Analysis
-
max time kernel
120s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 09:12
Static task
static1
Behavioral task
behavioral1
Sample
0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe
-
Size
276KB
-
MD5
0d7fe071063a202175727ab894d0cb27
-
SHA1
d25194df2d0979b36080e6a83f3d4ba1b6edaf29
-
SHA256
f6d134529b7f58db0f8bafb337b8e98ebd4996e85dbec70202dbdbbe4de17679
-
SHA512
4bc579234d2d04b2b006636569bd8584350edc05f58aaa58a2e0c8de9be8a1991ec5576de22d63775cfeb2e51f22c757d67aca7d9b4f946909cd8e466eebc16d
-
SSDEEP
6144:qW3gTCC6pLLioA5aW8UGAxfce0mtfSblfLEEM1lNV:qW3A6ZXSaWbGAxkUQjFwl
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2732 cmd.exe -
Executes dropped EXE 1 IoCs
pid Process 2784 yassish.exe -
Drops file in System32 directory 43 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{234F0C31-32D3-11EF-B848-DEDD52EED8E0}.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized IEXPLORE.EXE File opened for modification C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch ie4uinit.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ie4uinit.exe File opened for modification C:\Windows\system32\config\systemprofile\Favorites\desktop.ini IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low IEXPLORE.EXE File opened for modification C:\Windows\System32\config\systemprofile\Favorites\Links IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1] IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming IEXPLORE.EXE File opened for modification C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini ie4uinit.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{234F0C31-32D3-11EF-B848-DEDD52EED8E0}.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{234F0C3C-32D3-11EF-B848-DEDD52EED8E0}.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{234F0C33-32D3-11EF-B848-DEDD52EED8E0}.dat IEXPLORE.EXE File opened for modification C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini IEXPLORE.EXE File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\Favorites IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low IEXPLORE.EXE File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat IEXPLORE.EXE File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ IEXPLORE.EXE -
Drops file in Windows directory 5 IoCs
description ioc Process File created C:\Windows\yassish.dll yassish.exe File opened for modification C:\Windows\yassish.dll yassish.exe File created C:\Windows\UNDEL.BAT 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe File created C:\Windows\yassish.exe 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe File opened for modification C:\Windows\yassish.exe 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded = "1" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e80706000200190009000d000d00cd0200000000 IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type = "3" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF} IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FAE07E4F-B9E9-4E3A-AA5A-DF76EA998783}\WpadDecision = "0" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000 IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeArray = 00000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet." ie4uinit.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "1" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData = "4" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Flags = "512" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "2" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046} IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 ie4uinit.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f00c7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time = e80706000200190009000d000a00d801 IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000454ba99265b2f24b9b7556073ed8734f00000000020000000000106600000001000020000000842957b5e34b5f46bd9f9fe9f9406d4da80fce75d02eab16d26e95d45fd4a923000000000e80000000020000200000003ed21e1a14038ff93c37e7c74865270f16de1b16b53a6b9769c9bb103728b48c10000000c96cb718a0706df01139aca81b8713d440000000d05b719b601e7037f461049959ce251325ef223543a0f5c952f2b68eb453554713444f9a0e1d862255c0e98309375570770615137071cd8c86c7d23629d30029 IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Suggested Sites\MigrationTime = 5026c0e6dfc6da01 IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\User Preferences IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Version = "*" IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Software IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs IEXPLORE.EXE Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000454ba99265b2f24b9b7556073ed8734f0000000002000000000010660000000100002000000063889ae384c07cb3aea998250b86025342f45d7ffebc89c4f0b7b07a733fc288000000000e80000000020000200000005fe530f7b5e0accb9095f5e7bed0e4ee9d4ad4a1a44bbaa43a372ca53fffcf0d50000000632f57856bc8931749ab1feccc253d6fba4f161701043e228eb6965184fe944cf7935441a07bd39721fda59a377008c89a0de5cc439b8a44f88fc57f271721733b070bed6691de8e6b01a59116022a41400000005f3bdf3879e3b9d4491b2ff37fea2e0011ca8556d5f8a90cd8e4a66af9d406630b0b4eea1c9cac8d325b61290e074590877b3e2f044d788c460f6b82a3f98ef3 IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum IEXPLORE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing IEXPLORE.EXE Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2040 IEXPLORE.EXE 2040 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE 2744 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2784 wrote to memory of 2040 2784 yassish.exe 29 PID 2784 wrote to memory of 2040 2784 yassish.exe 29 PID 2784 wrote to memory of 2040 2784 yassish.exe 29 PID 2784 wrote to memory of 2040 2784 yassish.exe 29 PID 2868 wrote to memory of 2732 2868 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe 30 PID 2868 wrote to memory of 2732 2868 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe 30 PID 2868 wrote to memory of 2732 2868 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe 30 PID 2868 wrote to memory of 2732 2868 0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe 30 PID 2040 wrote to memory of 2740 2040 IEXPLORE.EXE 31 PID 2040 wrote to memory of 2740 2040 IEXPLORE.EXE 31 PID 2040 wrote to memory of 2740 2040 IEXPLORE.EXE 31 PID 2040 wrote to memory of 2744 2040 IEXPLORE.EXE 33 PID 2040 wrote to memory of 2744 2040 IEXPLORE.EXE 33 PID 2040 wrote to memory of 2744 2040 IEXPLORE.EXE 33 PID 2040 wrote to memory of 2744 2040 IEXPLORE.EXE 33 PID 2784 wrote to memory of 2040 2784 yassish.exe 29 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0d7fe071063a202175727ab894d0cb27_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\UNDEL.BAT2⤵
- Deletes itself
PID:2732
-
-
C:\Windows\yassish.exeC:\Windows\yassish.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\System32\ie4uinit.exe"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2740
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:23⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2744
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5b089aec4f8b20c44e7ad5c4213941300
SHA10cba0c1bbbbdbc057a689ad5ec10209cbe5a7bc7
SHA256655be1f60f45132fb4b5dfbccfccd69aba62ca71f478ef7dde11c76bef037f9f
SHA512974209c5962c243c2a642fc2c41b79f31dad2604cdbdb7aebb27f573ad39bc269262f7f29e0f76cc4eead5b4b7c0f5808a8cbbc521e24b331533cca35a7bf0f5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d26833e4e78a641c016336e765779cd9
SHA1920307b80d940b36501f2d890ee6cd580aed204a
SHA256d7c4b33c6f24bba7c5abc79c5b09eee340ef2b975d83973a8e7f387173f4ab9b
SHA512e917db1bb1ad742d9999a9705689a05c9067783e64189eb50989f0c9f7e2d6d52ff8a41cd53005b0cc4adf663e4fdb2d4fd888f227521022eb1a67ca1f47361e
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bdc25ea62e61d1f1433ec04ead8b61bd
SHA18190066fc337c35c7e097585f6f55aa65ebd4427
SHA256500efd5f119b7fc7531d96fe3a3da5cd8c7bb5b888dfe54f919619b062400514
SHA5120811738c4a20468ec48f9b1d7edbdc8c4bf9c3d5eca898202ed19a4a8e2af1cefe5c015e526200cc9bd87b8418163ef81812bc030b033b1a71b3d4d96dad8892
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ec20a7adc04fde64c64ebe0ca7780d2
SHA17bad5e39d4519e645225fbdfe566c0d746bfec16
SHA256f5600a735d5222ca1aa22c3b4e377bff7815eadb63eb494bd1c0cf67d0ee6e87
SHA5122d10ec3f144a47f061025817ce6a02cb580d4835a4454c2b7e65b0a6a46d657c2de3d0df4e14af92991e9f02da61b2b07de504b51f81ab330bd4bef700818ca3
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b6bf60712abcbd5e7e8a1bc9f5d92888
SHA1330baf4d8fcce7c5699a9cbad49a41f997cab6d4
SHA256d3ff3a46d10253160868ace620c38c9776b495b7931b525145642ec064015e70
SHA5123dde7244fe2c84a2f5196e6d5ae7a4c2556b7405f6f2c1eaa2749312417cbf6d2eef3913f31a91cc95a14cbdf881481619761caecb59efff0e7bc8dbfb8ddf5f
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5312021794698b63a177b16d6f688079c
SHA116c6357a051b64c10e5975c7029d0e22b6722375
SHA25608e2bd2313b8389bd3fcf2461a57fa41719f5b2303775b4672c5cb32fe959903
SHA512318988e40d95ca6b47d781d7f35226d0f2dac3f00d925e6e969efee993ae7cdad226548137186658e909ec3692413f51efb7dac560a61aabc33c215a3a22e1aa
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521c64679d09bd2f1d3791cee20cb9686
SHA1aa33702fc4fbd89653b9726f8019aa8daa4aecaa
SHA256f3006daea22f8b06409228dde340dc47848c3c8bf1332c137dc6bb32dd15cf89
SHA512a563105d687abc54b7fe2b4b400a69b5c91569400ad4f5688f59d18d35506a8b2751ced81ab710176818636cacb5f6aaa0b6b9efff3f6d26911ea848707eb4e6
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c76bed9d2801592d68a2ab9d9b318fd
SHA1d4667e1eaa2a4b093bbe71169eaa097c878b1ca5
SHA256b59497f685b6b7c394d132cb1eab70c459cb63d4ee9efc20632c38dbd54b7242
SHA512896cc9ca3177612b0814752163dd8e7f02dc1dd7de1d723840558c13bec1acfdd5cca8497f537d16362f80a9036fed5c7e9b079597840d3bd27ec10354dca79b
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5305cd4b04a28a5843df39cfc1a7eb636
SHA12aecb981f4dda18c0400a3758c5f5f03fe7eb1cc
SHA256d79422036489619b8576c2c026d82f65370498668edd3ec06c4832a74af9ff04
SHA512f6a91ef8993d8737fcfce06edbfcefb2243baae5c0d4d2859df925a2b4f29211b7c8dd4393056d1ccb60e50dc1d18044a139cf5fc3f88cdfc477a3f64e0d9642
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571f9eefa96a116461a63c7c676cd1290
SHA156bf10ce647e97454ce7a6d65aa97081ed7e4519
SHA256f5d567c33a339c8850b5f7840663a40c4d78dbf23085dab88ae4d4b574d48e63
SHA51266f959525e5ab45a801d7b3f3ae65935fd8a5a7f2d39a0507f8def4b08b0d35f4a1163576c806833ca9548cb7ba7decda9ae40091bb310c0a949d2c35fd41fc5
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a974ca4f872a3195b7cd7d66dc9735b
SHA1fe3544207b8bb586b50bd0bea83405eb53e9de37
SHA2562f87dee6eec80529b56f09e332b7d4190dc5dc1cf451b0e0250d8d1d757adf03
SHA512fe84110866417e789c23e92e73ea0dd78c52974283acdc35f613826a93830ce1992002203249dcc3919b32ff5ebb740e308da54914e7dcb5851d3f8e8d23d095
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508b8415e82d8dadb5a8df4489dc683d0
SHA1e8c6646ee5cb305d4cca1296a500f7cd3ae46446
SHA2566db407bf177ed5b8bcddbeea41fc88e9509666e32ffddb5c2ae4a470b084e392
SHA512602770d1129e10df6b925a635b5bfff8109d50ba6daf9097073a0c5995e14b7e6b4c242149c62a478a1e1b2a302e3372d4649b6d03110835244e8fb7158629ab
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52cce1d5a25254fb940bd8e7df6da841c
SHA156c2ebc53dd0970d73997bc9270f406fe388babe
SHA25647117479669a664b80fa945beb61d29f8897953d375a96092be252b8dd8df000
SHA51201ac8c89d9ce7f3b0250f28f623b4b65d14b96872d909d95d5f8cac599dbaca175f6ddec8104bd72cf8985269d51addc23ba109eac9e355845da4fe93ded0389
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa9aad4700f2ca56046d1229113a3069
SHA1b8eb9b020058023da9fb13a7e77dbb73dca294f2
SHA256df1cc556810b2c0b8722a9766f7dbdb937ad0427b8354931697ef3881c619823
SHA512886361878c1808620f9540b4b757429040edf917d45953ea856e3d43d06c006f2be64b1c5b8e92dbcb5f84509a33600631ad06a754facef3197fa3998e2539f3
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54543f04e77a3eb671bdaa1bd03de585f
SHA1dcceb6b47d35f6239ddc8b5c7bd0297e1c76dacb
SHA25614c09df16703d1296948cec901a0c6cc243015780cf9c20d3976843819bbdad0
SHA5123c944ac932d53f7fd342de3e410fd06d3ec47b4398a787f6c149549abe022f3ca7afd5493c4d8f77a0c83502d5a2a3a1eb015482e00e71f433e80ceabf679873
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b15aba6bd8fe416319f0bd42a7b694a
SHA187a83f8fcc4b070ef9ca275b03101d6f68fb8306
SHA256e7ee7cb725c17b24af43332245abc2b71855b63de9149a433c59fb93ea205700
SHA512ccba88d5f2d8df10b44cf5826a1c67785d793a15fff672f443c7c325122927756f58b3ff594fa01de18ef15ccaa819e94fb8cd408c39823fe06f2f2adbbbc3cd
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5799bfa1344c30bac1642c59c2dc0820e
SHA148806c297078a21db957fb19f6202c50a7057978
SHA256735dafb8ef3648a4797fb087560b919556924c718a9a4701c3fe7f04e041c56a
SHA51215690935293b8082255216cf366ba9feb82869630d6db8444bd4f0c6f3e432992378e0a2484cebe0b11d726fd2b13fc55f6760306bfc55d8d950da5af28a54f0
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9bb74f423bd2d3e47860ce6ce2e5fa4
SHA1c06ef81b648d41d3f86df3d65db4bb7750a2c553
SHA2568c5d1082b3ca9296a0495ee189e6adca542716ff393dce3a5bea440eaecbd619
SHA512ec7d6842663e1f60fdacf904257012b7221eabcea6322758f18b79d5d5736d6dc3ed98e70bce3ae95bb1acf00c6b5995ddf6d08dbf76a085b411f7ec60a0bb82
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3ce48670ace8882ca87cb92d98ee619
SHA1467e1b837435e1d99a1864699a0c92ee38b94377
SHA25665c086b81ce6609d01037b17517186bac354b6cd1cbf8d6996f3fa6a4c812b86
SHA5124232d2c32a80a632f4a15d860228d464741e641869b3a78ffbdb8432e28debd58a0279d42a478c458b1763239e102c270cc3b0e6d2e3b5c27823cd632f5450e8
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD549a1f868e6f02ce7b2a1a43cbb11bf3e
SHA1fde83c7f3e9ebd7e1ace6c9f4b5cafd4db0a1074
SHA256ccfe2bbbe2f72704dae46349f5719cafc8fafc4df917408663edcc9d7e721551
SHA5124e321856ada5e5bf25e59ca87aa3ff6cb3790ede68511fb6a8e2cec7030dc9417e72866914ff959b65d1d6801417ddf08d876afe46fda7edaef595933116f905
-
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
129B
MD52578ef0db08f1e1e7578068186a1be0f
SHA187dca2f554fa51a98726f0a7a9ac0120be0c4572
SHA256bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3
SHA512b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee
-
Filesize
80B
MD53c106f431417240da12fd827323b7724
SHA12345cc77576f666b812b55ea7420b8d2c4d2a0b5
SHA256e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57
SHA512c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb
-
Filesize
402B
MD5881dfac93652edb0a8228029ba92d0f5
SHA15b317253a63fecb167bf07befa05c5ed09c4ccea
SHA256a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464
SHA512592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810
-
Filesize
29KB
MD5d59a6b36c5a94916241a3ead50222b6f
SHA1e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA51217012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489
-
Filesize
81KB
MD5b13f51572f55a2d31ed9f266d581e9ea
SHA17eef3111b878e159e520f34410ad87adecf0ca92
SHA256725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15
SHA512f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
195B
MD5a1fd5255ed62e10721ac426cd139aa83
SHA198a11bdd942bb66e9c829ae0685239212e966b9e
SHA256d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4
SHA51251399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370
-
Filesize
216B
MD52ce792bc1394673282b741a25d6148a2
SHA15835c389ea0f0c1423fa26f98b84a875a11d19b1
SHA256992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48
SHA512cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749
-
Filesize
236B
MD511cede0563d1d61930e433cd638d6419
SHA1366b26547292482b871404b33930cefca8810dbd
SHA256e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9
SHA512d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752
-
Filesize
218B
MD58d4dda64a2bcc46868d8a567e90b4f13
SHA1eac854f671de7e4604569907ef253a09cb12a1e9
SHA2564b3f73bc2e587a89550ba8d0a757d66abdd8a89543fca78554c746434972dc84
SHA512a791f62953ac7777cf792fff669dab30e44d5e1011c9073a21a35154ce79e08d97c156c9c4ac9d158190df5596b34b34f2ff5b1a74534ce604295b3a64e45655
-
Filesize
276KB
MD50d7fe071063a202175727ab894d0cb27
SHA1d25194df2d0979b36080e6a83f3d4ba1b6edaf29
SHA256f6d134529b7f58db0f8bafb337b8e98ebd4996e85dbec70202dbdbbe4de17679
SHA5124bc579234d2d04b2b006636569bd8584350edc05f58aaa58a2e0c8de9be8a1991ec5576de22d63775cfeb2e51f22c757d67aca7d9b4f946909cd8e466eebc16d