ramnit | 09ef054146d5b642ad47edf35b1578a4bd8f658734ca401edf2b506cc29eb1dd

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/01/2025, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe
Size

1.3MB
MD5

45775ba73c9e802de1ea2f2564b86410
SHA1

b1f445aa8737207a323dd5787e9d5651d73d804a
SHA256

09ef054146d5b642ad47edf35b1578a4bd8f658734ca401edf2b506cc29eb1dd
SHA512

05855d961c5a16bfb841441f20a4031a73a59e576357c2aa7f0113e7542011011622c150e4f66e09f6b82282de2c50ff9e678fbcd660b22d9f06356cb930d2f3
SSDEEP

12288:Ajs8eq6hy60r/bmwP/y2IByNbqycrtt5/3T1mAELmCeMKc7n2oqB5S1WFU8aK2Ir:+zUZ0T/ZIsMLrttpRzE4fPaK2Ib40V

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
1452	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe
3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000012118-1.dat	upx
behavioral1/memory/1452-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3012-8-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1452-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxA5B1.tmp	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441863854"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F7434B1-C7F0-11EF-B12A-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1452	DesktopLayer.exe
1452	DesktopLayer.exe
1452	DesktopLayer.exe
1452	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1528	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe
1528	iexplore.exe
1528	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3012	2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe	30
PID 2424 wrote to memory of 3012	2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe	30
PID 2424 wrote to memory of 3012	2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe	30
PID 2424 wrote to memory of 3012	2424	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe	30
PID 3012 wrote to memory of 1452	3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe	31
PID 3012 wrote to memory of 1452	3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe	31
PID 3012 wrote to memory of 1452	3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe	31
PID 3012 wrote to memory of 1452	3012	JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe	31
PID 1452 wrote to memory of 1528	1452	DesktopLayer.exe	32
PID 1452 wrote to memory of 1528	1452	DesktopLayer.exe	32
PID 1452 wrote to memory of 1528	1452	DesktopLayer.exe	32
PID 1452 wrote to memory of 1528	1452	DesktopLayer.exe	32
PID 1528 wrote to memory of 2468	1528	iexplore.exe	33
PID 1528 wrote to memory of 2468	1528	iexplore.exe	33
PID 1528 wrote to memory of 2468	1528	iexplore.exe	33
PID 1528 wrote to memory of 2468	1528	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45775ba73c9e802de1ea2f2564b86410.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f4ec0ca08300f1452beb3f4a222d9fe

SHA1
ed42217e4bd3affd5b521d0c0a342177237c20af

SHA256
e3944d662a4e32ddb579e78376d807ae67c37a9a75e22cd225319bf488166096

SHA512
413a04b20acf952d69123c65a05ff44092cc90736274924f8bdb61d2918c0dfc3aa9b78a6b80d0c288938b29aa4d94d030477e57c604e7ff8970f174ed37266d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42bb75458017a31a67a0a8ee6631268e

SHA1
a86b2807a28f15c5601314c04a68b667d9034f96

SHA256
889c48f9933aa1c03a76b9197cf15b2c85c108d67f4ac7f5ca28a69960366bee

SHA512
647a2789547502fab0190ef9e5ca93e674b61821228ade93f37cb69460cafe974ed4f46df331d34e1014738c91f50f92eca0e899c93fe1c27fd04839bdd52e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc4824a4e3014004164d35ebf93bad64

SHA1
7a58170c84be8aaf8780c8c53828021aa661f452

SHA256
47b02c21126271f1968953bc0cd879715fb267a7c71b689bea51c7259a3f74b9

SHA512
b9dc9bca67e4a5aa59aa4b756dcc41348a74fd0d70b8c7ec2411f7fb2411343f89bcb81de3350a462f1c9a61deec1e3cda410f895149ab287c66c8881f2db623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97993fe73c7b0c7f6ba9f18f305c3760

SHA1
17588ee4ac9d3d600b0fb0eda02c99e64ef3d449

SHA256
e7d5ac96030b5be2bdf857969e29524b2090e605c68649d412cbdc2efa275a43

SHA512
7fe1d7227c7c1ddda748b813e45b4e39998094a3a69557c65db826373fe3cb0d2df42de0e021ebc87cb6cc700093deb13f456f09ee00806a5e9b36160565de64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6126cd02b28602387c7c9c684d91e6cc

SHA1
311f567b411d6715adc17cec59c5481424e76fed

SHA256
f29a9ae9ca6fe8689ef4370e61bcd15b73523408da231855acd537dc182086d8

SHA512
3424acc4d5bfc3527bc19cf13c7c312cb86943b22d4735f6e8eb0d56482fc529d3c99ff23046548c0cae0a8502bd053e9ce67aa10603077b28ef1532f2b30838

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f5c4fd5a2dd383339ce43d678cf532e

SHA1
85825bd5db628c57f1207895ef5b92b7e6082ef2

SHA256
0c2dbc9b95b3ac193af8838e06b8969365ebf5f8b94be5c7969e534a8f5ef214

SHA512
631856331f3701b8c84c1526a8b07e2c884feebb8539897785f365d167336e686e5c0570d705ec8b5a473f32ce640e86a5cdbd050ee1801058ad2432349ce810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e45fc30061399d75381e25dee766bbc

SHA1
01b3ee19e1caa4db7c5d531d5b8b5dcc66fbf757

SHA256
6785f0cf8fe3703991085fbed8c1f5c5a77257086814a2eb63c4575ea34c2fba

SHA512
c5f3e5ab76abd48dd270973362c5d14395ba4b3109c12731398b8b172903edaee22a89051bed52ecf8d62de91413988b79172094f8c7a17af24c1666d65426e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da838b6a60eae4cf6b6b7cf591af1fda

SHA1
de745d922f49d682e25f6a8bf636ac0cf8ec2ed2

SHA256
93ebf65c3b0e4ac6da83b0706457e60b66866ea9aa0e186f840aab0368bca0d3

SHA512
e82f9d5c9d89efe64a47b1d0ce54e4a538281fe81156c99a33bf57d8fb8aad82ee459ff2412d190993139df4dc990ce6dea61297d9ff3f562054e257c2e07618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d16a51198d6357ef10457d3fe88dfcb

SHA1
0f2e286d246103670d4cd165a2af35451fe01059

SHA256
e86201acf57d5152ddffeab0c539e942f934f760440256e8233b5856f333ef6d

SHA512
f549c9b9774f6e6cbc0d2350516d3b2b37266782f34d008b3d0837b8b68f2fb1de659a441306711eda70bae1301e28e9a176cc754d9eedce9bb41c1fa656790e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8de1beb133ae1f43164a0126833f3270

SHA1
3d95b5703a8a7f7e5138dbd1872c45464a07346a

SHA256
1d599bc3f3d8c01f9f9a41b2bda88bc4b02c59d2080a95b05d04894260a2882e

SHA512
e2a612d2304299840a779e5f96f8baaf990ec22657ce0813bd54a42a2d5644f9479963602bce3454b566ca1eb937401e2facc0f85863204022e5c904b72f7057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62f3a0641557a5920fc028366ad16d0

SHA1
4ae07c2de127f474c22fbcf5dad31110755a2ced

SHA256
a45390766865ec91243878dc5b800f28dece460e1eb85587e80d228aa842eac9

SHA512
a23217ac65bd6f203445bb8753416289cd49b88ab511d759bc2e932fe9cbad63abadb43554a6cd17b380253b54a6d59bfd195daab43d12845bc1b9cea34fe160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f86438446984b71bad4f97253e6b1ca1

SHA1
0122ac3835633f45f7669315596b98992ce92e41

SHA256
a78437048db169461b1b6936986bdb9a0bb9c8ac0150f3b915bdf5158b676487

SHA512
618d4fd456b46d258d5f4f299507f5ef0dce961edde87e550d553fac489c9f5fca5d22034049495a693bb805174b57c097cdca004591d87ebb1b47fa924ed744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2d29c2c339ffca0c6f83af290a68e0

SHA1
79435cfef55b1009d0e23a4dca099d8b465ce8bb

SHA256
a67d6f943e77a1b89f8f0d1cb274270f2fdfa392d416d7ff165193b892a0874c

SHA512
b7e329d5957ce83c06dc02dc74574ae9f2e248035cdbf68c7e24ca35e3d8d6fbc098a076a50fb44c23b8000a4ef70a685a1545cd2e5582ad2bdc47c3a6cf064a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7990b56dda55ed74ae46eb61c92ca88

SHA1
820b2b3e03681c6505e20b4eaff76e1e6cccc779

SHA256
c4be79c1887536c0f00792fe7e118935e02d60043428bd1b5e3e1a854b566b3a

SHA512
61b7fbc3fb776326f1ff5236877cb572c36c337747c290dff2ef956ace91ea11b5c328e8a1bbd3febf45d8de7c0d16a87353d81cd3cbf8f2cdfb09657d8055f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74bb8b10e9e11f17692e2af28a58c5d1

SHA1
fb73e4c4c4d26b8ca94397188af823948dc30791

SHA256
1d525b698351a4f7361043133dcb04046d5911020671e9cc5eececc5b5211da4

SHA512
6204a1d4f5110c73c6242d10bbe4d9de94180fda2508999d52af913dddd4a54216e8bdb906595e8e7f3acaa766a4f31a59df898180b26cb13b54b7c6ae37e7fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed7e37cfe12fbd944cded8e19b4046a5

SHA1
10a6c544ce1c878e1d23cd555e258390e549ff10

SHA256
a56a976cd38554844f2d2d2ab7e3f4f6d4df78684486033ccf684d844a94b844

SHA512
302c842c2da27bad07cb4ec1f46074028c4b9f9336c27e58c6c7d5ff05f97fb80592297ee16c1efe758cf020b1a67f92fc82d3f07d26cb49b0eae5a167a88be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8c0bbe08f87515fd2312c3f61c41d43

SHA1
5e0e7aad29ee78d8333cb0ac4e7bb377f1b9dfc4

SHA256
c2c22b15a43fb07c5d050a173c7f60e351e21dcef06cc2a1bcedfd71560417c7

SHA512
6bef2f2f7e919fd44e2e30e3f91e2a877108950b2bea6f92b6c1607a3aa39310cdfa53eb2b6ccfc3d4887ff3535f2f0f815c105d048272282983a6d90561620e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5601cdf14268a35ab0283ba7c1f42501

SHA1
7dfb657ce0ce6cac1917198d66195d81806b16b2

SHA256
bc1809b3aab9fa744702cd2ea73aa4f2fd3167a4da6665eedbe8af75c094b4d2

SHA512
f24edb97bb46e5c5daafd31831b335ea89769cc1442483465e1e80f095618de155fc9b88ba4bb193e036ce220666ffc1e0c2ffef1c717f2b9f0d81d995abbdd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45badb72e32cbb75f49a587597f4f218

SHA1
d6180004534e1d19a38f95e3be60e799ff7805e7

SHA256
5c9e553cfdbf0fa3b7c1fa51facd778b4eb151c0e45ba67fe465f618314f4e41

SHA512
c6aa47648a96edb42e6c1f1977c4a4bc5b43ac3b0498dd619a4ea703ffcd8cdd980b03505fca717420378a95387c3ceaa600dd52824c360cd1955173b338c2ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a5bd1dff2341f6a4d84e09299234cb2

SHA1
a409a5109aefb6a38dbf579f67f96d0292983c6f

SHA256
1f109148be943189cab5b49273853946cd56241ce3851cf7bfb25ae8976999e4

SHA512
54ee05bbee12f01c15c5680dae8f8f056f5afbf162710013012a18e408204e557a2d683090503d146998d8bc49debfa7384591a5fbb2288e32c5cc60dbc9ae6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC5C2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC632.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_45775ba73c9e802de1ea2f2564b86410Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/1452-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1452-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1452-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2424-4-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2424-451-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2424-5-0x0000000000250000-0x000000000027E000-memory.dmp

Filesize
184KB

Download
memory/2424-21-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2424-22-0x0000000000250000-0x000000000027E000-memory.dmp

Filesize
184KB

Download
memory/3012-9-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/3012-8-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download