Analysis
-
max time kernel
123s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:35
Static task
static1
Behavioral task
behavioral1
Sample
a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe
-
Size
590KB
-
MD5
a804d5b2613145c9aaad7b3b43eea868
-
SHA1
5bd91a4df91c139019dba734d9be2cab74a38d0b
-
SHA256
0bb97b1adbcab84e7b9e98d2d5ba7d7f5b204dafdf2458a7e07f279f0a284c2e
-
SHA512
570e687dc4eb4a66cea6543b80cc57092cdf3cacd86fc8493a6df10f7e2411fe895971bcee8ce87bf46f5b7a438c21d66f0e9a03ac936c780fc16dd7c7922bc6
-
SSDEEP
12288:TJ6wdOcYExLY0ebcIZ3pxCU5/2jEa95pY0Er4L1wD88P5DmWmeyOp:TJRLe0Mco3pxCU5/2jEafpVe4L1C88xl
Malware Config
Signatures
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 2936 cmd.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\ykcol.bmp" a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
Processes:
vssadmin.exepid process 2988 vssadmin.exe -
Modifies Control Panel 2 IoCs
Processes:
a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\WallpaperStyle = "0" a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\TileWallpaper = "0" a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424501635" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b9717214beda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DE26BB1-2A07-11EF-87C3-6E6327E9C5D7} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000084e4e4fa96f6cf40b22a804754678d0a00000000020000000000106600000001000020000000ee3e85dc198cdc3e827856b16ba28e1307a7520364e3ac6a5130b1d59f3fa5d9000000000e800000000200002000000009cb88f14ff82c6c7b367550019ce5a912c68ad566478d73e9b6f482d7a270d1200000000cc8ad4a62eb4bb180c6e35f62e9faed13e0b20e343deda9a5ec1a4ee6aeed8d400000003848679c72b86dc3820b43eb31d227b0caa665736add53b09068fa6c2a2de7501503d372da5a84d88af9f9274b81c2ba896ead67148cacb1faf68206edd5bc61 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000084e4e4fa96f6cf40b22a804754678d0a00000000020000000000106600000001000020000000855301480234a8b0efac968cd410d29b8450ce01da12aa16a2ad33766ff257f4000000000e800000000200002000000029c6ce90c56b2c8f1769c8e61980c43d2694f0d0564366d658bd5ca95c1a8285900000003c40633cbf8b3e326a393365cb4c87e3cefd690a9c097c274f9ccfde4dafbd99a432046d8afe71cf7120fd506a1e5f062195bd48a44002eaf7b1b64bf213532af6ce5c2a7713afb2a11c31acf7d9050b88390f01d0f895a42887f592659d57ea275102187d1ae39657236664ed5fc6b9fb1a3074351a2ef3fa9259cb54cfe8c175825b3b07cfd6e21366d9c342c348e84000000032e29d91602d660c7aa30f3066cf5fb2a43e954f922fd61ed39ac8122106ef204691c0f604dd83fa46a30580eff65ea4b4486e11da76072c18f89297f91cada6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
vssvc.exedescription pid process Token: SeBackupPrivilege 2596 vssvc.exe Token: SeRestorePrivilege 2596 vssvc.exe Token: SeAuditPrivilege 2596 vssvc.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
iexplore.exeDllHost.exepid process 2236 iexplore.exe 2844 DllHost.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2236 iexplore.exe 2236 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
taskeng.exea804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exeiexplore.exedescription pid process target process PID 2480 wrote to memory of 2988 2480 taskeng.exe vssadmin.exe PID 2480 wrote to memory of 2988 2480 taskeng.exe vssadmin.exe PID 2480 wrote to memory of 2988 2480 taskeng.exe vssadmin.exe PID 2512 wrote to memory of 2236 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe iexplore.exe PID 2512 wrote to memory of 2236 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe iexplore.exe PID 2512 wrote to memory of 2236 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe iexplore.exe PID 2512 wrote to memory of 2236 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe iexplore.exe PID 2236 wrote to memory of 2548 2236 iexplore.exe IEXPLORE.EXE PID 2236 wrote to memory of 2548 2236 iexplore.exe IEXPLORE.EXE PID 2236 wrote to memory of 2548 2236 iexplore.exe IEXPLORE.EXE PID 2236 wrote to memory of 2548 2236 iexplore.exe IEXPLORE.EXE PID 2512 wrote to memory of 2936 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe cmd.exe PID 2512 wrote to memory of 2936 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe cmd.exe PID 2512 wrote to memory of 2936 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe cmd.exe PID 2512 wrote to memory of 2936 2512 a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe cmd.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe"1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ykcol.htm2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2548
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a804d5b2613145c9aaad7b3b43eea868_JaffaCakes118.exe"2⤵
- Deletes itself
PID:2936
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2596
-
C:\Windows\system32\taskeng.exetaskeng.exe {91901FD0-242B-4DC5-9F8E-36BE77F4F342} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\system32\vssadmin.exeC:\Windows\system32\vssadmin.exe Delete Shadows /Quiet /All2⤵
- Interacts with shadow copies
PID:2988
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
PID:2844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59578e85a20e0cb391fab75199d354b2c
SHA15cb40f1d8694be9160efc53025fd9355fd3b45a2
SHA25618bb8893771b1e2de0a64fcb223636e13fc623a99867adfb471abf915e75b997
SHA512fd589154d55b7087085392e4630c402ef054acea28c69d1e6bf4958d88a41ad886bfcb32670eac378d414dc4e811d36420ce4c2326bc0838776a9be666269833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540e3a776f65428cdf7f8dbc804bee354
SHA1e219188a5346878f8dc22dfa12a4fd0d390064fe
SHA256def205a56146f64774447626b0bb9eb1283ca6777bbc2ae333278a84167b5bf6
SHA512c83205d2a5f2fbfc049776ad835058312f14dcd39e41d194bd1c2febd7d5622ed43f075c6c2daaa82caafccb2d360fcc259036f97bb61ea433520f9c0ecad42d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563880f20410a6bc34a3667a1f1f15caa
SHA1f0ad517696aeeb56b6637e872a3942d4fafe2b32
SHA256d02cd4823c8967821de1f7a305b8fb52e0b0c172e1ff4f9a91c6dd295e56512a
SHA51263e9c295655fa46d8778b29dafb0c7915b5b89115cd6a1b5bb3ac1164ad4ade305aab384eb3f398ff9920b3e41280fc8f158273eb3c761b10a9d6d3c8963194d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5226e21b1f841ecf6e869608bfe076488
SHA1fb9940ff5cec568748040dd8a4aa246086bfa741
SHA256ebea028d4e4bfc2f2902bc563d5b9d18f5eb3a39a75f21a8a5f4abad5fe2025d
SHA512e5ba677bbd29b1e8c242d834eb04bcc82533098ee1d8e8b1b91cc8bb55b2b0a5dfd362cbf5733bc10257910665589f7fea0c04116e19bd0b53990fbc3000120e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5392f833438757d7de11e6cbcab4e15c8
SHA1375d922bacbdebe310cc155d9b606f068672c651
SHA2563ccb53e909e7ceecb7eb315d2b29fbfc895c255379672b3a2c70769b73fcc645
SHA51287bf1dae070803d9744ec902417912adb2ef6b096e788290f82dd790475a93a0ab381eef9e9fe77b1834fdbf96166ca53a6485fcf1fd3c7ca154c45ab9c376dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570c7ffeb292573ba5019ef5b27b440b7
SHA1dbff781cdf6d52eb6f4142732373a4e3ca4713a2
SHA2568c3696908abcad1c6d33437d771857086cd6c87a80940bcd6c7ea02eea4b924c
SHA51243e71110dc7d7b94be68ce0f6754fbde4d98a73c9ff06f12202fbd0be8dcc7917d8349353314d7b90a3880795ba8c945e5edd7b4d5318bb77c992dab5b30d732
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562aa99e6af4311efbfdd3c9c444361fb
SHA1df1cad63b1eca9a85dee7c8355797852e41c8a27
SHA2564157a10e7a054f1e75b4319742b8c01e16ae7f70a8cd7766edd3d6a1e37e5c1c
SHA5124e3f3e9f5b36d413456aeacd8742a840fbc77c8f1e92b72a6aa19ce0e23bc4826f6449dc1ce8b227df2896c387e6f0082fcd2c3445ac8f9d8225ead7ef5fde09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fba46e94f6dbdf0241657777dcb2a073
SHA1d8e4b280a4bd49649b96bafdacbfc8040fd10647
SHA256cbec8ae6c840ee229970fed0191e2840ad314a4558047e1704155557211b34b8
SHA51287700ecefee73e8312088a43edae2b0928ce89b4195d250c3400c143985c84c1c84d309899f2a58cce6b46c64712c4d1c519c576229d0587a34ce79f48c99a0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d5a1d476b9dc9ac291cbaf8bd673305
SHA1b603385c88985180f0b9da14449662276ba7624d
SHA256dcd76007ed7b0f2600734ee1593888e3ed306c68e3f4686247f52f463892356d
SHA5127bf15ddcbbcaf7fe9d81de89aa5a5dc95b8f50515e8e43d946b98190c96caf494d0753aa3ec8dc739dd8a3e17606cfb4d313380fe3af1ffbf4d18ac55815d84e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1d8ebaff24d91970e46ec6d4936c129
SHA1b19641a0c7717d7b04be945e929b8711edcb606a
SHA25690abdc907710457259b2245fac7e815ea4ce9db60834d2bf4acc94fc82d51148
SHA5121ce61f31d0a8e020a7d3f2bbff94c8f1c34ddb37839437f11177488ad9f9330356eae0067334a1d036ca66b4de0fbe45f8446f6de34a452b5349af21488b50b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540aae20136d309b4f80f7c937f81716c
SHA127583e74aad65996a650558d186159b591fcfcf0
SHA256844a673c6eedc573831aad29267cba7adc88c46451636a1b931e6b77078d02a0
SHA512664ed5172528eda14797c7fbd5cc2d015ad642eb640dcd83ec9b3966a7643f537355cd442d42807c2b5dba7d491e1ca5d4c147b0d9c8c3dcf8e34d68cf1ad9c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d87ca2917d5f5df777653a8c189d3449
SHA1e12eaea4526884b284092e82c58319962d2f491f
SHA256df9ac6144107ce6d76207aecadf60d15e10009093a3a86e526e260030b211e9d
SHA512a83621389a8c4de0beae9db3a093d4da40a1049b3fc0c0ad772f913fe589108360f37a89fdf33555ee5428f2b2b3731fed3bc1342587fda162464b59e5e62551
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5705439694b28b40f719fae77be5ec731
SHA184eddb234c2f7f6c312abaa2d85dd3d98d575e3a
SHA256a3ad7d943f3612a6d0def4d81442f3833d5f16e843a5da204d2dfd2e1bbed96c
SHA512c955c0976128cae2408b5a6d914a8e7b29061b034ee0ed80174aa2e20cae91af80e6018e4976124f1a02c359fb6f34b5ad75bff2ff7c08bdb9250b5635b2455b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a40d2b2efb5316ed53b147f5c989a902
SHA1251c5e1ef252a149d58f4d8020904e833e8ea3ff
SHA2566d778eb71bf7816bb0a999a953d21552c5544c05943e82a27e33f94e9987fd48
SHA512cb81ad2d395958b1236dbc43029eccd21b576df1ce00b178ef032a1de89647cc3a74a00e2023078bafacb5a48b7ef88f22f761451eeb2e5e43ed08fa54bd9a0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f86255663d397f003e8f1af1c2701aa8
SHA14a7df96c02d43906cffcce23c8ea59bc2efceee9
SHA2567066e46862d885e521343055fd621f5636efb5c61d9c73ccb46c6bcb743b12e2
SHA512513578dc780d7ff415b35c7b77c9ce4ca08fb44745435fd4f0a19c3da519d1c0fd7de8eecf74d29bf12e7979a81001bdfa673f49fb79e68ab2f1643fa097afa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a21165651f025627780e9db08ec102a
SHA1fae6b9cac5d734705784b447a9f9cd3834507c4f
SHA256c7ced9c5a0b4a4e4fabf7c432391000afb12536218bc76d985f7e7007d5bc919
SHA5125f665ebc88e9611713a79f51608e9d13b7be8a49dbe4ed5f8cdf1ab5203ab26cda68e49ec9c0b801bb763401ef88c949350a7ce53e2938ee58353b42d484cf25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a68d4f7fb4c3d4144d36c7646a5f7a8
SHA155b5aeb814907525c61fce346febe844a035b0b6
SHA25651b466896c57a51755e1c4144487a0d8b8f65934755a80c6219a28f9bbbb3486
SHA512fe13dcc0239987a29f608d589e924fd6a278471ad78735fb264b63221edc63d74a65eb875616fd16b46e0dee34c13620a03547b7b069d4605babbc9839011bbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c045ad9a56c70f8671995932df689cda
SHA145699e49c679dc670fdc39a1da4cc6bb8f656731
SHA2564e60ce8c290b38be25b53303a6c36ae178b3c219ecbb85066bb3498938f25a75
SHA5128ae180b94bbbd6dbb52551b3cb03875209b59145333a2b466a519c3b54a6db0e4c8f51599609742108bd48eb7c7ce77fd7122ebfad09dfa74e56e41da9d335cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530bc669981c418964aa21ba4d3ee0b1c
SHA1274cc4561821dd94ba0d42979585de2de51d0999
SHA25659351620c096d1a781f5364d1d4d3d3491dda06e625598ea3abadf27104445b0
SHA5126088058a1bff454ab860eaa21c97d365284b0c25cd88840539b5dbba552998a2655121de55ca27ea2d35fe25ab0a18f032e135d99de8befa476ae0444fc2e0a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517e216b3ec77b2afb4122e746f5eafb3
SHA1e9e4a07275e05949e90c9f9a4bf3b48961af8218
SHA256e3cec4b7d4304bfd37e47ab9f95c10dadbb283338872471471074d338eb6fb40
SHA51268744b11139224cc2356d246f9cbecf20bbd870adfb2c8b6c83a44c443f10f20e68553443cc3f67e558f05d943c7b1d779063fb80f6a3b9f30f77df60aed7b96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee8b44128af0c8281e5082ef20d36907
SHA1d40bb408294a640c369bef39f9c37f743fd0f641
SHA2561fa916db2a5ee067cbac6797d8699e09fe86a0c4095bb9506ff2437276c7bb6b
SHA51244627cb011dae26d66a554ad90ec5454cfdb8d2cd8f7401a561add05eab09b475fe825706b5ea6fc7e122bd243961bb3a5f528e58ac6c68eb960a6c9e9002cd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d459b9f0de1d4432aa5a3a52d7b0994
SHA137fcc5b7f41fea83122c87a6a6d76793a97fe1d5
SHA2566c1784389d33cbba2e4a646909fd76c8a47c843d7e36058d527d0ee4f7babdc0
SHA5129faa035be6ea7d9a45d7a81bdf6dad6507d422dc7c79e9d4007beb83d770a1857c11b15391980f04eb82e8acea2d77fef2b4c8d2ad23d51a2e683407ffc95edc
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3.8MB
MD5dc67c81f714003f754de438937bc7d94
SHA1ff5c39f181ba19567b0a8d2ec11feacaac75e08b
SHA256b65432fd8e9950a1d0a7b88c7a1f91afa5e933de97914745b8ca74c6bcebd6d0
SHA512f79dccc4bfc45ca25d4235630971fb6dab23ecab8a8779080df6d9226590696989e3cac27bf7b58576ba005998fbb6ba82d481e2c6337f8da00cc10b2a6c7e2b
-
Filesize
9KB
MD5bedfb5f5c458b6d90b48e73817aba683
SHA10888c6808904572df85ba57c68f5f3f8c8be7bf2
SHA256ad02ef46d11d97b4e2c3001ad72303279c5d3bbda5b6be021f12a79bfc0015da
SHA512dd760247933b576906c86b639a5b055e0f207c7e9e5ca9b9c71a9547c8ce5ac28a07e5f323be44ed94a8d2d030f81f5dd78923029f3d5d9368c10bffea8d38c4