ramnit | a4cc8cf6359e018bf8c55c49b9bc2adb26395636967af5b7aa5378a923df59bd

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23/03/2025, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe
Size

220KB
MD5

87df26b81dfd5b551bcac43733841faa
SHA1

08e592cd0965b77a552b715dc281185598c5ec05
SHA256

a4cc8cf6359e018bf8c55c49b9bc2adb26395636967af5b7aa5378a923df59bd
SHA512

f7973c5329a471c4a9eff506c86da942dfe39a8c83f66e9964804e4cc1f73883962d9dfac63655b06482c640e8d6f02a39d26c83f6adcd5dc4cec110b76b2282
SSDEEP

6144:Tqs2AV1rl6ahtdxxsgVPe6uFaL3i7Dn2k:TbT6qthVPIaL3i7J

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 1 IoCs

pid	Process
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe

Loads dropped DLL 2 IoCs

pid	Process
1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe
1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012263-4.dat	upx
behavioral1/memory/2296-14-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/2296-16-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/2296-11-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/2296-18-0x0000000000400000-0x0000000000454000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F2FBE31-0818-11F0-8B93-E20EBDDD16B9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "448918043"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
980	iexplore.exe
980	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
980	iexplore.exe
980	iexplore.exe
980	iexplore.exe
980	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2296	1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe	31
PID 1720 wrote to memory of 2296	1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe	31
PID 1720 wrote to memory of 2296	1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe	31
PID 1720 wrote to memory of 2296	1720	JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe	31
PID 2296 wrote to memory of 980	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	32
PID 2296 wrote to memory of 980	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	32
PID 2296 wrote to memory of 980	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	32
PID 2296 wrote to memory of 980	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	32
PID 2296 wrote to memory of 568	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	33
PID 2296 wrote to memory of 568	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	33
PID 2296 wrote to memory of 568	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	33
PID 2296 wrote to memory of 568	2296	JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe	33
PID 980 wrote to memory of 2412	980	iexplore.exe	34
PID 980 wrote to memory of 2412	980	iexplore.exe	34
PID 980 wrote to memory of 2412	980	iexplore.exe	34
PID 980 wrote to memory of 2412	980	iexplore.exe	34
PID 980 wrote to memory of 3044	980	iexplore.exe	35
PID 980 wrote to memory of 3044	980	iexplore.exe	35
PID 980 wrote to memory of 3044	980	iexplore.exe	35
PID 980 wrote to memory of 3044	980	iexplore.exe	35

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_87df26b81dfd5b551bcac43733841faa.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:980
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2412
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:209925 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3044
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc977cea02c62b060731fb5b6c3c76f3

SHA1
c47b9f2f34bda10e880d16a8af59466c0ae14e63

SHA256
077d4e7fb4a9cf0a78a595d3c690fce792c2bb1fdecc624461fc07de4e9851d8

SHA512
e8cbf800c5900c33d3a6b5a7b06e05bcba4233e5d2b4208adfe0969a11acc697a56250db3aeb7a218d1b56491912e07f4bfb5409eac9680cae7b3f82f66c4d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4e0a27df0b155038fbc0657b2d353bf

SHA1
ec87b3cffd80f8351d4c05a922e709fab2df781c

SHA256
a3952847e9a4613aa9312f7d966a6f718b26056caf579b2661809c9df220317c

SHA512
bc466bcc62bd138916eabdea255639f2de557ca29d36890cab8699460f0ef6b9f3142b4d58a9621cc9ad7c8de612d7d41fa105b9629c6939c49c6777a17c1d3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15e0b54820f881dc1edce0519915464e

SHA1
f4ad278b146968a022b1b6073e868695dc7391e9

SHA256
15de8ce3af277eefbf8774c92392f5923e1e0e64f9b1527b0a4cf445fa99323e

SHA512
d2a085983bf432ae1bb2569fcdf5fa4f1b22a5b3999180e00339eaf28412d507e9b6258e053786a9d279be526aa18a7fc11ab0d25dde59c611a3ef91b83245b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91f02dd69c68b389a98653de47b289eb

SHA1
c432a24c6a9dd7cea7b8aa6034195a79f6cac5cc

SHA256
abd47d8ef9a06984b60948d2512da05291142135a3e1165f6c6d51f00217eb14

SHA512
b1ff7c29aef168d0aa135c7ad2b126fdd132a292ff2b7d923dad8deb263401f5b972460fc24ab4296940267e7d894f5e5064b15499f3e909554176644889003c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd0179581f19d419e9060be92e33dfb6

SHA1
f5d12747d5b29aaecee52805eff95530b4afcadf

SHA256
594b96b4b06a5496c16359a05e1bf495888dbda2b309c4c2bbc7a9cc69b3ebc6

SHA512
8508d8e12500a21118a3f702753358ec5f60f6608a6b15333dcfc1214c2843df30eb4e85c947c851e14f696a298e6f6eb4fbc542f1770a4142c9869d7dd655b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b5e526ae189328a10e2b32052fd767d

SHA1
30317c3a4d84274d5b1833b9e47d5baf1484e483

SHA256
4ef9118e86edb10e3f99180ca13f695b977e3eb8571fecfa8f66deaf347e051e

SHA512
fa1776a0f9dfbb17263ce56be6b2889163ffbc486e89d0090126b34d28454ac81eb48ec35a449f6e2535456f97c9dcc34a05b49c597f8ffb916fb0cf49d4d5e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce90f1a0a1f49c45d2e614b94b4bdc8

SHA1
16e129cdc5ac6a06b9d0d5a171d3cbb2ba7ebfdb

SHA256
6717a239b66e3ede697d0c4e761264942f7b74e6811d4213748d718bb3cd8e6c

SHA512
b5f08d417e89d7a161844f0aee37a24899e8df2ca4051d16296dbe8df2e00936ef67ead4a1675ae4d9f239550ff49b6ce5aa4875242474b4d425e098f22fd96c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41a4f0cc2b128b19f45e55a9f50c9efa

SHA1
9c124bae25770792de7b2dcc52785130d91ba462

SHA256
660d06f00efca85588325bd6e9bea68fe03a6a182a2ab3ea10e38bd7dfd238cf

SHA512
ae8e0baa4fb28c6442b7921d6c3b79a4ff612129c09f31b6701f23b8647ef812cab8c4a65d7f23772db5571139a3ee64f27c9735df231291fdd4cbbcb167259c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eede88f840dd0caf1f1087bc0db1227

SHA1
ff008807d89229869fe7e7ffd9506027b80c02ce

SHA256
db0c346c52dae4ef326bffd6322e3b4a7238c06a09eb1150f40d94b895920ee8

SHA512
206e180fea75c962d69137d565bfc95a26b6eabf05d52e1d6345f85e91cb9dd869a03679be83bf53b814c5a5cb6140ca28584b26b0bea97da5972893095c92fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72a1a26dd50037caa4968b866b9a1efc

SHA1
89d5dbde6f85507514951645fd707ca74081273d

SHA256
b6d8aa25407c956c1eea54ae23ea39bf2db84b176c11f06d43b0e08ebd8fbb30

SHA512
16da085429c0056b108bf151b0d27573f572543f654a91c4ee0bdd40059c13047000184aaa4f2e4c33d5f97bdcd308b8feabe271d7cdefd1c7a1a1a20d8ad0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fdb6fc54aa9c0a887bbf1d112c1fdb6

SHA1
873b0a475cbe1dfce55261721ecc27a27d10a1c7

SHA256
d19d8b758ba3b445e1980fb3c9c91b101e3670a9fec15bb4011198a764d589e8

SHA512
c5576263eeedbaca33eae0460af9ef948e32b2f40c89cc98478915248d3d1e5372d0f009a7f91b311fe7eef15ed2ffbf56855f76ff65e22e94302ceb699446e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52a88eee89dee4f01316538acc032b14

SHA1
295a993662b68d510b36e52d74544bddb5252449

SHA256
69bd6578bcec7d55396c5882f2fd0d330cd93b5b87c4ba669cd560e2ce7cdf4c

SHA512
c82898d36dbff84d97da3c566a0af5d63cab9e7eb44ecbdc3a38ffe128b4f683d4b9384ec117e7062f38c8692155f00770ed026a0d8104fc3f7d5490c3e799a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c617fab2829998bbb18a1debf834f27

SHA1
75ddbab72ddf1219c4908cef8e7ded751b100091

SHA256
581f3c24aa5bf73dbadc5e64bbd643998c9d2eb6b2c1756300d513836bcef9dc

SHA512
4deaeb0d5ad323c3ca00b8b368922c37cc539ac0e639ce94df1656d699efee27a5327b45459629bd2ef3dc24d6e347856a69f2c7a5f2287a84bbd83a92ce5940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a8bedb1b7f371097256943972c69edd

SHA1
1e5ce9da4a5f108810324830bd4c4076b071587e

SHA256
9e9dd069ab2930d8f92332e33e5ba7645ba8afe4dfe984e2b494e9371999a140

SHA512
10667c89d297a5b81ce399007fe13fbff9aced0cd03f76d7768b7cc7978bc2c9ff2aa90b86d82a6c893cd8bb1839e5e2c98e38de11cf28f2e057276d768db5a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
193763e9b76f3095cf4f4bafdf98422c

SHA1
d72464f33d27bdc10ee149694a9e509dec6ffc9a

SHA256
4cbc280aebb9d43f5d9ee5ea4051cac81629d3400f4f1a7069f982d495733db4

SHA512
9f5e9a886b7b4b9b44589813a8bc19d99ab630189d988e4aa9118b4a547b5662bd0766101bb3544b8db01b08f694bc07c5daeff556f6e372ac3adbf970d90c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98b41484c44ccdedf2fe4fc4c75dffa2

SHA1
b2c843c0ca5ebbed74b783f096d3bf7eb79fe690

SHA256
9af100e1eedd4973ad02bdedf625dc25f604e14ce0d33048657acbd4419ff213

SHA512
f0d7cdf266c32411d2dcf5a16324f704837ea7862c8777a8921f42ac68df1ac935a9d62ba8900524036ef7a05b0ab5e29f8b503a9724447c7f6f1b03705c1b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46740c385612c492648c6678661b5499

SHA1
26cc0d1dada4aa67f52bba7a7cf726a711062186

SHA256
d478a2860e31bfd182a35cf0b918d61221fcc8b790799f3ec364adbccd494675

SHA512
4a4427efb0c5bb57d254a5c5fc88245258a423ef974f8de4cdc6be46c256a6e07eb4128dda1526ea09c53eaf8fa5493dafe49337dd7ac49024f5f17ddbd389cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e47bb7f84b48b41f4769422ef19b3824

SHA1
23b515f83ec494f2464257c00f121381ea542128

SHA256
0cdfdbbee801d7871572041a4ae20ec015de19f5f3ff5de50839acfd5fe8cfa8

SHA512
4c31f9d4476cf2b6037060b2dd548b789314938639862be7c854baf3a5acae9b8b5ae410af0c1405027107181c091f3f34be3dde99624207f2a6a4ff752375e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ffe99331f273ab694e61da68adfd8bc

SHA1
d3963ecd582877e5e8b540b46d3aed83d822a90e

SHA256
e1bdddbe96ba436546543098aaef9387a5bfe99969e9f9781f0e231f86f0da81

SHA512
4301b179a3dc54fdbfab862556d33276a9e0eb4be9bc80bf90297d0dff34250a898bb3c9b3b34beaca1fce5e1d7f10e108f5727e379c5e90f93234218aecdee3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7e6dbe24b2d611577245a6ae5390577

SHA1
043fee6c36bad2cd8c3ca832247ad9d63f5a2e20

SHA256
afea9eea3a18421219573fe63bf74bc2270999a1fce43b0ea725860afcc35e80

SHA512
8fea76f5478cecab7d8d5d99fdab00ad4941bcb8932444c09a1734bed9eb2fbb006efa8ae1a518a0c6bd79e54983d214a456d245e4cc65a79e61e1b1aa127266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
476337dd197ad0bdfa861804777e32b3

SHA1
6da605f150914c306ef6b6aa25ebe54f7dba284e

SHA256
8401946bb10a9810b768aa7a7278a0338a0c7cd67a132601d515c65aa89a8ff1

SHA512
aa57de70477e3734343fcfa6b48ee057f192d5218e151d6237b9db4009bcd0cbacc354bcd0a0af447d2c3b932cb01d0ff57736a733b9232e63d35d480338ad86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26D.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_87df26b81dfd5b551bcac43733841faamgr.exe

Filesize
99KB

MD5
f57eee1185dee33198b752dd1f66ad55

SHA1
b60f88d65f8805bf2ca095ecd1727b15eed4ff12

SHA256
6bb93bea58d84b9c6a562a6b888ec84ba0ecb7575b6c8f3264a9e9fb44ee37f7

SHA512
cd97a2207d7ad6178cc7c9fb13fda7015bc30a924aa43b6e8ba07961ef878a841e6d025047a35e3b60ef23a3ab9b59b16d1abe09f39dc0cd6e5515d46630ad40

Download Submit
memory/1720-10-0x00000000002B0000-0x0000000000304000-memory.dmp

Filesize
336KB

Download
memory/1720-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1720-17-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1720-9-0x00000000002B0000-0x0000000000304000-memory.dmp

Filesize
336KB

Download
memory/2296-15-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2296-14-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2296-16-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2296-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2296-12-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2296-11-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2296-18-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download