Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe
-
Size
564KB
-
MD5
40dd585383358253ab47de6f05b38a71
-
SHA1
7a95736022859031c6d06c9dbcafcc0eb66d134b
-
SHA256
e31eb92bc1607542f267d7f7050664e43d7cbacdaa1852345e4d74e28cd6d44f
-
SHA512
2849cacaa9606057012476e0c5474d5e60341c45e9994a0a2d29a0e24281ec8e99f60d95ad681ea92f0be9fddf32a523a29d2da0467cfac4cdbdd3f0ba3e7cf1
-
SSDEEP
12288:u+MDtCi7NFlZnNqZ9xGrLpZ0ZHEqtgb0Ub:utplNFgxG5eZngb0U
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2320 nbfile0.exe 2416 nbfile1.exe -
Loads dropped DLL 7 IoCs
pid Process 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 2320 nbfile0.exe 2320 nbfile0.exe 2320 nbfile0.exe 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nbfile0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nbfile1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe -
NSIS installer 1 IoCs
resource yara_rule behavioral1/files/0x0007000000012101-3.dat nsis_installer_2 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11A31CE1-DCC1-11EF-B578-7A9F8CACAEA3} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de3f2bed27548041a47fbc2b277d4da90000000002000000000010660000000100002000000087d2069caf3ef834a88e47f910763d4e16e8cc8d7b9c7a7b4f79c2fd85ce97fe000000000e8000000002000020000000288cbc8b58d19e84682df344aa5a7dbac42bc8a8d08707445a3fe89134e06d1820000000650167f7b21fab8acf645814e777d6eb82957e0beee7a42ad81c0bfcf429f55540000000c3176a73d35739332bfda7c05a716a0f12185d647cd969816051a3d38793f5e1c02002091a7d5c1e153b1d073c6083dad47defe95d2426bcc57d99aeb87f7d5e IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f9ece9cd70db01 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444152593" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de3f2bed27548041a47fbc2b277d4da900000000020000000000106600000001000020000000b9065103fac1440a61899d73d4d56cedb5eabeff616766d87729a2acf80f44df000000000e800000000200002000000087951c8c28eaf097e1e0b237b90ae4d5828381da4d66ae2724149f63ce96ba3490000000ea0bef8f5bd4a9a7c37c389e1eaaec917a3c4b1c1678a83ac5c5853167a6493a338d9f8a88d7a1fba6975b1970f26f6d3798d45ba6e4b7a64c36e7a60d27ff25d0fbbeb00202cb4a492495ac33b26cb298c8ed208aa68a1816350bb9421f9711eb9fb8364a15759b1c783190c0a0cc78852350afa7b9767da74a3cf09b70e580b2fcd8e9dab0992bc73acb5b0d2ea0264000000086bc9c9060e38730162e852aadb5ad0bbde1c19d30df6c2a5e5c44c7c4fb10b635cd55f8dc0072ffdaf5edd6daa96eaf53894b703e7900999812fb053357bdb1 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 2416 nbfile1.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2340 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2416 nbfile1.exe 2340 IEXPLORE.EXE 2340 IEXPLORE.EXE 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 37 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2320 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 30 PID 2120 wrote to memory of 2416 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 31 PID 2120 wrote to memory of 2416 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 31 PID 2120 wrote to memory of 2416 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 31 PID 2120 wrote to memory of 2416 2120 JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe 31 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 1720 2320 nbfile0.exe 32 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2320 wrote to memory of 2444 2320 nbfile0.exe 33 PID 2416 wrote to memory of 2340 2416 nbfile1.exe 34 PID 2416 wrote to memory of 2340 2416 nbfile1.exe 34 PID 2416 wrote to memory of 2340 2416 nbfile1.exe 34 PID 2416 wrote to memory of 2340 2416 nbfile1.exe 34 PID 2340 wrote to memory of 2920 2340 IEXPLORE.EXE 35 PID 2340 wrote to memory of 2920 2340 IEXPLORE.EXE 35 PID 2340 wrote to memory of 2920 2340 IEXPLORE.EXE 35 PID 2340 wrote to memory of 2920 2340 IEXPLORE.EXE 35 PID 2416 wrote to memory of 2756 2416 nbfile1.exe 37 PID 2416 wrote to memory of 2756 2416 nbfile1.exe 37 PID 2416 wrote to memory of 2756 2416 nbfile1.exe 37 PID 2416 wrote to memory of 2756 2416 nbfile1.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Users\Admin\AppData\Local\Temp\nbfile0.exeC:\Users\Admin\AppData\Local\Temp\nbfile0.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"3⤵
- System Location Discovery: System Language Discovery
PID:1720
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\1.vbs"3⤵
- System Location Discovery: System Language Discovery
PID:2444
-
-
-
C:\Users\Admin\AppData\Local\Temp\nbfile1.exeC:\Users\Admin\AppData\Local\Temp\nbfile1.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl33⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2920
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile1.exe3⤵
- System Location Discovery: System Language Discovery
PID:2756
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD50c8a91dbc036d2672a25807459587bac
SHA1ca8a7c485d3c9f41e66c4d2af551aea9b24e05a1
SHA2565692f8c8631cb344fc3b3973ab485d8ce6de5f62eeef4a39585e0c7e279844ca
SHA512cc70bdcceb7817d40078a55e61c8a1b87ed3cd3702ed8fe402f287b590789d7eefe2ebd4eebb1ffa2fa42b7921cddac8cc7aa9e3573e3395544d34732aef5df6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9ec6973dd97c952bd55e9dbfcb56cf2
SHA184a85340e4e8f2229963c40973bfdf9d180fb626
SHA256f5e1ad322b55cc62453a53938feb3b83793913b20ae27aeebb52b044186d1a7e
SHA512b6f80927c1fcc0ccde4878f8da1afca24a0072d9dbb18c84b124e097eb5510cea7f08bf23eaf4376d213b90426db59fd0c165aeefda2c66dc647f7135b7896aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6e7c63e6fd0cc8165a2df77c231f002
SHA128866a1ec5701f6900ef0cc365792730b9a0360b
SHA256f6d13a56e5eb66a97cb0dfc1017a3c8956e2a43bc752acbaf810f34b6cc12306
SHA5126f58a2b3cacddc59ffc19b186fee26a5427c8d4f50150dcfc30acb903caad6399d708905e93367139657fa2b6e69cbb34e666301c514ea3b29bfc9d7a0306462
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fd726a1d6b9c3daa6236746093861cb
SHA14cf51b961526dbbd1b67fc8831fe61bf3f42d1b0
SHA2569bb8f0a6703c24c7f17c7bd99e4a08dd103ebc136cd5497936bf14e8448f86a8
SHA5121e07ff5755161417c6cd33806db1e51cb4189c1e012a4551edf87bfe6f512e7f5b7e3bbad4515f3c344d3bddc2aa9ce60f775565e809eefaa161b13cbbfa9853
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d730a1eff2fb65553cdbda36caa06ecc
SHA1591a733e034eae6414516e918a9da121e4fa2587
SHA2565d9edb61959db321a5bc8fc09444ab905aad3d37252df7f642e098738671eb8b
SHA5123809a8e81494cca26c8dfab95b25996237827dec6f21a3d9d099465f8941c450a1b8b95e952fc80bc5920851a063e23a63f2a8e5aff93c03b8750218190f1931
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59541cc32b330ef1548a77be631f7bdc3
SHA132609a9079ff8017603893fe89e8b700f5697261
SHA256cb9c267835f47760b995382c26354429f8525ed17bb52777ad502de39e49df30
SHA5121ef5635f3da21b4db475878ff1218857b5a1d6deb50ca01dcc77ccf6f14111ba9d7c4dcc29c482e7bff18850bb4c83423444cec0d73ef328d408236a6ca31f65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f3b5f0158d7c0b9af657393e7960d58
SHA1c23cb5b94293b6d06f682d9ccf09964e7f8f3f5b
SHA256f7f88b7bed46ac18e618be3cfafefa8495c0c4e93495994568bfb5eac6712ff2
SHA512444a396e59fed00263fef0090cfa1a7bafee0346e2ecd57158fc91a550172daa2e956fd8527812f9293c1ee893a7032bb354baa0d55838f7ac2be1f9a5e876aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af40640a3c868cd96602f6f40729c967
SHA1609205aec0b61a0c9068225f315e5f9c8b143168
SHA2566dc9f412dc8f6264158e564ceb4dcf669266b5d26faacbe568294cdaad069d45
SHA5127f56ac977f911f78d266ccd915ec5433197f86b447a3c9ba34297b0e92b410bad9d5cb3a03fb1efa662be50b220d58b8427e36d17c6fa9b42b22ef9aa996b8fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56380eb39048e936df46edada5ff8b4df
SHA1d15b803ebaef1612335204308a6f7c32302efd46
SHA25635112f8091d5b74ebda63eb864fac69dc15343404a4fbcd0d7a084131e685a13
SHA5123674657e6009c6f18379e40a2b6ca61d0d0aea46ecee9ff515d5a5463092912d5d48e6d7e8bb7b5e9957fddbf14d51f6bcf0b0a0f0a894df84fabc6f61698c88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562caaf332b10b658784be82ba0107423
SHA1ef62cba0ab4bac85f0e52d6ea227680916d53b98
SHA256a41b959fb774be0ca5cf0a872d54f60f83f9a8bd958eb028831dfee13a82f5b9
SHA51258bf8866deaba90dc32bb5d67a8da698d5d1a718ca014d41e2983ca62fa5a1dfb655ede8e96e4cb721e51dbad5c3ee493c0904132c4099b983416d0ec43a694e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5152b4841e8ee63d3193bf60e9efaa806
SHA133425478408c0269c5ff6d3881c7989cadfa4939
SHA2569641d455e9f55b593087eab99478db49385a6aab262b2e77f18c4f575f0e4321
SHA512b5d70072d8db1d3321e1fe83cab0a6fcffbe1fee746e75f1e9e57ade1e4721d70c097ddfa08d9920f95213ca5b1d544aa4bb3fc43c9f15c6dcbf469945929872
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6a3a6d1504ccc675a20c72989ac6615
SHA180c3c5b498c91ba669516aaffc89cff0ea5fd197
SHA2560dce00c586ebde8e3e6f58e8df6512be7b4ccec242cf4fd280c9ea6d4ae2cf71
SHA5124253aed0e41b46f43bec190b7f6267aad4b3258478ff52350764a69a8e95f0389e9ae41a3399b7afccfac305cc528042ec8f7257962042c18641a590f392d9a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd9d178590280f7d1f24af471e051ecf
SHA1b10f7f14725a648442fd76b6508f652f47e3fce6
SHA2568e818192abfee29014cb8c36b3bab0808d8b8b7fdef4345f5004dbd86359b94f
SHA5127021f9e5d046e540374ba11b39ec6fa640990eadcd88bf0179e4d19e73f2e2ee3c16fe9fa50a3175fc37fc3347c2cd4903f784996e23eec9e10347039d786485
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc0b7ab4fd498e6cc402e20f2d1f6443
SHA16403fb4624c6aa6bd4a610c64b47a86f013ee76a
SHA2561d98d3f6dec3ad5b9884ac653161f1a31c4bd0bc6452b5a165d61a18a6ce8f26
SHA512a3604387ba3457e5924fcb0d4859300daa646d5b0a58864d05e7aa2d0f6018a27d78cae6840b0a583efe53899687fa847667fe0e6846ca63811c6ad06d24ac36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5d0088bf1c739bb6402df6e993d995e
SHA1aa3fc03880ae8bfadc46e10ec2e18823a1837a7d
SHA2565dc60c535e314e9bb13d39bbd8edc309bd0e180beb7194b9a841288c1f2e774d
SHA51210568848efb35886bbd99889bc514e31ea42bc57bb76fa892ba05e703fa0cd525253244f3f7628fb2ab562b50f49b312a2b4c3042232c5a262d248e6edacedd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ddbaa7468b5bb3aa57a5950510a9436
SHA165af3e5e9e23e3c0b290c051cda4ec7d3b0b8a09
SHA2560662ba5806313df76af796165966584c57e4ac0c54c522e37387e23ee1c52165
SHA512b2de5a03c942782c4f35f366efb2173418f8e124aa998b9f954d959e959e58dd64acc604d93cf7354176024862e9729cbb478eeb13b1c4dd09832f1353a99fec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0910a4cb7133e0a23dd8a77c4fb12da
SHA160886700c04bc77faa35c2351b5548013963e408
SHA2568687530a92d5fcef2a7feafaf4a623aeb082f09da636da4b0a6677e26ee9b4ce
SHA51231d4c8606a293826783427d367078ab0edf39501c6f87c6736559a339435ea4050b3436e4164c86191b113a5de532aa8b3a02c3647a6163eccc3b97f94042593
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5244fb73adb13c48bdb923f21cb3921b4
SHA1e088bb392e945f79a5dfaf1ca14a0d811dae7512
SHA256db44244557429721c307d500326987071c503d4a9122afff05a7b71e151d6944
SHA5125db14aeee39b76005fb7126a00581ad60243a35c1dda584ddbda76de7bacfe0e2fee535157a463296638e663eda62151381a000a5b02c1552a529398b5c19882
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fd815dfa6f2270a3ec1349197b9bc68
SHA1677d8876a5692784c919d12e46c83b0333296af9
SHA2564ee90b00b9f2711f0f3479e3f7c08f160e90cf7b1f15e10dbc15232f30147ad9
SHA51269a545fccf1c359a883b68bd4285fa159ea0f9ffaf233c4fc8054401963bf1e4f255268f796a3ff3e6597c9a103c8bdafc130646cb11559eb04b7c934852df9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a9aa252437ffde787e021ee1b459ada
SHA1f0b32625201c87bba96d80044fd4a92cf20c6203
SHA256b9b0e3be33c5d1f0f4dbf46acc66d2c54989e89231312528d8e4f568669b23c4
SHA512b13686d0e263d0f048b642791adb7ffc84af7d3fb468ed48376b8af48833455287614b622333789f5ff14041e57abf791f6f916a69f851779272842d4350c0b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD50f3f54c2b98c50c6e0267180b6897f5c
SHA13158e0a36712ae31bb2f39a4a4181d426847e2d4
SHA256b04deff6bda2b77405a4e27037f841011305d0b76722196939ba912679278115
SHA512f5e26f3fec36d4d883181285d7e3ed563060568246fe5d673f2d8faccd7e418a78e09825d7616e491ef1e0b60b9f669ead1ad102e8a50224ed2f02e5f80c1de7
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
631B
MD55e2c0c26e344eeae4304c9bb561ea89b
SHA14664f9d0f582ab586ab197515aa45499eb18db41
SHA256f74ed58e1ff45165abf943ff0364fff8e5d873b9051ccba0da940399fbd8aac3
SHA5124aa5f6d5c35160470f99808dab9a68f826e726eae0b7f536e71665b978d72502faf971c4f9f2a9a792b3aca04736c9c97d633da7b34b50dbd3831dcb67284d97
-
Filesize
35KB
MD508f52a4ccd01913b9a9691093a64366f
SHA1e44c6620b4107a0f55e89f632c007a9a1ec88119
SHA25685357e0168e34f2d01f319a0f129132b77f03cafb6820ecf6dda64a39266582d
SHA512d6a9eed3a663f59047cb6d74aed375a7041060921ea80835f039726fa171fbf7b030c29a4c3059ae875058605f54bebfcba7d4daaf36b5ed1cb960e91d4755fc
-
Filesize
467KB
MD574869a0346ab36bbba85022612505121
SHA12cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a
SHA2566de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a
SHA512723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5