ramnit | 4b79d945c88314ee11c90b7cadcafbba878ccb388a057b27f038d994669d2dd9

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
Size

156KB
MD5

43e330b36ce60a6d12f3458def1a4b30
SHA1

1d75c8fbbb774d1fe54e172d04e76dd51ad46672
SHA256

4b79d945c88314ee11c90b7cadcafbba878ccb388a057b27f038d994669d2dd9
SHA512

08d85a29ecb4b1b547e3ed3e1f1e59bec90acc19eb7cf331f437f5e7a0f536f0ada40d813cb7670ce71e4930274f29b5d71cb6278413e5b5c4daf43ece1f0fdf
SSDEEP

3072:s7aR+ujGXMCmN6/kJoan3o4FFezbi2ORrIb9x4JiQBTj6wsloIK6nQNHdc:BZjkW6/kJdAbGRrG9xo79c

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
2748	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2792-7-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x00080000000120cd-8.dat	upx
behavioral1/memory/2792-10-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2748-17-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2748-22-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2748-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxEBC6.tmp	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441860328"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9E5BB51-C7E7-11EF-B2D5-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2748	DesktopLayer.exe
2748	DesktopLayer.exe
2748	DesktopLayer.exe
2748	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
2128	iexplore.exe
2128	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe	30
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe	30
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe	30
PID 2696 wrote to memory of 2792	2696	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe	30
PID 2792 wrote to memory of 2748	2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe	31
PID 2792 wrote to memory of 2748	2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe	31
PID 2792 wrote to memory of 2748	2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe	31
PID 2792 wrote to memory of 2748	2792	JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe	31
PID 2748 wrote to memory of 2128	2748	DesktopLayer.exe	32
PID 2748 wrote to memory of 2128	2748	DesktopLayer.exe	32
PID 2748 wrote to memory of 2128	2748	DesktopLayer.exe	32
PID 2748 wrote to memory of 2128	2748	DesktopLayer.exe	32
PID 2128 wrote to memory of 2804	2128	iexplore.exe	33
PID 2128 wrote to memory of 2804	2128	iexplore.exe	33
PID 2128 wrote to memory of 2804	2128	iexplore.exe	33
PID 2128 wrote to memory of 2804	2128	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0784eb6ca26b974da871a79310d7c8e

SHA1
b1551186fd088be6d3a63595c95f065aa0c69c12

SHA256
9ddb90e32fdc7afecf3f2d46a36d15b5268caae4a43cae07a9ec57e5c053ca24

SHA512
f269c53f861cf467177b6e16fbaad95a53e58f89c69febd1520d305e5fec500aa235a5ae19d564daabc573b56ddeaf6f87d44a1a97c0475a0cda5da122c5093c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a77ba4441b54d5022a4bb7364f9946fa

SHA1
b4ae0920446141da41cff320e97675590935388a

SHA256
0bbcc368192e6741e7e5d858014cfb1639cb1c76ee8de2f1caceacc7e6c183d5

SHA512
a89af7cbc23b489e1852451e55896793fb74cf8c6c6d2103542c51c6e09b5d08757ae540c50c6c414165d17e23e94cd45cc6186095b29ecbd364be5a8f2de800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bdfc8e3dc1a2492f484c28123ef4829

SHA1
9f6984dc8d16a12a70545bc150cbfe2173a744c5

SHA256
a455dbf0cb6dda7f753c5cbf85aadf98f84363f81cdb2ba8e10377548c14f712

SHA512
9dd4b0c038cc7e8cbd40aab506eb1c4a1bf3dd4f157f23110ff3232493759ae5bcc82a0adbbe024d6e38545fdcfe5ae9bb3a56460e804ce27e96fef6d143c695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c48a7a8870316b6b98ab566a9d34fa21

SHA1
671dca906179ef3b35a698a1b8c98982eca30769

SHA256
dfc72d853964c2808acc2bcbf485a80931afd620ba55c6fc55fc167686bf5f84

SHA512
b9fc61c90b2846ac294e1a404fa5b954323528496d4c40307c532c8275ffdf2ab72f1b0d60568352be2a684b4756a7c9dd02eb412bfa93cc81306647f820a503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
259a8d4133ac3f201e909ca6a9b27c69

SHA1
98c4c0eee8afa24d40827912ea5d20f1496bc800

SHA256
dc13c9f8c18eb10b27c5eb1c8e663ff99c4b51c40865a05529295b9264d9ceb9

SHA512
3d545bfb5e2457562326947a0ada2b302f07f00b2c0a145ff17fe579eefdaf34626732008a13246020d1acddb288550d8badd21d48cc7932319e124608b00eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ceec7b3491e1475e9a137efa1cc5705

SHA1
9172149e2d0d3608d816440776b0543ccf91851b

SHA256
054b8a4429ad1b26ce85755850d7f35462b608138f0d5545ca49cd7494c1daae

SHA512
a67304264652d0b6293a67856c12388f7b0aac77832407dbe75ea95f7b5241c7e29585db57d22b7c6dee60192d8ecfa201d77df1241548f643fa148931dd8230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccedd75b12bb5bc9b57a84ac46e8ebf0

SHA1
eabc3497dd00b227756aa449fd5519291b62ff34

SHA256
67b3a623558c35a0b37d4cf3f9fb5b18f0f526cfd52d5ebaba759387935d7b62

SHA512
f843a14de59671dc96ac39463cf8032158756b5f599a32fa8b62211f58dc23857e7f780a5121794b028f08a44db2873c2da184ba0f2254ffec849639adb4b6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c08d11b7b99fc8dde18f651e172e9969

SHA1
708c26c609de98bac9eb71e08161bd551ccf2aa1

SHA256
d42b2ead19fa0be711b0a24e1c7425bb388243678e08012f3018c1385512f1a1

SHA512
e816f04875a32b2a06024ffccf4f06b86e0b0070684e442817886e2a59ac54fe50eedd7864350820567a301168f78544135721773393d60105c71faac893c32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02255116f47b9c88b7945fb524798a3c

SHA1
08d81b85e716942fc5b751676181b541a2ce4a68

SHA256
7a0c47adb3011ee49b7b425f1d7414f0f5b92ae55daa3e36788e4dc0616eba37

SHA512
40ab72e49bae5bae82b2ce2e484ed2bbb271b1edaed8f673024a4f47e87b7febef2047abd4cb3a45792f7474c37c64b4cbc41162d63ab61fdfe7d5d990c30052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
890924792a96f1035fbc153906507efd

SHA1
f9111193b8e8b58d67d89328d6d96b81562391b9

SHA256
863ad89c19f996258ce2740678c4c43120c3bfaf23237053759672ba7422b3e5

SHA512
dfc1bfb40ee21e5491d5664d4d8e8a0a5d73f57636232063894063ef27d55d8d16e3d7730bd1bcd7c725d7a9b1833d0e2b64387cfffc6f598ddb74ea09c9b599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aba03268b29a0d53445d272a1eb38f7

SHA1
4574c8186ff0dc4dc44539fde9936e83c5a95699

SHA256
1e86f50849fa2385f17f4e0a5f9bb4c109297e4054b4f3f2cc1b6b855cd0d570

SHA512
c5de9d04d8b25805f9fad275fce1682e503e954b7d3970cd265c01e361e2007aa9a6b56d44dce4fae01c91e62cd3acb7e6a4539ccdbdaf305eb05382c8716505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c618389e865dd9ac88c076bb3ccb5e1

SHA1
d7001866fa9e186c4807ceeddbfc83ad4315448f

SHA256
d768dba7c0010f8b49114f21b595f8371eece699f169728abc15f4396284f217

SHA512
49db31b9d7095570c225398c9003cad4a89f8ca68182b5077989b014c767fe717fc9362b55047448057630b5084212d2b0883b3db7c9d1c005a20cc278725ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56851c940120fa2c7c432b3ccf227a0a

SHA1
938c65440c678607b5229c23cfd36e46f79469a7

SHA256
6479413a33ab5bff3efffb1cba55a02393339032f676857b600335d3cd6dcd0f

SHA512
b23b0b5f3b2baab888c762cadd117d07e5b040abe04f9a09580f84f5c2e1176762ef9fc1b292999c983cff9a5f74756566a66f4adb154f1eac27195491128785

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
963f3af468a3ace9a831ba0eecd1b42c

SHA1
369c9550793601f6c464a8aed27a5643de2ed34d

SHA256
8f87931bc733e063f260d69f25bc2ce68f9103c0ad3ad4db3a787313d964db9f

SHA512
ca395ef24a1bb864d73c9496fa4668adf828f5068e20cb3d6c440a57aca758675c9954aa054e56c1c02d43fd6812b10f53706a1ab41ad418bb8c9aad21fa3040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
489672ee66e2a233ba0ac73c9eaa7257

SHA1
1cfb2e0920d5ab0d8e23dceeef75ab542b724e28

SHA256
6fd2c3b3435d8be96170f5775188fcf4fc44288d65d7406571fd57582cc92a64

SHA512
5266293799ce85b6f6b7790dc4f015b18be25a48d5cb0a7e533c7ae5755dc67adb45efb840c26387a47a7afc6b0172985216b20f249fc7b6d206f5bcf103388c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f866b0860563e739fe2e7f17717400f

SHA1
ab706e40b477b63085537e740ea24839dccbce82

SHA256
8039a9005bde064af2f6da24753977fe20cb522c358e8404f969b4677a172d8c

SHA512
a45519be60e79c06034b1bd73c0a48e9d48c71503fc9428efb0fc98ee40e25fdc314e29da1caa5ccfce003aa09101dd103cb188780ba3563c4c524f419768362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1d060dfc36244b2b01906dd329b6a3a

SHA1
ac9536fb6e9c4596a41a49223f39beb9fac9d8b7

SHA256
91bbf0754c136bd69d09899d35a1faf574462e7544d425c134995ee91935db90

SHA512
23f470f387f034450f5a8bee883f14912e68f407f36dabf35cc05aadc9c0aec7a419734c018ec4cd1b50641c22acc1fd9fa02c498ec8202c7689e15333a723f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c997fd188190137a6f5d534f1c40fd3

SHA1
a29e41381238d5432e065d94ea9875e5ef9d147a

SHA256
062b1daa95756e3489aa98e7042af6d3a10fcbaed5af698ac16e7288c88371d5

SHA512
9527cb9d8e57ad7305661c75f8652e29924ede7e445a7f189cb6e984a895a5ba511b383bfa1b934e4274d337a83c5e7b73619bdec0acce59f9eee671dc4d62b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b584f7cdbc35697926c9b4404621b82

SHA1
6631324dcaeaba554faad481c7fac345a80a47b0

SHA256
5b963b65417fd26df213c3947f9a70fe490fb3de8f26596fb1cff86115566f0b

SHA512
0120d5c8788572a15aec4679f7b2fc92d2d540f1dad48b9b54adaea6ab4dc2c4aaec161121c0a5e40b50ec745dc47a47702e630d263e45ec3190002f385c244b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDBA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43e330b36ce60a6d12f3458def1a4b30Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE49.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2696-454-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2696-25-0x00000000005C0000-0x00000000005EE000-memory.dmp

Filesize
184KB

Download
memory/2696-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2696-24-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2696-6-0x00000000005C0000-0x00000000005EE000-memory.dmp

Filesize
184KB

Download
memory/2748-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2748-21-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2748-22-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2748-17-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2792-14-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2792-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2792-9-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2792-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download