Analysis
-
max time kernel
130s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-12-2024 23:45
Static task
static1
Behavioral task
behavioral1
Sample
f9475d8339ee446d5a7f54c60be86cf4_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f9475d8339ee446d5a7f54c60be86cf4_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f9475d8339ee446d5a7f54c60be86cf4_JaffaCakes118.html
-
Size
160KB
-
MD5
f9475d8339ee446d5a7f54c60be86cf4
-
SHA1
bc17d96bda9f53fa6a5b039236134f341877939a
-
SHA256
bcc29236ac90110699634e4e90fabdb1e98972fd3b3e41dceba42878f5202cb5
-
SHA512
71e9156e5493fbe2fc2d969627a43d0bf54c68d3a88f09e04dec74e5e4277188c7f71877433258be19cda6ac2c8acf28607fe638a365086563d5ed83b6a43d7a
-
SSDEEP
1536:igRTbExNinBbqRKwnZbKICyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:iKypZbdCyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2236 svchost.exe 2512 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2304 IEXPLORE.EXE 2236 svchost.exe -
resource yara_rule behavioral1/memory/2236-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/files/0x0023000000019274-433.dat upx behavioral1/memory/2236-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2236-436-0x0000000000230000-0x000000000023F000-memory.dmp upx behavioral1/memory/2512-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-447-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-444-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px7668.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440640999" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0071B771-BCD1-11EF-BDBD-E62D5E492327} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2512 DesktopLayer.exe 2512 DesktopLayer.exe 2512 DesktopLayer.exe 2512 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1728 iexplore.exe 1728 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1728 iexplore.exe 1728 iexplore.exe 2304 IEXPLORE.EXE 2304 IEXPLORE.EXE 2304 IEXPLORE.EXE 2304 IEXPLORE.EXE 1728 iexplore.exe 1728 iexplore.exe 876 IEXPLORE.EXE 876 IEXPLORE.EXE 876 IEXPLORE.EXE 876 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 1728 wrote to memory of 2304 1728 iexplore.exe 30 PID 1728 wrote to memory of 2304 1728 iexplore.exe 30 PID 1728 wrote to memory of 2304 1728 iexplore.exe 30 PID 1728 wrote to memory of 2304 1728 iexplore.exe 30 PID 2304 wrote to memory of 2236 2304 IEXPLORE.EXE 35 PID 2304 wrote to memory of 2236 2304 IEXPLORE.EXE 35 PID 2304 wrote to memory of 2236 2304 IEXPLORE.EXE 35 PID 2304 wrote to memory of 2236 2304 IEXPLORE.EXE 35 PID 2236 wrote to memory of 2512 2236 svchost.exe 36 PID 2236 wrote to memory of 2512 2236 svchost.exe 36 PID 2236 wrote to memory of 2512 2236 svchost.exe 36 PID 2236 wrote to memory of 2512 2236 svchost.exe 36 PID 2512 wrote to memory of 2136 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2136 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2136 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2136 2512 DesktopLayer.exe 37 PID 1728 wrote to memory of 876 1728 iexplore.exe 38 PID 1728 wrote to memory of 876 1728 iexplore.exe 38 PID 1728 wrote to memory of 876 1728 iexplore.exe 38 PID 1728 wrote to memory of 876 1728 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f9475d8339ee446d5a7f54c60be86cf4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2136
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:209943 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e4da97a291c520b41accbd85f3cae87
SHA1d639c9a31da3b17f31bc02906fc3c51032278870
SHA256150ed44c716b533bea080b006918a31725d47f21f0ff60aaa7f58e8ff32285ca
SHA51202ef42a6afce56709da2a6f6ad107c61389222ae2f3306515d63c173ca21ce14963b82d97a69b37d59645ae646394904e3e41eca7b03dd357067971dc0debaf2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5705104d3513a8aa906b47baa2a537376
SHA12f75616f86de66412df919842b9563af423e6918
SHA2561376157efb8ae5852a89870afcbf7686d3318b7f30b3e4055f0260c313adc2f0
SHA512e27fe7611644c8e5cf1b7bc91d62567ad6355d5dd730912ac01a87713bea950388ac433d9b0af475ef8f8dbe1cc0ff0b08497586c5aba2e09e15b269fea385ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5810fa7dc116e502dcf2bf2d93b67b6fd
SHA137fa5dcdb131d625db141ef02459dd5e737bca28
SHA25686b22628d58e24f6fa9c652a2577a79a4878aed5824774713f64fb4d7ba93206
SHA512e84b96664998ad57bd5f28695ef9cbdabda35a7c58ff3851680daecc3b32ecb842a023ca3428ae49fae5ae75f902be4c17a2b77b0dd442a2b51c9eaf422c67ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5e8cd62c317e3e418eb0d5bcd019ce4
SHA1ae0c73782f4e7f165ca18366bf2b827adcdfce2d
SHA256c126ff91709d30a1691a9b49bd3e3d9595c696892a45a0dde9c3411a1488c9e4
SHA5123edbd6402dad1d429f98f5f486ef5196537b6af17051fe774af64c5d90df4328bb33c8c114b178f281ba24b4dbe1753735b32a4f77bf585098b70be7fff3df56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5459adbaf089a128d40354fb4026b884d
SHA1d22e14c839a233e975a73445af90c1cb3dc855de
SHA256df805b18392cdb75c35bd4e1d34d531ab48c452414058748531a1639cce8596e
SHA51274b08bcc4d21f9a79a59da00f4600d3bcc7e2888bc61b66d9056eeb21e0ab38a56567393f476b632570716910fc950bea04ae36e5a94034f8bedc637f1877caf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548ef3b4b1e61472bc83103be961e088a
SHA1132782a258d555ed10808207cd44d0d8caa3ae21
SHA256f794c18c7f3a4539083185ae790627345d91476e0375748b812e4757ea57c49a
SHA512957e8573acbd31244cc40cf18b6c1950a3ac7c6ea8930bebc842fe8eb6f44540d0ddd88df73d212707959944f707a41fb71e421d068f3c0e4cf7603273bf4dd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bf78c8849570251bebf9e30d8b0fb2f
SHA1e17fd2b8719bfa53a6091c97ea205cd37758ea15
SHA2562aeb2c8ec3c8ccf8bf820269d63650103a1de5b5183296e06a2b9a38b50aba42
SHA512b0923929490cd382d3a1829de157f00cf8869429891d567937365454a5d79d2d4418900418111d6d45484d34b7f58955d4ca39ca404009736e0c4df0b748c70b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ef66eeab4ab98eb3f8e743d18498edb
SHA193981b07644410a9163345e8be7cc2a6ae4e210a
SHA256c435404185605f7a6233f5e8671d461af39c0ca9399e2dd9525cc10884792403
SHA512c090f61d2c6a83bebb52bf4ded3aab9d866a6ba2342a9da234b9900590dd8e468ec297dfa54aed7618fff2c8508db49d27b970c61dbf7f0b121380599d181b96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2298ef6c716b431e2b2285fb3931c06
SHA16058e93d7cf02925bcdb91da8d142e1afc2c7d7d
SHA256287f149536573ba9a7bd9bff90313942dfad2752814920eae136d01726420d48
SHA512351f2a0272bc6449a4b0213b5f0ceea6d9a2b6dcea779b81df3b1bf092093e361be00f25e5e1ad601cbab88469411f0f68ed6fd926c6042e7147cfa9dd0afdcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52014a510ea2d77306355fa916183db7b
SHA1f397cbac3c6ba0ca5e83ad36424217fd8a26da46
SHA256232f927f77e48c7348df8149441fd60f091388b4d6dbf223f0978ffd27027d1b
SHA51279a9cae52059f4d429c66b10fe8f126a4249a2b0e4796b1dc515565a53d87a99337551ed97ecb3d01dfc91ec41d86062795fc2369baec647d3eace62f4584348
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595c3096860a896d6c0dc7573dc9a2e40
SHA1b763877bd3ff75bf2c8e4cee94b2ba83d257050b
SHA256940fd7267d5671bfc727eb89abc7f66445fbb15938a7e7c2fd57ad81d46c9d8c
SHA512ff68c4fde6a5ede15a53227c80f2a70df4a4d8af6fa1f56b81689ca0450b80aaf0519d1ac34e32434620e844a4787395f5138809cfcdf33f60e185b31865d2aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b74076c9c99d05eb68a423d68d95a20c
SHA190d52075303b60ce2af7b6b0359d56dd5c6c8b85
SHA2565014f1c54750735dfd40a5e8c5ba28464900d367264914f7f1413310c2d18eda
SHA512df6107b360ac64c1ccb90e334da077ec230711a16ff779052fdf9f20e295f48df14ef4153e8ca28185828cff9b66b8da1bc4225c3931f1001b67ab0d7c0957c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ad896d812d27247510f27e218635675
SHA123741fc4e4457bf1d2433fc83246b224cd383219
SHA25695189096be2c5e0226ab8c9a0555c784db708ceb5563f73a2c07b94911c7992a
SHA512a22f7779db4a5f8598a7e61fd0fac324df8233b2f6eecfdb3590507c09248e489f2e3721df2952f281133fda3045f54fdf75b9fa4947c23a224fbd68226e2b46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b84ae43bfa88211a0a73198aa2e2064
SHA17deda919dbf94b1233c52e736ccaefbd8be81c5c
SHA25600af11b7d41277fec9d1281e2b5dc44d32ceffcb65258a057d6356934ab0f446
SHA5121812973fa7f1747167fe918a2f0f74b9fa218b57a2c28b5f21972eae1309353ffaedad11a4f6e4c1d1124675b01ecbaa57bba829de2d75a077b35f6ab201152a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51238fbf8ff64ea19c69fff610061430d
SHA16165184bd2523085ad7bd0ba72e84dfb151a76b0
SHA256936a681aaf246c4643992f6262233f9e0bbe6fd130b0285f9553896e2ccd3651
SHA51238b66c8aa9b9c64b15a58d675e9c5b9a996a430375ffd43329431003f964bac814fd65f2f4969b05eb91fd15fe74c6dc29da3cc06621cbbb371bfa67bca7f26c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50a0b3e7eca72360e89591300c1244f66
SHA10784cfe9f016d8340fc98a13503058e5c097c4c8
SHA256648bd56c23dd240f46328429b49be83ccdb6e435f54e1cb0a95127423698eac5
SHA51200279ccd92ba1a6eb71759545707762c026239620be9a2378edd8753a815af14a033af685953aa236f43e0811fee2423b45e6c0c006d013cbbbf6453dfff9cc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d746bea234aa5efae891c286b74758c
SHA1ecceff134012e10849dc8b9e0ecef03778d4e71d
SHA25657004e202698586737bd2ee575951052b644b13a2036510016ca8fea856bb541
SHA512a93a14cb05a7e86336bf7f2a31e9af7208e97d5663dd4308c429bcee160abe0ccb6f8c9330e44bdc9adf50aef2e4e522651d2e8ea8bf6e1e48871c90c9c55531
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da4b1dafd16f873c28d2668ff4d2d2a7
SHA12f5ac1bd3916d61477b3c8a39da8ee7db89f0bd9
SHA256b5639b5d520ee6682fd329363ceba1b9cfbca0360cb18edda64a6d3b6835d780
SHA5120cedfd21e1edb2eb29908ff7c46a0aea71f2833382ca02275b64a261de8fcb8187b8ce1c0c686fb8b6dfdf6aa8959edf07f09b12f0693c39cc34b351bf2d6f65
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a