33882ab5b94b2359562825a4afa71c38eea6b02e4b67e41b83213060620da0d4

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 23:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe
Size

4.9MB
MD5

17fb9816b54943259b5a8ddd68519c44
SHA1

661a74f066816354191c4df8e4e4b4c93455ee54
SHA256

33882ab5b94b2359562825a4afa71c38eea6b02e4b67e41b83213060620da0d4
SHA512

0441ce11eea6f620585f501aae763157a84178680cb3451d87a0f97d2cd4e8779e7b2d3edebf037fa955cbefc927400726198555a45eb3178c6d62de10d45017
SSDEEP

98304:HukqbKfz4+NPWNwY2Z0rIAl2MYWk+PXlkBJlV54hQrCjNNLxpeF2:OkqefhNPHYyAlvTP/la4urCrW2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000187e58639910e3babc8a231fd0213ea82e787f86d8d8237272b63ceab0c16c3b000000000e8000000002000020000000cc4c66f4c21aabf1d9df2a1a949a7cc3e7b63d936462b6ed6df855b35bb54f329000000085e3558021c816a763b4a79b8277e4e6e8f14beb859e9ebb98d85c6a0ecdee9ac0116cd83879d023c25f53d0dd3cc972af972ac496f88436d8886cedad3670cdfdc131d15c1179a7d89b1209732cf147a062dfc2a077fa11e098ecdc05ea7eb5aeafb0145a80e1b0f209df6b2a18b5f6d1c7dcc3d0efae1606b08952a4d86cece7ba0f64adace48eb6bcd89b62ba4aa4400000008279f471f25012e50d61b91e932515749771d1a2020d660e9ac0cf778360f2dff1f2f8153e25b53bc75ad19f1590d4bd1a1006ced88460d2e6393b8e3d5e6b5f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b3785d7896918a01925c7aad0c8435df1744116d080b3a23eeeec09695bd864d000000000e8000000002000020000000b3513f39b75faa508ec0a745597b17c96ff71ea3d4b233dd6238a09980a710a1200000009fbf1d569174d283686f8c5e1288ddc91a5cf8fbc7585584676204aa3017066340000000e8c2f909a60e881218430f29da0fbc15750ebc0fc7f4c570cea63541a9f2734c394ce8237cbec39176864d84764bbb4cf8c606fceece14473ef5cdde9f324c56	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 806dfd55ecc8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81624091-34DF-11EF-88D8-5E50367223A7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425693869"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
804	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
804	iexplore.exe
804	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 804	1516	17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe	28
PID 1516 wrote to memory of 804	1516	17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe	28
PID 1516 wrote to memory of 804	1516	17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe	28
PID 1516 wrote to memory of 804	1516	17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe	28
PID 804 wrote to memory of 2184	804	iexplore.exe	30
PID 804 wrote to memory of 2184	804	iexplore.exe	30
PID 804 wrote to memory of 2184	804	iexplore.exe	30
PID 804 wrote to memory of 2184	804	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\17fb9816b54943259b5a8ddd68519c44_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://software.msgpluslive.net/getlive.php?src=setup
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:804
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
695be2e88919d078b48f1397da5cc535

SHA1
22116b5f9f498ed24b204095af1444c5772f86db

SHA256
c064a5fe00dfd115b7ae0f1b9da74aa45ad496332b3ffe17b1625f0d8169b53a

SHA512
4e0a72e58e9bf39c2c96edbc949cb529bbfd2d92963c1e97df36699561b3987d4f93a71a0745859813d59fb6cd0b744e9dd67e6bcad962252655435e034e0d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ce4154f38f05d130d6208d7765c2e12

SHA1
20b9f3f44ec07bb3d88a5c0e044041827ca3dec2

SHA256
6d0cf1e9f6d0c69afd442397d9bc0a9c7c706e8ee72152843469becbc85db6d6

SHA512
17f0a592c00f68af70a2a79952d24066690dbccda17f5fc1540663b120151194e393bdd980472d8c79781bb05b6f851d29191e5248b0bcb6d4f80de01949de63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af98861a355395806089c01cb8f738c1

SHA1
13593dc0989ac0a13cdaed0944a84478b40885b9

SHA256
8769672f2bc687c1492a3dea65cf87ac0a67dd2697b574f9a75f69306f407c74

SHA512
1fb4ebfae4fc7afaf918882a8780599740b41823508f268369086b134e7c68cff73ad561c09381742fad1e02ac05518568548a7e6c32397c81313dc7e4d65767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ae29a0b47d186781804c440a497892f

SHA1
b57f0cfd9aa2aa9f583f5890f79541b773624c4c

SHA256
33a39faebcc4842cca77ca7fc56470a034b42a081f4c91ce3cc9deb24cfc7c68

SHA512
d0d9f696ffd762409893aae6ab14cec528c0172364fd10edfc993900a6dc1e3bbbccaa21bccda125867f3633b00c60c16a1cff9577ca4ff1fac165e3dcb8a396

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
599dc3770996caa08fbdec25c3d7daf1

SHA1
76e5a50f3e4a37a97be874d4537ee7f00cdc6e09

SHA256
8e07fe204763f65c565e1920943f8ccc0fdf1bef35aef6945c0a6a28cbe5d48f

SHA512
d3495a16bc672d4be0919c9f4c0f1d04d5c757ce759e3cbb3f5d6f239ef1c8141db330a89b7a9e48fc900531cfecc702e3dcefdd0dfd5aba12c63c46abdbe6e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
274f6f79ca5a821942391b7ba9e29062

SHA1
8b7b206b236fd9efb7f8e53d853be0145db0376e

SHA256
ffa5056d3199d3f2347b6556406d0d2e727d54890af6076fefaa17f5350d90fc

SHA512
bea46071ecd91e9f2e078f7abb5e6d9cc39fb71ea29226d6794cea7dda88dee53db064cdf2adbfe09dec3b3e0a715a8c1f45183a373358df0f3e7df31ab5a630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f14ce75df7fb2d04ed28a641ae091c81

SHA1
1e41b398f89f22212d720f0bf176a6a83199d446

SHA256
d83b4331e43e781f06aead095f9328b3fb3fb234b9e5ffd49ddc394b18be6f70

SHA512
7688cdfa584ec9a7a23236478405db52248e67a58f84e66768647fff941e9bd1f3929e259de8dc8152fcd83c80be93fb5d376ad3f51b0f442282281a6281e7d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7340e06cf5b37c05ef515b88ebf6f271

SHA1
d8e67fcce37d2939b4f6d2405c2a5e030a93961d

SHA256
2350f3df7991c44b07da254e91f0a4915141cc3d3242d8e43ae515e5de797d35

SHA512
fbd8ea80e7ac9d04031e913ffd5f2657d28dc6eb2d7b7c02ad41cb19975a14d1dccf761ec2a6613bfbca04497a18f0e3f30a03279d9e53f1d2cdfc19129eaa5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97deb270a12b01bea46573a3af8408fd

SHA1
e9d1e728ca57b01b5e5152365213e964280a1e95

SHA256
a251a0fe0520bb3fd8bc6fda7e38d964b5425f1f7c2ab3ea68b16caea68cbcc5

SHA512
00d27b5dcd74891ff4526c3d7ea1961c042f77d78a105c6ce299711fc50e0520936e78cd6487e6d25dee4dbfc8041a6958f5b7adc3101a26c8ecdeabd0f85e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f11f30b3688ec1045f4d9e410fa74319

SHA1
09ebeeee97bda15385342d59809cf90d50a22a4c

SHA256
0e8c93046eea9046fb6c66004a84e131c3f60368cd821a62dd42b56fce3755f3

SHA512
92281f41a81432b1f2ed1145215bb97162a765f51c383262b64fbe8dc47d2a07e42aaf6596a77e99924c64886a890a518d5203e563998ad2846805593e1852a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
940e71deb85fc404fc899ab30ca6333f

SHA1
d2e167b03a6b35a8541a451de3287488eb4259a5

SHA256
9b7f509eaaee8ab26d6d2764376c40ac7c6a2d0978a122876ebddb42dad3c359

SHA512
30ec9993e72b74a3223c32a7a37f0d5a1c649c1f1fc5f78367e0b044a597c915f99f3858077e691c2d4cd0d6ab3af53b1534eae81d7eb29f5a893183bb43b8bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87cc21193a1b3a7c45b017ee0897334c

SHA1
a2926293c79c3df0037f02d4c1f02c85db980cc6

SHA256
e775d79701edf6e124d5cd014c4113c82426d6932adc5b3c6624952c129bcc18

SHA512
9366fdbf0b594bea7bfa42f4387a756a6f06d39611fa155e591b85948ad3dccd3baaa7396f374df1029a2e2445046883e8d349793b5557577a33a8fa1acee5fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61a3e517bb092f37940ff06fc4863d8b

SHA1
fa756e7ebc1721f86c5532a2c5f668bee8797f9a

SHA256
5c2132540f36cd3d5644f6c37c4713d6a3b39911ffe48f0fefbd7e5b03e35d85

SHA512
a44f6a62d905e78db8e9140edc7502c04d8c2099a4eafbe973b8ee80f359d4d68664e64c6eeca5c744125e06e2268a1e02272af74e833785e322d6ffdcc8ed1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb8ace6a2b5c7572a538f5c72ad43f64

SHA1
b69c6d58908113ff113f7a9f9f52dfe124e4000d

SHA256
8be9d50b57020b21683105c3ee458e2b1d2d76ea865c19a638d3d2be52b48ae4

SHA512
b8057955d4fbd398069f400fbba06add32615152dfc4bc4d8f8315fb7c5b9060a6239d80fb53e98c8d78f179204f085015b01d8c8519b1d387a1daa5fee628d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3625f65969ce19a4a3addae624fa24d9

SHA1
7452318e1aeb964ba2133a23c812d271d957078f

SHA256
b2daceb22f905c10f5e704cad77c7270c156fde6612bb2db1d7079d0f899daad

SHA512
a9d1f3cbf6ef1f52cbfcab3b0b3fc4e7cf38da9a9e0de6a302f5e795e237596733e320578fecd0ed9b462ff81b469482026d3673bdfca9f2b627bdddbc08ede6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e620caad7e9c4c12807aee25a54af02d

SHA1
fd8bcacde195018f4ad0578ba62db014edde21ef

SHA256
1ceff7c6f50e97a53561f167150af8b61e0a867c2d5cf2b43d5e25daad0af94d

SHA512
f2d44a0a322c779c48d4fc18cd2b5474442d48aabb76dc3259a08e498bd4a6df21e8a4a5424e360109637fb0a48890d36bb78f967494ee6af0eb6161a7307856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4544fd5e44984021c5f92f8f03c420cb

SHA1
984caebb0bdfab5d2988e11b26edd916e9afb631

SHA256
624363e5cec041de4d53b7e184d6e9a02203a24f4b2f10e9d9b6f8dfc4606b80

SHA512
f2bfdbcad94381d00db554f24fa48baed44e391b685cbc9cf0ac593b4ef78142eaa19b069fc2cbae6e816ca5f9247068c033bd59592b60efe47c891bf7ac9211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af0da3b668b99522d42225b0500ec33b

SHA1
c3e39ce7967f7250e08d17772c467a5cba73f294

SHA256
1cc880d9ee0c0d237b9113172f2fbbcfac7c7adb7cb07eda4c54086e2ab8e0e0

SHA512
758fb1ecb2b2f8534d0b91d63a64ed5ed7e16a88e07cbe4733c2dc6de2fa24163f442ec8dae7e55172c9008854450d30fd722a302f557d0111bb5817b8720137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf886b781a1ab607af115f560d1302f7

SHA1
ea851ee04e5901d46c953fc7312a0d863fc70ba2

SHA256
f306e63e0603260218733a5ef6863de067066e0cfeffad035652bd0af2d5ba56

SHA512
e601d7815e75d4a7563a4a414a3b55274f302d778c68d6d3d27ae5a13954ac2156c52a94fb4392ee3d20b871f660a56fb5ec7c2f7fe25ec53aa8ff698f3fea3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ef56556a61605aa94234c44a61d308e

SHA1
ba0004ff210e1aa3094e98d18a2f899663d4c26e

SHA256
a3de8327d99fe648ad239b9662ddecec2ea694452792cf2718c42094712bebd5

SHA512
9805999ec94998af8fbf357eef22d2aad7214caac421fda541c9f880f551380d51989bafa46765bc2faa759dc3da4fd49ec05800f6da4311f04a533aaf48ef63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b2b785190eba2a55f4d6174ee480f60

SHA1
8ed6b1ffb24e487e72e75166d22d90ed3a562cc2

SHA256
6e69755760c0c631ef8caa52a96f2e23688530387e14e2776fb6244fc82e87a2

SHA512
c1c8379df7c2713400d1c46a56f15982c0991ce392292c41fff7c9db25ca06fab49bd01019c826d853fec33c27c64bf481e511344027d9e8eaacbc2d7670fc9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a731878b507f1c7619de8dd3fa2a9b3

SHA1
14e536a51c7c3c7cd2852922eb8b449436981faa

SHA256
eb0800bb7c3053e09712b34194685fbcb1f7ff814e8922ca5473321f1b90a113

SHA512
a6b71a9a07bff12dab20d97cb0b174722db8221fd31c4e94a18d8e44426458d5fc4583a1b274887f970355d207657244e385cd171b3c1ff984f348b8eeeaa4f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F64.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4016.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Arabic.ini

Filesize
188KB

MD5
acf637ec04eb96f2e676751bf9105d77

SHA1
2ff4a30f9bc2569ed235aaafce280ebf7c5d48a6

SHA256
283f60ddb564cd6a9f43771f992704704fa6f3863d476b0a5b57a74c773050b4

SHA512
1c4fc558a32f985ce7f7552f4c7afa13e6358b3150b70dc7a17bc2c9b2f5b715377379c2af792b530b1bbc97f1cc30e7ad28d65fd9c364aba83859f2e521fcdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_ChineseSimplified.ini

Filesize
126KB

MD5
4906cb6a67b1a1eba6a3913e217b2c48

SHA1
f50689320b968d96dadadca1da90aa3486ea8360

SHA256
e129b553c043c7c40ad9e33162b535c3cb96f516ca7955d036ab868221315c07

SHA512
f1e608759b0a0bb3391bd018fc4300df98a9c20a5527a7c46e69b7974506186e06403f5094e38af864b7f5d6ef0b0c26362dcff1bf5fd699b6d4e7676aabb3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_ChineseTraditional.ini

Filesize
123KB

MD5
876aa24cd3149e3ddf7cfaa32c2772d0

SHA1
4622d97f73dfd1ae043f75436ae257a784ff2f85

SHA256
1b8ccb3a2380cd28a7c597c583d8bf67e6530b92f01e238c0023812d0bb405b4

SHA512
05767d2d84e6431a940c37a6dd70845517d913a80420d3abbe7cb45ffd40a200445e651619bffd8d58a8f4ff26274f8232920481a05f06a6585004a3ad093c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Danish.ini

Filesize
216KB

MD5
537a0ceb20fe234fcbc5ee72eb29e0a6

SHA1
1dacb741e11793b5427cbda085bd4e1ff228fd85

SHA256
b62f65e6696def202a8bc209ef4390c1abe2cdbb3606487bf8d9b0606e462674

SHA512
5f01062cdd714314a1871d759400f527c6a8a0d261f2ed7fdc87643a9605a2d85849a286907e981873dd89da7babe9f6d4a5569233f0f34686d61129c7121798

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Default.ini

Filesize
219KB

MD5
dfb87f3a1e394b1f72fd07cc914c21ae

SHA1
7af03c96ad87b32688ffe65e02812ccf0ca57f80

SHA256
850b09ec0f71026969e7d3e048cdb0b799031665221017e3f32eeede9ddaafae

SHA512
102839ebc714fd0c71201318f539baef3ee1f2d3df34e4caf80ee307700c323366d7790cfd78832822f062d93925f807c43905e6feeb3c6c78dcce9bc639b6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Dutch.ini

Filesize
240KB

MD5
ae2cff9b32b4f90b8b4eeb74c56bbc8e

SHA1
227b7da1c57713986cf103b6c0ebe1b8905e2b4a

SHA256
f6ded23e8999b4a0ed42d3b0f1668ee845d20ab52002e4e01cecabdf8fe34569

SHA512
b54d47c66748447c7ad4c97b62f451287bfb3919990d68f1e7c578d6f8798f1276ced3c150ac56ea3ffaad518fae31f64b1da15ba9173be75477d4f7a82b811c

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Estonian.ini

Filesize
209KB

MD5
ef82eb9b2c8319d66e699dc91cc8a03b

SHA1
2d87ce57602d2171bc450a23d45b1dfce62c7f17

SHA256
95a5d338c517108a60796ef13c920d657e639df766b93224001242d3df916375

SHA512
c386a5d0a0c39be9753e2400efed334316bc1a01df2450e4fc756ecc481c49bec5f2eb50f9a24238c6cf8f822913dd3b04a80283297e56b1e5d1184848b71eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Finnish.ini

Filesize
212KB

MD5
664b3535cedce91b601efe51e90ffaeb

SHA1
90172586d7474328f1233bd7972f2c3ab5d7b839

SHA256
b5b015726a24043f2c578eaa0fe47ebf07d9d7743359b1c4dfa5c93524caf3fa

SHA512
e8d9aac0c0d286d7a13c4b8d021453df0a383c4bd5981da2964e79ecd5452d03e27e92468c331d98e36de9b2c21ef11cc4af4deef68a61187ae3b6e8ba8f97a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_French.ini

Filesize
239KB

MD5
d1d57b8593bad4520bf6c5af0f524b66

SHA1
8251a1a50206f1b9bdef4817fd99ed25ed920e73

SHA256
6c94d9509515b93e120300b6985b039ce68c2415b00118709198304f115e23eb

SHA512
3e4c7e2e2bb550a0ea99bc340daae6ccbf11b8e4b43f478573e30eed82dce4385956413a113c6b6e7ad906326dcbf651d779c12707a5a4b9bd7187d74b7f21ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_German.ini

Filesize
231KB

MD5
b8160235db220c83d1cc187b1c694d7d

SHA1
2145262a0026d0beae2570c7c1af3ed30447088e

SHA256
922c1d3fff675ac46dc4fb57761317c830cca9a9165a828a1325b9637239a0a8

SHA512
62c32a6034d496013cc210381b396cafed81ed6070fa51130ab4fd54dd2254ef71cd875c65b9125066da6fd659ed9a34c639dc60bf8e74ce583767c78f7eb96f

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Greek.ini

Filesize
222KB

MD5
0d15e3e11bd39028e5cb7dda0d5f2bd4

SHA1
5b22dcaa9a611775038e134a538879e7f54bf560

SHA256
cbf129c29224f01df29327f9a816ae1bed4dab90f866bfd35aa16ac78ae5e647

SHA512
f365f6e874b956c3c4dbc4cd768b305cfe84fa2242ad917fb00ccbfd475f9801e8692ad04d47c8320629990a4331b5fd00c6d3aea6908271db0804dff8d38d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Hebrew.ini

Filesize
182KB

MD5
7a29775163571951e6875aa55376f066

SHA1
ad3dfdaf6cfb7f9584d012b3ef6bb9e64297df3f

SHA256
e137fb8a8253f09b01184627a248d31b6a5fff33b7573f1bd66a7c4e925edc77

SHA512
0af8a4ec11c3ced19649a45bcfd9a211bd39ff7cc4b5548ce3daa1077b4a69241bffb674862f34b38b3b7841302316e39a69a1fe334ec9ef8ea8604b5ffe861d

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Hungarian.ini

Filesize
212KB

MD5
f2408274cc959ab978bb80b6b8b18f8a

SHA1
927eb2a1b955e6522f90428f485265655322c42d

SHA256
840e0156f92a53db6846a020c34e68c9b9e1958b48329c565f71435ece61bbb0

SHA512
1809e4496abdcdb01e1be8343c20b5698c6cd54a405b144cf0ab58186648d39471c5dd014cc37f1c7141c106d8633f736d36505f92935392ea83243cac956f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Italian.ini

Filesize
225KB

MD5
a8f7a0a79707bb2101f90e3b7c0d0ada

SHA1
70de86ba3b909f858cea9f529e681e71d90e3833

SHA256
37da5bf8eed7658c2d250df2aa97568f9de540f35d762c3b452f302287906354

SHA512
58c055e234654a22270ce2360174c61b62594db9a5261e4ccf363a841994ff1f50b92b3884948baec1ca422eb52406dc5f69f05b9b57403ddcaa7b07f15d31d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Japanese.ini

Filesize
152KB

MD5
f116a59852501cfa793c2383e96f7426

SHA1
724f8bb479a5bc1b0d8ad07d925b0d08a2a4a765

SHA256
aef240d6bc20026520ab7dbe216dc605f759ab9d092b2ef882cdf5a2ff019909

SHA512
7d41dd96592743bd9a8f03ecc08b269f66b92f53132e2c28591ec8e7f750ff81cd468295fb4bfc15987cfb0ccef4bd47a25a62059c2b4b681def92623240ee48

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Norwegian.ini

Filesize
212KB

MD5
d013f4277a3d5aed236f4d5ae34f7044

SHA1
dcd6ede19061874f5b923a826b82078874f802e2

SHA256
0e8101053de36687dd24937758521d69dbea782831d3dabe840b553cc587fa5c

SHA512
185ed6dbb4478671427708be3e085b52d6e8505300ec617693f4a9371e31d56af657dbcbd6ee425652d227f44d0dd34192d88a70e457977cbb71edf3fa714f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Portuguese.ini

Filesize
234KB

MD5
098355a98135817ab4283a6d4af38d3c

SHA1
d0195ea96f1311004cfedf66df30afa0c712b187

SHA256
78654f541b08979645c0d089e5d3e5a3aeeb52ea7bd7f54320d9dc8a0efa573c

SHA512
4ddf47c2d0398812cd5078b9f9c3c8116caae2aced9f7183d107cd62f643efe300d86d11ffe67493bbba48a89770703a45a56dbaff1a90c9642dcd791a8e4153

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Spanish.ini

Filesize
228KB

MD5
7610264aa712a449aba3897f307b92d6

SHA1
fbc1036c27f958352ee59b2f94b1c35833ad6f94

SHA256
eb4cb24dd1b8a5936a33fb91d38ac07924404e7f0c0b1da4c270bda3ad073fdc

SHA512
e1ea7ca303db3f3f8fc910cb7ac203494596193b36c1cf4e340e3aa64bb8197224891682efc570641d9202634c74fa5603ebc7c35510f552c5bb9d72066ae142

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Swedish.ini

Filesize
213KB

MD5
b89f34d6e17b84ebe607a3f99e51b31d

SHA1
7f9fa072bab6b373fb2c9002c3517f33c1c27e39

SHA256
b13a75df06ff8235a64ae7cdc1ab098e28ede2ef65cf09420ee06c52ac78fff2

SHA512
c7745b60bf909c6428dcf401371d37df7ca492ed5dff44f3e4873dbd86733dcba1ce238607934bdac8bb8b8fe2d66a5977fa4d1e8c5d5760b5f5c355ea7c93c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Thai.ini

Filesize
203KB

MD5
2c7d330639affed8baffcb97d1224a71

SHA1
67132448456e55dbfe076d6fe800c4b17a8a8a72

SHA256
22fd14c68e631eaf23c6e8f68a6c166ef0143f567dbcb5bf9e647347dbbeb083

SHA512
b5eb9a6ab0d62bb08b9522363706b33a58a2d36a4bfd3c1f391c880d8cf5d2d45cfe09e347cc50b813dd3ad39f554331c65dc35eca269476a8ea4fb35c04a0eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\msgpl_533a.tmp\Lng_Turkish.ini

Filesize
219KB

MD5
241aa8cc39b4366273fea6f1e4ac0529

SHA1
fcb5629375ff4112e86bdf506a1b7ec37c719f45

SHA256
7372f8af6768a32e7ec8186572b5801bad9f204a6d308b8a822817f1f1c4ae7b

SHA512
0371de482f87ccce7f3a7d82efb11edff41a95bd591351c304857d273bc0f219e3feb8151c8da79a4454b718875e621b5e4b58c8ccad421a90d2d770c6633d8a

Download Submit