Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2024 16:17
Static task
static1
Behavioral task
behavioral1
Sample
86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe
-
Size
345KB
-
MD5
86c4c35439fd5cfe3aff15e8765e2050
-
SHA1
e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
-
SHA256
0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
-
SHA512
7858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84
-
SSDEEP
6144:CO+v5qbv5qPyMmQpPmzs0dsa+Ql4oe4351qaey0YICpmpod:EqdqPRHPmzs0ebFi35befepmpI
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 5052 ydizvelyxui.exe 2628 ydizvelyxui.exe -
Loads dropped DLL 4 IoCs
pid Process 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qiaxqi = "C:\\Users\\Admin\\AppData\\Roaming\\Teopugfuosu\\ydizvelyxui.exe" ydizvelyxui.exe -
Drops autorun.inf file 1 TTPs 12 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
description ioc Process File created C:\Autorun.inf ydizvelyxui.exe File opened for modification C:\Autorun.inf ydizvelyxui.exe File created F:\Autorun.inf ydizvelyxui.exe File opened for modification F:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe File opened for modification C:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe File created D:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe File opened for modification D:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe File created F:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe File created D:\Autorun.inf ydizvelyxui.exe File opened for modification D:\Autorun.inf ydizvelyxui.exe File opened for modification F:\Autorun.inf ydizvelyxui.exe File created C:\Autorun.inf 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 4680 set thread context of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 5052 set thread context of 2628 5052 ydizvelyxui.exe 93 -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ydizvelyxui.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ydizvelyxui.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe 2628 ydizvelyxui.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Token: SeSecurityPrivilege 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Token: SeSecurityPrivilege 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Token: SeSecurityPrivilege 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe Token: SeSecurityPrivilege 2628 ydizvelyxui.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 4680 wrote to memory of 3280 4680 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 87 PID 3280 wrote to memory of 5052 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 88 PID 3280 wrote to memory of 5052 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 88 PID 3280 wrote to memory of 5052 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 88 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 5052 wrote to memory of 2628 5052 ydizvelyxui.exe 93 PID 3280 wrote to memory of 5116 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 94 PID 3280 wrote to memory of 5116 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 94 PID 3280 wrote to memory of 5116 3280 86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe 94 PID 2628 wrote to memory of 2564 2628 ydizvelyxui.exe 44 PID 2628 wrote to memory of 2564 2628 ydizvelyxui.exe 44 PID 2628 wrote to memory of 2564 2628 ydizvelyxui.exe 44 PID 2628 wrote to memory of 2564 2628 ydizvelyxui.exe 44 PID 2628 wrote to memory of 2564 2628 ydizvelyxui.exe 44 PID 2628 wrote to memory of 2580 2628 ydizvelyxui.exe 45 PID 2628 wrote to memory of 2580 2628 ydizvelyxui.exe 45 PID 2628 wrote to memory of 2580 2628 ydizvelyxui.exe 45 PID 2628 wrote to memory of 2580 2628 ydizvelyxui.exe 45 PID 2628 wrote to memory of 2580 2628 ydizvelyxui.exe 45 PID 2628 wrote to memory of 2904 2628 ydizvelyxui.exe 52 PID 2628 wrote to memory of 2904 2628 ydizvelyxui.exe 52 PID 2628 wrote to memory of 2904 2628 ydizvelyxui.exe 52 PID 2628 wrote to memory of 2904 2628 ydizvelyxui.exe 52 PID 2628 wrote to memory of 2904 2628 ydizvelyxui.exe 52 PID 2628 wrote to memory of 3456 2628 ydizvelyxui.exe 56 PID 2628 wrote to memory of 3456 2628 ydizvelyxui.exe 56 PID 2628 wrote to memory of 3456 2628 ydizvelyxui.exe 56 PID 2628 wrote to memory of 3456 2628 ydizvelyxui.exe 56 PID 2628 wrote to memory of 3456 2628 ydizvelyxui.exe 56 PID 2628 wrote to memory of 3644 2628 ydizvelyxui.exe 57 PID 2628 wrote to memory of 3644 2628 ydizvelyxui.exe 57 PID 2628 wrote to memory of 3644 2628 ydizvelyxui.exe 57 PID 2628 wrote to memory of 3644 2628 ydizvelyxui.exe 57 PID 2628 wrote to memory of 3644 2628 ydizvelyxui.exe 57 PID 2628 wrote to memory of 3848 2628 ydizvelyxui.exe 58 PID 2628 wrote to memory of 3848 2628 ydizvelyxui.exe 58 PID 2628 wrote to memory of 3848 2628 ydizvelyxui.exe 58 PID 2628 wrote to memory of 3848 2628 ydizvelyxui.exe 58 PID 2628 wrote to memory of 3848 2628 ydizvelyxui.exe 58 PID 2628 wrote to memory of 4020 2628 ydizvelyxui.exe 59 PID 2628 wrote to memory of 4020 2628 ydizvelyxui.exe 59 PID 2628 wrote to memory of 4020 2628 ydizvelyxui.exe 59 PID 2628 wrote to memory of 4020 2628 ydizvelyxui.exe 59 PID 2628 wrote to memory of 4020 2628 ydizvelyxui.exe 59 PID 2628 wrote to memory of 2900 2628 ydizvelyxui.exe 60 PID 2628 wrote to memory of 2900 2628 ydizvelyxui.exe 60 PID 2628 wrote to memory of 2900 2628 ydizvelyxui.exe 60 PID 2628 wrote to memory of 2900 2628 ydizvelyxui.exe 60 PID 2628 wrote to memory of 2900 2628 ydizvelyxui.exe 60 PID 2628 wrote to memory of 3368 2628 ydizvelyxui.exe 61 PID 2628 wrote to memory of 3368 2628 ydizvelyxui.exe 61
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2564
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:2580
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵PID:2904
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe"2⤵
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4680 -
C:\Users\Admin\AppData\Local\Temp\86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\86c4c35439fd5cfe3aff15e8765e2050_JaffaCakes118.exe"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3280 -
C:\Users\Admin\AppData\Roaming\Teopugfuosu\ydizvelyxui.exe"C:\Users\Admin\AppData\Roaming\Teopugfuosu\ydizvelyxui.exe"4⤵
- Executes dropped EXE
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Users\Admin\AppData\Roaming\Teopugfuosu\ydizvelyxui.exe"C:\Users\Admin\AppData\Roaming\Teopugfuosu\ydizvelyxui.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp9afd3461.bat"4⤵
- System Location Discovery: System Language Discovery
PID:5116
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:3644
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:3848
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:4020
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:2900
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:3368
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4008
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵PID:4296
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:540
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca1⤵PID:4004
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:1880
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4812
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:4688
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.11⤵PID:4468
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:2648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36B
MD58c3b6960085cd51d537e090d887c34b2
SHA1a03f1685cb413f52c1cea6551cebf52a98b874c2
SHA256a863f0112a6898ee05fa8af4a319a12694d2e182eebba3df891f6b911bb00587
SHA512d2c79fac2cae7dda058da7eed5f1c35790074f024ea93f56c27e31d607549d0a1b1541b10380323c08d5ac9112ab6786f7b6f63ac9e0cfcdcbfdeab7eb90ec19
-
Filesize
271B
MD5feb4f4fbcdc1e8740758063e0b6e4f55
SHA1cfe85620eb30934c43880aae79846cffb21433c0
SHA2563db423608a1235786180b41bbeb279523cedef99bc887fdba20c7e15ca5a6044
SHA5127e857a88aaa993dd0b662b17cde2522ae577375bb1b96b5299a0084da28b9b6feadf5aeb0586f6cfecaeeb15b69cc065b76efc6beedad27fb70caff88d1bc8da
-
Filesize
1.6MB
MD54f3387277ccbd6d1f21ac5c07fe4ca68
SHA1e16506f662dc92023bf82def1d621497c8ab5890
SHA256767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac
SHA5129da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219
-
Filesize
625KB
MD5eccf28d7e5ccec24119b88edd160f8f4
SHA198509587a3d37a20b56b50fd57f823a1691a034c
SHA256820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6
SHA512c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670
-
Filesize
345KB
MD5087ba3e929c9a367d01f45ccf3ba889f
SHA108b158f115b7daeff46f66027ac1393d536437e3
SHA256c27e327a74f015cfbcf9d14ed9c4708adee8a2b45c44b59c586936a77490e40d
SHA5121b3284eb3628102a6699143b712b4ca2acf8eb495c9a34344d6e7e3888e573c4a0700654e6eae038abd4b9554488a36ca08e02442dd8534f48740a637f4c1227
-
Filesize
345KB
MD586c4c35439fd5cfe3aff15e8765e2050
SHA1e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
SHA2560f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
SHA5127858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84