ramnit | 1176a334754940a1a4f7517f9dd084d11c5e5b287f0385b2f43d94d3413e9f8e

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe
Size

944KB
MD5

61a6962c5fd2b37dc81cd4a90b200350
SHA1

15a7229f619e9b0f449ccbceffafd4d21eb82d60
SHA256

1176a334754940a1a4f7517f9dd084d11c5e5b287f0385b2f43d94d3413e9f8e
SHA512

8f4fe063ed04dddc35c545cc47a0fb306f50f37372c55917b5b4d9b084cf9add6c171d7362bde3d6397210329deb068edf18f49e4ae9960427ae8f7827a17513
SSDEEP

24576:7eaBpc8jpBhew1QajfMbOwWHr57PV8lBoQywIx312Ug+uQT:vNn1Q+7ZVnPw2lD

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
2584	DesktopLayer.exe

Loads dropped DLL 4 IoCs

pid	Process
2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe
2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe
2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000012118-2.dat	upx
behavioral1/memory/2784-12-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2584-23-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2584-28-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px42BB.tmp	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441940763"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{403EF151-C8A3-11EF-ABFC-465533733A50} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2584	DesktopLayer.exe
2584	DesktopLayer.exe
2584	DesktopLayer.exe
2584	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2784	2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe	31
PID 2244 wrote to memory of 2784	2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe	31
PID 2244 wrote to memory of 2784	2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe	31
PID 2244 wrote to memory of 2784	2244	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe	31
PID 2784 wrote to memory of 2584	2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe	32
PID 2784 wrote to memory of 2584	2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe	32
PID 2784 wrote to memory of 2584	2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe	32
PID 2784 wrote to memory of 2584	2784	JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe	32
PID 2584 wrote to memory of 2604	2584	DesktopLayer.exe	33
PID 2584 wrote to memory of 2604	2584	DesktopLayer.exe	33
PID 2584 wrote to memory of 2604	2584	DesktopLayer.exe	33
PID 2584 wrote to memory of 2604	2584	DesktopLayer.exe	33
PID 2604 wrote to memory of 2580	2604	iexplore.exe	34
PID 2604 wrote to memory of 2580	2604	iexplore.exe	34
PID 2604 wrote to memory of 2580	2604	iexplore.exe	34
PID 2604 wrote to memory of 2580	2604	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfac89f6f4ccfc642d87ae49fcb84542

SHA1
6ba7ca723377dedfba9e3eee84c1f0b32033591b

SHA256
2c89ff3d9b68fdf5876dc7c1d049964b63552682d7a9d029c70d098ce3ef0dce

SHA512
9d1fcff3bbf1bcadf838bd4b6f0e455c1600a9d3bb3c053c208107b0ae9120d92ee18e9719af2be7f10a342d5e47bbd37bdd1a3fe076442db8167be5615b5a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77287d5bb802aca346fb05e5eee07937

SHA1
45fbf074be13acdd7a777f2fb46865e21e4b7470

SHA256
70da62c599c477068901ee4a53a5b16064a2b88e0175ab4685182d718671ecef

SHA512
b190030fdb50878e3145c8b2a861edc9336648d04fa1387b2a6384872cb441f0395910c7b7318d45049b05574b49d3d6c9d84a91b3e731239470caf545dcbcff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17bf46c0e60578e6d59d2b61173d6290

SHA1
5db545c02847dfdd488575fb4f54cc2202206d39

SHA256
3f7511de996ace1439955f021744e489e91b5266822b6e9ec6a05f2dedcab927

SHA512
5ff5e683c36a414716ec8b404460e62499eea89df50d56946148bb410705a8ca3f07531c3fe6020050be6f189a93f425f6c05b42ebd26df702ac31c618243884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dd2174e894f0c52c58493a440cd6789

SHA1
31d77c33deb79646b323f1105f5d9a02b8a9e682

SHA256
68ca88dcb8f31668456a6443529c2168461ad434c4de54e19fed0a8c28c061a3

SHA512
ae9b46a5469ba5358e887dc0e437b06c90b4353bc7117cc179d2677bada8a8fde3efec2700a97f5242e6e77f356c0484c2e42f2f7341f94c36195a712b083280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9926f6f8a2040fb1a6445ebdc331ac38

SHA1
10a8d3e9d6095d7170429ce39617c8191669ed38

SHA256
352c531e9b67104cafe22eab512335e5f218f898245584a86461a03994c2b810

SHA512
50eeb11671c9a88496ca5f000e086d582544576072b365246c16367521699bad248fdf8eddab91408a3306ab173bc22bb6e69c8e42f3dd8e72c8a845552c3490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40fb75d2e501b643ca37a5067f4e1b73

SHA1
b86a3d9e9fd6122ef96dc6b9452bcda60d12b03c

SHA256
f90d9bc515d7412d851234e4906653413839e99ff0e815f655066f1b5b404003

SHA512
aeac6cd090b1deca4774171dc35516985a8533c3f211cc24ff637f4d799a86a0bbd1fe2b2cb7f26301668b1ecc3a0e1cca49ad604c10aabbbf0d4f72aa281ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9b3f3f774238eb3bd3ac2c3191072e2

SHA1
68233070ab71ea60f1ad14a60ec82102fec713d6

SHA256
3d15e0d29c1e84303714b170d5cf2d91b8fd82f44aaea1092b1ca0d4a4dd4e28

SHA512
731e5105be9712cee4076159e949b4bf0f32ce0acc3f589fe394eacc1d3af5b6534219644b3d89949b483835780d6a22e16d0cec0af72d7f9e522b6c89939791

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81988756420b4a6bc6274e8d2cc186f7

SHA1
c605bddd0200d2108484d60d10de2c25c0c748d3

SHA256
7561277e82017c98c195935b61a59d5750f32ac121d9f182453596fcae0505e7

SHA512
bad4ab8f5a975c822a03bc1a17f55f87284dea2de4cdf8724209e34b0ef232e701e10841fe16b2b3351f53bb6603f26db21d45322e750ae310f89a51e2c4af2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cd19801eacbae3cab29fc6753418e25

SHA1
f43ac977bf595043853f0b14df26a5b0ebc929b5

SHA256
3a33b613715d4bf96142629bbd9ae95b50e175c61a61777c91787ce2bc631da0

SHA512
e915d9e817d26087ac7fe9ee091b38733c1f7b77dc3af39b3ecbd0d9dbb35473dc5123c734cadb32e88f34b6cc9e30bf11d0a7208d88846d34b55ac7593efa18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fae6352d3f429434c47a9e7f36c4965

SHA1
12d1ff1f49fdcb38adc04ed6f806996504468297

SHA256
6f0a5677d4916b591d08262825bf65b7decc58ac5316ccfb5d3746419ad4b3a1

SHA512
b15b1231751bfb5bf442b29ffe768f3665a20cf9166c15d12a8b49c5364129e5cc41f0ef35a29ea9bc6c01a3d947498c04e693f978ee8d963ca68867adb0dfb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df7d532aa015f535827d0fc9f021cf8c

SHA1
491a1ed22abbe93f29bd29e8dff7ea21af341e19

SHA256
6ff5e895db1ea254dd057ff857df88b67e62056e5a5bc9d95767fb9c1f4e572a

SHA512
ccd5f33d4591c5e4f52366560439e75abbcd15dfd713a6307ff83c262f5a6ca16440912270d982cd273c37c1f1fc69cad98a49bab7d5f0148cafca85802c7b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93102254bd42d8546f0b382dd466f201

SHA1
32bbee5aca6415d1295c740a5997f95556b50574

SHA256
92537269df999da6c42d516b685c6abef310e539de81b8a32971edc031a6a429

SHA512
81c7a7a43a7ae2ed32b14f72e6af4d79d0e1d5c18c1a1bba650e544a80c9b03ba14fe02f24c10895fea1bfe99f0cc29305f36049487eaf68910e1e52756cca74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a2080e5a2f40a7e6ad6018e3536434

SHA1
5fdcd5de75d97bb1d74a994147aa7b4e8a1a08cb

SHA256
e576e76e4447abc065afe5847e038bedc442d15de2a57f710ab3dbab7816b177

SHA512
a1765bb27c0aea6b5797f22147966f739e712e0ddf09d8efcc6ac78a4c3b8510d235a9e24767b193d968532c39964adce913064ddaf7d16fcbec11fe7a56dea1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
397d687a9177ca5dd3ec4176609b90c1

SHA1
a874c2e102c5ff3eb9a52ac057d97ae6b503042c

SHA256
325a5e948bfd49148aa2aa8215cee27acb5210d815ee3a6e8f49b2a267d4b83e

SHA512
88ae863313deccec07eca51eccb636a0d08106ace0c3785c73397ccde382f09f0c1ded7922e5220cc7faf8bbdb1b2f99d478fc603340d96b32a288e739513a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6550a89c7b4757d0d6851b23493ca8a2

SHA1
ef975ca4c48be529974eb2b7984a8943a15dc486

SHA256
8cad0212a1c1c3084edb11135b551a46e201943f1473efbf702cc7e7556781bd

SHA512
4a1a8258c537635176a17fb271f492587821f9ee75f8dfee903d24f5689a1b8e685005cd9eb468bf8d655f8dc5ab677e5baa7c62e04de0d20531e998685157d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0b2beefb4c3c3b60eab1adb32bbc9c3

SHA1
205605e105b6154f78ecc28964f571994c5310ef

SHA256
91cfe0a6eaffe0cba6959f06fc35746a712344853b3071632cde174610b5e108

SHA512
f79be0861fe3ce47314af853dd76318602e15276d821324756a31ae19a9dc8d44a18f41913c00baa1c3c8f630961a4956f036f4ae851223c295e5b6f671fa64e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03b63a80a374effcf4368ac183c84ac

SHA1
9831a62f0d9aa1228054e438c942c66bf6269739

SHA256
9766eeff582a936ed5cf37b34464bbe2814dcc8e20600d8c8923d5abc681d49f

SHA512
507976044ed8aad36647f7883e1ef7bf4e6453f869f531a2184349ce9235b28e7b3efd0919fc15f5bd178f0acc6b4ec78dcb0829c5a18e202e0e191e6ce10515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd46b699da69608aa7bbbed52a517dfd

SHA1
df567eba6d11e64de1706bd7b886e4f6993a83a3

SHA256
3f37d682ef6a183256342e5b6cb33d07a8ec2a6b9113696c9c630e23b77b00b4

SHA512
6c39497389889b12238b388dbb72b52457b69e48aac024f14ef6dfc95af4ca9eed7ab756f03ede363a23c9fbed4a487659efe470032c7fd337a43fa1357e4351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
846f7b844ef6ff40e3bfea7f0f32668e

SHA1
249b29f126baa40fdbf740a4d397c1462881b7bc

SHA256
f08a2ed188f6bd4ece63240426882c636bc216165ba66434bad3c7990846e064

SHA512
37e079df1d31992698ab4c08db6343bdea2fc8c4e46b6d48878ae4ace434cb6edf4e76d55e42ec9e2d00dab3651e9b2505310ec232fd79847d5a1ca520f113e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5812.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5882.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_61a6962c5fd2b37dc81cd4a90b200350Srv.exe

Filesize
24KB

MD5
655e77a71409b1347a5c266f13ae8f70

SHA1
33a9b69f4f0f8dcfd73cac8fe0f87fb21e8fcb28

SHA256
c3e7cf367983e58b845dcd7ab21464ac58d55eb542d9803cfbcfcf12793685be

SHA512
b8598b9de39aadf50d31dea1951870e254fa36ddd097c440d8ad9e6bba405c272fffe307d20c1fd13a273206d200b5b9e2986710512ede9790a0c6ded8760a48

Download Submit
memory/2244-0-0x0000000000400000-0x00000000004FC000-memory.dmp

Filesize
1008KB

Download
memory/2244-9-0x0000000000270000-0x0000000000283000-memory.dmp

Filesize
76KB

Download
memory/2244-8-0x0000000000270000-0x0000000000283000-memory.dmp

Filesize
76KB

Download
memory/2244-13-0x0000000000400000-0x00000000004FC000-memory.dmp

Filesize
1008KB

Download
memory/2584-23-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2584-26-0x00000000777DF000-0x00000000777E0000-memory.dmp

Filesize
4KB

Download
memory/2584-25-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2584-28-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2784-12-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download