Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2024 23:08
Static task
static1
Behavioral task
behavioral1
Sample
9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe
Resource
win7-20241010-en
General
-
Target
9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe
-
Size
2.4MB
-
MD5
9e70d5f3986851c9ff4a9cfed31fd9a5
-
SHA1
3be690ce135b0835d374c8d0bb96be4c9faf483f
-
SHA256
9274e1c3d9423ff83b6da773441148f487a9b4f5f54aa0f3d25266edad2e1219
-
SHA512
50e4a22e56f37b4cbded882c70b37e6a4267fb8632dad97937cd58ed47fbc011f3e66409cfd85a23dd6d5cb650e3bc8364b14f5f4e844ffb3295640969d1f3a7
-
SSDEEP
49152:aUax0MDAvfCWKsOOSWAVlPMvclqcvCQLKgAC0kX:XZMDAn0sHSWAVlUvcscvCQ/
Malware Config
Extracted
gozi
Extracted
gozi
2010
login.lycos.com
iunsyntoqprabhosao.net
178.32.27.3
-
build
250161
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
loader
-
server_id
12
Signatures
-
Gozi family
-
Program crash 1 IoCs
pid pid_target Process procid_target 892 4388 WerFault.exe 81 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ielowutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f080de188f3fdb01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{42721D0B-AB82-11EF-9361-C67090DD1599} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "383181688" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a100000000020000000000106600000001000020000000368bf1b6dd04c13ea2f704127f3e47b1cad21a06a5a9c0e3df3b3d8dbcc22e98000000000e8000000002000020000000c8664327c12d58fbdf4c9c1e311e4583d592c9d6fc4b549c221c4be304bc3ab320000000a000aa4cb89c81fbbc5226a71b975fad51b2a7326982f70da383774d062599da40000000322a9aa681a38e231f35ab9b0c9d4791373e53035d809051927dc24de1b36195ceb42c7f3cc92eac598ca04b1a12d530cd17f1b9cbfac6f0dad7cce821d2a110 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 409d7e3e8f3fdb01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31145871" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6DFE90A7-AB82-11EF-9361-C67090DD1599} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a10000000002000000000010660000000100002000000096553f60b927379a5d8b58078787c6045c07a3fa27156b741d0b4103b64fb772000000000e8000000002000020000000d80b0a6f478f3bfd70ec62f52abe295180ea167d1139ac6224ff03ef3c7b57f72000000096d9241f4bfd8b12be1c80babd0d240b4ac196e95517fb38bcad8a179917b1814000000057aaeda7930c8464a46a5c49632ad8eaac45edb354f29adb84039cc42c930a55570f9ca8761df799611e908a5d6609bb53d1196a4c5c7b651d45a2fd8db719b7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5CF84734-AB82-11EF-9361-C67090DD1599} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31145871" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7B6A2E78-AB82-11EF-9361-C67090DD1599} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a100000000020000000000106600000001000020000000458a75352afca906d3d97e1dc5fb6b7820d6aca763a4e218c73bc160e5dd4e1c000000000e8000000002000020000000d974fd47ba9c7b4385176459bb3ec5ec215f8b4e2f260282570f8397192d530220000000badf153f611365934546a14cc0e5f8c3ee15c22a1d56e14b56ccdbd12b545c4e40000000bb8da2ac4ac5b2d0c533b125eddd43a77d021d83e87ce632cfc6cc12fa8835c3329a698b6f99176de84c20bb92ceedb08a1d2b75ed77752a93afdcc4e90ca343 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ace5188f3fdb01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab44cbc7ac5e824ba8748f8001f100a100000000020000000000106600000001000020000000e0c2e707b3fbec0a62f8499accc9e6f2864a08f9d79fcc7fe40fc21378854a01000000000e8000000002000020000000d925477901ff69360350ded4e3896df7bddc71c24d31b5ff09616e5021d29cde20000000bea6c0c2e029a3ec01da2df760d715ff294d2674650f83f05e9e886bbc6f178040000000d07ea2130a2d082254f86fdbf59fad99fff15cc7a9f9bb4a1db392e0434e1d9d31316c5d317ceb2d34b13fb3198ae32970f49496f9ebe3812865f20bbf90beb3 iexplore.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 4988 iexplore.exe 3104 iexplore.exe 4996 iexplore.exe 448 iexplore.exe -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 4988 iexplore.exe 4988 iexplore.exe 4744 IEXPLORE.EXE 4744 IEXPLORE.EXE 3104 iexplore.exe 3104 iexplore.exe 2868 IEXPLORE.EXE 2868 IEXPLORE.EXE 4996 iexplore.exe 4996 iexplore.exe 5008 IEXPLORE.EXE 5008 IEXPLORE.EXE 448 iexplore.exe 448 iexplore.exe 4860 IEXPLORE.EXE 4860 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4744 4988 iexplore.exe 97 PID 4988 wrote to memory of 4744 4988 iexplore.exe 97 PID 4988 wrote to memory of 4744 4988 iexplore.exe 97 PID 3104 wrote to memory of 2868 3104 iexplore.exe 99 PID 3104 wrote to memory of 2868 3104 iexplore.exe 99 PID 3104 wrote to memory of 2868 3104 iexplore.exe 99 PID 4996 wrote to memory of 5008 4996 iexplore.exe 101 PID 4996 wrote to memory of 5008 4996 iexplore.exe 101 PID 4996 wrote to memory of 5008 4996 iexplore.exe 101 PID 448 wrote to memory of 4860 448 iexplore.exe 103 PID 448 wrote to memory of 4860 448 iexplore.exe 103 PID 448 wrote to memory of 4860 448 iexplore.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9e70d5f3986851c9ff4a9cfed31fd9a5_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4388 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 8202⤵
- Program crash
PID:892
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4388 -ip 43881⤵PID:4712
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
PID:2972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3104 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3104 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4996 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:448 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
Filesize
504B
MD55e3bf431abfcc003debce3023387fc68
SHA1c27727a48d009d825ce33dc2eebe2182ae8de007
SHA256537bbfbb0ffe9000c0da43eb19a0dd9866039f6085bf87db6157e4af500497b4
SHA5126a468082bcef9dc254ab8d9d6fcaaf915a7c5ed74a25c1b60c1d524330aabd3a421a5901bced4f80cbc93a15f3fd3fc944d069ad1d7d96ef82bbc7b411f2dcb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize192B
MD5a64df086720177b5a5b51d2aa7ea1535
SHA1288ffd02221b25cf2e225ebc361a0488e7ed75d9
SHA256f721e40590365a14412fc790972d14d8741e08b92edb6e0b03162e51574b81f6
SHA5123d5b1c133c0a98df11b5225dc1a20b2d53f4bb440de92dfe05ee2fc0332b01d9e0414c0a4dd9f25d33f4d1401b3e3e54114ceae9cfbe92f9759c68bfa07cf6a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACBA80A34A55A5C88835E6AED2350B98
Filesize546B
MD5493715abaffdd0197e8f8be0bf2b12f6
SHA11c7a29a2f1ba58d771444a89b088d58604024e40
SHA2560d3a4e9a4525f84e5458587d04594792d3a6f9c7c3bfe5552c10f9f5ee902298
SHA512068932e04db20de7b63e5aca3115603447e8440541239bb20b40d08a21e9368a758f52d4bbb9ee78f21e77a547a7aefa4151b350e95e0a7fa43760365ed8bc5f
-
Filesize
1KB
MD593dad71f3c1f0df4e445cd1a4a6591cf
SHA1c03355bc3d5ccfd97efeeb54fdfc1d77c37a1758
SHA2569c3cd7e6c4b4633f56a2d9d2b374a9599311a3c1a34a3dedfcf03852c344668f
SHA51294d3ced144c11ac7fe17f58b3cf832752f746837d0d2df0e62f1cf4936f9dbc74b3d34e3b45247c85eebf8325c00e3970d8c30de0ae478dde58e2019a0e0d852
-
Filesize
1KB
MD5880e8d49aaf3c16421397c2751e81120
SHA1a56c3e90c4fe432b5fc59a028973c3feca39ba0c
SHA25673fc795a3678a2e43852ed6ddf82ac5a8365a9e8d9ccd842c15c9cd1b85cc7b6
SHA5128a4c43951dc4193c964203dfa9bb79298c4986c8f6b07abc6d1aa8e511e10b27f73fc2d51f548d8591860226161d82c18de5fb95f3a89f8dc1b14d98390bacdb
-
Filesize
12KB
MD58878f11344d824cc8c9a6fb11aafdf85
SHA10f20aa0f940ff003b170bb026d1ba935ad0b68c7
SHA256ce406b20cb1b412d01d3588c66002fa5149bb26c94f4aaf65243e56e09b7be0d
SHA512df915fdde23bef1f2c4ee7bb63ef89a41ffa0adf8f77ff47a7c34363d9aa3bc0f1ddb146cc36816918705928b6bfea440cdf5d91a398513004bd73beddc3b02f
-
Filesize
2KB
MD534caffdac059db484fddc3a640900c88
SHA150df963674ac307a0edf941ff9bc4fbb190eddf6
SHA2565cf1c50036b102b751daf51a696967b194bcfb4d21bfc2d46f39dffd94280b26
SHA5121647b2bc5536275436ea0bdf1de8d7cbf908a9d71a3c0f8c3e83847cba3eaea954ed4a3c3f9f70ba4f747aecdbde5f4b24af8da840ae476097ca8acab189a1c0
-
Filesize
9KB
MD5024cd593b97d43c82d5f5cdab7d08091
SHA1d5b573581c9e5e210f1fd72c55f1e6f3e9c46ddf
SHA256b14a166cbfe85b0ac53f3c9028f0a39779b8c27c837cd2b4bb225881c9c6ad90
SHA512acdcc1002a87e7904a636ea9ee6020999ebf38549c16901855aa7739cd565b0645f7cda181ead4997501dd772f907bfa2a8a74bf43709536d8da56add77e66be
-
Filesize
1KB
MD56be90493a0c8eecfc606c70c06107ace
SHA12d2ca8a72ed0c925fa4ceb3744c48cda212218c5
SHA2563ba54ce8ff0200abb5e9d55ba9ffd6cc83c28d8504d49c271bfba2e06efb284e
SHA5128884aa037c396ce754ed4f9967873a01b1ad6d0091ad69a9ab83af83e6e30cdcb2c1e3b8a7299f376daf6d950811da9671cffb0dcfd2ef48c8057ccfb6f70931
-
Filesize
1KB
MD5b454396d84cf9bfcfc25f026fa2411dc
SHA1684534de0e55b2769f28cf468064ccd6db01e21e
SHA256de6d49b982cf9f818afbb11fd95a6cb9c85f777d2022727768e82f2c515cf223
SHA5129ceda92cd02652224bfe3a05600777e2a79070988974f587600b304724538c5a4964ac2bf8546844c148bf39f6cf7750e72b9975a963ffdd8791b70a3159e931
-
Filesize
299KB
MD548518a589efa75c25058dbf78e931150
SHA18dc2ca17a8dc8d31a5cb3b2d5473f5066badbd45
SHA256ed805085f72c45502d62331a3a5c7cf57bbca377bd5b20469e606d70a5046d3e
SHA512565a5dd14ffe828652b385336ecc1c90f64e87156f54075f4719c88d7c2c65e652f54aa0edaf8d6dd2ac31f73f5767863b08c95af9286a7a96ba303c45394c89
-
Filesize
32KB
MD53b2b34ac900976c9598163b7555faa5e
SHA16845dbffa2ef17ac0a1b6615f7e1d45bb35402ab
SHA2563798f5e4fdb86d88284150e0e3675d0b7f35b8e1d54fb71db5694bc5e214b6db
SHA51235885410fd9d9ab06f64d5eff85fa4a7ab2e92f9cbc1a3a7d736b96733853c8e2e294ec6ca8d4442ab799a8f5fd9200b888d199b3537e69bebb61d103a67e919
-
Filesize
53KB
MD5e49092016f1775b5022a7dfdb9f496b2
SHA1c34f42670f03b26cd1a277cf54a90a249185a306
SHA25645a4add3d99198909995a010ce5bb28076fab8e6594942a6140cdfff1104cfd7
SHA5127bed69b77e9a9237be77c27af19258ddb772bafabfd8df320b3faea0e76d7f4f646488d573db8b8c82c9bb54ad7f6329d1ee394efd9a608486a1a5280dc9966a
-
Filesize
2KB
MD51edd2de25e9cb2736d40c65cecdba77b
SHA150de96659c9a9982a52bbc360bd7a04ef25fa7b4
SHA256d5c638978f58d910d11baa567cf1f394fc0cf6da2ee49a72c8f20d48a290dee4
SHA512b92aea37f46509a25239255919c76ed99b9fec68dc225fd3e7533147adc3d9fa264d352ed83d0d9ac59fca02beb96be1d044ae6be661c60920b7189b8e3740e6
-
Filesize
230B
MD5fc15b3b8fa874c67f8de84b661157614
SHA1d461c182d4f7e3b978957c4c88c2059009abc1a9
SHA256ba5e35c84232b0bc93ed7e974aff02f56a35d4450d56fbbbc42fa11b3b8b4edd
SHA5121bdb6baaeeb69b1ce46f744f4e4c08be8d123adc7567c4131e4f1fc42375f0a7cfb3c8f33b0769406519e87c86808b6be92ebfa9ff4ac19eb1d9879fb388167e
-
Filesize
36KB
MD55869c96cc8f19086aee625d670d741f9
SHA1430a443d74830fe9be26efca431f448c1b3740f9
SHA25653964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
SHA5128b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45
-
Filesize
1KB
MD54fd2c9e70c024271a3b73df063c4bab6
SHA1e588054fbe32a859717d29bd9a271ef0d05bd273
SHA256fd2c3711da0e381c121b36ab94584e237e2aa2596f7e0693cba34a206393436a
SHA512ceebea2bda9fb03dcd69281dd6b9b172294cee04fb0102ea5c7d6b590e27aa70ad5579e9b59e7084da8b25f6062c40207a008627c516ade6a4f42d526d547ad2
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0TSRVAPX\ie10-viewport-bug-workaround[1].js
Filesize664B
MD5186770c58c9bdb3faec9a4f32f582cd2
SHA1823c4aa387f90353fc6a8933206387499426601d
SHA2563a776234892e76fe2105236a8fa5f1ba40b18bb735fff77159f096f7a21aa350
SHA51203a758bd85ec4ee9ac96d71c65504e44bad42e2e8fa88a8948801c9c168d6d109f3691e3acab4a909eac4d1254779603963e12c4ba1b81ac17282f03b28ee5da
-
Filesize
90KB
MD533d85132f0154466fc017dd05111873d
SHA1161b78ec52f28657a835e4a5423f03782fd35806
SHA2564837f7e1f1565ff667528cd75c41f401e07e229de1bd1b232f0a7a40d4c46f79
SHA5125c73f7416de3af23384625ac9913eff11a8931ed8bf611bee49503354cb7de793d1997d309ed20e56fdb5bed4a3d52bdeeddef4ab09a10c20140137e4d68c00b
-
Filesize
32KB
MD5236e213a47daa4905c43cf6f52c93021
SHA182f76299cd6f55fc7f26a86a6626e7f101442c4c
SHA256ccba6c99c4ad5d893e29f07cf4fcf75afb7641e9e5a44e435215217a84c7dc65
SHA5123955e47687b7accafa6589b8f84bfdca15ee6579c810934474176f4a5c0547713b7a6d7d38b78d40020a09be633ed67db75ebd20a18ad00732f3e2353647928c
-
Filesize
24KB
MD5701a44eab01c47af12d9fb33b3a4ba4b
SHA17cec6efc1c4304d5bb2eeaa4ce4c0a223f2048c4
SHA25681294dc1f919060cd91a376d48b2795da882ec47b51ebe8dce457d111dec06fc
SHA512663a8aba26ffd09e25646dcad7748db8da1c6908cf6d42fdcca00cdc9e011e2f3f04aefeb930d3aeea8b109ce99b685d66d88a8b6d27c0a3bfacd5254a6868f8
-
Filesize
759B
MD5d28375238c3fa9b4d5ebb922b6106815
SHA10993adb301550cc472c7623d106030a51bb3aa0e
SHA256284844d2f3496e97a0348a494626d4e2a7b41a469fa0ebea7c2129e0ca23c247
SHA51221311a1dc71118351da1b64ea2c2d473e2cbb61fd2e3fc5254802e1f7138d5480b777e30db2f7ac55096d6ce73e4ea611cc95f85cce2bc5020453477598ddf41
-
Filesize
321B
MD54f3b32882b9812671765a63c62b71592
SHA1fbb55a1bad56a1704dc48409290a26742c801cd6
SHA2563e86aef81db5e3450f8cbec1dfdbe20d04ff79993fd476c39eb2ee81241f3306
SHA5124e468469e13f92157a01b89b6ee36595f593994f15cbc687f4d83441caff4d7e0400c8f84bd1c95a68a215c1d2e1cc05330bf14387be2784d2932b391e8067a2
-
Filesize
1KB
MD59127adb4fe43ff6c33017ba58751f26d
SHA1c7851d2ed8f58e3e50d7fd6ccdd9819ae8ccbf2e
SHA25647403a2c50cd114dbfd985ee5fca06f08a645321a12b767fb513981c2715e28f
SHA5124ce59fc82bcf0e21f74d7a3b6fe8059b23a4c65e8d1b498dd8871857f0edeb8fd3519fc90867e811e1cf403188965b049e72b816b3c82b44a7baf0427be6b0d9
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9PMCFZKU\ie10-viewport-bug-workaround[1].css
Filesize446B
MD53b9060cf62bfb4ddc5cf5e1e5204a579
SHA1bb8c9bd6dc1947ebc51c510ba729b8f48cd5d2aa
SHA2565c83d64fd31a699a81efd8430a7100f1aeb83024f88b252273c9f5de31309e13
SHA512a1fe9190764a8e2abac6fc7e389d5fb6b5c6669ead738d657a008803ed738889564712ba0eecd2fdaf376d8f76540e3e961fa8367df5330fd5e5bd024d32e69d
-
Filesize
2KB
MD5673106793cc8612c2dbbf74fd79fc5ce
SHA15268f72210bf4eaa362cac76cdfbf60780f7b193
SHA2563ef033a928c3cb72a2ac2cf026a4c859690be9bc2e2db7d005dedfa552525a0f
SHA51238f617273e39102ff972d8f503ad1dff58528c67b59aaae2c989b2bb1137b816cdc0ee1b98d2672b48a44c7eccf6adaa6637e7a60020e6e67862c650ed59ebd2
-
Filesize
2KB
MD511d657ec865b3308d7c499388957134d
SHA141ec83bf9855dc4c3bba560a9ea2a94f71f7ffad
SHA256c19b29e6cd270200f7f26a256d4dcad5847e33d08cd42dabe4aee4dbf2096cf8
SHA512eece4d3cb2abdd557c9f2ba9058ef804eab61347400186b87d605ef0a89e690c9cc8bf243f504a0b8234895ffe4d1431f84c1beed88e37a73162af6df737b5fb
-
Filesize
2KB
MD54f86a50c2dfb2715c6cd0a77ae71bdab
SHA1becff13b76d1b8111fa6ddbbbcc22c9fb53302d6
SHA2567e3ccaa29d1dfbbc6862a4e4be6b729d48defeec21a94089a8af7da7814c624f
SHA51254a84c8c86633506f6276e1880c36231266535683fd7c3c3a219f77cf3e0efddffd313d191797bf912f71d3943d622a0745a60311da215856e3e9f475b5f988e
-
Filesize
3KB
MD5a7877a578fe321648a7063e0ec266c58
SHA12eb76230876c98f4d4abc8f27faa0a28274b1cb8
SHA2565e1fb94ca0fd65738d7d179ea151c214d14428916ef86c45bbdf20e76294f919
SHA5122a25e8527a77bea8004ab36aeb15d23f3ee4b76b8512e504636055245876af131fe990f715af966038eddea6f9314a68335e4d1e1aafa9a0db52ff303fd960fc
-
Filesize
4KB
MD5ad1e9e44eae65fecf5b829392035f4b6
SHA1934beb0dd9f4b64ee8e7f51779cc9e6608fe59ce
SHA2569b3cf14fb22139af01d95fc2bd251cd68955d7fbe6ef20532a4979a96cc933ad
SHA512e4b0ee02bd094c0dc8370a8c8c057f652b91d2ef06e4e7671985369d4b617fcf018d7b1fcbe7fbf6add9c0df8759d412cacb27e4bad71ee4176baffa70c0d8b2
-
Filesize
4KB
MD5edb0d465f717b539c8b749189ff9bc77
SHA1fb143f7e7ce851f205dde86dcb9110bb24c4ba02
SHA2560b7e3d5083296df54e66bad2b38353be37f00879e0892c240dd3671c52d4409c
SHA512883d860e171d75bba592569cedfff66efcfafbdf96e4820f1ebe037171d57e7048fcaafd42226eea0ab885da3a1266be36001e2a678f09f850c10c49e0768e74
-
Filesize
148KB
MD5d92c4c206727f983fc800c5c6165b1df
SHA10e16edda4bca168c97506f4ede6341c5db5e40eb
SHA256525f8ec811d3c17c7a043598adb643fa10a5b5de1a3dafbbcd2835d5833f2bd1
SHA512b70ba379f5f087269c1ceeec29befca6545dc0982e969ecce8b57ffb5542145a3879ccb9095171c1d436be88a4efd991311337a15f56f6b66c28ad9935926d67
-
Filesize
248B
MD5d603c0f0f5743483efff19726357f8bc
SHA1cf522e93ad0521650c7d577f478ba92fc0751179
SHA256c0aa31bc08ae3ccbf970617d703c57a9a974422cd4f56ca56b1cfc175fddb42f
SHA5125df0ac8d630c4d04aa1b05ebea3c9da549816a52416b6958cf24492e5a8aed2e9a28a81449b35fa9fb1d05b848e86b821e73ea84c3a8f3a287d59523695c1475
-
Filesize
33KB
MD578b0d9b8ee049cc9abac995904b980f6
SHA12b6bf8acbbe2a14952f9c915d093496be5d73290
SHA25604091bb4cc3295d2ae34ef26c5425dc3921e53783bd403bea08a3a51c386af0d
SHA512b2b57d01b3b73541f2162471bf39c8a43783e904263dc5cde5baec3d4ffb9589b6ea72bec1485668ce09fc608a19494c5fb6b0cdedf3475b609e022836462d06
-
Filesize
3KB
MD5d5528dde0006c78be04817327c2f9b6f
SHA131e1bcc4cf805a2c2fee21f48ded1e598f64a2a8
SHA256b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
SHA51269484bdb1382ae92c4b860f97fab601db2d8117469619f06e720fe5a516b5eb3f2d88ad6065bba6e28790bd1faa86b20aa753a9a0c7a2ad53c4eb787a404a9af
-
Filesize
402KB
MD57a8dde4618b86ca2203f05429962da14
SHA1d29f66f5a0021cc33b8e3edd39bd5d32c6aa1df2
SHA25600f8780ffa451101877bdb70034cbad6b0ca4d46632e7ca7d3c14b3d57b04150
SHA512f0cfa0dbbe1b7b901a0d099d9f18125e1d6e0bce1dc28817a20ebe937e99149e2663f2d8a170fd5531bd6d30c2dd840dfad099217fd6a9719ece83cb14186622
-
Filesize
1KB
MD54561fdb51bdb068af0251e05c4e0d2ef
SHA192a08eec89e3f5d23a9bfad9646bb63548acb5ae
SHA2565907c59fe21b4231e8ca45dbe9f6ff3cf447f5516e2e5f7e8edf36342c1b765d
SHA51277f2c126344ee3c1e72207dbe21f05adef5d375b37601d8dfeed91681201f49bab65610933691966d039c5fa9c76ae020962f00d903f596f5d3c7ffbd24d07d6
-
Filesize
46KB
MD517d6cc18f7eda2fbbb436f0f75e08e7c
SHA1232bab9b880edbffe418efed5813413821610403
SHA256569fe270871e876cae94508d6b041893149645046e736eab8f3dbbadc7184bf5
SHA512e4121043c2f73b950f54ae7cab709d34e03296ea662510a91a1839cd38525502fd267974eb161062c15713108fe64ff4adc54e445260f72925baacc1418f8c37
-
Filesize
110KB
MD517630c5e92bb7312bb38097610870a63
SHA103ca551ce64c4a28c254e9a76fbfb48fe2c6aa4e
SHA25634c4f5b6f50dcd21341274fe1de175001a448642e3abc68456be462cbe484e4b
SHA512f5063a39431f0b7feb909582d95cbff37cbdf6a1dcc7301e52a744d2635de85d5fa6903d465240aa6627e6086c42167ef10c67e9452c987d2f6151d067ea4870
-
Filesize
72KB
MD527c2704306a8c8173be9b15775e55591
SHA1f3bd73288b96beecbcb8a202e3fb90dc9df958f2
SHA256454b27b4c9312eb1704a32526ba27df30a3906f7afce237c8c0aea6626220be1
SHA5125088f607dbd0566926d028ec0a53f3744f851427c82cf62177fee6881d86768c16e0b16406c09339d826dc18a1074114a29132032a09658cbe6bbf4ed347979c
-
Filesize
112KB
MD59ba1818e255ff4007bd83bf83eb8dbd2
SHA19d4a24a56b61694561701bf8444ac94bf9e25de0
SHA25609bc5d86a124ff8bf603512f9f5e434034299d1dd9d160d3f938fccbe43b6383
SHA512d345490b2a698bd82a6bf6148d3cee68f78de462dad284fac34d1ddd768b623fbf29283bcb77dc214e40c6be3a359fe6554a477ea440b2297d2fa362c5b333b8
-
Filesize
16KB
MD59f22f378bf22282826ade1a7f32c558f
SHA163b3f11454cf3b4bd7c539ddf63027201290b477
SHA256bbb9e339c8b4b129227cb085878943784ce8c07243f1e95bc414cf8f79f6e274
SHA5129e442dac990eb62de7e29fff6249375a3206f57528e39380c3488eb6b2a2fe80a4ff51e12cf2cf129ac9b348305ec572eef95612e4fce1bdbf8d847a84b502e8