Overview
overview
8Static
static
1JaffaCakes...8.html
windows7-x64
3JaffaCakes...8.html
windows10-2004-x64
3JaffaCakes...8.html
windows10-ltsc 2021-x64
4JaffaCakes...8.html
windows11-21h2-x64
3JaffaCakes...8.html
android-10-x64
1JaffaCakes...8.html
android-11-x64
1JaffaCakes...8.html
android-13-x64
1JaffaCakes...8.html
android-9-x86
1JaffaCakes...8.html
macos-10.15-amd64
8JaffaCakes...8.html
debian-12-armhf
JaffaCakes...8.html
debian-12-mipsel
JaffaCakes...8.html
debian-9-armhf
JaffaCakes...8.html
debian-9-mips
JaffaCakes...8.html
debian-9-mipsel
JaffaCakes...8.html
ubuntu-18.04-amd64
JaffaCakes...8.html
ubuntu-20.04-amd64
JaffaCakes...8.html
ubuntu-22.04-amd64
JaffaCakes...8.html
ubuntu-24.04-amd64
Resubmissions
25/02/2025, 16:10
250225-tmwhtsvpz5 328/01/2025, 16:58
250128-vg68tavpgw 328/01/2025, 16:28
250128-tys7vavjd1 527/01/2025, 16:24
250127-twh9vsxjhy 627/01/2025, 16:23
250127-tvw5bsxpcl 127/01/2025, 16:22
250127-tt83haxjcx 127/01/2025, 16:16
250127-tqthmswqgx 827/01/2025, 02:40
250127-c5ymgaxndr 1025/01/2025, 04:07
250125-epynmsvndw 424/01/2025, 16:04
250124-th4cwawmhv 3Analysis
-
max time kernel
841s -
max time network
846s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
16/01/2025, 17:12
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral4
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
macos-20241101-en
Behavioral task
behavioral10
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral16
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral17
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral18
Sample
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
-
Size
25KB
-
MD5
1d93e8597dd860cf81cd913c4b997818
-
SHA1
a7dacf6a32b194720a87130a16f2222c44f036eb
-
SHA256
6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
-
SHA512
c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
-
SSDEEP
384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ced29009-82a0-4c96-9262-b72843d68e9d.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250116171606.pma setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 808 msedge.exe 808 msedge.exe 5040 msedge.exe 5040 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 1396 identity_helper.exe 1396 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5040 wrote to memory of 2912 5040 msedge.exe 81 PID 5040 wrote to memory of 2912 5040 msedge.exe 81 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 4332 5040 msedge.exe 82 PID 5040 wrote to memory of 808 5040 msedge.exe 83 PID 5040 wrote to memory of 808 5040 msedge.exe 83 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84 PID 5040 wrote to memory of 4940 5040 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff695646f8,0x7fff69564708,0x7fff695647182⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
PID:3328 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff714155460,0x7ff714155470,0x7ff7141554803⤵PID:2592
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8230138579105759345,4729680367013692763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:4360
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3252
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5c8f99b5f9107a6a8cec2cc0c871b5575
SHA1f2cbf345e72c63c7042baecf295623cd8e2229a0
SHA256bc6ceb4d8ef84e8ce70452fb6471e2d4882eb38239fad848d14266f38cd03ec6
SHA51222d81585df9d8077f3fbe4953d8e7d30d16503e8e72e5a93c88d06155843b4b3f8100aae70370bfd8760b59cbb82cbf1d04cd1c08b76cdb632bc80f044617a6f
-
Filesize
152B
MD5d4bc32eb841f2b788106b7b5a44c13f4
SHA127868013e809484e5ac5cb21ee306b919ee0916e
SHA256051cdf1896c2091e9ff822c2118fda400e2de25ee323e856bf9eb0c64c7a7257
SHA5127a4963ea09832503179642ee750b1c8024373c66b4fce2bd316b782d1fc670c1c77cdb31f9316b34c78b6f3f1c99d90fb50e0500b72f4a647adf7653c44d242b
-
Filesize
152B
MD5c8eb7d84aaea5c0c37cdce43d1ad96dd
SHA10a27d004b734e4c486372c6888111b813e806811
SHA25627ec491fe2b7f0eb567a44deb50c74408376ff3addf6c88a2b1060adc4a5976e
SHA512f39070a20583f7ff33b7b3c0e97c08da2a3ff36049e256bbe0d0031bf15579c6d9c3da8d1f9daac1073519b648a1d005a8fa195ee2232b2962516e9aa14dac3f
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
5KB
MD5ddf1ed90ac19ee06f27a712de05784ca
SHA1f2b956e23bb78d900ba54f666ac709ae63a9161e
SHA25678865ff30f9561a52663629be1404bb0de54f1dd7c4c0c872705dd8ad8a36bc4
SHA51247a18356e93b4e58cf7a1cdfc4b996e1a073e0619738d967e2b1c67f7a2aecac113d8a31f6af9652a7c8f8c3ad85b720e40e4c3a862f3ad657d0182110d614b2
-
Filesize
5KB
MD500c47922bf92972338a407f022100639
SHA10787b819a5270dd47bad25709c17480c23ee9129
SHA2564d52fe192191bd57dd825cfc456255e0e09a564ccaf10ac1a4a19da1c8961e03
SHA512c65bd0a16f88c492e37307d109a9da101bc01bc0f8d4fad248e2d62f5f9bfcbcdb19c283f608e9fb2f2f162a52e65843eb27b16c5e0f671f4567441403a11ca1
-
Filesize
5KB
MD5382e819f3942d18a0f78d3f0e699be74
SHA170abc5681361448543d8735b07a061dec3320147
SHA256c71b4c7cce7492b5a31187236a71bbd77a6a28e5a2e4f36a5f02c4c6cf285bd1
SHA512272639c32240921739397a1c3ed086e476aa121a92a03d8b063e91e8851ea9b3b1fb0c0e58e11f22641404d55a5df3079608e8d592500fbdb4010c68afadaf75
-
Filesize
5KB
MD5e7ee511962287cd1988f3c7bde0d960b
SHA15855dcd2fa728ed5cfe3032c149df828aa056e91
SHA256cdbf1dc5a377a4d50a6530ee97df7698c0768ada8e877608a0e220833b54dba2
SHA512bd2b2259b61db40bec7274c2544c7f767086d6ad5e522e341411918eb19c5e7bd3c49886e8c6b7d93797dd0d1016c3b4215369978fb00898c8048f8f87335fcd
-
Filesize
24KB
MD56338e51cf2d1cb4bfea21c7d81cb3dc3
SHA10049d2863f309423d889fed141ef1f146246ac82
SHA2562636a794e74289532973b8f1f9c62a0009520dad49951c956dceba846835e0ac
SHA512ffcbb8f086de4ca9b51f2a86ff75f283afd9a08ba7fdfc16b119f4b80e452579fed0c7d5eb02cda11e6d7c6762ca8d5a1e542e90e106020f530d755933fb3ea2
-
Filesize
24KB
MD5b321aef296129848c0c2c5c77ee69951
SHA1402afa01ec8a6990a78514994f9648aedead5817
SHA256e44d575c1dfcf221b68c84c2cf1d4f1bea45a7e32cd8010228acff6120daff1f
SHA512cbb689d400fceb2f59d67e9e9d28007d2bb7562cf18f806420a9adbb08e0be5825153a44d4199ed03fc8e87311c2f5d4ab9aec5f3667984572070487475e8642
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5260959c3c5dd41715776dcfe4c7e44c4
SHA192c2f3344f28f5cf9dd5422dd60726c7a0acd52f
SHA2565094e61201b5cbfbee1b7edfc86dab93e29d480350f78f19db5d6c605e0e9c31
SHA5120ea7c7c8847644e27bd031f512ec1b5d612247f94533aa1d3af14ce4740eb9134c8e5c5e902aadaa176dc4befa188dafab29595a0d716628bb02f8e08b91ae66
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD56f675f79ef0ad2ba93d5f325d3ca4b6f
SHA14f84265765bc6c937dad314d4cbd3c861009f224
SHA25681e4e97c0b3d7482db3b8b0c3c66f3f594658b76a35294fa008ed4cbb0a58020
SHA5124c123a28f55c1b2348fa78a59cf58b8fedbce06081b61ecb02f8c5b61fc8ef7028116b0269fdc7e91f0ec161881c70e525864b93cc195acc79ba9d08c61971cf