ramnit | cb6c79a3a5312a9b58cac59af0d467ce2ac555d5fcacd8daddb16e78bbdf1baf

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
Size

220KB
MD5

6014279f4cfb2846e5bae34d7ee34165
SHA1

56a1e5abb064f163e0e37c9581bcbdf43bf9c2b1
SHA256

cb6c79a3a5312a9b58cac59af0d467ce2ac555d5fcacd8daddb16e78bbdf1baf
SHA512

dca204af045f5a7db6316f8c1552734d4991be926816e7990f03e955f6b5dfe32f0764268ca49c880ae0a73948b87b1184e7984886048ac58b306a7a289de138
SSDEEP

6144:Zfmb8F966RVumMSOzzGJdoYKhv1PPGjr0/:RZumQfGqhv1XGjr0

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
768	DesktopLayer.exe

Loads dropped DLL 4 IoCs

pid	Process
2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-16-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/3068-13-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/768-33-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/768-29-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxCA80.tmp	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441919142"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9279341-C870-11EF-A8AB-EA7747D117E6} = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
768	DesktopLayer.exe
768	DesktopLayer.exe
768	DesktopLayer.exe
768	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2308	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2308	iexplore.exe
2308	iexplore.exe
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
768	DesktopLayer.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 3068	2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe	31
PID 2860 wrote to memory of 3068	2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe	31
PID 2860 wrote to memory of 3068	2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe	31
PID 2860 wrote to memory of 3068	2860	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe	31
PID 3068 wrote to memory of 768	3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe	32
PID 3068 wrote to memory of 768	3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe	32
PID 3068 wrote to memory of 768	3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe	32
PID 3068 wrote to memory of 768	3068	JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe	32
PID 768 wrote to memory of 2308	768	DesktopLayer.exe	33
PID 768 wrote to memory of 2308	768	DesktopLayer.exe	33
PID 768 wrote to memory of 2308	768	DesktopLayer.exe	33
PID 768 wrote to memory of 2308	768	DesktopLayer.exe	33
PID 2308 wrote to memory of 2800	2308	iexplore.exe	34
PID 2308 wrote to memory of 2800	2308	iexplore.exe	34
PID 2308 wrote to memory of 2800	2308	iexplore.exe	34
PID 2308 wrote to memory of 2800	2308	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    - Suspicious use of WriteProcessMemory
    PID:768
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2308
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83819c19fdc4e388fa728b65085acdd8

SHA1
7d88fce15e71884f5bf8852636610a72d73a7166

SHA256
2d03e410c677616bfccd4370c15d5a00521447d9b9f35b73fe6baf1c5bfbc747

SHA512
ff1b888439e614a25131eaa61a930a35502a543607621ee7bd543a29865656d780718ae758b5061cddb5b884ca8d2dd7eb9ba1b68bee86c99d2d701bd3f6e178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9336c5e0d02ff8df0141067466f2ac3d

SHA1
70c8b4e98e1e4af28b8b1686dc7881b760d08687

SHA256
8d2dd77ba43d909090ffecc93e04f78f725cc4a7b8d0b20bc6a5dcdb2777ff1b

SHA512
59854e1901dfa65ecee7b70fcc06c9f6585a5a164b66664593fdce3a457513d9d4df03338c6c1924c20aac8bd6cb0d09e15b73be2904a73dd633513be287a5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bda47b005189d0f876018fb5a919777f

SHA1
f364cfecaa1c7ef13ac43ddee6cf653e03935d63

SHA256
22779f8cc858169bc4e87f81fd56d595b70d9a59438dc26d9f4b6f7d0d04b08b

SHA512
c7da9b373aca02aa236f2143ba9b01e11b3faf22d944df96b6030c5b83778ea3a8890c02a882ec1b2f249d8bc14d88a3cf6880f3661381e077e26c8fdee749bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b628c95a2c7484a8cc8a41a14a15a638

SHA1
1690171b2dc2f623833bb8148830df36f642876f

SHA256
917e1830249f0583bb65f9f3b28ba1f697153fe377929cc6e446984217625c7c

SHA512
6043c88bbbfd7f17dcbac0522cafde4f96166721348ab48b6ae3739891eecd68d7f2fd0ab2c0099094e19ce97a7d00a19fdf6d877de2ce438319adb76132aa9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
328c0423dd5cb0d0afc1649d58a93a42

SHA1
8b970f97a2924e38151b88d9a3a21a1b7e64d841

SHA256
893f6eca2d029b605641c8ad57f7fea6eeed242ddb28f23edc94a315edd47233

SHA512
25c58d6afe1774ce6965570f30e30e6de4fbdc8d05e1201860a9200a8a5f14b40b580aeed5f4e60880eae2a48cc1d33b6b6fac9e33c155b8d110eecc74119220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df27fd41ee2cf46b7f64c00aef01f762

SHA1
21be12d2d3527e54fa48882b810276c0743d7e9e

SHA256
7c66761b4c2c37431961298157c9b502bc5bee4b6c0334b9f51c8f0d9aa29758

SHA512
9cb0c758ac24be5ff26ef09582d19f17cc16450159024443e88fb90a8b01a788d9574f4077f65456e27bf47f188ee08205ee8c99e6c9b23c198104ab4a322a2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd9c2980bef3ac285b59de1f3f525cd9

SHA1
39188e09bd878937bc52c50784c9f2c4b18d0c78

SHA256
acc1aeaeb2548e62f51d3a16701a77758da33f08a579f9fae500736ece87b148

SHA512
03566ddcb56e70c338ebe2b11e2ce602fbf78d3eb30ea5125bd1bf65ec4d6bd6c9ffae07fda5d903041a355eb867e21613b6686169cc5a7a019c147b8437849d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c0e648743ead77c149b99f2dea0ec9

SHA1
c2ca9446156a4c4b8633e7acc0dcde56366460e9

SHA256
3ad1a382e24fe10aa0621a6d483658e7d3aa37d48f850a1d5ea558c0f968f676

SHA512
63e99219cd3dddd5710487488e9b4aa16cb6ed4164bbcedcd652f451df52c6859796f687f338b69db8ba74e71498837eac6cc1d2f7f7eae514b68cfe0c348cac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c95b24a74f3d9d617e745b7137feea4f

SHA1
af58d6b21271c265e982e3293316625d4dbc1605

SHA256
1faf36fe3be70a2f6ae4e571d9eb7c833307dcb58a7b6430a1d2404a5533e489

SHA512
60d4da5c5347ca9c1c08d1cf95fdda0b10487cc3ffd281f1f45234485ac42282e453fbdb999760da4bd20f0691211d799700764010125e2b65a78303aa2f754a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99cf2e27f5917df8c9b3cf9d5430086d

SHA1
420d045a3529f1b50a527eac262ac55c48625ce9

SHA256
9ad44aeac4452686882d90ec11c910983e895b7c71c858087af05d9773eb3985

SHA512
778d961cf29def225e16812cd317a434568d2827f24fd3ec7afee1886f68cd83a9f52d3543bffa6f8ebecb4098a8baab803f9da09982bc3ae505e3c0ae75de23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc8848a207a553ffaae803bbb4c30e2f

SHA1
3749c2d10c472e9804a0c47f13dc6a5979f5e0f0

SHA256
efee5891370cf356a5813e92fd47abf6a13e96498d3104151608282e9a88131b

SHA512
0410846d186727a73eea08f48c2ba7bbf13a9d0ff80e1f5bf54aa550d03fbd42be0e78c423fbc217cf3a6118d3ac0a98cb325b3bf73510ffe29580307f7d9f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0aef9d15224a8c0aa754dd25df1d86e

SHA1
039023450eb52b31a5fc9a89d7bf8949f968fee7

SHA256
62e753b1427da49170e967f93d69210798c60716a8123a99e100a6a2743a4571

SHA512
7ebddc1cc5b9271018c70a138456fa78eada85eb67038e1113d6782b3fe9623747f24a0354e06abb8e7e80b0b70879861f6e7b3eec3f317a7a2c613ccd2f34fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18ca3cfc9845ef257cc2a38387fd4a83

SHA1
f0a8dd397e516c5c7d988adec670b678ee316d3c

SHA256
108b7bdbd3d08669837fa2aa39ef07273c9c4d64b36cc30b0a167440df2821a7

SHA512
3ce7906050d1a0ab686fb96f47ea1e0a669f0374728da1e84bb33a9ce88a0ec83f33879f2d131ab9fdb86220951c4377efa4f76d20397cf7269c7f5c76bc1b59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b13cd41d92a22f4bc0f9e8ad023ea3d8

SHA1
e2e7417f13594b1778d1dbac66d1349663d4896d

SHA256
ddf250a0065cfa6302d4d7d4241d59d6036c78e2baed4e2a45cabfbe6c83663d

SHA512
07310a590acc6b712dd1b3602829a537eea0c83eee584cf551bae0c85d913869d13a76147dd869fcd260976df537f7a49624a569cf6d3fcd63c2075c0b14024a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb09082c2ba53a07fc6be3b5c967f9e6

SHA1
3c3e62ddec04b6a335c8d75d5d3d0d0613c49385

SHA256
0db9d6c0ce52c58f31617e939831c5ce1b3a4149f1cb1dd5fdc9144212952c4a

SHA512
934bdee567e23ad51b516d02a8a818d6d4c568ddd43c6d21af257b333ad4030dea97a69a7c09364ef2e89093a8ad897c59d0c2bdbcb1ba5113ec3e66942e8056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5fe3ab197c66771e88ed51e8b4e682a

SHA1
3b5ba1d8d11f2c7df03deea42a4d3a8e95166a30

SHA256
af929d47b58403428a59ecf922f881c55b5b8822ee6cfdf76c2887a028a83b36

SHA512
02f6d6a9b18d7a8dfcabd442126deac5c51eb4d81549b76b544397f1cdab21bf77913c1b171d700dcc17dd9826c7481a9a754546bb0be84090039113352ce2a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76d2aed7eec5d0bea312baa65239a247

SHA1
d5939722e13f4a98b50d8cde076045926e21ad06

SHA256
3a38f8ad8becaeb9620695d70d6e2739176c7b7713605085b5b2d3843f7fb24c

SHA512
1a6d441acf1d91f70c3d4dab36720a57bfdfaa509cb7df1cd6ed5cd3759f76f367923173a5979d81bc37948a0505d80ce066c2db13ce9387d12fd7f22fc625f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73de8452190535b86c051ca42c4a8e53

SHA1
b91c885f310310c46556ffc8df7c6dbc201ad3d4

SHA256
5048078647f8c4ea587302e75ccbf3ed3e981b3c6762f510b6ec80a3a25d7edb

SHA512
b6ab01d1fc56a08cb3bf949f8ba96c3d2650e1d6e55570540828c02f4fd25a16903da70d37e2a9df93be478760ee3826d5e2d78154692a6008939928b9dab33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d52fcedcc0bcfcdde01eb2e4f5b15b5

SHA1
02df8a680b7f725835e9f17354db4b5a63452b3a

SHA256
0df69164ababade9572411bfd7e24666b8dd04daf1c035266fa61881315dba31

SHA512
2e166a684f80b8a50297dfa765b2665e0ba9ca16839a4021ac732fa53972203d35d2064fdb464680498c0c5c9a9ce7ebc840f3f9f49796a4918dd7130d1e58e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9643b0c0c4358d7ba334980e31539aca

SHA1
b043b19753c14ccf4b3a9b53348821fc0625181c

SHA256
59cc8504bdb5cc8aa88b3f0a4d4dd240170035c03309b7e0f0faaf6370f152aa

SHA512
e8d8edb2e70f9c763615796e4bc20dbbf992fc1982b1e84494cf448d4e83d58bd7226571eac35a4c13e00c26c2e8c6ce6c7ddba3eeb1e2020a879b736ff4bed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEA91.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB10.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_6014279f4cfb2846e5bae34d7ee34165Srv.exe

Filesize
52KB

MD5
17efb7e40d4cadaf3a4369435a8772ec

SHA1
eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

SHA256
f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

SHA512
522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

Download Submit
memory/768-33-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/768-31-0x00000000773FF000-0x0000000077400000-memory.dmp

Filesize
4KB

Download
memory/768-29-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/768-30-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2860-10-0x0000000000240000-0x0000000000253000-memory.dmp

Filesize
76KB

Download
memory/2860-9-0x0000000000240000-0x0000000000253000-memory.dmp

Filesize
76KB

Download
memory/2860-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2860-12-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3068-11-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3068-16-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3068-13-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3068-15-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/3068-24-0x00000000003E0000-0x00000000003F3000-memory.dmp

Filesize
76KB

Download