Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 15:42
Static task
static1
Behavioral task
behavioral1
Sample
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe
-
Size
18KB
-
MD5
07665c23ca68173f7490e11482c898ae
-
SHA1
358bfb2d3f364d99b7a0699e07a763d4b06ccfb5
-
SHA256
a6de0c5b37fde764b88464df279ebef8f98dcb55e2972240be32327837987555
-
SHA512
086387998f5345121e1bece26e93e33381dde4a39bac3ee5dae561d822d5a9d860aba5b2572d957fa84a3960a00448c06f0a67cd57acaaf39d66042ea3160ef5
-
SSDEEP
384:bwM8LEwbriEgjoES76z3h/jpiT2fkn9fHiSNf0ve0OxCGGqrt8YKvITtK9C:k3LEyts0GtdIVfiSN820OxPtrHKK8C
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 5 IoCs
Processes:
resource yara_rule behavioral1/memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp modiloader_stage2 behavioral1/memory/2180-1-0x0000000000400000-0x000000000040B000-memory.dmp modiloader_stage2 behavioral1/memory/2288-5-0x0000000000400000-0x000000000040B000-memory.dmp modiloader_stage2 behavioral1/memory/2180-6-0x0000000000400000-0x000000000040B000-memory.dmp modiloader_stage2 behavioral1/memory/2288-9-0x0000000000400000-0x000000000040B000-memory.dmp modiloader_stage2 -
Deletes itself 1 IoCs
Processes:
cmd.exepid process 1136 cmd.exe -
Executes dropped EXE 1 IoCs
Processes:
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exepid process 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe -
Drops file in System32 directory 45 IoCs
Processes:
iexplore.exe07665c23ca68173f7490e11482c898ae_JaffaCakes118.exeie4uinit.exe07665c23ca68173f7490e11482c898ae_JaffaCakes118.exeIEXPLORE.EXEdescription ioc process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low iexplore.exe File opened for modification C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe File opened for modification C:\Windows\system32\config\systemprofile\Favorites\desktop.ini iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC20B5B1-2F1B-11EF-BDEB-D6E40795ECBF}.dat iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC20B5B3-2F1B-11EF-BDEB-D6E40795ECBF}.dat iexplore.exe File created C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 iexplore.exe File created C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico iexplore.exe File opened for modification C:\Windows\System32\config\systemprofile\Favorites\Links iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ie4uinit.exe File opened for modification C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini ie4uinit.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC20B5B1-2F1B-11EF-BDEB-D6E40795ECBF}.dat iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 iexplore.exe File created C:\Windows\SysWOW64\Bank.dll 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe File opened for modification C:\Windows\system32\config\systemprofile\Favorites iexplore.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico iexplore.exe File opened for modification C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms iexplore.exe File opened for modification C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch ie4uinit.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low iexplore.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1] iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low iexplore.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms iexplore.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 64 IoCs
Processes:
iexplore.exeie4uinit.exeIEXPLORE.EXE07665c23ca68173f7490e11482c898ae_JaffaCakes118.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs iexplore.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 ie4uinit.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "1" iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "1" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems = "1" ie4uinit.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type = "3" iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "1" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF} iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type = "3" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet." ie4uinit.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6B858B10-E090-44C0-8173-6A979A1DA93F}\WpadNetworkName = "Network 3" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup ie4uinit.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Version = "*" iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@ieframe.dll,-12512 = "Bing" iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Blocked = "1" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5a-24-0f-a9-df-c2 iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico" iexplore.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = b0eab27128c3da01 iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} iexplore.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MAO Settings\DiscardLoadTimes = b01c936e28c3da01 iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "zijnj4w" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LinksBar iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root iexplore.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007339c301faab814795228f5d82ec6e51000000000200000000001066000000010000200000007cf526deb5217b73a628131ec37727e8f9cdb648c00e43c4e51a5773ec46d163000000000e80000000020000200000004f0e4b641b75fa8ddec94c0d2935b8a33a81ea2176811152675a29fd1587b347100000005c33fd9b172ab31c5bbbf356e5d887eb40000000e3d945f245148c7b2eb1b6a2dca8a48ccbfc3301c4fcd93da81efbcb27b3f10560cbbb70ff0b08db20f447dec1f3dcf9c50f47d97c6f19f0ea4067968894c529 iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046} IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs iexplore.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Flags = "0" iexplore.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs iexplore.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e8070600040014000f002a0015002a0102000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum iexplore.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exepid process 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exedescription pid process Token: SeIncBasePriorityPrivilege 2180 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
Processes:
iexplore.exepid process 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe 2804 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2804 iexplore.exe 2804 iexplore.exe 2384 IEXPLORE.EXE 2384 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
Processes:
07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe07665c23ca68173f7490e11482c898ae_JaffaCakes118.exeiexplore.exedescription pid process target process PID 2180 wrote to memory of 1136 2180 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe cmd.exe PID 2180 wrote to memory of 1136 2180 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe cmd.exe PID 2180 wrote to memory of 1136 2180 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe cmd.exe PID 2180 wrote to memory of 1136 2180 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe cmd.exe PID 2288 wrote to memory of 2804 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe iexplore.exe PID 2288 wrote to memory of 2804 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe iexplore.exe PID 2288 wrote to memory of 2804 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe iexplore.exe PID 2288 wrote to memory of 2804 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe iexplore.exe PID 2288 wrote to memory of 2804 2288 07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe iexplore.exe PID 2804 wrote to memory of 2068 2804 iexplore.exe ie4uinit.exe PID 2804 wrote to memory of 2068 2804 iexplore.exe ie4uinit.exe PID 2804 wrote to memory of 2068 2804 iexplore.exe ie4uinit.exe PID 2804 wrote to memory of 2384 2804 iexplore.exe IEXPLORE.EXE PID 2804 wrote to memory of 2384 2804 iexplore.exe IEXPLORE.EXE PID 2804 wrote to memory of 2384 2804 iexplore.exe IEXPLORE.EXE PID 2804 wrote to memory of 2384 2804 iexplore.exe IEXPLORE.EXE -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\07665C~1.EXE > nul2⤵
- Deletes itself
PID:1136
-
C:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exeC:\Windows\SysWOW64\07665c23ca68173f7490e11482c898ae_JaffaCakes118.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Windows\System32\ie4uinit.exe"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2068 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:23⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD507665c23ca68173f7490e11482c898ae
SHA1358bfb2d3f364d99b7a0699e07a763d4b06ccfb5
SHA256a6de0c5b37fde764b88464df279ebef8f98dcb55e2972240be32327837987555
SHA512086387998f5345121e1bece26e93e33381dde4a39bac3ee5dae561d822d5a9d860aba5b2572d957fa84a3960a00448c06f0a67cd57acaaf39d66042ea3160ef5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5909534b5b147993eb7add3ba951e8bc7
SHA183ea3d33ab12d8c784977f266dd4f92fb96fe73f
SHA256bcfd90156e7fce7c965141633a8d4aa240ff6eb5b55a7782cfb0ea13b5105723
SHA51291e7f897f2865e65ebbdf66b15c5ddbcdfa12107e010e8481a39112344b3ceef48087348e52518b9eb06b24b9386be981e41ac4e6af3663d27bcc52bcbba0f50
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5013f96198e9738310aad7da61c115553
SHA1186323016afc06a0fcf934860b78cac0b48d359e
SHA25669eb74c7efd819aa84ca7b5475434b31980cf4b5feced64693a1111cef0aff29
SHA512e83950582503f1971176718cd3a56898345bd84d832305ed0f277882e5ce32f42af57967d652d740025b6f96b9f9e0e94365da3424a0b51d6f59ad41ae1a6370
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e0433e31f770cbc50fb5fda6d471123
SHA149d4baa897a45ea529b61c4f5cde8f37466caba4
SHA25613b93163bdbfc69c52361a0b495b8620a46c6836a0ce714d9de8864a0c085b65
SHA5127d6bb77c187cdbef959ea47415958ec355b6283485a2bc216a37ddb0c6eb8cdb6bcd4c4cb430b5159c01e0df97a2fb54dfeeac099f50f0071d3642a664898282
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d371575c8692f5c1bd37dff67cc007e
SHA1aa2ce93f7ceb3acdb995147f4da906cda91d1710
SHA2560efa1ba283d1fd51e3e30c29173bef3f0a8fcda0dc0b3d1420e876980c09e05b
SHA5125ec4515e238007669aca039624712f1087a4e28b52dbc3a5e229bdb9499813db6362c1f4feca9ed2bc1baf7345de4f42c04ae0c9c689f45b8af58fdfe7ab3cd0
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54065e7aecf917e27ea778cfb7f35b3ac
SHA1e3022c5a54b90bb3e1e3adf2166119258dba25f4
SHA2562878e122a769054b4f47a5c6f41c864e4ce03ff6b99b7f294215533b3506400f
SHA512048bd77a0b5703be01844a6a15781a99f893ad1610acca66e5085dd97fb1eff0f4d666f85c9a14a786186b1fa5cd39e8f8adc98d40fc0725bca9a76c0532ba01
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a763ec06f392716b03a6422db1749af
SHA1afdcc0efa2583b21126cb2f509017a732b014662
SHA256f65349ed9e04ffa4d64294bd6a5c91d1a39e976711f156043c14ad29b2af3e4f
SHA5127f0834a10ae634fe8c9c319437033d9b0e5fc89e1c9e7dd380145a95b18d63148deeedccf77e3bbf9732b6bfc96739b85aeb1e4d016ff6baed1a54a5b87d816a
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523f3bc940741d204efa026146b4d13da
SHA13787ec2f224297448cc0a7c6a01ee280189bcc97
SHA256b0da38e30f8727078117c435294dee8c282357583724c90e395df4ae29c6abca
SHA512bc0c431e478ecd885a5d77881a01d4b1b8cb671ee39cfd378d282c4b3ffefb45a47caa56049e038da7fa2f83fd5fec599e81976c35752107732103c9524718f3
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6d7226d8b0645fa6c2d896f8dbfd6ee
SHA104948d9c74d3a2bc9f0fcfb59d5b5142440ecba7
SHA25690875fdea636c4c96453d4f7ed805132a10b2f1be8c0e8ed5205eaaf7c444a8d
SHA512e32ab74ff8d906e5a2dd7f33198bce5606f2c29d5b89a877f4f301c55555b22b281ca69a37775ad0889215b8f8800dd00f5642e453d5dc084f6a5c8e43555f37
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a3700ca763912b586c241dd64ee03d8
SHA1fca28205b32543d35bf90bc06e83534e9f743c8a
SHA256bc5eb91f1bde13fa34128ab67e8e1a5f74c0b7f4213ed70023e6cdcc3db48c6f
SHA512f439e86ea3aa60275f2b43d7048d04b365136b0d472b24e676df61e2cc6597e6ae9c9bc1af56bc86309426b8d0b11b497111a26bcf119ecf8cf5ac48f08ec2d4
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acc55d30b38b8602ec34de3ea387d9ef
SHA17f7d6616d1a574cdc5d7b263bd230b18041be533
SHA256382bed5c9b5cd1b446e2024abcc0e0de9c95b6fedb07bb988aec5c9f6e35867d
SHA512f851403be6ebf9ab4cc758eeb906b67b3306220543a095599ba4245b572e540076c9b9e5f6e2a099862e0f22ecf211067558655cf3ad416d4885541edded3db4
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533c9392704a82dd23a530227cd6c538f
SHA17028505e004af7ad27574da1c9f2fb3e44a5ec30
SHA256fa0f03e8022ce2bc8452d637d4063a2edab933511e8005e56fe96f9862982bb4
SHA512be3997f4baebcc7229231ba9e28612feef0a584831fc60952241649526bcde007d1facc36c0a123f1aadaf20c14541af6396f460c35531c14a994da68a05a1e0
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2bebbe33799721c1bfadcf9f5aafb52
SHA1e1a4618687e03023098015f96569818302b6b743
SHA2563d5915c2e50b423bfcc0c51c4b3e7e8934c3b77b08c1d84dc2fbed4a7ab4e45b
SHA5126e270fde3e9379ba24a0d7dc155dc326366b89c1b20361a28a3e0e0d383ae562b4e023da8bee175bc51ea68e3482c3cdb3d8ef218a839d1bc07fd4f9b038e228
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531780e9a1d5f39d7256583eae208f8f2
SHA19de5bc1e75bf3742bf6dab696c716661c95b6318
SHA256ec03f9e7dc6b267df1b57404f151f5554426797a6ae41c31d73c137fd8eff719
SHA51225aa45e2d65fa01dc2d772e30fb3121e70bd554acf7cced8ed11ce111159f88b6b331d8790b9b923d5f23d1a643c662606748c5eb6ab1239ecc2596240d061d8
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9ca163643116719e0be5a8f59f3aa1c
SHA15a6b18414db386ed39eea624526b1981d36214fd
SHA25653f7e0dc1fcd6aa969f70586fd54c12110a93e43059ea7d8835ce4565922010a
SHA5126011e9553a9d07d34dd14e91ff390de91bc6577b93124fdc847cff3ccc447c4ed50789d0ef62e6a10b4f26de2f76421833394839f01b1d1732a281ce9f1d2fb1
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5443f7edc3380df31faee27e4b969bbb4
SHA1d8d32c05a79ef07fc77d9451ddb81e5222e8e53c
SHA25633883136262189c8435aeefd8a00b850b825bdccb3019c369f6238e6154a0caf
SHA5122b9a474bd26740bd9100134fec8eee62bb7679d139fb0fdd29bcc71d9143f816ea0d7ed8d258c91798b4363d114dd3c2ebb5f4636a2332e955801616edc37279
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5371423b224dca6dbaf5af51354b7aa40
SHA160630728b9977151f366f641fc588ff17efa8684
SHA256f55acf1146d0c58fda3dae96825cd3f33bab08953e6960a23589f514d0fce396
SHA512b39e9d33e8d9e78707fac9708e37c5fdc286e31de3ebe9d6360f38943785a81918a1ca3799115cb3c1a747d71a749a4bd9c013d8992517af1de7e4e5a7e99251
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae20fd84aeb886d25e95b6e416f8a4c7
SHA1ff682380e1e495ee9a4e34b57c453902c1b181bd
SHA25684402e7ada62b7303edbbf8fef848429f0802485b08938e24b8d4f02a8815b9f
SHA51211ab1efc9777e016e62db08381ac1a51da7d70b63b2bcc7be64d7cc077790fc404be7ec517ad648397329d44dc34d5fb70d8fc0343e5045a0138aa12e7fef7f2
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500d5aee12a679294972bbd5a559d6a70
SHA1ed8bd2a53f4cd7203c2d0f0fa5a01dace8fb987b
SHA256583ae6372a0e60c2c894af8931e04307a576eaf78c01ff62f6709dff9f04b277
SHA512972997d22848f47fc90828ca14270ce186d6b24e051da323a6c5224d7e263cbdb082a8367ea19006cf24d16c2c85aeb1eac328f875903e444e54d9eeda979e83
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ea5515773ac1967307501b44067ebab
SHA1b29f5d2ed787474692f7766bf5db610a0804a124
SHA25670d1ad754183b9b168e86ee2817aaa9457c262bacf8a61f3a1ae993d13c02aa0
SHA5120b8e6e2a512e04b7f98817fb6ff6de484c3b7bb5e23670d6c8b9a4ff8276cca3b0b7408bcc197fc0748db11da5f675ee1bdd3679ffddb127bf34d4573e23460b
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5572cf098c6d7f815cc0352e9998cb588
SHA1bd5134fc9da096b701290825cfffe29932c32f71
SHA256d82a88023ae04d24e46b4fb44b5bcd86ef00116b791f7ac7c8c476dc7ada3817
SHA5129c03136eda02ae661e7153911cd337cef88068ec43955c658be4534daf7edc2d9ea800b3d800e737f57c0322037df3ad070bf3b33a81fc68cf57c0fe16282cc5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ad7186912a8369b6330e87748223ef1
SHA12c2676d6f495cf6b0dc9e12758790c5411178299
SHA256519d435450649d68365f71f660735b1ea4ba1b1dfefa7fcd15ff5d7e4b06f7b7
SHA512fae0f6930caeea2d436ebdc780fe20dbe4affd46677c5d9e1cb3d0eff35ff8d0e8638800264c5b2d7e09372ebfb713114228bce186f0d12cdf89c464add04a83
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5cd651f3d663b018d69355d4b6be53fa2
SHA10d885b239680230c1588ae6a11c73765302fdda8
SHA256fd18ac07f0e666167c6abae5dff2c23c306b358012ffe8b666992d7227ff7d18
SHA5120a364b857d0ff77d0231c459e22b5e48820ff69c23b669637f78340964fc7bf155d6bbb261220b63744ed8de32eaf6fdbd11bc91f7c48a7b78877d421b3db2e1
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
129B
MD52578ef0db08f1e1e7578068186a1be0f
SHA187dca2f554fa51a98726f0a7a9ac0120be0c4572
SHA256bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3
SHA512b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee
-
Filesize
236B
MD511cede0563d1d61930e433cd638d6419
SHA1366b26547292482b871404b33930cefca8810dbd
SHA256e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9
SHA512d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752
-
Filesize
80B
MD53c106f431417240da12fd827323b7724
SHA12345cc77576f666b812b55ea7420b8d2c4d2a0b5
SHA256e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57
SHA512c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb
-
Filesize
402B
MD5881dfac93652edb0a8228029ba92d0f5
SHA15b317253a63fecb167bf07befa05c5ed09c4ccea
SHA256a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
SHA512592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810
-
Filesize
29KB
MD5d59a6b36c5a94916241a3ead50222b6f
SHA1e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA51217012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489
-
Filesize
81KB
MD5b13f51572f55a2d31ed9f266d581e9ea
SHA17eef3111b878e159e520f34410ad87adecf0ca92
SHA256725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15
SHA512f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
195B
MD5a1fd5255ed62e10721ac426cd139aa83
SHA198a11bdd942bb66e9c829ae0685239212e966b9e
SHA256d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4
SHA51251399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370
-
Filesize
216B
MD52ce792bc1394673282b741a25d6148a2
SHA15835c389ea0f0c1423fa26f98b84a875a11d19b1
SHA256992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48
SHA512cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749