ramnit | d72fe84bbf7aade903cb8cc0546f594f522197c6208ea1e16912f4151bf84c1f

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe
Size

1.0MB
MD5

4f05bf68ea2e20a16e0fb3d68e862f70
SHA1

11204359e5fa85463eb841b452164cd90b364298
SHA256

d72fe84bbf7aade903cb8cc0546f594f522197c6208ea1e16912f4151bf84c1f
SHA512

d6782421c3cfe1cbddfc540c838cfaded1a4200d89cd2e970f34220a149d40756376ef5d33613aa8f0a35e8b1fd46cc884ac350a22c8e65897067c74dc3d60d6
SSDEEP

24576:uQMiCyQMFzkWOYLzZ6oHxrzRY/hJYRu4ZjH2xpS6kQTppMo:IrMZk2xrRYPYN2xpS6kQT3M

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
2204	DesktopLayer.exe

Loads dropped DLL 4 IoCs

pid	Process
2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe
2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe
2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-11-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2968-15-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2204-28-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2204-33-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxDD64.tmp	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1AD8FB1-C81E-11EF-889C-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441883857"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2204	DesktopLayer.exe
2204	DesktopLayer.exe
2204	DesktopLayer.exe
2204	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1292	iexplore.exe
1292	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
2204	DesktopLayer.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2968	2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe	31
PID 2948 wrote to memory of 2968	2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe	31
PID 2948 wrote to memory of 2968	2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe	31
PID 2948 wrote to memory of 2968	2948	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe	31
PID 2968 wrote to memory of 2204	2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe	32
PID 2968 wrote to memory of 2204	2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe	32
PID 2968 wrote to memory of 2204	2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe	32
PID 2968 wrote to memory of 2204	2968	JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe	32
PID 2204 wrote to memory of 1292	2204	DesktopLayer.exe	33
PID 2204 wrote to memory of 1292	2204	DesktopLayer.exe	33
PID 2204 wrote to memory of 1292	2204	DesktopLayer.exe	33
PID 2204 wrote to memory of 1292	2204	DesktopLayer.exe	33
PID 1292 wrote to memory of 2808	1292	iexplore.exe	34
PID 1292 wrote to memory of 2808	1292	iexplore.exe	34
PID 1292 wrote to memory of 2808	1292	iexplore.exe	34
PID 1292 wrote to memory of 2808	1292	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1292
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02692a202e6f86dba554eb983bba1940

SHA1
df0e38d66e657adcd7c69ca8640c2e5a44d879f5

SHA256
f2c7994ae6f67a8fe62f9d62f6dff1577967bf83250ffb08d7d9e4d7671fc30c

SHA512
519dbb93530d7dfddcbb23deeb0a1fdaa5361a78771381f2b96ed31c6d10e0b5b399db8f147c43d9b74aca86e4f1666188d279534bcd200e553d77035137a4f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eebf886016f3f65547516b900c57c21

SHA1
84043b2b105f4e9016f60ed6babd552711a84313

SHA256
6097783d33d45df999fcc244c50a6d8ff301029ff7ad14eb09d59f7bba337366

SHA512
fc08e33f4f7ecaea8b49ae7c655c5078bc749676ea027ab4f0836e2aba85475ea62793efe3b0d9295deec2a2a9859c94c0fc681524c2494a99204f91f985d005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1381959b0769aae8a95519b2dd2fbea6

SHA1
fe8893b721926f9ebb483e21d1a432890f8b5498

SHA256
ecf638619be44603c8c344315bc57442ead6d8fb7f65b3191bc4293d81e69a3e

SHA512
da540cfa53411d41ba3393e6046bfc3a44baf183213ac36d488a0e189e07e52bf8541aa0b4a8a0f3cc293ac2f326f9aa23e571d685a65c435b5dabd41f8f5f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8a6b90b8fb33b2aacc162ef055c1bd6

SHA1
2def105b3f6b9bf37641f4e2fdc7398fd1297075

SHA256
976f7be542e04053dd5c1deb41962428f3117beb031f44beb7c69f450c02bd3b

SHA512
e76e0de71348baa639405c91275825520be2d1fdeb62a48614d6afa35fbe42e18a769811ae1fade71fb7edfe2a45a1e8919a19950d53048ee50185f8b8f94e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e85dbb2ee185a541ceff424fccaa9782

SHA1
abd17fe41dc24ee8225cc78c49251313f5e5fb48

SHA256
cedecfe6a5b364be125e43d358664e0f3a1c0a79d8be3272b68976125c4769c8

SHA512
ca2fc356887935a2aff2592998c278c5d1cd2cb48dbb988f95b2c90c0a5ac48ddf2216bf0ba957e82c721cdc876b8ca44bae578ba360d1e55ddcc38a584576e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b22bf3b6a2e5e8dc4c640a00bf0e11e

SHA1
ce6dc3c156b2b50b0d8b2f8aa256e70b55c7f5a5

SHA256
a3eee434cf094a25f91523b57b9772d93aa5a49d9e6cedc4f132ab8f7ead9637

SHA512
03ebb5c5c1499bd0e7420095f0802981538db1be10a58d529e879923edd002b117d0fe7f287aabf71c58886855db72ee68d9570684d713e0f046e57af94c6767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01686930e56706d1c01b63b0256d1d34

SHA1
915efa7fa83d4524ee7e853d610fb2bad81801ed

SHA256
65589ed5c6eadf12044355fefd170660458db79ab9d4967f4e374a481b848195

SHA512
4a7fd62a7a318c1b787e1cd92ef74955bacf600934c2f5ab7d75bcc9ea27500135dfbbeed1b3ff823c22a2a4c3c15a83c294572f22e274857724193c4928fc61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4965698ddefa63241468578b3975881

SHA1
df8bc0aff9cbcb51b17f475932caab2c17a7c808

SHA256
847d78ba20ddda339e9ad9e6ec875706600cd21b3a1e0318493e1754a9a20b99

SHA512
6f4bcd6450dba27738bac0a3682955a074e4aefc17b376d60717e919719c9588496474cd713f1f236badf94e5fe9df0a835e38b3281f0a39625d685d1a8ff85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fd2518ecca959cc39fe96bac1af3585

SHA1
ce2ac875723bbdd074075ea9a7b6541c3bcefaf5

SHA256
41c351d10f824d31ff132f9bdf2e861daf11d457ca84eb408e5a02766901306e

SHA512
a30b51aeb819944f1c8e6fa8600b530d730ba2d4786a99215eb99c8854c8b58a9e8f734c122607582de7199720efb66d77a4167bb8977ffa51523b0083a94d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a731fe7003ecb1927a0d45507db477a9

SHA1
922b28994e5d59b4ac30f9a2d4b6496a5fdc7686

SHA256
7dd0df22b3201bdd58fbeb3118f0acfa628c57930b0028bf0291296bbff2c42d

SHA512
916715909a4aa5b94d2cb965c0d436ce81fa39a89a85676314e4e0d1dc3cccc230e6a54b04f5fd5e52bd94a0dfa195b305af8aee80b573ecaac4b08866244322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d19d7b1f8e092e21f3cb1ac6c8946ccb

SHA1
23793d8f2bd6e4d1e83ba152f3e326f696058b1c

SHA256
5e4901a626fea3e5343369255303aafe6eb3dfa8242b3373ec1a2c1c6ae7caec

SHA512
a80999a9415031de3435033741f7b58dc237a5a81f9a28d26034fe31e63e36afcfd68f13afe0110cac306a23b92ef19e518aed7557e475e8b570365f5a2299be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bc27009b9612a54c1286b1330c57655

SHA1
a2b61f66ca7b469e8d53de5128f7a459f2ff82b3

SHA256
a5157d044cacf29876749f95173c2b90763cc721e25171aa4ea15c95b5246ed5

SHA512
57b37a42eb9a0107968b3617a8033eaa5a995c9979fab9ccc8211caf8cf116a902132306466a87821ff8b7c521d8cb3cb2ea41316d5d7071a45d2642b14bb297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
562a084c9a39af730a4e5a7003609bbf

SHA1
08b711f4fcc09177b90ea723d1fad9ccf80e8ae9

SHA256
46d07832a18c4015ca0e111842257b86c5cc7790c1a94cef4a12a7ce72870c7b

SHA512
5e2c4fd8416563f4cd3dc8e96d1a612fdd8657cdfdc7699a33354431eee9c131f098e9f00382193860a2374592a45f384845069c0d6a6d1986c0b51236c3fd92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07e31eca15227dba8f9354db9d019025

SHA1
4a8d7acd23efe3e31c30e7516a46bdbcae7a8eac

SHA256
1da90e3f587f1e24f66a401beaa114f0152c9815154670f9b4fd18175bd96e86

SHA512
b929d021ffc44b06ea60424e1052dfd86ec5feebee59b37abd29afa48987d1d04511f321a9ab023b5a99e0d3eb1aac8b0002ddf533e121121021abebcce4a2d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e30a042a89bedb5a0f9df64c3f81a66

SHA1
b7594e2107f0db9f365f03d0e2e69b05674577b8

SHA256
a10bab1de55d831245d02755411f109264abeee3950af976868f16a02a654366

SHA512
f30550d76826e999e397a96e9b7fbb084346a4695b6b941f20c3c11058dce2391dc6a410c325419a5c46c45283125c30514210dd7620149fb86ead67082916ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ee0eb82e9aa9b53bc4a3a05f6f1d891

SHA1
926a9b9e2715b0037a542540e1af4efcde5d80c3

SHA256
ae2a878f562eca85bf9a84d59094a89c2eb846f4146861d7649f722491e5a806

SHA512
06ad7cc0ff04ebe14c1362f2b8ace2650f758074266693b5edf8c330862e41a5d3d46435ec536265d81e018d3acee0622420c33ded7547a73b23bc7151f97130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc618cea7cab57948ff7082cd2613f3d

SHA1
247e496ea48b42d62d3b581c3be998b4351e0877

SHA256
1f3968c4c95cced53dd56db6e16a092fa9798d27a9836fc01105d7f243fd8dcd

SHA512
3561f17550dc9411d16837880fdd142aae0839820b19381e9d634120dd07e34916288285f83b127dabfea759b807cb61463e21d7dedca3468b05ae3a2acbc9b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a167a750da7044cbcab47e265290caeb

SHA1
a2fcafe82d0171816c4e5659b71bec852bbdfecb

SHA256
d2b406ea531efd92a0da3ea80f62c9542d7079640a51df9cc2f5c1f00e6e57a1

SHA512
ca46a42bc4ff9499fe60db8bf015da75ab5e597913a13a984994efec2069ae15e46e80d17fc630384d2051fe8d62a23ee5e5f6160f4c1a531d2605480b12436d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dd54faa66a84757e9479c10529ed1eb

SHA1
823b8244b45e1695c8c9cf554f11f0d03c6f13ec

SHA256
6e20882903d8454493e77b3d42541650950f119b3f018a95117ace022ed85077

SHA512
6a6ae8bb522ae30ca1c17e3a7b62ae69ae23ad6dad15c11cc1f329cd98818b506343c4d8283012e86b9e8ba20061b86e9dc785a935eb67e9c169191de1c4ca49

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFDB2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE25.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f05bf68ea2e20a16e0fb3d68e862f70Srv.exe

Filesize
52KB

MD5
17efb7e40d4cadaf3a4369435a8772ec

SHA1
eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

SHA256
f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

SHA512
522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

Download Submit
memory/2204-25-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2204-26-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2204-28-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2204-31-0x0000000077C7F000-0x0000000077C80000-memory.dmp

Filesize
4KB

Download
memory/2204-30-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2204-33-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2948-23-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/2948-9-0x0000000000230000-0x0000000000243000-memory.dmp

Filesize
76KB

Download
memory/2948-0-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/2948-4-0x0000000000230000-0x0000000000243000-memory.dmp

Filesize
76KB

Download
memory/2968-15-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2968-11-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2968-14-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download