Analysis Overview
SHA256
28e9fe3e0d2c243bb46f60f923ed7a0be07c1f9a0bdf415c4d22ed6d943da1e8
Threat Level: Known bad
The file f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
CyberGate, Rebhip
Modifies Installed Components in the registry
Adds policy Run key to start application
UPX packed file
Adds Run key to start application
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-17 19:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 19:38
Reported
2024-04-17 19:42
Platform
win10v2004-20240226-en
Max time kernel
155s
Max time network
185s
Command Line
Signatures
CyberGate, Rebhip
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Program Files (x86)\\install\\server.exe" | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Program Files (x86)\\install\\server.exe" | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{4W02PUO6-U3C5-WRBI-WU1F-LEW04WVKX1ED} | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4W02PUO6-U3C5-WRBI-WU1F-LEW04WVKX1ED}\StubPath = "C:\\Program Files (x86)\\install\\server.exe Restart" | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\install\\server.exe" | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\install\\server.exe" | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\install\server.exe | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\install\server.exe | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\install\server.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\install\server.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3324 -ip 3324
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 472
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\install\server.exe
"C:\Program Files (x86)\install\server.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2116 -ip 2116
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 472
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2116 -ip 2116
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 556
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mahdidi.zapto.org | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| ES | 94.73.32.235:999 | mahdidi.zapto.org | tcp |
| US | 8.8.8.8:53 | 123vivalgerie.no-ip.biz | udp |
| BG | 78.159.131.41:82 | 123vivalgerie.no-ip.biz | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | allgeriaa.zapto.org | udp |
| ES | 94.73.32.235:777 | allgeriaa.zapto.org | tcp |
| US | 8.8.8.8:53 | mahdidi.zapto.org | udp |
| ES | 94.73.32.235:999 | mahdidi.zapto.org | tcp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
memory/3324-0-0x0000000000400000-0x0000000000452000-memory.dmp
memory/3324-1-0x0000000000400000-0x0000000000452000-memory.dmp
memory/3324-5-0x0000000024010000-0x0000000024072000-memory.dmp
memory/4240-10-0x0000000001180000-0x0000000001181000-memory.dmp
memory/4240-9-0x00000000010C0000-0x00000000010C1000-memory.dmp
memory/3324-11-0x0000000000400000-0x0000000000452000-memory.dmp
memory/3324-66-0x0000000024080000-0x00000000240E2000-memory.dmp
memory/4240-69-0x0000000003C70000-0x0000000003C71000-memory.dmp
memory/4240-71-0x0000000024080000-0x00000000240E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
| MD5 | 528860938c85becb0b84703eb67845d7 |
| SHA1 | ad67e2b920b8fe7f58c3e255035732b00548d72a |
| SHA256 | 5bd5893ba133d7147b3ef8ba349b9f94b785fd3a534467fe205a0f6608d38f95 |
| SHA512 | 303e1536d96f984a113bc5fde639e58a4b248bc46e9375a907eb4ff4138c55aa300289e4cfd3521258c92624a1439fb857f16e5f6774aeff03572d6bb7a4d4fe |
C:\Program Files (x86)\install\server.exe
| MD5 | f685910cb83ada2e8b4333f3aa42760e |
| SHA1 | 35d6640d07fcca415a8f5a4e9420311dce155699 |
| SHA256 | 28e9fe3e0d2c243bb46f60f923ed7a0be07c1f9a0bdf415c4d22ed6d943da1e8 |
| SHA512 | 53327fe86c97ccaf493ce909927436e9f84065ef4e4e6c34018927cb6c624e4ab628c98f0ef1b95e18a1df98e1b9338b8fe719e40fff716aad411ea7f4c6dd71 |
memory/4692-141-0x0000000024160000-0x00000000241C2000-memory.dmp
memory/4240-140-0x0000000024080000-0x00000000240E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\logs.dat
| MD5 | bf3dba41023802cf6d3f8c5fd683a0c7 |
| SHA1 | 466530987a347b68ef28faad238d7b50db8656a5 |
| SHA256 | 4a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d |
| SHA512 | fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314 |
memory/3324-156-0x0000000000400000-0x0000000000452000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 719a24668a1cc4c534eb2bf74e497cc5 |
| SHA1 | d8ebb4eaa29d6b54b4d15884cace7159d3267aa0 |
| SHA256 | 2b3eede1229d9904aead674b922d8b385b074fa411aeb4ed08564b28be7f854c |
| SHA512 | cae2e218b6062093d9a87b3195509a3e1e072b069b899889c9d85244942677f0c04e0c2608e26e0b50eb0c3e9aa6dea8b6a0e7d7dbc2fef6bb88d0b1f4efa890 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 0c88656187f39aa52954f17baf0e1c8f |
| SHA1 | 5343676bf51c1903a0b54e4fdb4bea7e93d2e877 |
| SHA256 | 3b0d5be79c55466a99ec13912ef2d485e3e60d1a9466d598305ccf16b9d82058 |
| SHA512 | ea85e67b5595338936c4cbe973558c078af6d4ac37f96cdaef6a59ae985cdbb4944c5e5803f337d83f12e6ec8f27b553c1409cdd6851bdf31afaa9e113c0147e |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 7857331125ebd15953f4617ae2149991 |
| SHA1 | e41281cc7ec31f3d3223f7207ef4bd0a2fb3d787 |
| SHA256 | 8fd917af6b06e9d7518e4d2e8e18e85a9ff9e71b74f926e65bf8f6b00aa5367e |
| SHA512 | 53004679509d1ae15dcc0d5a2c80dc1a6cd8bca8f3100411e7369b9ef869df3d0827b596a0c3c33c935e1ab9cec4cd2326856c3d2373a4f665625cd8f5d4b30a |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 075704fd62c1f159716eb49d5f8bcf05 |
| SHA1 | d1a25a1e2103ed8b8a55c04e959ca43554a7aa31 |
| SHA256 | 16c4afae4e037d17edae7ea03c64617bd8a07d2e89a712c9480b7881dbadf808 |
| SHA512 | 72a2e9db4ee72e69d84a774689f12fb1aa034798b8c30c43d0e4305820533c92a0219dfce25cf6b3ff10d07e192a548a492c5141ce4fc1c6b93605739ed56339 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | cfaed3b3ea03c8e2cc23bd0f6086d0ac |
| SHA1 | 697fa286cbecffb75ebe41c0785539d8b09f2988 |
| SHA256 | 41ef985f49d7013e2189c732a6aaca8ed1a63854d0bd3bc0f262ae883aca8170 |
| SHA512 | 5b29a0d9135a8b76ef0a6de13691471483b5323f6e1086a06f55bc150bfd0bbc0145e6a90b4693b2894716b086ccc703089803974ca09e1423c246a803461d8b |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8189918f2edf81aaade9f792e9d6e0c8 |
| SHA1 | fbd103ce9c483aa54c8919a65a6d2b27bb13529d |
| SHA256 | 2db5450b2adf96dfdc050071b55d504b2069682fd7f80a8bca4cd02ccf7a34b7 |
| SHA512 | 22a6b5eb12b32f51a9d6a99ee877d14a977954fe3528e8bb9c7799d777f5e4f74fc37d58ecf35e0d411163f99904d032d13d0634cccad3dd6e917b0c0d6e9afc |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 60a85e0cdd841516fc7cdfc3616eff51 |
| SHA1 | 3eae80fb45d31f412c1b09aa3d90a9a7d3dba65c |
| SHA256 | 66d5be7ffa5d46ff3075dccdafafa314f6010eab9607cb82bee28b039632e338 |
| SHA512 | 18051967094217374c16aa04cac2e13b4296a8c223662b3dcc22158bf63a29d8249ff721fd79fe65e2c9ed0d40c55ce0ca8af0c7bc209bb5ede0fc5a84d8cb8c |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 7b1cb68c88c6c542a81666e7b3919e5e |
| SHA1 | 3e24941bb5b6e57a28ee5f51a95d4143b04a7904 |
| SHA256 | 460a997535870838f8cc29a16b2d2be038b288f08ec732a20fb5f9fa96ab8fe1 |
| SHA512 | 61073e27f43d31960854c508f7d58436f6e3e643922c820179b9bea1f37e217543e3c04e2d9301e0ad0bdd3426962dd964703669ef1fea64204b428430699ba6 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 26aeda08d90154b10fc7e35ccc71e237 |
| SHA1 | e75307c20529b5abc36b1022be88ac8fbced4b11 |
| SHA256 | f4edae87d919c997c4addda252b8f9dc9214382c7fac3a1f9d1aced5559f2b85 |
| SHA512 | facd284c12122b452c6e61fbcda37ea6d3f3cc5ffedb8b2bcc612f2b6935b579c0ca905ba8ba3eb833284bec1138a8ab00d2771d24aac91e5957abcc7b150581 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 070d0f1df63403e1c46b002236a27686 |
| SHA1 | 9ec79831f858ffb303691e77de8d8b2118331601 |
| SHA256 | de006deba2f00e866fcd9627dad611d615a42f602f2f8858d7c5523c59d5c64f |
| SHA512 | 1aa039a32d2ceb1456db138e3b7c16b6f9ee1e206ae009169748064e5d5dd02d2f3b25573b613c83270148f351f8d5746aa9f792af8a74385010934a94afe255 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 0e07a0f912b69619bc21bfc2b003604f |
| SHA1 | 7512f0e848b925b843fb1dae55b2eba9b0bdd18a |
| SHA256 | 848218b55ebe1fc607164edb3227dc145a76815efb7ada47dea4fa94d02f969b |
| SHA512 | 6588d0952b39caf00c4efed30265440ad72abaf5612e024cb65551c5abead265d61ea8bb21e645cb591de9911b871ca941982cc1d44385f437bca8c155fe4772 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 2f1e28bff62deea0258e48e8cc72e5b8 |
| SHA1 | c6326f30df36acc135d105a38f0012bad228e608 |
| SHA256 | 4b794448e92ff38f26ff71621a485770294c4bfdf72d0c849743cc3116755057 |
| SHA512 | afe55df1059ba0f569fd395eb8209dbadae1f9ac8fa4d6e5870eb68d5d819bfb0f125110c1e981acd85c8bf78de4ea0a23833ad944afa4e0ba562299aee21a84 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | e602a3c3bd2fbc347854a724c1cc6bbc |
| SHA1 | 0aab8b89f497abce1cd64830206d0053794019ac |
| SHA256 | a2d98b9f891e7c887b6c5f121a086a392609962ff33734f58ffd9a307ab01add |
| SHA512 | 7ceb1467b7a1bcf4dbdaf7e2e337299018ad31973f54910b6c42c398254685bec7ce90cfdd3cd8c654b000cb6a864f3b8101cc79eedf1d72e68b36b862484b20 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 4177b19b5b84a5242e50125585738ab2 |
| SHA1 | b6e3a6f77b436de54a08166d4125807694a307fd |
| SHA256 | f9f999f9c836e30de3cdc79762a0839c4e66ba766e88b88a2b580e8d185b3ef3 |
| SHA512 | 355a620c07e80c04eb1815fdaf98c46517a7024c8eace54761e1db03098302236c92aad182cd8a219be264a2f478c5ab5fb8a063f09b87dc999c07a430745d96 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d9a4a757d0fb5d03b8f7e20accd4440c |
| SHA1 | c34ce0ac6edf17366eed089426d3411b79d67b95 |
| SHA256 | 6015b5f5de62f495a42c99f7e6ae75ae7dc38570b165122890b899945bb1ea10 |
| SHA512 | c61c127b501cb1ad41cdee7e8df236359d6856ab1f78b7b11a0aafaca27ff34b25c0e79303577124425016b72a2fd8cef6cbec87e80d592da214217f49d391d2 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | c3afc40ba525c09ef9839ec3ef57440f |
| SHA1 | 83c4046eb3a75ce506a557d04b2cf8d698f9329d |
| SHA256 | 8703831b9eb112cd2a555a88d701ac3660221142965b10ea6378435dc54866d2 |
| SHA512 | 4b487f092b39b6d136dd324fbb0c50588163d594d8af2b43919930f16b8b5803ec93275b1df0eb894ac69307fdc1a42b5cf8bc5816d3031c4c2dfe306e95a248 |
memory/4692-1430-0x0000000024160000-0x00000000241C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | ec387b9176804a4947127da8b8078912 |
| SHA1 | eeece7d6f3187974393999326c3ef61133edafe9 |
| SHA256 | 0c69a84978aad5a1dddd9c2008516bc74e1129b64e6ad7498539c83977904ef7 |
| SHA512 | 838497c6d005c16d4edc01e27d76806295e5aef9c3e1691166db57e20cbe419287ddbcd8e5d8690ce8c6702da03bd4de1d6baad571a06988be77a33099275c88 |
memory/2116-1513-0x00000000005C0000-0x00000000005C3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 288a642659772c556464dd9359491748 |
| SHA1 | f1cf8b2d50d7cedf61b8bf0d57091642a3d7a79a |
| SHA256 | 495f3adbc789b98a1400bfeb4495ca6baf888c501d89aea3992d8d4a535ac9ec |
| SHA512 | 1512c866514cc038bda2e10e761374a50b1d2708f013849c7e8fda358f1dace7be00a633c09480879b1c61557a163bb30d0605be2e2e9466c5a53fbdc9922a99 |
memory/2116-1635-0x0000000000400000-0x0000000000452000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 333328df92cfb6b591c680c4590d7e4b |
| SHA1 | ba93b18397768589ae98939903e073111a689456 |
| SHA256 | ff2e425706fbf11417bb8178e6f9742d26ce3c623114a4975d4175ade031c45b |
| SHA512 | 74d76fcb9a614a7a5313b59ba8b9f25958a3cc32d1265a0a0fa7ffe27d6e0bff279da628c5a316822006d9d36d7bf2e7fb42a8ba7b967ffd1eba82da554f3079 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d1d405bf04f5013e452a5d9afff8a47f |
| SHA1 | ede125aafc1682c21390a1220c50fa6955504193 |
| SHA256 | cdd4a481116d00b11ba759dd8f889e6b6f9bc21c3f2ecf4706f1aa3118884bb4 |
| SHA512 | d6066ba71c4dcb176674ee94ae3e755a669bd799c653986afe5df32abce3fada10fe28f48aca3048602ab2759fadcfc15b381ed8c6d4b6073a6055b318c355b1 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8191dbb6e786f078847f2d6d9fd13bdb |
| SHA1 | ef6a6575177803d328fdf45b55f012ed1e3cdccb |
| SHA256 | e476bc5a33ccbff1b00a705ba311b7c2084d8f6094815abec6797a5b80ba9f53 |
| SHA512 | af9166f09e7f3551068ce4a5deb60f5bf1a5f510e73fa9c9afdeff25a4578dc513e52cff958115983ceec229bbda15326baa7af53a8abf0e9b01b1dace663445 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 09c9f26eb63bf2b4f293df473e890f09 |
| SHA1 | 83651f21e1b5173fa0dcc2355e61b31f4f6ee984 |
| SHA256 | e0015a12169e6dbb13928e1164ad20de5185de675560c527e5ebf4b751cc648c |
| SHA512 | 7044a0c959acb86d4021893dac882c49cd93eea8555378e87f41fb6dde7a41342b33a395a7984b7415ad28e23e8de8bff8b34349bfc035a1a15a3be029989eec |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 136de5bc6b1af45ade37b5582bb382fb |
| SHA1 | 085775f9a81576b5b1e454ea7c0e3b3e30fb4415 |
| SHA256 | b8ee4305b64d07cc1b41270ef31f4d2c0083010025d619062ea195890bc02a55 |
| SHA512 | 89aad32facc2baa25ffd43d34bb31f44bb7b0fcb114ac613553a2ddd8e99a50e007f5df19e99dd9b109cf9c4ecec1c08ebf294f8bb9b4cee1647761eafb71dba |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8e2baa543799dee0babd7110467aa0b9 |
| SHA1 | 46831f13dac987e8edcdc1e2e1d369168c594b2b |
| SHA256 | b6dc498aebd91f1a3f5dce7cc55b61597dae0a65b601c487d2d7fef8f67060ab |
| SHA512 | 2e0410116f0987bba0e595bae91636d3e563acee5de73d0f56f575d40b0fefa537262e124ff2eaa76d8302a892e5613d2aa838994aaba6c5836e95ff9fdbc3ab |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | b7c340688a89c925bbcc234c23d44cca |
| SHA1 | 5d14ac44b62851eba955750af7973ad2b4c876fe |
| SHA256 | 7cdd9fbb377a92ea428dcf09725ccd455f925b03e4cf35a268ab3e06a1f13564 |
| SHA512 | 5ce9792de5f35d40cd72cf306dc2edd97afa5b33488ba2b5e5da3d358cb219610e86f64c5a7c6bfdd21022dbdf179b2fa5d8de283f833a2ebc98c42b295b8954 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 3043bdf6091c7529bd491b5f8bb12a2e |
| SHA1 | 39cf0a59fdea6c4d24d6417e3f771a1381410043 |
| SHA256 | 305ffe181c0e838a869a73e07393b7b7a506eed4c299e38297a1d602ae1132d5 |
| SHA512 | 56afafcc0c810c0e80fb4408e6b34acfddd02f297fb98ce82270a752d7a5ca3fef79a21315c5fb0f23c356805112473c1b48859646a793a3bb86e6dd48b717ae |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 1fa610bc801539039954fad451d793e8 |
| SHA1 | b77d79821c8cb8556aee7d4c0587a03fa12dcce3 |
| SHA256 | 1a64428e36588320aad4ea1342e827ce9830a3eeb8394c00410a21321d3a6b30 |
| SHA512 | 208cd519d56010cc03e83a7ad43e79223d444f9761876df1ce5dfc1cd1fba4ad6133bcfafac0cab615eafae6d4776dc9b173f5f1c5ba98d379ae68f158cee9a5 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f5f9551baf4b586f5cc1faf1d2461a3f |
| SHA1 | befa91a8ea89fe3e9e0e81371b52bb93a0339b16 |
| SHA256 | c4cb34a3bb1db7d731485140fe2c1c04dfdfda14c8ede1ba08ebe0b250187524 |
| SHA512 | 67cc982cbaba8f42fda5d458c43838d023876cff26de365af193742ee1e36baa723cfbf1ccdcb867c01217619b82ab4b315d3ae7b9417a04a4a3368e6eb043dc |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 09a1de99bd53a1523ce0242eddcac63d |
| SHA1 | a65476585c619a8ee3d2a62d776b4fb7e0c998d2 |
| SHA256 | f5a1a736311a7403441c14862843aaa9b0ea818fb474d20306e43884d0106954 |
| SHA512 | 26345687cf2cbc253dbe8f295241343fd00bc7bdd3b0c90878dd84b50283b76d604f212d8fcfb7bf0c51734d8446b531e560edbe2d0efa34eecf497a78a58f38 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 3d89007d3c07b956c8f9df848c96e908 |
| SHA1 | 342ea6ce957f676e6a8bcf3369f6a84330f5c648 |
| SHA256 | 86af86aee9b7b8332dcdfff51f43920bedd8e57d5b5b57f027671f4ab232093e |
| SHA512 | de4521b65b0db04c0eb7cea22666e208b0b1cc27e1cc7f58202a97369b6ab3cb1177cb4040e2f74a16ca12fc8c31e52a0f54e625084a4c496218184116e1baec |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 9e29425b5f4d4680668e42238e6a20ea |
| SHA1 | d3c843a2d4309cdf5971723595bd0558961fdfbf |
| SHA256 | fba3e40c7faa515e4ec6d827267c498435959e46b128371d164c282bf3a6b425 |
| SHA512 | 6663655b527d10cede80a32aa1a48e66ed46791c83df4fa0ea3119b2bf8b180ad3323c34aeb8934de563b6118b05ca3c8918e3374541e5aae0d92a23eafcc921 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 3e80f864a0b62f604e20ddbf16978bee |
| SHA1 | 9a985d7daf2f4c5dfa362eaa5d592933c423b32a |
| SHA256 | 00a9a19b76b3656556a62586026dc3f7836f6173cdbb5a79a4a8f8a638678d6a |
| SHA512 | df76a08aae9478d5226e7ec2e547da4a1e39cb3f4728860c5179dc128b0b7366546860abd5b011a44a2925353dd475e389defd55daf1901ea59510019dd4225b |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 0bfe8d29df827d5ab2f0835ba8fd07ab |
| SHA1 | facb9642c8aa85297a7792573fd4bfd441bfabe6 |
| SHA256 | b74f741e5d60a554adb91a0670e1be82ef1b03d02706f9887017a6a4b72ec18f |
| SHA512 | 6d1b514ec6f40ba49f3e886a0734cf0363f73e5f1459e08464a93d9ec933be3cc1b95f6b8a2e008bbde3be1e50ea67512ab9cbc95fd1a7be170a816c3b3d4394 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 5fcc1e16c18691ed41d46596f3c498fb |
| SHA1 | 6fee5399ffe6b2f68ddbf21f8aa1da8e07f1fbeb |
| SHA256 | a7fb008a6f5e15a1394b31142d71f9e5110e38c2f087f4adb63f1acdadf400da |
| SHA512 | 620400102e423385987f0da30df7c4e2f694e4ff3f57dbfc8e00d3e1cff2d63791f76a081f880b13fc8bf78c91b1615120a511ddba3c2d8ae2358cf9aac9c0ea |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 6acc9685bc3ff2c50a41d9bac661e9c1 |
| SHA1 | 76694544702d2a0f66f2614045b587f4c2421fd5 |
| SHA256 | b0a9b1709a6ba42bba32814fa01183f003996507da38d12eecec58d9a2fb53fc |
| SHA512 | 04b5c83481688b12d66a71961606595c1443ae19a666d9aef9aa30a8d59f3be46b4f82b0654810a225a18ac8aba0329feeceffafcf793cff5cb9c21162741284 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f1030b684f749a3dcecaf186349513af |
| SHA1 | 1c3b0d543d81e51055e36da99e7560118e012ee7 |
| SHA256 | a0c4c3eae199190c28f36a42838b3eb13e2d4fc9d63ac9976d9376fedadc37ac |
| SHA512 | e0c2feb2873aa1823c75d2e80e724ec09efac00404dd69e1bede7ffed25d71e2815e5effba88491dac62462209e9767a89b095011cc370de9a123e1f3fa1c1a5 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 9d82495c3619247f69464aa204b74a30 |
| SHA1 | 970577aff2ef42da827d426717e008c36c494ef9 |
| SHA256 | f669ed178f8010e5f523f3d5310ae6c8e2cd6b05b884c5190d38aefa85717704 |
| SHA512 | df96523dd8cc06aaa313996fc15ee1c9bea6da3ca17d71fd9e44153fadf2c99b47d31b999834e8b4e46f7438a79cc71cb629cd4351684469908060a6d1cc555e |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 75017342411711fa81829d4b753cd7b8 |
| SHA1 | db4d447f5bd0390bab6a22c70902a32e7845a0b9 |
| SHA256 | 722bd229c2933d887139f49431632ea8cc17a76dae749dec3bccf57f09079a30 |
| SHA512 | ae576a0404394c932c3907e3ed74faba7ac13f4177d2f7256bfe6bb6f175c881452ffce7ead25bef41c95303add11b79a898620668a0d045f96d15f54a3e2945 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 1798a516355970a8cd345feb0fd1faa0 |
| SHA1 | 891ece284fb8cc8334e2af64b7bc151060502821 |
| SHA256 | 2f7c188600d16ac19e6a8b21bdc3663b8034f80f6bc2a4b0e978b9aa5421daf8 |
| SHA512 | ee38b6dbccacddb4178b50ab503718c855f2f8c369f3652ee0ac18f9b9bd73636c2f0c5098d4d14a59fe8f87f34ac9c7385ba4f82bcc10f527dfb747e791fea7 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | df1088c069e2efe2ce211f6d29016843 |
| SHA1 | c7b0d21d6a253709fc146c646c37cd7b14dab6e8 |
| SHA256 | d31bf94014b1075e7ec3ef514cba84b07d91839b48585bb3f7eb95e0d1ae6eeb |
| SHA512 | cae99818e709e688661ddd2f8423368a915286ae6bee00069989b6105d85bbfeff53874afdba0d8caca2a2ddcbc8e3b5c414665037aefb645c12d5ad7ec67f6f |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 68621ccfd845ed49809a6b590939251b |
| SHA1 | aebca3ac6ee61876731572bfdd1251bdf0ed707c |
| SHA256 | 554aa998aaabad1087cd2fe2db93e4ecbfde782b1fcf58cfdd89ab4faf9caebc |
| SHA512 | 4d1f3acbe335ad80e2f0ea118576ef9f1269eb4b64953b663e0e8f1a54205d53dfa41abc3e156206651f629d56eb2fa4995d9ff5cbaac3acc1024438acfa12a2 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 6bdc004cab51ed360dd11783d55ba173 |
| SHA1 | f2c7ed3d414e30ba0f52772d7e9d074db1a107ad |
| SHA256 | b34eabd5aabf1ac7a9c5832684ec03d90adf901a23a02cb31e73ae1abd2e202d |
| SHA512 | 43c62122c81b3b53234ac61ca07b96792831ff2853943fbe02773796b941bd828d37f4098343fe01433697bddf81ae0606c67e63b43066082bafc94d043391ff |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 480c9703e23bf3a4b76f2de07144fe3f |
| SHA1 | 8dc8416cd0d89e6ae126671604d54a3f095f065c |
| SHA256 | 9cf04ac5bf31cadb3e4ff7f2439b2875e010fbe6e75591e173a0ea1d70b61167 |
| SHA512 | 8c55b0aac980ba9ddbf9f4f2bec737c771fb9f73c91ed97dc228c32b0b5d0d78dcdc3bc15d977cac5fecdefa797a6f0d3d67c4e0fab56ca06a2b04987c01db6a |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 7debef7d2aa62620575078d529fec26d |
| SHA1 | f18e4d659747488e766f22ec0df056b786516a16 |
| SHA256 | 61777aceef31371271364af7ed4bacdb6377e7edc8b364fc03f7b55973b7f27f |
| SHA512 | 6b50b42e1fd9682e805b58d12698225b5d6bef87443e5812f475819b2b75d4c3bb0c5e208e7a9b34365372dc0f9e9b9fce5faa3429f81f355910017397de4701 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 1f2d7ac1ddc2a8617543f21383acfcc3 |
| SHA1 | 794436a47ef11fe5d2532547839054e8024261cd |
| SHA256 | 99a5ed998c00b15f9165ec5f9e8a9df5ffe03cb0ff91d5a42f861d02de8a50fc |
| SHA512 | df577cfc1c12441d2ab0aa49b137997462ef7fa0e7ebe2e471e5fbd31a3916069241a7c55bcd3f41f079f23946aeb694d3d3380760d7b4afd5495918a8dd0867 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | a72fb5f9fc1721dc7f49f3b76e43da69 |
| SHA1 | c9eec2aa2e36b02db729e59bb4ceda465da113a1 |
| SHA256 | 0b002669c1683d8f865394533b23fd96b908ec48ee4b7bb36aec64cbeb424462 |
| SHA512 | 6a7b22812a9d87e858bb6f878a0fab3752d0b6b6d90e302ac8e7b7a44c3f521c6159b4f9481447e88fb3659104d04fd9bb3545ac8d1e592e7d877895c349a151 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 446db67f3dc0bdc908a533279423c2ac |
| SHA1 | 1212f39bbfc15d0a45e5faeb790cb00cf44179c1 |
| SHA256 | 8fd9e0580c1b2065b529032fb9144c8ac596ea30657a82cc22f5a55d11cf9e07 |
| SHA512 | da58aaba706c92d22a2c06cafb85a2dab77edf86fd5d642bda4b43f66ea8b8b61adb9a87a47ec6575dec707fccac9c417ed8be365a9ae96bd8d348da68bf6b59 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | cafd36a7c44925480169845b9a44ccc0 |
| SHA1 | 05336d6aee2383ecef6b0c8a3bb5afb6720afb56 |
| SHA256 | 5ab3b40afdeee64ff2d9ae30c50a835ccdaffa5a587f065641f671b9840935ec |
| SHA512 | 1566afa89ea389bba7f67fed7a9b61418ee02377fb5a6b3b7bb54422e2bf98325005613292bf8c424ab5f1384f6d5d7bd60e9344c57b539dc6243988040d4c67 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 6cff1b1fcbeba19f6787d841c37966f0 |
| SHA1 | 507c0cdf339ab57ae4ba2b392ac9a4efa82ada83 |
| SHA256 | 2e46e86b87bbf7d5e74ca4ebbffae5453926e7b1fd96b27ecd9cd60aebd6e956 |
| SHA512 | 37597629699ced432c1e4f78f5e24c9ed373ce81b27045ccc29eb5f78b177312d0b2087264b5add1d73f859f00fef83089436d0e3370f624ab92c25f56ca2cff |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | ab0a6d7820a6dad4a6233d1d262138f1 |
| SHA1 | d39561efa1866300eeeb188696e7f1001bae1bcf |
| SHA256 | 96292016384c3d2bccf450d7b669d5b7ede3c799ec2a3c558964bbff1eef5280 |
| SHA512 | bdda0e7571d2375f9608464588e8a56fef4e3b44b38f9c0a19139d1ae50e33a21ae7ad827a7b9021e22815905090ad62a82b2599f8b87c41b6d0e6541df9abd1 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 7c0a1641368d68273fe078489d33de1c |
| SHA1 | a226bd6714320dfafbedba7ce40beb0be9d8d94e |
| SHA256 | b5766d58b8ea1d8cb3e587f5a452a3b7f1f47f63b4c0f766df24754fa07b63a7 |
| SHA512 | 3b45cf56309a226d6bd1a2681f5b65e82c07b8f2714fa2277251df3434caec67f44fa1bb505149b8e6cd18354824aef3aaa3ce28869f8dc3b45d0f1c98c40259 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 68c11d031e2f927b72439a73fb498aef |
| SHA1 | 2de1071f97fc0720d02d375ed5c394da001e8d87 |
| SHA256 | 76335bccd2def6912ceb4c965b8c0cc5ba43c6a5950867f9fccb806279d49582 |
| SHA512 | 3e8ef6b69d35a73300331f8b74a8611935783e95eac1573d4b8f16fc12c51f4ebdac9c4d25ad4b392ed9088cf5ceeb6fcbc4103ab0414ecdf19fedf46c8452bc |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | b4771d177be991ff1e502b54023ef948 |
| SHA1 | 8f9f6ac8a3d7340f2c2863a8d5b2e787aacc83ed |
| SHA256 | 5891633faf40548284e30c2e2aa86777a314dca9b57027438b7c9e76d4488161 |
| SHA512 | 1cf81e4068aa0d3f90c8071ddd63be632eb8ccac094a31e72249c53a62e291d3875bb1e30e19c93c2467b40cfd9beb57562223a17041bffb4f8c338fe4d8b886 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 2db799403a4fb9c6938caa6b0c613426 |
| SHA1 | 1c5a2a19c36ccb51def3d54a0f3f61f40a5cbff8 |
| SHA256 | 2941749f479a645332d7362a40e1120ddfea33e524b5a81e8887107f9c00342b |
| SHA512 | 4380ccff56f1709ed77928a29004412c81d77871dcb14a636d9606b416169716295df6b0af0fa6377d99a04b721d735ef9be0b66ec16c29a146eb4ea767f8f6c |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 5ddb5c8170042cad9317a6804d8fcb09 |
| SHA1 | d74f1e04b7d44f7c4472b75fcbf685b73028478c |
| SHA256 | c38acd67fc93f0fc26406f176558136d37a2a7caee68bbf0cb660451d8975fdc |
| SHA512 | 859132942e7495e1201c2d2437164a7c4ca89976121d9f0c7fec1b542dad6c60194bc43c96b4800b02f49045a80b032eda155e1b8ec6795a63680d220146b122 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 17dab03fd8cd5743a0a439a15b7ffd6e |
| SHA1 | 813790f6b5101a0306930fa14196538e67c6203d |
| SHA256 | 9f84e2fd93296bfa7711fafce5cdbc08c064a9894cdc6bf2049cd31fd6dcd554 |
| SHA512 | 1b3f35c436d5e170d55eebd4c2ae0ae0fd6a3a09202daf56665adc471bd1c761d9193a8ef8251d6e1891b97c84650d936e1c0afed782aae5b4d90eae798600dd |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8cbb39733de7965dab8bfd876d5d922c |
| SHA1 | 1e2d495416f10f5e28ac05892dfa7fb0c3e1e0a9 |
| SHA256 | 4828bf89497ca832dee1cd9302b9806dbaac8bb54c1e251ef7a539ce3dd42164 |
| SHA512 | 1bfd01b1ac37453116094cacbd7f8095c67026bc6aff077aea5d65f48a99eba2e5875d0575d42f34e35fa73219549e009935b7889a299c2cbc22cbcaa7d7b38b |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d3bd41c6c2b849468d285873434e386b |
| SHA1 | 6fde5559988eced4429588d15ad3f0895d5d5fd5 |
| SHA256 | 05ac69aae9bc91e963f06a6746c0acd6fac0ab2f8d44c7b47624f656573cfd7e |
| SHA512 | 6761fbe659febba819c6dd8b1403e0cd6b263fce9d32e4e307806c2b4a0556dd98c9362cc0aa13aaf9a7871f52df3fbd517a7efdf4cf8f3795fe46590bbd96ce |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | dd7cb74d437554111058cc35fc4dc3a5 |
| SHA1 | e2882443d400c65d5fc995ee47c458e5d93fb92e |
| SHA256 | 4951786cee53af1cf8a4dcc1d8e13199a33cd756491f143c63174c550bf2f67a |
| SHA512 | d4da5948ec7045021aa266eecf593c5e5af379466ae45b241fc81f88bc4f8c154f807499b2f6306a9f82139f2058afde3f4bfc41edb9554168c73c0bdeff04bb |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | bd7881be76b68c6033620d9c3b314212 |
| SHA1 | 2465fe032ba4875c1dac6fbac90c85d8dc602889 |
| SHA256 | 08fd8d30cd7f85bb6d8e4ec45c285144fbded343a6ade3478256bb256884113f |
| SHA512 | 23c6041d0b205372bf19e4927cfc8894244757555ba9396d9a1e36202622cfa2a3a6d7f041d5e4188a402e5d1e59b9a4f9bebac6779c47469968e54e112ea8fa |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 24a99e95a2b44d9136a9332e65c76e5b |
| SHA1 | 01c3cdaa40870d9443ec592744efc2bfe1f66d2f |
| SHA256 | 43006ddf9e768c6986ace7365058e4c72e1affc0a0a888c9c6500903d803c271 |
| SHA512 | 31f158504072192fb6e7e4c97accd38e39a8c95f1675ef74a1d17461b7875b0502d81c657ff73197e0de80c5477e0439149d84ff7a15954f73ea88e21c2c2cb4 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d10fc70393602bd9eccf8d3c813fe555 |
| SHA1 | adce9ebc0627a8bb02882801dc8410cbac51f076 |
| SHA256 | 55b3d6359548363f613d36788fbe34837da31b4773bd67e6c7f014b797a60c3d |
| SHA512 | b739910f50bbbb8885495400524a329b206a760c916aaae192ed32a2e48d0e52a8d125404ff889deedb0eef32bba24ce6de603056c26f6b0be92a1ddb4ed97e7 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 3113bb659c0dbd7c652f0e5af00c8d3d |
| SHA1 | a45d84c2d3d20e7b17f5877c11dce99f4f3f2882 |
| SHA256 | 2299c03ec704a084bc3a1d302f8c831b5429e66558e1745d3ac5de9f56eaa17d |
| SHA512 | 1f77d18643ea5a745c4ae4aa8c69835a11493e40d52abd9e19cbb855547c5ccd9fa0c53ac339fa015e3b503022aa1b0bb10421094e828f9727add066809cb7e3 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 84a9fabb4875a49fbf0fdd566a54f7d1 |
| SHA1 | 8b9f6ae7daa83075c0fc4be0269360a751be8ae1 |
| SHA256 | 67a1a7cbb316efc8b178654486c939783d8956b14867f15455d59b61214b4a6a |
| SHA512 | 15369af04d64d51aaefcd8dc916330049ddbc61b115db9b0762672d4b86ee8d3b8580d703170439e38f6c4428aad6c446eb3bb64c6b2d6ddce33227c524aa630 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f8b10f7d1d4b55fbfc970a8c0b1dda1c |
| SHA1 | 6d89ff8a35172b302b1ee0fb74d59716a5a6515e |
| SHA256 | e6202380cc6f3f7b54f08a4ee1b1fae170474f1ee49b4e1de789038e98c61e6e |
| SHA512 | a9d2d651d162afa191f7f57e3b4018ee6355d264016fa98d85355831d2d5a1b37a0b3a329b531707ae4d61cda56d311122e6c87da73fe2b06deba84b4dae2ecb |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 4718392f6721f12cac85904fbe88d061 |
| SHA1 | 6e8198a0d9d8cb5b0538be4823dd1fec4ee47dae |
| SHA256 | 281974259384045b27e905395b1adea1680b14ff683b9a1136e5ca8222869007 |
| SHA512 | 9d0dc45a2d13e819e4a6854e1538838213ffd40046bdc4572bfc875e8560533afbc2c8a137a96084d8d2fa6323669fdf512445df05144e803b31b9790bc59dde |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f8713dd3d375e8c799f4b809c6b6109c |
| SHA1 | c46569dafbdb1d0c1487f05fda9292d79d76f807 |
| SHA256 | 94a88b9f13940d7fa1f92ac50cca2e5e6e90a26e2b659d74af444a4d7e53b6ea |
| SHA512 | dc64f783d0f5907735f19507b607a22a4dbafbcaecfab280496c5dd71a20e6585614d5bce5f2c9b7d54b13416591fc07d20a8c33b378c5b6b615d346d9f5c620 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f4fe6b90c3221fb739db7eead4f825e1 |
| SHA1 | 0e219aa4b1afbeeb674e1917e649e0f8f767893b |
| SHA256 | 9f0b0a9fd0f4827534e956049f32d7ec9db1e127805c048194697e86b046d471 |
| SHA512 | afedc9243d3bedd8b13af666089a55dfb4cbd44d08812d7e79b44c23978ebe713b128510b8b81a2e754e830210f61b46ea4fde1761932261b307899cdf4e19cd |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d1358a2ab3093c1e76797446e8cbfed5 |
| SHA1 | 5353dfe66a25c7fb1ab7d155f77135e0af07c37c |
| SHA256 | d9ebf87983cb101c87c6cd50a45dc4f99f982c127f79c5c63bb0021f354ebf84 |
| SHA512 | 88e1c50da9a226f57bda2e67fd23f8f0928b44dcaaa680ae05fb31d41c3a29cc7383b227a6d7e89bc738f073b278031c892955fb04fad3ea9b19e614dedc47e6 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | bbfcb9fe9e13c98e0fc14d29c93c903d |
| SHA1 | b72371ad17f64ce99710fe1fde6f1da44869926b |
| SHA256 | d170f9aa58e39b17d722ec4b05810ac8a6dfa90d8e41d21b24684661e6372342 |
| SHA512 | 9bdf8716ade006bd768913feb55112e6808275275c97c884ce2df7beb4d14d35fa2128edd46c340741705ddec957d9db1a8b05d2f2035173e48b1f661442f382 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 633dcdda3d816e035a3211b32abb9507 |
| SHA1 | f969857586e4acaeead3da79872e878f60402787 |
| SHA256 | 3aa2c7dfab3962fb455d697a2526c264a5e93f1390a3200a1ac16a955ba253e4 |
| SHA512 | 4ea42e4b7e7a60ec0ca90e797c06449a2c2e58ae8d8fa2e66200b780b4ae8b26d41cf5f83825e22702b7ebd49ba8c375cd6a36de4a6567933fd14073191c65e1 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 81aec3d51d93953c61969180bac429a2 |
| SHA1 | f6bcfdd408b4990c9e5758e7777c6b550d5897e2 |
| SHA256 | 851650736292d93b1b4d312688edb8205220c74d90fb8464603ea8606e343461 |
| SHA512 | 854bc1d2dc2dc12f7d5327c76e8124831e0e15056d4d9798d817185e5680d12820686a26f7957def396b069ee02956777699d100f7bdb30995daaec6da90d952 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 7832ec6a043798383e4a79ba90ced461 |
| SHA1 | 5a1ac7da10773610af2082d3853f958d7e6a1c4b |
| SHA256 | d95d65fc0fc6b5abf0eef5c4c9bcac159de15781c5033495fb7f4e5e82b6ebd1 |
| SHA512 | 749b98cc930bbf2b9a6322cad8910e5fe34bcbd12f4256fcddfefae229140c6fbf263a582d3323d8dd0829e58b64498a70eb73cb9d88df91de07781e25a004b6 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 6d1fa6665657c657ace1f38e05ec446c |
| SHA1 | cc63a685f262f041fa8d806993b3475dbc5c1fb9 |
| SHA256 | c0f1824cfea4a816fd27b530ce2982d65a1d0dafb7aa9c5c27a02134dd23fdbb |
| SHA512 | 9a18774ccff3e2fdea6d0b23d3b100bc4844d9a9e592280082c17b1982b03720208463f127dbb7b6f7ff613844fd833a31ca77232b493805cf31c31a63f11fff |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 209653d205b581e46741b8fe775c41e9 |
| SHA1 | c0041566dc1115bf1d2e5ffc3f375af9027b0f46 |
| SHA256 | ed5c668e4003ecb1288d3cc29e9d749f63b9f767491c25327787723c6e65db1e |
| SHA512 | e723cf1ada6c0b6d83857da3f6dbf7094a3dd435688edcca2b46b07f20057390ba71967f85ad2e1e3a89049c9b84d4e79b7c50ed0d3e62e3d09d953cec44859e |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 16b0cc4065f888ff7acbe5b7893b2107 |
| SHA1 | deecad758e899e2b32dafd1b8cbc033b353df276 |
| SHA256 | 00a02230f231b2d3a217b258dce0fa0952cb071576f02fd08a131e2bba2ec3cd |
| SHA512 | 1e0876a9ebfd3ccd40ebaddee5c49e7f53e283b1e3c513fdd6c3ea210de4471094c0ab1173c6b91fc7315269d02341a03d4ad6fcbae5461d65109ad3c889824c |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | d9aaa02f46a2f9a0a46362e8539efb02 |
| SHA1 | 8d6226108b5f13d0af241a86cdc2d6f88557c471 |
| SHA256 | 1ea081f6441948f3fd4c3e160bf9c164c37b1642015e4493a233a3fec184ec4b |
| SHA512 | 6cd4d7bb02d23e420c42dfb8013822c57653441ce865ce10b54aff380825e03291c46224960a6bf12cff1156fc210991c5431e376ba6a88d18248e7ccb4fd0e5 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | e647842866601f112c7071f1f7f8a791 |
| SHA1 | c9a9a3d50cd0b137ea848b73460809177b7b2305 |
| SHA256 | 7c2d2dc32d568408a7299fa7be101fca3ed29cb670079ba36a14ef73236617f7 |
| SHA512 | da9fa63cec4f7407959af8286789610558ca5825371b1e735e9af5eeded80c81f5476154e8e2e1a4cc994b33ed2364512a0c24d72d87e9f4c968d9e46bcc651a |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 705ac9258939da7697205a01a9b6b9f6 |
| SHA1 | 135249455b9e62792f15c4b88c3032d85ff6f7d5 |
| SHA256 | 4726624f87fcb82cb105c5f27360f96eebaadfcafed915ea097282e03fb9d704 |
| SHA512 | fe4ada8be939af302bb99d21cf8bba6241eada40c889bb6e75ab49793b7d83806831e471e88cbe2b0b5d8974248b975344ae3b3850df2ef3562b77380541213c |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | c1a28cd842f33e267c4cb3553c5ff9c8 |
| SHA1 | fd399b8d5afad1b6a4af80d686590d47326bcbb6 |
| SHA256 | 179ebe05b468ec8c02bb3574e9ce23a64343aa126e34890ae30112804f395717 |
| SHA512 | aca93f5f332e7a8f7434bfc22a908c103ebc1da0daf98307cfd8e7bb086796826fb294b2b69af2f761797acf6b6670ff5d5cc24b5ae36475fd4318d60aed308c |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8bf85c31c7de742418e872fe20753982 |
| SHA1 | 8b5ed5cbaab3a158f9bce093fc8da51bd94789ae |
| SHA256 | 2cfe6f32e9a48693791f02d7bcde77464e62963ea3c6c753dbaeff67a65c3fda |
| SHA512 | f1492df360b0952f54c80cea4131d4e93cea8488b7ddef393b2746c50882f0e8a26c2e8cc85e21995ea80abe2213b4e37837f65612bd81c976c86a6b4ed643ec |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 75537d9946469a3a1e6b1ce1f85e499c |
| SHA1 | 055e73ef42806fa6c5ebef389aa435edf680fc90 |
| SHA256 | da65b50ddf4b4989a9cbb785d1521e6828e1d11c6bcd9189a67659d82b30ca12 |
| SHA512 | 6e32b3d5ed7e8a528d0d6749e3f54e968bd1d9a794519fd18d28ec13405f4874cba297086afc7b27fecce611f8408ca52e63532534ba5579bf9f0391d0233e50 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | faa968a3aa58be6faf02dc71aa5b6177 |
| SHA1 | 274fd6bb4651aca0ded1c974bc6aa2f36f1bba2b |
| SHA256 | 7e3363c895e929063a63905ae248d122ab05ecab873223b12fc63beee09a30cd |
| SHA512 | 60beb846c05b1d1c4a5f176ac0d26bcd832546a34754f7a1199aab6fd84dea0bf51b921d0057d3c192c8fb7f6b43d6117ea878d82ce29e8d16ef75473693c912 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | e9070e4073ce7490d0e357cc5d944b17 |
| SHA1 | 1f7d48f48e47fcf53c9324ae3f90f6b87eba6e29 |
| SHA256 | 74cf39f2758bd7688961ce5e30381c10fd173462f728cf6f1459fddca9c7d1a9 |
| SHA512 | 6bf82e8953ac4820901052b8e76aea446cf636bb71d24f771de3f5650be6c8c829b31fd5c74519fcaf64322d1b8ed32ce225aa82a82bb87d30e1a18c58f99516 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | b1148b2adda26f4c8bb82f164a435ff3 |
| SHA1 | 88523eb8433491ffc4c5808a990cb1e01473cd32 |
| SHA256 | ac52ecd93b8ccb0b7ae71e71ef6b092067fc345044f747fc3ed14c373612a604 |
| SHA512 | 032cf8555138ca2b1334fb581c1fecaedb8425b2344c1c10c7565206e338a32f599aba57faa485c2117d1c286e04d0e5df472b86ea9e4240b4859e2be8175b70 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 96e8af5e0d1e1a9675af4e29d9baa6de |
| SHA1 | 6202371aba5e9a632bb5944968103ba152122a52 |
| SHA256 | d580ec50e2d727cf25c76bc4633631e72fd7803d7250b9d26c8c2f9ae65b7a3f |
| SHA512 | 8fc803b2bde73fc6cb7bd27c7d22f4e479298c4f05b748c71230a2e7c19fb4b3d569cb7b9e22225227bf6e30611e0c678ec4f65143a39953d064a97d2d5c5385 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | e9b6f7b5b6b704f0a941af1b54e27538 |
| SHA1 | 5d0d872b56e89ec8582ebed30d7c69dbf5e179b4 |
| SHA256 | b29ecf639136a1443e57cf1c31792ad95dc948c850e8eb35e42ebc0c775e4e47 |
| SHA512 | f41632689be32c9ab9c402009016482bbaa8b5ac3242e3a08a40601fd0337119d1757a91435a2e3c53347eca22cdb94d335f66194f0909560787cd18e0eb9209 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | fd174e48112959987d1aa9359f9a9ff8 |
| SHA1 | 35c9a21b51a06e9f86f13ae99fa5b178c7e58c34 |
| SHA256 | a04d23e9ce8f9a94336ca397d50d2e5b8be88cb3a36e477e6b3f1ac837423b03 |
| SHA512 | c37ffe975e7ac562416afd7e7e8a2976c9a3a59e4fe90617d9cc5f87534791312932fe4b0ef1ab16b182be32e9e9360ad002954b9b94c13354091e149d087db6 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 94dd7db5fb6ab2606ef8a94b626481e0 |
| SHA1 | 80e26a110f37d684f82c320b9aade935a9ef2397 |
| SHA256 | 22c28aa2fb2b2050747d0f596cdcfd0c1c13694af4685008ceb6ec69c8343ac8 |
| SHA512 | fdb300e781b6cee8bcea0c776c68ddbe4de13cbe75731dbe709e49a1c550879e8cab9732957d6e34fab7a656a126b05f0f27eaa624befc7c1c674ecd89e13f87 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | f8f81d38e93e5e2ad88aa8f074796836 |
| SHA1 | 5b4fbeae1087ea5927fc1f80661af57d98f93301 |
| SHA256 | 91a3d70002a3af122323bc9870176ff1213451ac77fa77bd76746084dca182e8 |
| SHA512 | 7eb445edb3f8300f9f6027fddc317d5cc8d83cb05f1381decf23eaaae417dd0c5f4606303c5a7ccd94f583c6b5dbfbea9004ad4f4f898cc7f91072fd4910a6a9 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 8f01da2f417caed1dbbca0eda41dc4ea |
| SHA1 | bb891dc180c25f8bca89ec8e119162e9edbbc20d |
| SHA256 | 176b3cc10d6157a43f8a8e82b5ee7e1f8ae6b893a709d2598d7280f8fe614cab |
| SHA512 | df0d738a5dfa82cb9acc172316634938d32d56173ae25eca2705a35d924b958f44e994042a11098aa31a18369d897b144deebedf80f9708e1cbbdb4a5a8ee74b |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 90f7254d08d3803236c62157f05cb7a6 |
| SHA1 | 22725a6115d6f480385b24ad435d64b6baf3a325 |
| SHA256 | b3b0117687bb6ed465dc2bfcc0026f5f08a0ac915f762debc8b35cce534dda20 |
| SHA512 | 800fcb2fa8eb5cd3d23438f0d34b515c611222492d86ac73ac9b576da8720e3dc9610af9ebed7ac281a4f640418aa3d7354647a4e0af430cd6f26d30082fec71 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 6ee436bfa1a95a232639b6478477d784 |
| SHA1 | 908792ab98bd1e2f7ec55634096a53cb34595fbd |
| SHA256 | c401ff5419e43dab5b6d8ef9211d029d5c05d7b06a07bb4bc05033e315c5e70a |
| SHA512 | b70db5ef643387aa2d7309cc95811db1bd434b15a335f890f980829becc1ea4395f257807a50c2d183615ba457e59cae0bb9fed5dc244fd743195b3923f63f29 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 2ed482aa2743d67fea353bf0a1803dae |
| SHA1 | 02325e674e7a05ff2450d6c7928ba09f02d72be8 |
| SHA256 | 82b53b4e82553588c20fd2dcc3434943aa8411bbd5f135c22262494ca8f02ffa |
| SHA512 | 8a0870b5cea5d38d0b1ac4314bc2afc017030ffb8e282ffb8050169a3a3648a5b19622cef6127c8dba3081495cb661daa3974798dde5190633c1a64f55c35929 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 4e0045547882c4a2c1226c00051843fb |
| SHA1 | 345feb81788aab1eb7a1ac09045d45511bd921a9 |
| SHA256 | d47780a5aec38c9f9c81bed49f02930c3ba5726bc1b58045be2092693a0c68ec |
| SHA512 | b31e3fe3d3b81faac356db1069df40cfbe28dfa05b7a89b516d830342c01158353231db1537224a768f7d3eafa7260b685029cb23f7ac40dc50a641a8fdfbeac |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 02a550d27f10f2a2a98baae93eda8031 |
| SHA1 | 777be05aacd4fb767e9a421199e0dfbe93f2f8d4 |
| SHA256 | 89bffa2c63db076f3f54e02ae7be43dff0228eca85bac9929321856c44ca8827 |
| SHA512 | 29dda2362e359aaca276a62aa2d7d7cb6dddf311c6c16c7235e4e64b623e9ca1013dba1396eaca50f4429b091154a8bf51f9321865ab0873acaa34b646b50851 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 2b44c0ffb19ea9062c4e51bd5370aae4 |
| SHA1 | 55b3d1863b2fd3ea38b1f9435140252b1690a238 |
| SHA256 | 8d2ac7ab5cbec32b09382271ef501d3a12ee437104171b088e6ea4743002abbd |
| SHA512 | 5ee2bee7b3c42630d8a3ed2e7005275ab280ec5169e2c17f24177abc9b235355b90ba66793930da3540448bb11db62e4ab7f5a16a18dc722e84a3e7b9d77db23 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | ec389f7f703b002591269e6e302914ef |
| SHA1 | 3e460b61c8de2ef2f1216cc5860a2fef9764bd3b |
| SHA256 | a40eda940826d7ae9f232b21445228fd77b52422f5fd73292c1641e4b0442ad0 |
| SHA512 | 6ad045605ffe47b9e0aabc0cc72bdc6157a134d2f76f617134de9f55fd0157f909dd1ddf1fa6668f2289af95bbbc748ad0e6c13b25bac19b0bad1d360f9ccd88 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 75f36220706177ce8ce9cb5fc0731efc |
| SHA1 | c5fdee83e5d1e06b4609cc727e80bb33071bf9df |
| SHA256 | 757237c7f13b5d7d2d015f1de85d72ec8d1142d362d1ccef1f2841d789a149ab |
| SHA512 | f0fece331c074f2b748361e9791165d2ccc70a8af3f547b3722610bf79d49d9333287202c1ee8db79c869f47ff485588a17f90b29d44beff21563fb416d28cfe |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 26ed46e63d1a0b5fa402fd04b079762d |
| SHA1 | 7835cefb702bce127977e67f6071195093fbb038 |
| SHA256 | 61d11061b9c6e63c073b5159ffcd456da9e94856a0ed0049de57047147fc72da |
| SHA512 | a460fc2a138712c462d50181e7b1231fdc802df8072c72c7ace7ee66b481617024006ebf785498b17d08bbf5a731f0d940b047cc9b093d0b59adc4539ba11fb2 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | b629c1fe80aa5313157557263f1de9fc |
| SHA1 | e1b328486b06d9bd87d397cca40c3f9dfa3d5a95 |
| SHA256 | a122ac5c766f226f555adfa2ce0a2fc8ad35d8fab67ebaa4a5af00e3ef74fff2 |
| SHA512 | eaba22a225ac38d3446e27bde18c457c06f412f54242fc108843ec8d386f2e8c2a6d2132a4707f54a6f8fab955a6f734b5eddacf47c17b51d41db0da07a1ef34 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | 87b009af2461165ef787cc9af4c6255f |
| SHA1 | 1204a22ba04de9914882e440d5eacc53435551f0 |
| SHA256 | e2270896f974a8ea51c4272d9eb1010e28d7b573f7f8de8d51aa0ffd29028ef0 |
| SHA512 | 0ce1af0b7b153db854701c437ee8b55d9a5592d305a1624bc9a14523871dcad012e2fc127033507c482a146e76c8510a942cf1ae20408bcca7c950d2ec9a1b98 |
C:\Users\Admin\AppData\Local\Temp\XxX.xXx
| MD5 | bd8e2ef8cb54e167394a6a0c9f272125 |
| SHA1 | d3c6e179880c91e70b860d23b9fb135e64e0aeb1 |
| SHA256 | cf09bc38ccac48c3205034a553dbda8fd793121c1c050b8753ff89afe3fa520d |
| SHA512 | cf88a82142c0f80e2014641630b5404da02348ba9780239b7824ee18f06ca1f235ee66122f4cded3f8f0c7a5cdd3c3994a29aab7ba538a100445b552ab4a06d4 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 19:38
Reported
2024-04-17 19:41
Platform
win7-20240221-en
Max time kernel
0s
Max time network
5s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f685910cb83ada2e8b4333f3aa42760e_JaffaCakes118.exe"
Network
Files
memory/2076-0-0x0000000000400000-0x0000000000452000-memory.dmp