f270224caf2bc349739875e603290d9e73b841f7e531e70ffbf26801bc20d19712b5dc47a04e8bf15df88cf18e086040e9bc7496af69f2452063bebe16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c141048bc84904bfa24a013c910c075a

SHA1
b14edd2ae9fb4d5b9b70e73b1f0941e99c963b7d

SHA256
1279ac7bf9b60ac7cae8f17cd5c23a1b0697c37c630d9c556c8eaf468422631e

SHA512
6d42444b8af7f310f55f91ec15e5068f2107c3e30426d6e3314a4529f152c5f4a6128b315a4faa053fe5f8c6fae78db9dbc32337da648c31e643dc9d4dc20555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d59a85078d1815a3e7bcf718abee9545

SHA1
bccf8844d8137decca01eb9bb6bd9e94235af386

SHA256
5510b44409f567b4af885fd64441811daf5278d414001a7d40359fb8c13da6f9

SHA512
be998dd9427b8b2ddab4757b9da57e1acc63d588e49f93e9a96b71a648a7ef4548b5645f6371201cd334081a87881b6a0909f024a8468202f51439027ad75e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cce3c5def2f14298aa3abecb7f48a9d

SHA1
d658e0d1d0f5346fac83fa21e09a330fb09568c3

SHA256
fc14882a8b3096187887e468f58049d007d7c6b77863abd836a4d4084d4c8779

SHA512
4aea02f636cf7743c7fa5271398a214697be0c38271f7903565c1c88b8ef5d6ef52639e0c143b3a3b18c1a056c097b4cd51819f9addf194377d1bfbaf4b0f82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdb04120f0c03543a7e5d2ef80c6de74

SHA1
2f7fc06b60778a2e1e3393398d9b0f54d5ca6966

SHA256
fdea5728e928ecd2cfd34790f6d300e777c0933b43f14a8ea3451a72c60ea825

SHA512
21b76a6b19c9ec7fe3cf34fe84a9cce2fdb7c90a9e2ed77fc65e37010207d94e63df92a1d22a4a6581ee5731e7aaf6a2850e907500d5162dea8884a586cfd800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daef74d0537856be22f7ea6cf1293dea

SHA1
79a2bc9f48891ec75417ec60cb73e324d10faca7

SHA256
4456dbeb1f31fb3127f401e740ab58f700a00faa43511d6ad0b9045bdf2680b1

SHA512
1c245393dbc87751b0f56f4169c219053cfdc06a0b1b956a6d29ee3513d25e29bd5ef994750302f95cb7915c4b992f910f3c38d4ccb3b7abb6b4dab556370f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0dec5f25dd3e13a85bbf7c2007febb2

SHA1
99420350596c68b694537ed11a34b0210ac64838

SHA256
51bbd7f8cacbecd18739d341f93cd3418a3a0bd31703b755b99bdc1004ee2006

SHA512
2484fdd7ecead193af1af8f5b64a2864546aa2a83d405248e4757c61d40196eb73face5addd0d1ef50a0047b268db90f9d746f28a704246d4834a69175bdb088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2c95730d2095a88ac0db4de20515e58

SHA1
59ea3f4c7c9060cb3f51dd25e51d7b2a14c26d8d

SHA256
f022db212659f00afd733d6912ac4d62aa2173c2de30e675285e59943a0d9461

SHA512
1cd3de6efb91ef44cb9aeb83d2624f30ea8672f2a4085db2ec70780fc4005cd0c3cca6b1fea3f43ba40dfe2062536e1a371a2ceb87bbf01b5bcf8d6c355a5081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c9f7c2b04eac830b6829ac69b2e5c83

SHA1
9d3aef06e1a186dccb376941e7e0b9ac01ce9b24

SHA256
a4f5105ff6452b6d2d5b052460bd367e3dfdf3b1bf7a75275263f5ab399eba3e

SHA512
e1f43ad5a85bc051bd1f23ca445524e10fe8237c57c50966d24ce7110b6eb4adbc48f2723e0156702cad9506a16b402e4ab3d8b3ea42afcac58b7eeac7c23dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed1dcc69bc586602f789874390c55fdc

SHA1
ec2ed5a5dfe1535afb80c64dc3d74ea716d85f97

SHA256
a56dc0ff2834fd7b3e19216f275fe1f58877b4ec6c3cb106073cc1752e826aa3

SHA512
b8f40f4dad95ce2d9721bb8e0ba5dc1714e93bd22f67f3e3a8dce2e6fe5017aee554a8fc4eb56c832244cc965d3a4d44d8d99ebe8230461edef5e1ea4872f9df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7158451089b364672e8b715c1960e676

SHA1
9cf9b0b4dffb673d6d062ed45c562a074882b7ca

SHA256
ad709eaa4cb063e3a32f37dd1d290054be13995eb4d088c734eb2d1b121b3dab

SHA512
049dff84d6e5d9c041ef22c12ef62144572b1fb2fe9e185f3dcdc09c33d0394a4c8ee6ae4c4bc9eb6e9593b95ba227289f560e4e117a04a5959435758506dddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC50.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBCC0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_423ad0cb669816bed6ea51e1d675fd40Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/780-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/780-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1728-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1728-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1728-9-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2364-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2364-5-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2364-21-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download