Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 00:15
Behavioral task
behavioral1
Sample
053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe
-
Size
582KB
-
MD5
053cf238e7934c1472fd6e99f73d8aa7
-
SHA1
785512e3b6521d75de938be8745bfec6c6523d18
-
SHA256
d2d9a048e2543d8c41c8db1683f6872472b4253cca2ca21fb4db6fe7113b0b66
-
SHA512
acdbaed925d335e09c17cfe3bf480ac7e5a51bc552eb3a3eb60b0752555504decdb81a29403b9d95abf66cab22c220fd44d756275639f3b8c511d4beb0ced7c4
-
SSDEEP
12288:hYFBsdyQrOz4uwSI+KoiwMZPzPFQuh3a7KWh0ZPPD5VoxtFakcekVMWfJ:hfyaA75I+1gzPFQAyPhkXDCSBerWfJ
Malware Config
Signatures
-
Drops file in System32 directory 23 IoCs
description ioc Process File created \??\c:\windows\SysWOW64\yytmp1\2431015487\fj2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\opfileOneA 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\2431015487\2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\ywsfiletmp.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\filebak 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\opfilejlA 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\2431015487\mu2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\2431015487\2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\2431015487\fj2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\2431015487\sx2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\ÓÑÒæÎÄÊé.exe 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\2431015487\yadviser.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\filebak 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\opfilejlA 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\syys7.1.6.3.syw 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\ywsinid.files\25.bmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\2431015487\sx2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\2431015487\mu2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\reopenf1.re 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\yytmp1\2431015487\lk2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\opfileOneA 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\2431015487\lk2431015487.tmp 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe File opened for modification \??\c:\windows\SysWOW64\yytmp1\ÓÑÒæÎÄÊé.exe 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar POWERPNT.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" POWERPNT.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 601e68d3cbc5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell POWERPNT.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5BDD7D1-31BE-11EF-8B56-EE69C2CE6029} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034048a9e378e69489ab687a0c9b8b1bd0000000002000000000010660000000100002000000083104a822407e91b588c2b18c67a9e401d1a80082bc139d3ecaa4e4f0c1947a2000000000e8000000002000020000000c924b45c77923f6db297ff8937e3de3eeea3118b45168ac1545feb31cab163042000000053c4741464519bb8d923b0b77445de3aa37c1142f44fbea7430621782b3ae66c4000000008e860aed6aadb4fda00447f9691b339fa3a420b368493ff9b6b00bbc7743b8b0028895bdbca5be3a13d8d682db72878d2afccca07e2a4fd8b81992c1a6331dc iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034048a9e378e69489ab687a0c9b8b1bd00000000020000000000106600000001000020000000a125ce92c85fe9a9a5a728ba17ee55884d0e84e12c2098090c08023e60a90162000000000e80000000020000200000003ee17c022c804b8f4b1552bb2a68648194834c112cf3d668f573a5fd4d98c95590000000c12c29d04066df6d2ae758597e1c73c5619b9b95794a7dcdd58f4e0bce41e4e59dd8a4093cc480b5c0566d9e9395829e1facc50064bf5771f84fb00a4a2ad62dbd5f372c6122c990c20d99e3a4e5c6a533dc012c89bcb3bf0763627b721a9eaf9c3de8de668b163c0ec1d32836d9f6da3dae4de2fd5a8ab3b6f21d3ad7ea9b12afebfce884b0081c5bf931108eab5d654000000057a61a92b306698cac03ac1ff351d08fb0fc8dfa2bd6ac751b1e3684e92c62ae07c945707f318edab586cdfa4ed5c6db34fb6f5e3b76953d0534a4d828b574df iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425350011" iexplore.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" POWERPNT.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command POWERPNT.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell POWERPNT.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 POWERPNT.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit POWERPNT.EXE -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493491-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493498-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A66-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493475-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493476-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493484-5A91-11CF-8700-00AA0060263B}\ = "TextFrame" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493487-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493495-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934EE-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A53-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A62-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493468-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493479-5A91-11CF-8700-00AA0060263B}\ = "Shape" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} POWERPNT.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14 POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149345B-5A91-11CF-8700-00AA0060263B} POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5C-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "ChartFormat" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C0-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C3-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934D8-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E7-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934EB-5A91-11CF-8700-00AA0060263B} POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934EB-5A91-11CF-8700-00AA0060263B}\ = "AnimationPoint" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149347C-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493491-5A91-11CF-8700-00AA0060263B} POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA72E553-4FF5-48F4-8215-5505F990966F}\TypeLib\Version = "2.a" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493452-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6C-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149347F-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C8-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E4-5A91-11CF-8700-00AA0060263B}\ = "AnimationBehavior" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A6F-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493466-5A91-11CF-8700-00AA0060263B}\TypeLib POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149347B-5A91-11CF-8700-00AA0060263B} POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493451-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A74-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493468-5A91-11CF-8700-00AA0060263B}\TypeLib POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149347D-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149348D-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149349C-5A91-11CF-8700-00AA0060263B}\ = "HeaderFooter" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A56-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A60-F07E-4CA4-AF6F-BEF486AA4E6F} POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493454-5A91-11CF-8700-00AA0060263B}\TypeLib POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493461-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A73-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA72E553-4FF5-48F4-8215-5505F990966F}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493491-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9149349B-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C6-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934CB-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "2.a" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934DD-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934E5-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493454-5A91-11CF-8700-00AA0060263B} POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91493486-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934F2-5A91-11CF-8700-00AA0060263B}\TypeLib POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A50-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "FileConverters" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C5-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{914934C6-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32 POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5A-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\ = "{91493440-5A91-11CF-8700-00AA0060263B}" POWERPNT.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92D41A5A-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\Version = "2.a" POWERPNT.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2652 POWERPNT.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2204 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 2204 iexplore.exe 2204 iexplore.exe 872 IEXPLORE.EXE 872 IEXPLORE.EXE 872 IEXPLORE.EXE 872 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2652 wrote to memory of 1840 2652 POWERPNT.EXE 29 PID 2652 wrote to memory of 1840 2652 POWERPNT.EXE 29 PID 2652 wrote to memory of 1840 2652 POWERPNT.EXE 29 PID 2652 wrote to memory of 1840 2652 POWERPNT.EXE 29 PID 2184 wrote to memory of 2204 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 32 PID 2184 wrote to memory of 2204 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 32 PID 2184 wrote to memory of 2204 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 32 PID 2184 wrote to memory of 2204 2184 053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe 32 PID 2204 wrote to memory of 872 2204 iexplore.exe 33 PID 2204 wrote to memory of 872 2204 iexplore.exe 33 PID 2204 wrote to memory of 872 2204 iexplore.exe 33 PID 2204 wrote to memory of 872 2204 iexplore.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\053cf238e7934c1472fd6e99f73d8aa7_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" www.cnshu.cn/toptan/2rlzy.htm2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:872
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:1840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e4e8d5b3a38547e8bc4bccf382f194d
SHA1a1fb537791c5274b1d235184ad70324d08977645
SHA2569d24a1f4bad2b4c08af4cb714e38fee1281926af04a56b8f0adf8527b64784fa
SHA512a7eb2e90fba958b620dec2eb5cfe81584a9cd3b9f4ab8a1a0f09815230eec060949949170883d6dd6d2191a8c970648f793d47a41b369c557a87a253a7c94eb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5567897e8d769f8dcf12b057e2f2a366c
SHA1301aad8198c0fbf325cf7ef3d83c3811c633e980
SHA2563eb8925db3df07eb89537f0558d5ce1555bf9c01ab6087c56fa2f18044e18d74
SHA512e65534368ff7c9fa9f50d03aabdf355dfa17a4a93a95e970463c841b782b50b73245ecc4b4c020d5b7022aa3b14476fe7ffd5e91b10235752fbfb0151d85f8e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596f7f4d3961779ea22833a3ad6738d71
SHA1f98c18b96c2ba07c4f1ab77c770f4720214ae6f3
SHA256d639ef4c273dfd5c371ff27997eeb8a51702cdd844599d6ef5109c7927315e22
SHA5126a7b15a4e0ba71d4315c140e31c9c7baf1ab1935eb848e3b3802ba5587fee7a446b698327dbb3a3ad6d7f743921df0a6aec78e25c8b31c2bc3fd23f0fa7e6c06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d78b0b52222af391400c25d1e183f924
SHA10e2c1fb2994b7e41457425fa2c6a007e29dad784
SHA256e3c9803a8e27306cdc18ba2c418f9f93f6fb545f3b942e47ed708ac921d5e15b
SHA5120416ce8f7530690ffbd3114c4d7be0d1247fea17929efd97349df610c4c02c2463e7cba9cf2045e88776e70a26950c64d984be7487dd01f23d97973ad3b90e4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d91d0f129d3eb979d75f7ef0535b32da
SHA14e17c739450bc8f17e78a54d8f31ff95e336e3e2
SHA256b73e2e6e1ff73178cbff726136a2e011cada59cc22b0f502f44b355c767dd9a6
SHA512c6b1f0be3625cd062510957b73e446d37369e6ec3f2cd53e023a7b35b1c8bcf0278d7f44ef4df4afca5e770f06243b7d7f83e374fa219fba28f20490340928e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b1ba02ec7e0d529f1fe6a1ac381c466
SHA143be4b617628fdfe1eb49a05eabf1844447151c6
SHA256e4f673e3080d44efc48fc35c666dd878ad79abdd9dda115ba1ad2d41bd523912
SHA512eb868ca4270e9f453f8c9b98c0e9dbb00d7b4aa5e5eaacded94f2bb4321787ca282a9b9cfcad9a666e567c88b4557e0ffc17f5a76433174701c2077f617e72c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577ad9f6e9abeab257bf2ead25ea0122f
SHA111ff402680a114dbf1b82c669f40e770b034fdb6
SHA256deef989f5aa933e2be5a0da0bc96ec610656db525aab4f4f22d91e9fdce4533c
SHA512f4253d5c41cfda7e7a4f4b3a12cb5419258fa8cc4985219f5b30de04d230e7c982f84b148e37e1451bdc545bddad854b1550a312c5025765a4132ee1e0095fc4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50be0943d218562f238a1e1d14ede488a
SHA18ff3602bb3cc511a2b59f7a3859b38ba78183001
SHA25630ddbc89a0a0b9e4cb890a433647c3630595b6828be324d1d00fc5b8bcbb9381
SHA512883949f40daf327fd4f86bb319a412d2fdabbf575dabffd88bfff6c6c59772a3a885f5bdb7b944064e9f9a73385749c8bb45361e746316affcea33eaa50ce977
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53dc7b55cbbbfb3305abc7c2c467a5a2f
SHA182332f90b533b65ce879ec36cb9c3adc2c9f59ed
SHA2560774faaa2db2d6ad4883a448edf79e0e35b092b3c740d9459bb55a9f647ed2e0
SHA512e3ccb0b374495665de928ac08087fe440b6e745f535a601d7f31fbb6ef35e83a7e0eafdccd78c55985c0b78206c6e79829cadc4e50bece563efaa79a7a497cc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57917e1017ddce5c30cbff3f7a0566777
SHA1d21df27444fa2ebe46916b6481290c63c3526257
SHA2560617783c202c7527b285fe30bacd8b547b29f2fd575930140ac04b04fa1b3ff8
SHA51256fe52a45478213313da9d0ac07175f123a4524da85b0e2e9c9517ea748b09d5d1b98718b6a4610f45410420a50f4bfb5657510f601568165010ae0c222014cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59d81ff20a47fc6d9aedfaee697068212
SHA16dfe965842142aa5e2d3971e53bab8cb6916679f
SHA2569626d36a09051de710387a0f8beda2b5826a9f5e3848573b49ddd4ed88091d4d
SHA512e7c4207f6a717f4b27a732612e0c302597a7405761693e342ad4f8717b5b2c504b6291818cf0a56af57438a5f70a4267aa21058cf1c5972c118676a854a5da9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5885e7fe05d3eed2ee654d06998f1fa35
SHA168d522097c22882430d177c6b39eee62f3ba7f13
SHA256afd8dbf3672e9d3b7f819182389dfc7f4a221c74ff60746b91c07b9db06619df
SHA5123883aed87d4cec186ac64cd86f1e9f274d75a80c17078a14fb7aa910dc2c1684e0fab97e06ccaf1a422025fc585751247f99ebe64073cc9519fc2814b1bc6cfa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508baf58d1fb577ebc02b5adcafd3ff33
SHA1c11dd66986e929a1f461b304ec72257e103df98a
SHA256e5a2b5d83ba5f64e77bf114378361afe1e52756258d0ba1c6003bfd50e6e6278
SHA51202edb3acccf20b637373475ea50ee2fb95f0d97490031408da232fc931d5389cc0c2115e6f341aea129ab6e0be114aa1d0bb8eaf1d5eee1ffe14713286d860df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526b1f8510d0c52d6310515d244ba7177
SHA1f72d7acd16c710528f190a5d741c0b4fe9db1ed2
SHA256fce604b5594e44ecb7c41bf82802f76c533049a4d01f881e2f4ae1b96a8045ee
SHA512d9bbad7aa50dac5c170feb66f7bed50dc117bc7b276ca9ca1123dab955180f215a310de66b952208d1920efee7a9de5865ac71362d829c024874ff51cd9e10cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e18e53788de5a5f7f37a20961e2937db
SHA1b4709ca0e2a704e4e98eb523691398ea6371330c
SHA25665449a29589ada598a452ca39ec78419b190b8504f339fe3072f451b31f2a659
SHA5122db67939d456cf44fd455c2ded8b3de3e015800af8038706b15f3d31794affb8fe16b1e1796463938444c8cd0f5a26b144f1da44a0c68fb2ed02bcc7bf2ecd00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3bfdc7971d76c284d46de6e87130e13
SHA1b29cd2aeb8431f854512a28558230a2852d14a7d
SHA256c96afec5b56748c15e3e3c98bb098b9152141c182db6c3e31ed4dcb5f6d9a3b5
SHA512efaf6ff7496fa0e59b8cf788ea0315199ab43e760d48b57e39856b659c6d285f00cc307a2bee257945e4f12e8f49319106a05920cc06b8d28f95aeb6bb5690c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d167c70fdffcc3658b65bfe42e44b3a5
SHA10f13366fbc7d22b60ac0285b99a1cb2800f0595e
SHA25698464b092a364829f1799824969580118a5eff1288d48ec175de1983077ca515
SHA512c5e4d04b4b502c12182c98e347ab0f906fb02dda8bafa49ec9dbc07157c57271b64852aed64e30bc8b97fcfaebeb5996ee25a16a3677874a078f1b658274735a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7dfa2143714236ff781836e0b8f86e7
SHA108133d27b23b57c2fe8d3a02c94b42bfd32a8058
SHA256c75249232b66a8af2fce769463b46a7f388f53c071a36b2560b11768a4799be7
SHA512043946f79518741f96056b162d8c1ec4e7864cf0e1f6979734940c6332cb5c6471dac2b4c6f9f9bfcee3670c16ba0a51be5a30db90984dba732e52feec0474b3
-
Filesize
81KB
MD545729dcbe476efb18ed0aed0605e6f2b
SHA12f3a5261d439473a797c14233fe44489ee26bdab
SHA256f9322eb48d646bae91353baaa5e0fd08efb93dfe3ff71afe341423309d4a65b2
SHA512b46d5507d565e07a0e4cd6ca729d1404789ecc65660eca681181c99e68b10114f4803cbb3ef9c2d0f5e36870b69ca2988d6bb81aa591f576e476d2e8803c4d3b
-
Filesize
264KB
MD5de84448d90e7844e888ab0cbee3129d3
SHA133e5e10abf5962c50fa7bf097e73904e36c6835f
SHA2568bcaaf20084764749d905302edf4de2f3955a717cad27ace85cfe7f64c932bbc
SHA51260f259662c0d22ead126721ec135e68c5eb2d73c67f234debfdc6dfe61419c72730cc7773277e85efb20ffeca75d7a834c834e1b9f99d7b74b0b76e5d581d597
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
70B
MD5063daefe72aa3aaa408fe809454137bb
SHA1fdcf4e3cad79734ce67054aa55931af7363393ed
SHA2561b3724ff08d35723f26fabbc8262c5045069162be162eed078c73de36f764dad
SHA5127145d5f712dda3cc8e0312ca939889e3a63b908ff2d78554df093ba626726e41264d3354c653a4603ca85070dfba38e32c8744fb4d5f5037395db875c3b560b0