Overview

overview

10

Static

static

3

JaffaCakes...00.dll

windows7-x64

10

JaffaCakes...00.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4f20ac051deba518c19db4227bcf3800.dll

  • Size

    202KB

  • MD5

    4f20ac051deba518c19db4227bcf3800

  • SHA1

    37d07ae514e421b5b5ed422dc6233bbedac3dd89

  • SHA256

    2a9bfcf1b9169fae213909531a5b6f1c15d76c1b6df6d81798141af20079895d

  • SHA512

    45bcffc7814fe173637cc2f6e1aed1a1208716252400b5f2d8322a7d0b8e10a50b90674449ba61268312b75387dbee21105968577dbd710635cc6436f7e80b1c

  • SSDEEP

    6144:FaHkoSqc0vnf2wmJ6HHn2uyTVxaUuTqvmzB6:oEoSqVfcJCH27huTqOU

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Modifies registry class 45 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f20ac051deba518c19db4227bcf3800.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f20ac051deba518c19db4227bcf3800.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1728
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2532
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2504
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:280
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:280 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f4ef69db619ac7ea5797fcc5761117f

    SHA1

    f3c13d7dc8b97afd1216739d11182775faf7176b

    SHA256

    92ad35ab4cda09fc53ee13bb8891072afbbb474f0fc13fee89cbaacf47be9960

    SHA512

    58eb66913582a8a7a05745180be9e338009def9df7d86eb960ce078407045b71dfcec79e6459f6ca7fe9eff299b3c154e0b42ea02406d91c903604e686de29d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef7af4866118de5befdf77b238d9ba3b

    SHA1

    3d482078e83c0767453b88cd029b2d20ae58baa3

    SHA256

    892b5e5c465a119d73aa832d3d5fcbf54247aaccd154431132e78e3628d41a7f

    SHA512

    94fae353b13d9391a82c51348f956c3e8ad533517f666ee69a2a63b483d4d2c134e6519653b64cd72136bb42a9cf5d6f3f8559fb147c5e09b90fea048c4c53f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b678e5da994317a72cdcead7bb2d455

    SHA1

    04c1f40eb2e55aba555f8ad23ca8caf0e9fcfcfc

    SHA256

    153c7a4ac9080b34cd8d97d577c94654316776877829f1a83dd089a83594f80b

    SHA512

    a324c4524b05cf8519fdd9a51cf7b5ba17508fb35e445396b9a19e889dc4a06867dbdf37500189780abd54564dec4b702ed5c5c732c560a352d38e5820059748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddd1a54451fdaaa23dbdb852bd018799

    SHA1

    5b28fe5a3bffd040cfcccbbfdb03ea0926e9c243

    SHA256

    a3697ca2cdbba17119d839bce5940bfcf5d5f96edadb819d32536dba5573c754

    SHA512

    2e4d81642b541a56413d303f7151fa7dfaf619a6321bde95fa9e69856c565cf319aa7bf291503d1bafc93074a65072e1cdfd51574c309fe3b453a921b559fd35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1f028bbd74a6bdb538fa3e532a968cf

    SHA1

    fffce9ab1a938650a12f60e560b15956db5a410a

    SHA256

    78b0191cdd6fd41142974e607fc3bb7a9ffd0cb059ce0a01d8ac0fbd4fb5819d

    SHA512

    b3d9726d6762d6d409eebb4c34f7d5b004ff61e5ef17e59f092284968a043684f51838b3fd7c331a639ebfe91309c7aea688735555cc64fe0d3548a764483b7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb8d99149832b5d21f6bbd10d69e1dd3

    SHA1

    04a1bd89fe5df53e0cd2b7c7824cec6ad0e6812e

    SHA256

    5e4c8d7fb35b5642a701b6739335622d2d1fd7ddcee9fb08a3d037f01ed4009f

    SHA512

    15e7758297a94384657aa2add893a42a0ea2914c8ef1f128ef22d8d5f4ac7725adc4d6bbc0e8cfb1f652843008d67cee1c07570f283f46cb8cb625718d586727

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5caeb4886e2df55961095dd67cbdfde

    SHA1

    518f6ac841f288768ac612d33ca8a8914ace40ef

    SHA256

    79a575d0900c5e75b5d4ad12330a5e5f706587e836a081eae947dcfd152e3595

    SHA512

    532677d2a8a5fc5a3bfa19163cca7c79a4daec99e1fadf1485f369f3ace273108f1b2cab0eda8c482b1dd018b58f99116c36d3f9c819cf02fce8a9edea1f9aa2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73614034e47d464cf2a6949c07f338d0

    SHA1

    686293c32f5d082aa80d048bab53e2624d0f800e

    SHA256

    f8088eae9837ab13302584c8fbb8bc0b4fe1e2eaa33a5ba70f0172a792bfdfd3

    SHA512

    4815010e8a677eb60723ce802044fed88be629bf3b2eabcc6a652b123d696b8b426ef8d020be0f162d2ead13da5d426914ceba9c42dcac9a88a7c532f7d4d866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4609ade9d26fb8d1826f7c836db5803a

    SHA1

    39511a47e9870b35826c643c8a6dac5776c71eec

    SHA256

    f06fd5e4e52cb095b0e4bf7882f9efee4f4e347df499d612371a311c1aae14c2

    SHA512

    eed7a0eb04d5c4f242e96ab5180d6e78d1d9432071f974079757b8084819c0a751d76195a6387f5189215aa1c9dd511ee4538783f6816ce8407ff0f59751f527

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a43e25eb2a05b9e2440de16b2cdea08c

    SHA1

    96ed91050e19fd5c847c3c01c99e65c182094f97

    SHA256

    4d9418b09ae9b6f4e6e6d3a0affcad4dba1834bf58a212232f5347f58c8f16cf

    SHA512

    fd7bfd7d1e4783689f1178ae7537341bad816f7a1a2c964c0c6a453f68fdccf5d720140436fef81f6eb7af215332ddf89180d67b53af9d4dee8d8704b313713e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    218bf9a7772a0be10f2f72795d3644d9

    SHA1

    a767b11fbcdc5c4a9650636a18957226fb88eb6d

    SHA256

    66e2e254f0bc1e2eb0f4819e887e7aa8967a1a0ab198e9a760c069c04795df8a

    SHA512

    3178eadf5f63d5e08cfde264152885d9c1c64929cc0f83b3a338d8e3ea73046172fdc5b392771517aa2e808c73e5bc17323fcc60b9b40a559549be30afe8aafb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f02a126890ee6769d0d1748ad61357f

    SHA1

    66d0e1ec2aef3e8cb59f6935ae9def0904a3bd9d

    SHA256

    af0f2a11c9d5583bbf198935530100e065b0e665c994b7313c513da6e7b0e52b

    SHA512

    d8cd30f84a9955f9281a6407ac56fee886feabc5bdd35726a7b0750796c7fad78f0ade52c3a2df554e5f846d1420d250b2671a3d4f432e17e621989e415d058d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    181401a3a9cf99020faf08e437adf99e

    SHA1

    7214030ee12b0bd6336cbe2456c82e50c311a28f

    SHA256

    c8afb0a3a18409a137869350cc981f15333ec4c6a892612ebfd3e76bd38ca07b

    SHA512

    88d65829c55b440478e0270cdca494dcf93f2e42371b6a88023d23518f2c84c2643237d57fec117dcbb0a2ff3f853711615e10259c3aa9d4cad704a76391ae7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b9f228b478d2738f092d05a5f06e4d8

    SHA1

    cd3dccd06ce081a7badc68a02ac0079a7c3408c1

    SHA256

    75a1c0cd003fecf5d472ea23b95a28833d6465f36a40402014a02782552f49c2

    SHA512

    ddf4f6cd6d7420933b06332b9c991fa1b4c58ed4350837d34e451268b46dd323d2e5d764fe82eb43f60d13cdb7d136f0e9b470c0bf62382df4ea0d86733ddbec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9a50acd5dec93263c689d5a8fab1e98

    SHA1

    4488c3e01a2ee30cfcdd63de8ca2b5e1253bc3ee

    SHA256

    6fde6e79623d209a0030b4dfe49d909693b77f59319f640763ac856982239e2c

    SHA512

    9819e3db125f54d58c2db0b30ff372a8822f77066c7340b62884bbad1a74ece14662c0721ef39c8bc55bc1658365688b424507116cdca32610ca3537ae790b48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4142c3e0e93bedc9ead74eba7d9d8525

    SHA1

    6d244c0d082adccb5f4334516aa6b8ac96ea9589

    SHA256

    ba2cef67cc24ca61a2b68c2e1941ad410bd68d2adec89ef195e21519c34a53a5

    SHA512

    0747b78cf1abd0b720db166743bcf4a4c2c4a7f6cf184fd5e23f15544278af27d069c9030aaa176a549941ed725f2c0fe7285ef3b0e8d7053eb89b6df714ea93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29f0014092e300121b0e7db7c8e67ec0

    SHA1

    fac8b6c7e5365cc6db6be02507268ecfe17305bf

    SHA256

    c5b35eb4850ef7d68914951df5c9a14f8c9e1796b21e03b3100956d85d38f036

    SHA512

    779a202a3f88f25975e7ee77ea302a493826ec4d88d6dc0e36babf7ee24ced4dbf2d9f5a7d8bcc981e15c399956b458175cc33afe645db4767d0c1939089a53a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    168327bddd67e5d33295d4565a77cad4

    SHA1

    5fd24c523a37cf7d616692fe00bafef26009ed41

    SHA256

    25e170b4ab7826baf2f23c233625162aaf62fd81b81884958a38e3e5d388e2d6

    SHA512

    a042167f42d499e516e5aa5508853c66900263a9d04b5a3501113c7026c5d339ab75fd5212a0e40ff231c17712454e811c26248791f0a66c0ccefc59eac9172f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d9cdc469fd42f0eef699d1544ec335b

    SHA1

    9db5b77a9eb19cf7d46ad7dea5474035cd981aa5

    SHA256

    f68c181c8dd9d143ea339d6680df717a5b66bd50ed24ba39e8a5650c359eb6fd

    SHA512

    342a8dee143339248234852ffbb5300f57fad8f685887cee69fd2c69521af91abb8ea69782bf3c93853d95761e41b1e9e9848c70cc25dd00da7871dea23541c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    695a53fa18b8a905c5dfd767903cb973

    SHA1

    c07d4cfb0c143bc6cfb58b16fb669072f038fbc2

    SHA256

    e9c917cb2ddfdae154c350e84c5007c741e608f4337dcd70485e4ecbc3d7c54a

    SHA512

    f9a1004a9ff423bec9f88a3d240730328d3b2e9c8fedea951e9344c1b0d2c4f9074ee6330a0925a1bd2bc29de7ec44818e93219aaf3b1fb6b28d0235eb74b763

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fda23e6f6bdfbafc1880e097fc8baef

    SHA1

    5a0247d2249ba4fd51548c650a62f2d327283d3c

    SHA256

    91712c0f3721f3e23c909669ec759a01a5d625232ac942dceacd5c212da3c51f

    SHA512

    4360978b5aff870370b5dd1f0c7c15cf1c3f0c2cc890212f9598d024a551bad3f3fd32d54eaa1fd5d2b6276ef47f540397577a904aca1bc057b20d88a944bc69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78b21cd3db52947f421162b21709dcae

    SHA1

    595935017d9eb0cbf606cff9748e1bb3c5f95e43

    SHA256

    d947c0a7995854d85b7e4c1a677d3c1a76c7e422f4a4ad2a0a9dc92e509b7d22

    SHA512

    5b5f92973a11e2fc5451e065cfdd08034a5f7ca5e9baa4f8e7a54fa28d42b919b96b04bab4ff9e171e033370c94a78ccfb976a1c329619a7a7ca8f73c4a0401e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    182d49569669b736519778419434d352

    SHA1

    9a6847c64ca35b893c8c99f0d485168e5cdd8dc3

    SHA256

    83ca5ad41e3edef081954fe08734e578543ff4e391d8889b993ff439b725951a

    SHA512

    12ad6da84fae5de39941e814eac0b509b37b824b84584a2d9266a2b92aed4bd46bfc46ea0b2f382d7ed8879360ae83a568c92d6bd915f1981ce3a642f167a708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0abdbc8fa7f9bb517bcdfb7d3eaff52

    SHA1

    2148f5503457e2776430167a0c0957a1f295ad51

    SHA256

    9af664c3f67ae124f69b6abf429342d9d2c1e7ff7ae50f7cad110d73cde0b89e

    SHA512

    e9ce83f4c68a18cef4a69dcadee9e16427682514409dfedd3454752f3c61ed22b06d4ab247c01702b3408201d04157d4f5baf0b91e73949a31c2d3ccc85a43a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1beaed3cbbe16b469ccf21fab3440615

    SHA1

    038e4a2015f96a60140e465611401f08ad85891a

    SHA256

    0a1f8f89172cf98b5cc3a90505709fb714f525e6782da017e554e36218bae2ac

    SHA512

    2a82f3892050259c1677ba8811a5ebcd1df06cef8ec0eec4b5f386f249a73ae0de181c9cbf3574bf976c69ce9fa49fcaed883f484eadbc738a339023f928ac89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e880bdebf937f0193c3a9feffbef5bee

    SHA1

    8adc2e23665b5b83aef8e4d450e6904fbe45078e

    SHA256

    7326a41639a28d452cb43257ec9f06926d607a52206f5ca87f8e65315ffaa586

    SHA512

    d89d435ef1c37629946ba147aba775b96980533b3476f42e6192be15cebe141e5ac9f0a7464d3d3a28b3bccd4fd2384dab073688f9f45d6ce718baa829d82deb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d879115f8c51333303c3d0e3fda3dced

    SHA1

    694ea68948876f0369cbae061889b47d01f2a179

    SHA256

    fd2665d5c2963f93bb2a6baea08024ebfe3392b0a9dc7e2c70b1b85466493937

    SHA512

    818fb530a7ba9748336714d671032350c5cf6d2de0fae667d2d6ccea5d059c018784be43524b003a14361cd13e86a276aa8aacc67f1ff25f661134f15e2f1a92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3745641b745754d218872f3399d7433f

    SHA1

    e1b5cb6c88c794a9ca2666792acf2dcd70904cd0

    SHA256

    07cea0f8ec3f0ab60fcedbadcff98fc3b486399e42bd2608b338a17f1a5fc997

    SHA512

    3068a48d4ea12641cf5af9aa31319f936cd19f75cc6a20f44abe0815b00773ab1321ce14655b76897f61c576ae662faf291003158e52c26b41a64317e13dc6e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb57950034084bdd712be9660c8df0b4

    SHA1

    d746c5af0af5438b1ea391e9915ac25d2e2cf3a0

    SHA256

    6ca4308e3766038df401196936e8fc819f2245d657f9dce34e0255b39c72da7f

    SHA512

    56b1dc874171b9d75cb79bb8be04f1a524c2db65955874cc42992cdca5d62376f96d8e6f6d25e5209757ec0961928c4dfe4a6e29132e74ba5861d3ff16f6ee9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44357de0a74a8829eb85c0e1716f0279

    SHA1

    ff92d4f5441e2eac6414fb8fb74aeec4efbd8a23

    SHA256

    b1643cdb9e279ad113efb5d5aea5f4280a85b987c32ffd19aef861e318a96b2d

    SHA512

    94b50b39742582636f1d36b4fba669b66084e1a8053692c91c625706cc671fa85a38d979080c5fe556efe5f97073cff56c9c576dd05a3781879dd5e048782167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a303bbb353c40075d340937639ffb123

    SHA1

    7a964ac121def46590939fa4b133a7485297a74f

    SHA256

    65bc9a20d2f5f567d8a9f225162955e788c5a05a46d4da43d38d6b0cb2f5d8a8

    SHA512

    6f403a9cf0685fca98026e528310cdbdc01a12971aa5132df4b9ec59fa098d8d1998bc5a60b130808d8feb93aca22de1ae27ee1415720694d1d093599a5ac0c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{63236C71-C81F-11EF-B9BB-7694D31B45CA}.dat
    Filesize

    5KB

    MD5

    b37e6197442b0a3dcd07a931cd237fe8

    SHA1

    04bcf401164e292cf33ac1549feb4e237b43d421

    SHA256

    1a33e7a048956f34290773c290ab135bedae7e88a4a29d1e5888ff5d624099d5

    SHA512

    d914d632b8e56cde0602e416f59017385551a10924e36eb61af902c61058ff3e1feff2f32f339a1cdbc6abfa920a0b3e88b08241a65a83af60a031f04a502b90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBBE3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBC43.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    105KB

    MD5

    d750f3eaa62119b196c2b6daf1c35fb1

    SHA1

    e83349a2667f0aacb8b48581a0cde6ec43f77722

    SHA256

    a69ebe4a1e05922e78b554070ad485b28ffaac210622cd27386ba731dde6213e

    SHA512

    3d0f2289e7eeca27645ebb68a7dd6a59114d4becdae2dbab129a69acdbf4746a096ab5be1bdb225525fa70215250a187cbcf438f7d505c132a763c48a98c558c

    Download Submit

  • memory/1728-1-0x0000000074A20000-0x0000000074A55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1728-8-0x0000000000210000-0x000000000026D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1728-9-0x0000000000210000-0x000000000026D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2368-15-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2368-14-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2368-17-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/2368-13-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-11-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download