ramnit | 3f3ccfa1c62a2f351d2b40b4f7c32c0df19159acd553085b601f6505c7e589fd

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-01-2025 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe
Size

1.0MB
MD5

1a3a7033d0e83c4c63faafb2d30dd2b8
SHA1

487248366cbe4972dfda24ab59cb6702c59e1d9f
SHA256

3f3ccfa1c62a2f351d2b40b4f7c32c0df19159acd553085b601f6505c7e589fd
SHA512

b51e500f9b9c09e54e82009625d04f03ca6539f1abcb2b62c12c87e41aab9af916c02ff9965d435f99923e96a54fb06df4a72fa64136bddc5310da4750c0a1e8
SSDEEP

12288:zka9AJsjMNzMKsQ5/p3q2BQaGxhXIxOoNSi14a30:zFLYtbsedhG7XIxrSQ30

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe
2776	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
3040	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe
2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000e0000000122ed-1.dat	upx
behavioral1/memory/2176-7-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2176-11-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2776-19-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2776-21-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxE0ED.tmp	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443820842"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A69822D1-D9BC-11EF-999E-E67A421F41DB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2776	DesktopLayer.exe
2776	DesktopLayer.exe
2776	DesktopLayer.exe
2776	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2176	3040	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe	31
PID 3040 wrote to memory of 2176	3040	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe	31
PID 3040 wrote to memory of 2176	3040	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe	31
PID 3040 wrote to memory of 2176	3040	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe	31
PID 2176 wrote to memory of 2776	2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe	32
PID 2176 wrote to memory of 2776	2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe	32
PID 2176 wrote to memory of 2776	2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe	32
PID 2176 wrote to memory of 2776	2176	JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe	32
PID 2776 wrote to memory of 2668	2776	DesktopLayer.exe	33
PID 2776 wrote to memory of 2668	2776	DesktopLayer.exe	33
PID 2776 wrote to memory of 2668	2776	DesktopLayer.exe	33
PID 2776 wrote to memory of 2668	2776	DesktopLayer.exe	33
PID 2668 wrote to memory of 2752	2668	iexplore.exe	34
PID 2668 wrote to memory of 2752	2668	iexplore.exe	34
PID 2668 wrote to memory of 2752	2668	iexplore.exe	34
PID 2668 wrote to memory of 2752	2668	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e1a07a503f0f878ba26eec75dde0d0

SHA1
6248a2dad48ac431cdf0323d129633b1a4e90711

SHA256
dc5865a210fd10e1cc611a428dfe278d36b2ddb6c0e79f4e87bd47328f4053fe

SHA512
2190d39c3534915f617c28bc0a1e8d393010c809dcb0cfa1eaab1bca18c2b94bcb75068bb33f1fd8ce455e4de0f991b48c83f85217cd3b22e6025b5503bba314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
663c82ce83bd867e5722bffa7ebdda92

SHA1
96c205ef1dce71c8a14badb23a68fddcd14429a9

SHA256
842d5e52568dcb890d84cf0af8a76c1cada18798c077e7d644882841e6089cf8

SHA512
3cbc043d69b798c35f41d387aab576e37fd7fda1b45928ec3179c1ec27cdd814e57543e792b9e8ffc6f2ea20452059c8b13b680b9a250b87b89717e734b89d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4469d60f20d378c1858c8e829410c52b

SHA1
6c1670fd9ebab79ac7f48a98215c49f36c3bd980

SHA256
eab501109b664528d84fc4e212cf0c0e564cf3cea4b3a395811cb4092517ba51

SHA512
0965e6518178e470b486b33fc3daa032b7d48a516a23f2a2761edc4c74fd12567cd08c26f39c940241181af47adc86a4041dd12e83df552590c4730ea7c23f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17aab44e41580c30cde51888bc8ac41b

SHA1
d07f34bf491bcfda270fa4d816ff9e3413f4fbf8

SHA256
9a651f16f6eb5da99f05cb02d9bf71633d8a0ef86e1cae8ca45a36e61d967d1b

SHA512
7882435fb88721fa31e6e75e4ab5f8e5a3428bc5bd240e69285ca67376839c33b75fe6cabd0f40d1703841f132c437d4f257dfa53d24e034832d4c2bc0b124b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
069d961b7a08b230754289cc4a012c18

SHA1
23fcadbf641922e58efc51eb3e5d77f02b543f48

SHA256
78e5d32d75899c1af2ac1c9f0eb359a8faeb0d38828f2ddb63187a5b2d1ddc0c

SHA512
8ff11b50635b2b3420d9273f6967aa777ee426bcff9368ee971a2b85a84c9b5df36cb8ba4523488d766d2007faf2f5974ed4e217ce63e9dbaad721b4f0381c9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1abfc0fb4b655e9dfe3c974670d76385

SHA1
06a14592f98b269de02428c74bf260b6dfe179ee

SHA256
5d644fe8c40286c85f36bb8bcd0b54e2f95ca9d8b361e8ee05197eed1739ae42

SHA512
dfe8e46e631de47ef32345030ada0877f4c121dd9bf095bab8636c520d538040e4298021892cd6d19d78dcb17bc46ca62ed5d523f24818c54fd1cfdadce990d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7821b6d64a43d89d32ac45866bd58956

SHA1
7c0c79d759bef75c0d7e3f80f0ecfdb3a970efec

SHA256
3b83c5166bd1a15181ee3d8b4c5bc00078477d532944c302008cde0ec1072703

SHA512
04969b7dcf6194fc6050c4b233f0a5207032b5eb5536a67c0af5a6008a55e056605ffbae3fd5d874500ab9258334f7e68db9de5cf9c1cbcb7342b3298f05437d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8df0b08098cb6f29beda5652aaf7586

SHA1
445d29c186e446ea4a9f52c388db86becee29d54

SHA256
a05ce6f0d6d076fe7d46c62494046f3ee41ed5daf3cefb462fc677a4913bc744

SHA512
97a1321b10040985952ff6245df1c8747cfd8527d8cfd8d87db3cb6428bdbdbfcf2900299c7d1a26446d77a3827a1570e67554cb7509d14462a884d4fb68b82a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
004fb41670b0fef231835d243447a1c1

SHA1
71a9b646346fe65ab49f439fa964ca1c22040663

SHA256
1239a3fb4659a927549d7c9b2c20ed48d08cdc07d78e2995e0275e1448e8ecf6

SHA512
897752984c37cfa08ed5ea2002514a9fd19ed40351b7ea40fa9004a34f80b847c10d11152611ab5b5fd2ad107ead53a30255eef0b7a201c93a4704865ed4842e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f44871237c20a865cbe27cde9bf3eecf

SHA1
7d43d850231a40d2507c393fa3fdbf26aaa4494d

SHA256
c0528fde0615139433cd11dac3b868b5e97f98365634082f337e70ea0e88f0bf

SHA512
a2481b2c0d147f359ca68bf475674995867e5504d6680615a1776f72963f9b19d4e01291861df800817a42dc9ae8a2e2bc28a916557e3d0e6da5e89c85faf4d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19d6823a0e2a4a66c6a58074115d7336

SHA1
daa526cbb96c94f4f670a18419e068512dca2804

SHA256
4cef44c4c7efb725310772402f9ff2ec845ef64eba5e95d93673fd226c1b9306

SHA512
78ba1950bd10c23052d53fa3da4396c5f34d4969e5d23d8095859ae6c2fe670c7e66ea9c55c2233d63b59d4dd67215ce4ea5ea716166de8e0f126b564b566df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd78e3bab9e664444bcdfbf6f5906833

SHA1
bbb9bfa23c15601ac2cd01763469f8f90ddc00d1

SHA256
c26675ffc22273c30f08f3368a43f8ea57cae83895c057c538a81766ee0600ab

SHA512
09070c4fe5b5874917996f0ed7708cc8a73708f7337f50da15c3a0c45a95ea975a21eb571e6029406702b94c99bb311d20400a69db649ca4d5b11be477672cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
586b223190587e6c19b69d34da605d46

SHA1
5597bf100a1fa250523f0ed6401645f15b3f4a46

SHA256
c664a1d1ebcfb016aac977120f3cd204c03916a4a52a5bfcebda5924a032bed0

SHA512
99e02f97a45b185438678441858c7799be777a94355a4a5fce3c05957ddd61734694f1c3c630c8e19c1f5f4489177a6fa966d16519455c47a13d2e52ee7eeeee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04fb26395a3d287c0b5e8421dd32cbc6

SHA1
3686a4d30cbb955bb59df175e4d9e3a1426117be

SHA256
9ad989e52966358d61adb0fd8c90068c1b4aa8b1c3f7256c66c97759a6b24c4b

SHA512
5c64b51d3492a1db0e52dffb4337028cac5637571916f6756745ad17f063773c93b9fe7d4e6f5f6539a16681f7fc6e98064b2960f00eb507d511ba45bf0f828e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
889722cf7d29c6881e3bd8bf5f045a39

SHA1
2cdd0b98f9741ae108ab207893ad2577325652d4

SHA256
b36be3fb8f5938f5e48ec475661ea63c6fddc97da74501cc2d2acc9bc8732330

SHA512
32782c35d1060ae58ee2a3d694b6d73a1f45310a11b0f2f7a55ce96eb021cc981258c47309972f5d58dad8086b5b9464b612030c1375d7c47e638754e82179a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1404d79aeeaa46443e1295ec4750b768

SHA1
984f53f23620523160991f6dd90f19666f07c394

SHA256
8b3196bb6099c5007ab11f586a418b2eab5b823832b1526199f93e17a6c74b69

SHA512
ace13bfbab3d8001aea239442e3378af425033063cf158dd5bde3bc346a3d50509a9648e90c144cd3e85e3b0489c65e865a89720372eae88717674a6a2fe234f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8170ab9451a3d343104412d8e1a6526d

SHA1
9383db17c400bb8b5aadcc84aa9b63e2dcc3de89

SHA256
5cd6d6f34f9f9fd671e14017dea5581f0af932c32fcbac395f097e215af00dd6

SHA512
9f91ace13da821759024b6b858c37bd5d654aab408546a087c9fd2a42b39fc6dd035ec48a1808c0f061e821301ec511849dbe5ed133b92f2aa1158b013980ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9d27920bcef62772f818c3b3a36ee54

SHA1
ea0fc877e20bda8417f6568f4dc8452a21ea5eac

SHA256
23d7e41a330424b0cb9fd9249c2b1ff17527aa6bcc4978d944160c787cd0a43f

SHA512
87db7e500fa8b9413ef461c0e9b2c00ca2b323a3b3379b2611e0dbe9d9b72159fe5a45dd2e3c6ec77dd3cda41a08dd7e7090dab04db1a19825073b6b0da2b99e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44e03aeac01c491b17cdbfd62551682d

SHA1
dad15bc86d4e8418fe950c312bf2d409badab2ad

SHA256
f9efec622ee17f57a01dcb1381d2320e7e3da768a089bd389baf66d0ba53aa12

SHA512
cab77e0971b9574feaa97a5367aaef24256f5160657e4b3173473c998c5e02663d0e713b0cdf60741efbc3540ec90177b3062eeb905422d61dbd435d3a0874f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f4055d924ce7b435913743406f55462

SHA1
50e3189e6f53933c056ad7af1b0fd0d76a4a5627

SHA256
dd83e14bfbfc8e6be7ca4e99f21a913807d1d38edd3e4628b4e4a1ff21d482d7

SHA512
fcd18ed3ad000d425b518a1664fbc406b5b7769f2c4f9f728a498267dbf6575c6b7f179ed75c05c891bc76cdae104860d00b8469d2ed48cbe16b20b0abd3fa5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF6B1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF731.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8Srv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2176-11-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2176-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2176-10-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2776-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2776-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2776-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3040-4-0x0000000000400000-0x0000000000550000-memory.dmp

Filesize
1.3MB

Download
memory/3040-453-0x0000000000400000-0x0000000000550000-memory.dmp

Filesize
1.3MB

Download
memory/3040-23-0x0000000000280000-0x00000000002AE000-memory.dmp

Filesize
184KB

Download
memory/3040-22-0x0000000000400000-0x0000000000550000-memory.dmp

Filesize
1.3MB

Download
memory/3040-5-0x0000000000280000-0x00000000002AE000-memory.dmp

Filesize
184KB

Download