ramnit | 5a9647733c8ff8451ba57afbaf8cd3306810f2f47de62824d284a55361c3a0bb

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
01/01/2025, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe
Size

144KB
MD5

4ae0f800d728bb24e4e954dcb8a94640
SHA1

f9f551dfb3f29fccccf3f771433a02d96ed7a310
SHA256

5a9647733c8ff8451ba57afbaf8cd3306810f2f47de62824d284a55361c3a0bb
SHA512

4a41511752c93e6f1e5d71cdac595f464f91fe6c2f4533b9fd968248db1dda01ae6444b23c8d38e64cdb11748c61ae0e1a5867d4273029ced88623bf1044fcbd
SSDEEP

3072:92lmwbeSUcHu6XvIkw9/SUo4fv0wO09RQ1yXyJLKo:AbeSUb6Xgkwwov3hQ1yiJLKo

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
2248	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2908	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe
2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c00000001202c-4.dat	upx
behavioral1/memory/2248-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2968-11-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2908-18-0x0000000000220000-0x000000000024E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\px6D63.tmp	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441875451"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EA4A401-C80B-11EF-87C4-5212BBF997B0} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2248	DesktopLayer.exe
2248	DesktopLayer.exe
2248	DesktopLayer.exe
2248	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2968	2908	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe	30
PID 2908 wrote to memory of 2968	2908	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe	30
PID 2908 wrote to memory of 2968	2908	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe	30
PID 2908 wrote to memory of 2968	2908	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe	30
PID 2968 wrote to memory of 2248	2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe	31
PID 2968 wrote to memory of 2248	2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe	31
PID 2968 wrote to memory of 2248	2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe	31
PID 2968 wrote to memory of 2248	2968	JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe	31
PID 2248 wrote to memory of 2420	2248	DesktopLayer.exe	32
PID 2248 wrote to memory of 2420	2248	DesktopLayer.exe	32
PID 2248 wrote to memory of 2420	2248	DesktopLayer.exe	32
PID 2248 wrote to memory of 2420	2248	DesktopLayer.exe	32
PID 2420 wrote to memory of 2976	2420	iexplore.exe	33
PID 2420 wrote to memory of 2976	2420	iexplore.exe	33
PID 2420 wrote to memory of 2976	2420	iexplore.exe	33
PID 2420 wrote to memory of 2976	2420	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2420
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c63e36abaa3fb245eb0e57930ae2e46b

SHA1
983dc83eaebe8ab05c0e3ba588c2ccda81217c3b

SHA256
2031b2badc19e38e3f4820a168237316972407fffa7bf09c318eb91499f6ca49

SHA512
6217aab2cc3ab0188adc69c2381cca0db0afeac59d9ca8a09de2f7799364e37ddb61eec75d98545b9dcc2484daf59cf97975d52ff4e4df50b1fccc35cdf40e88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
780c86c13fa6ec1ff9f14945c18f320a

SHA1
829bf62023bcf21d785ce1e63f4c02431dbce490

SHA256
02e844aefe909e63bf63a74acfeeb4f644c20441f3e4fcdf8c818f22ff9e3aa0

SHA512
bbf91f46f32134e812c6ed30bd4fcd03c2cedc085047bbd0047f19e96c5709b08fee6f130f961515b8f3678168c80a35eee10de6b04c501d74a955c1aee0d48d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
014b75b8e0ab45af22d76acec1fcde0a

SHA1
95de78f2a4b6cd7423d87a0d13e4e818df235792

SHA256
03f80ba34f01726503335d11ab2f21355642eb225f726e7baed8eeae6f47de63

SHA512
ce3dcd59ff5baf60238885f37e3eef1b6084bdc565a8d6fcd6de38cb92d31bfea88d889684639aa6be475c21995c4ea8547fa7141e206f4c1f87d324efb53190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b4ed580bad5c599e521355cb1ab51c0

SHA1
4a3602563d6c60fd059bcaefc072ec28485c9f24

SHA256
d7b70b03d6cfae91c82997cfb6e743ea3dead42e1660f72d79db01675ce93838

SHA512
39b6bb55cf92946c902b0f5555704f6bd82b07f175b099deb442b304244baa6ffe59adf68191c4532b8c92f25b5c0e7cb9b688a8e5da3a1fbe77ba2e5e59c46e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dc1c8838e5a0004ca413c4c271686e8

SHA1
9c00801fc99c3c942b88120ecca046295f76054d

SHA256
67bfde32afba214028ebb6d8773d7aeddde67abb450c6f7aa9c882ed2ce0ae42

SHA512
fecee2970be62e0a4db0cca391fe03343604b1020e6d2e7c18994c5edf82b9c3a6efc926d2fa97ae98106c6cbd8a686482308e12998b32245d9181c32dc6d887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca1daa743668e45e5d88db8e8a6bd830

SHA1
2c4ecdec0e6dfe408664fa97a0bd5d7134a2bd19

SHA256
c7b64ec8b47de10a93d4912b8d2bcb7d5c87ab14514213e7b0f8fe926c508348

SHA512
ef17d549452cfb70394dce38cff9db842a5c72e05c1159529ccd2ceb343be39c6a3cf6490ae2325883aa0266e8e21a0ac110e01dce3e12fd8e9528bfdfc57b61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
493535032201dcd10269f1c35b7123ae

SHA1
27133adc3cd019e4ad01fa0bf699ab31c23058d1

SHA256
e2a86ce1dd7bacc3bd3e69b5f63b93504fcaf34a37c65ec448b8329be3158cf4

SHA512
f723d85ce604e9bd84a1b331343a0fd5529b68750ab957d275fdb6796d645d484f566ccc7f1d3451b6a4659b37834944bacc7ca18f4882c7938c145aa6bc6cda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c38f13ab99bd112ad402013a55a92005

SHA1
d9ef78fb6c0455a0eeb21d64de39a09fbd1d0b8a

SHA256
3889d727b9d8a7ff38ce94f8b56860c1dce2687572544ee6430379edfbb1b091

SHA512
8984ed0b6fc0eeef7b34aa9d6d2311be5f3917af133e07d1aa0675e42dc6fbb721b20dec774a9080d062cf0a00639eed830410343c02d808542191567ddc3865

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ac3570927901c63fa304814dbbd872c

SHA1
ad500cbb0243b5b30100259860008e84ad9a5a9a

SHA256
9c406af53fdb35f43e34c8fa17bef7290e4afc3cdbb4ac0f6f5bfb6050c8290a

SHA512
11e6dd86ab916a99b4ea078a661942a385c747a7a1dfe9550d3223dcf39cc4310adbb83588294985a7f36328109f0a59da2384fe0fae280fae912402cec294fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49f21a398ba80b2ec6823b4b06c2a2dc

SHA1
e173989a0766e966eb4106d3c55ae14977227bd0

SHA256
9531e970e96c855dc2281c4c30e2c37385ae061f085a018a7f5f2cfcf5c964bc

SHA512
262591591d256d7da09f6aa5949da57758ccf1d11326dc7deeb311ebfe19086dbd7c48d1b5e56eb2e74ff15151ce13b061d073c4387ad931fcf0aa67a9d4ce41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55fe614f97706d746c1aa3286f4f3ccc

SHA1
57a32758ecb83468f96fe5cc5e4b2b636ff37d93

SHA256
6523b300ad8abe9e4024e4873ce51ca4b4a05ba1201b095a81dd870e66ec6fb4

SHA512
4509d7e507eeb7c7a0085c4377156ed7561b36693feb3efd64b7ba8e46b098b75cce5d6ae06fe7ae195edfb40cb006bfd3fad3a4b71ca4b9deaaebb2c7d4c671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8542bbdbdb3e6c7ca26d3ed538a53711

SHA1
5c1aceb91f2f2389f5503f2f9329d96762736759

SHA256
48bce45f4adab8d35b1dafec9a384dad99a38f565a0668ddf8967794b487329e

SHA512
8a429601a846b080603bc053781b244c37e0316a1ff5bb8918c7db88ba63b72dc716474213d156f6e92cf4e140b8043c1933ebbeb2a865ca7fdb59fe8a3d3d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f2fe0cc77575b934ce98fb4ccc25d82

SHA1
62d296149ee0b064ef2d3d8284ae9ee86265c181

SHA256
d16221f832840711ea7d1967334314ffadfa4f5f564c9a86559a84b427fa173b

SHA512
6fc94a2d60fb0f29e44cbfe53514392ff8ddc1c9c54d026b28d43dca16b11f3ef75fea039f3dfc91257175c9748076f270d95d3a795f91f340730ebf15253450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7f2fa1b221da10c38eb0d1842e73572

SHA1
8da495d4b50f36af07ff0c81947ce953e2e88487

SHA256
b0d90b1ca60dbb4c8557b08402d7df4192ac495a66e61098749aed95423bb928

SHA512
a0b1ca5e4e015aa237199335a7b8b1585ccff34f4060165a011d95c79763dc10fc278ffd1d1bf8a3918dae8f12cab02c0e0833b01cbdb47c36cf760a1dd18e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f4c5b25f85c84527de406d1c4f722ec

SHA1
bf0647045b10d628f22203098a4d7e118fc49354

SHA256
fdf91e2e8a801d7dd5b010b7a1674236e916cb031fc751bcaa8270e6e06db7af

SHA512
212b1149905be99db7754af05b38e908528e78ee214f9bb3b601aae0103049691ee895706ee29ddb4200f418c0b02fba1430d6741a91f343c8917e07d2999257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
195852319fb4877bfd1842de57297e3d

SHA1
cce94d6ef10140f548b64151ef2b21aa8f85e409

SHA256
54a6528e9c7b9b46246b89397225b1fa33aea55193cae4c8539b120d6284fc5d

SHA512
f721bad56db204a8fbfbfc9b630afe962b40cda41409104b37bf9484c2fcabc00d6d083c281d4afb67d14a87f9de2e759fc37f2bab891c0bb23fa84119f3955d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e149ea8007c71c907c96c883e137d92f

SHA1
29b88db6341ecfdd661d22e89e669bb0efb8b2f8

SHA256
0ca67dab3a7228f1b19d4f34409fed0fcb392e1693616797fc9898b964e45502

SHA512
c37623638c551b3a3634159b4739b144e45bd7876c3e1fecfa48703c30bcccdde54645e7916f9440f88b5e514b2a3e1a1ec4601cd03fe5b48abde890cc04492f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b27c201eec62c55be2765943d57fd3a

SHA1
3164737070b1f4570fe0cc7a5374980ac410e497

SHA256
60cd126dd48fe2ce787b9295e8715ac51e1d1527a8fb1cfe5063076561a08c9f

SHA512
512edeaceba4430d77276c2af27ca6d51cbd4e6ab751956f704dee93ffdb4f4edec80c92d490ae86debbd75577a2ac8a51413243f6538643d3e4add11b078a65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9317b0bb38a1cce0e13d237382884bf

SHA1
e02c6be5ed829f083a872cf1cd572e8a246b959f

SHA256
1232bc1c47be221238fa651f6241d7c1bea0cb95621d081c186c0e5290fcdef6

SHA512
3fddcabe552c3e71566d2202b613d65d0c1bc0c93d34c9d04b9b988d3fdf876db7ff55d598609091dcd1024acbe1c15c543c67499bda8cf840cdf9b75dcc8ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be44992c764a7bcd077c495350fae74d

SHA1
81a382524a29e42b6db5b6bfb822f132efd424fc

SHA256
925fc0fe797f6493fe515130c8cbc7953b1a45ad4c99c8dac93feedb9a61ebed

SHA512
eaf3c1e3c4cfb9bb194bda520aa362296b5ceca6a628d2aa3f3793d18063a80685d72d143a6e32074236c3e7f694fdfc98908560791f429969b8abf226572c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8566.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ae0f800d728bb24e4e954dcb8a94640Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8636.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2248-14-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2248-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2908-17-0x0000000001400000-0x0000000003526000-memory.dmp

Filesize
33.1MB

Download
memory/2908-449-0x0000000001400000-0x0000000003526000-memory.dmp

Filesize
33.1MB

Download
memory/2908-448-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2908-447-0x0000000001400000-0x0000000003526000-memory.dmp

Filesize
33.1MB

Download
memory/2908-18-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2968-11-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download