ramnit | c36637bb9e07094aecf80ef2e5ae15c3e5e1211f8e61e54e4538b2df1816dfbb

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe
Size

176KB
MD5

1c60a7a1d88608741149f5216274d19f
SHA1

5d078e4ad58ae432035a0205c79429dd5c7df426
SHA256

c36637bb9e07094aecf80ef2e5ae15c3e5e1211f8e61e54e4538b2df1816dfbb
SHA512

598f4aeceb6f0ea02f940bfc9047cf38badf4f7186b5056fa9f2c0d90e89e8b922c9b2ba7a1e483cf1dfbdcc07e9db12f377ee1362647a67723d460e9f8811b1
SSDEEP

3072:nuug/5q6gVLypcUnG0+lb4AzOT0MCMz1BENi2XNqW7k7jrRL:nuTgVLyk0u3PMC63E1art

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 1 IoCs

Processes:

1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

pid process

1200 1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

Loads dropped DLL 5 IoCs

Processes:

1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

pid	process
2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe
2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	upx
behavioral1/memory/1200-13-0x0000000000400000-0x000000000046E000-memory.dmp	upx
behavioral1/memory/1200-20-0x0000000000400000-0x000000000046E000-memory.dmp	upx
behavioral1/memory/1200-24-0x0000000000400000-0x000000000046E000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426028343"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42746531-37EA-11EF-9F86-7EEA931DE775} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{427203D1-37EA-11EF-9F86-7EEA931DE775} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

pid	process
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

description pid process

Token: SeDebugPrivilege 1200 1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeiexplore.exe

pid process

2680 iexplore.exe
2660 iexplore.exe
Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid process

2680 iexplore.exe
2680 iexplore.exe
2660 iexplore.exe
2660 iexplore.exe
2412 IEXPLORE.EXE
2412 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE

description	pid	process
Token: SeDebugPrivilege	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe

pid	process
2680	iexplore.exe
2660	iexplore.exe

pid	process
2680	iexplore.exe
2680	iexplore.exe
2660	iexplore.exe
2660	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 2188 wrote to memory of 1200	2188	1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
PID 1200 wrote to memory of 2680	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2680	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2680	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2680	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2660	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2660	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2660	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 1200 wrote to memory of 2660	1200	1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe	iexplore.exe
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2680 wrote to memory of 2412	2680	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE
PID 2660 wrote to memory of 2984	2660	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
C:\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1200

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
81df46651caf7a86f5b90644962ccd7e

SHA1
7043ca3f509e436be8c2264195ee74888f943caf

SHA256
7146aae9f70d59ecfd3a4b24aba51f8309fd702ef1594d0777994bb2fe8f3bbd

SHA512
3a29b70e924cca0df4f0d0c5ef681abf4dcaf69945d7e920c9f033877aef2635bc5c700dc8bd88772dbb01593e2c5900ef1f04179bf00eebc4371cbfa9bce942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
df5e501ba3163dc4cac494f5b5ac71a0

SHA1
9efeef3137c9e3dca47b3e86960bcc18285bd8f0

SHA256
54d0bb7f38e31805f29497397e888bee3b66c954ad747891dfdfd0eeeabd074b

SHA512
4799f6d930ece95f98e845f6bf7ecafea65c87fa89a681c3876e2fc9389f0fb977fb6a8339a7e0a0a2abb3623d1b0ae02b2038d238d2fed23a14c50389fc2a99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
fc0b36608c1023f39e9ab00099d42781

SHA1
483ca4e4d34c5b45d71794af24e4ce3f70172928

SHA256
d8ecc97b581c66e6b8f649f1ab7bcab6da7baaf7230a7fd8165cea8d09d64a4f

SHA512
7e887aa953563542e09b989c1b1754ba63f69e8c90b2d26781775b649670ef2bd57f1a449a136b6d363dbc7bb4ee386abc37264d0b18ff07297be51b4cc8be0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9d92d471c1e762c462f47ca2df9ceae2

SHA1
21ceb672fa671ca51686505a20fa99ebfee458cc

SHA256
112381330aede30689eb84ac74540b31ff9bbe5226b033071be62364ddf56398

SHA512
f3f81ad767cb4d20169d44a17d22371bcea9cbfaf75dbd163a60ae082b40860beeec646e7d21fd009103e04e8605ff1dddc29a913bceae9bc62ecc836e48ac70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b58614daeb6b9d498976aedbc400fab6

SHA1
aa0732c43146289eeb1fb6d3d9659aa9396f8fdb

SHA256
5628e006233250142936f62fb16e6e8cdfdd08d8dcf323c2093be94ae665d800

SHA512
58c3894f5647ff906937ac0e8bd780271cec882eee1fc6c3b24d7a9cbf96fec1e469f0ddb5078adc7813e56c7f91c34aa92ec3f872fccb4a283596a56b82846c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
94ffc213404b97d7f6525c20a3c14be2

SHA1
ea34e6015636f159d4a8c917114bf8156364c663

SHA256
12df8f5b6f8278cdd9ce501536f8e2215bb9c6584fa777fec0d887255dceb8c8

SHA512
70a85b3f9026c40415d3049ccea7702d36932ddf566348ea9f3802988578546454e038c55de3ec3c47478ebf9b16159e81e59595b529bb1713a0797a7fa69bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b1ce36d6db14fe9c514bb019856db264

SHA1
836a0a43feecb7d84b8872de7b3377e9cc8ad3f1

SHA256
4c6b23db6451c702fedc2127a8d8a46a9f806d30bf9091e68a6cc7a0d4151960

SHA512
9c99617d0028422b14204ed5c2d8e75a33476182a53842e4be3ae0de4ed7d7885ed8cf9b44e511068b7dfc58d17df3cbc89e0ea4c9a091a93fb50f297e031883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6af63b7f6f7d0a69607a0c7190470ceb

SHA1
58540ce1b92092f4c78644cdbd46488d03295b0d

SHA256
899b85ff9060051cd84672aa32cd1fe1cca310cda9d68f7fcdacf8bb4a160f67

SHA512
1181c3473b28c408a260420047e2cd4322a1aa0b16f3d04662d27fd9913ea54f32102db184fad066c88fb7fa5c8cf074176c930a1d8a581102cecb5944090275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9f80c968a95b522a78789c622514b58c

SHA1
4edb43254cd92db2020f60f45069fbe2ea537cbe

SHA256
99736edcf161ec26c73a11cc0615adf7c4ebbdcb80d2df6d67565d06315ac66c

SHA512
8510fa71767d79cd47e5bece83bed6c68b3c7f652287ba2f553eaf43844b8146e5783b0a847d5078f11b0074ea4620b7169a5e6395d030fef7e791286a5f4de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bb9f87976027277e51cee49693de1d08

SHA1
99a468d257c31d8d18726bf0911ab0bf179e7db6

SHA256
936874896bd6c214396cf0cad67c21c2ea9499d9e955e77be20dd4136d7da792

SHA512
142c04369c85875859e7cd9f24c129cd08435e9c3a45693edf0ed9d4ca2fcd4d99ad1c52a6c3a6a9fe9dadb7ceabed9d044385682442e56f6e6073fc08122bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
968aa7732ce1ada03b7bc11799d05aba

SHA1
cdf8ee999b157a8414805ea4512d71bc2f0cb508

SHA256
703c22d7e9d07cb09c58f4aa777111c68106d489150ce0e4ebeb831e94fd21b8

SHA512
643d70be4c8b84001604c4fe4accc2adbbde2d36f611c632301ec833fc683a8211ac9970b0f92ebd5e1520c9d34f15a42f5c3d9d5b9ba0d9c5598e4fcd7f79f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7c074a18aa97b1530d4208737321b38b

SHA1
5318d6f076c7be686443efa15aebf3888f9a1628

SHA256
3cc6000b2c3527e9dca0f3b3533350d723d49a8ce9fdbd0b7f333e3743643a81

SHA512
d7d761bb0c3913d557aa2a5467ace54401b76e3f6a89a90abc22a937f97bb000533b383a12dbee9ec44846e06f9da9d2934199efa9741887523c4d83fce3040d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f99729a9bce023fe9eb6a8ecefbc6374

SHA1
0a6f929898525f005e4f58edb076ab289a603b99

SHA256
46f54bb6c3ad693aff5c284f033b94ac20309ce2833addfeaa64bc27b84c00ed

SHA512
61578efa98a98fc39cf010c12b22d7898ae1fe4f4160deacbcecbdbbec029709777128e822163aadfb5cd441d1c339b17a46383cd5842bce38d2ee4ff00a41f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
79898963675c9ca71dcc394eb71eccf6

SHA1
4e5ba8dafb428cd8f34ce128f30794021df0fa60

SHA256
667b7ec3737bf1f36106ae93af3a84ba5cf944842af128b8e433f67eca78b49e

SHA512
3cc8c297e2de5b167f58003005bb1141155535791a81a6e730f938d12b9848285ca86e8ea6f3137fa3fc3016489505f154ab0c7c85c2bb25aa8324a36cb14499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1a83b8e4172e83f8490c27701f0b8b22

SHA1
a281ff6bf1b002fb76271d01bc5368f54647a22b

SHA256
8c5f4f9fb25a98cf2e3a8e96dd8dd63cea086180549bc98949c1b2689ffe8bf4

SHA512
58f82ab8f28047368dd8662bba862fc2694cab76afee9783382632033471ca0aee1aca7eac6e38e988195f92bd1eca97a406436d611fef51107392f0043ffb1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c162ff70fb1f00acd7711e17e6fbe131

SHA1
73b0b122da4636f5f87c3ba8697419fac815c66d

SHA256
755823d9a7b42d97aa84678ed701e408ac471248a1e51428def6d9aeccd67ed2

SHA512
a7d5044f079955a2e26014e3c7432300a79435a85088f0d09c427922dc35fbb7122232066c53e7604ce51bad882342cf3bb3c416bbfee9b71e61fff9c2d1182a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8a68078f228709cfeb29e14ea96179a6

SHA1
1e7ca8149c0979dffb131278891ad99ccb76794a

SHA256
a7175c37c8dc9d2899b7caabfe670762e45b84891a2306409caf14ad0abfbf2d

SHA512
5e5dedcecdd45e9e65c745a3933f164a96daef19bdd40a0710ccf0195ee79629b64dc5adf35c08ab72d63340bc7c587f4d92b9361af69379164d2041f231aa10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ffc1e3b75c743e4a27008b565bbb8012

SHA1
597f8041f69c7932f71b306fb2343ff9ed815c32

SHA256
4e3964c1cd5e45b6c10850adf0f9929ae5d3c82864fa6999f1d38823ee5b5c74

SHA512
46d087f96a46f83fb18235d83d31da5a0ab717e0e380b9c83ca98ef76dc2f586f04bc1069112a60d90712028b9c9df53389dc94c4acce046b9156823314ed05d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
673f3e9010850130e0cf58966c625981

SHA1
63be8fbc0598269048240f4742caadfd26679306

SHA256
41a7b9acdad099c182dda32b90dab9076e3a334584c2d59c95cf696b8d98c599

SHA512
8e1b5547e71d23f5288291b522fa308df553162ebd4c0c190fb5c796a7564336f196eb01bf04c99f414f598d99f1c9b18ab2cd4963c66dcda5158dbc32278bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{427203D1-37EA-11EF-9F86-7EEA931DE775}.dat
Filesize
5KB

MD5
b8ace9604799baccb4f9752fcd3f4a86

SHA1
a34996ef249b620c42e2616e5aa740f731b1dd50

SHA256
87395e972af042057750afdab6b49dbf55bbdcf236b423cdd93eaf35d40688c7

SHA512
161084c7df47654c5a82389770557e3197aa1e385a78735c827ddcca7e1639f6602602edeebe812b2df7673c719fd1d16129c87bbc6c7b3a35f1d38919f91adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42746531-37EA-11EF-9F86-7EEA931DE775}.dat
Filesize
4KB

MD5
62a7953fb32aac23ff1f702c1d457c0a

SHA1
4ed02348cd522d0573c4f10eeb76e6d7fd0b7f0f

SHA256
64b516608151c4f2b470c270a5c32e5af57f81800cd8ad12b5104f4cc862d13d

SHA512
4262f7b5ef3c633057ac258313476704ebc9a7c3bc088c46a78e2c961413cf0f28d26b05b059d7c28962307255ac1526d2c1dc23937fd44f67bbf2104ac42fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab430A.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar442C.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\1c60a7a1d88608741149f5216274d19f_JaffaCakes118mgr.exe
Filesize
105KB

MD5
9b49fec7e03c33277f188a2819b8d726

SHA1
a7b6b4a0ecbeab9075c3e36ec2586ce8debbbc4f

SHA256
9d3a78f72dbd7351a999d6fd6f60b0c6ba79bc4279a347fd590af94a0224afad

SHA512
049a0971913562ca8a134ac889d4750c71d89fe070fadcb06dfc49401f1b9b508275921e55f3f27a31f34d520e96784d4a50959fa1aab6bad878e9e5ea61755d

Download Submit
memory/1200-13-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1200-20-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1200-24-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1200-18-0x0000000000230000-0x000000000029E000-memory.dmp

Filesize
440KB

Download
memory/1200-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1200-21-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2188-12-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2188-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2188-3-0x00000000002E0000-0x000000000030C000-memory.dmp

Filesize
176KB

Download
memory/2188-2-0x00000000002E0000-0x000000000030C000-memory.dmp

Filesize
176KB

Download
memory/2188-11-0x0000000000350000-0x00000000003BE000-memory.dmp

Filesize
440KB

Download