Analysis
-
max time kernel
121s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
31/10/2024, 04:23
Static task
static1
Behavioral task
behavioral1
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
-
Size
136KB
-
MD5
819de36e469867c9d6c6fdf84bcd9a9d
-
SHA1
8b61fe4d039453cb6f6ed9e116176b7a3a41f340
-
SHA256
debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5
-
SHA512
420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b
-
SSDEEP
1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" hosts.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" hosts.exe -
Adds policy Run key to start application 2 TTPs 6 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NNYJZAHP = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NNYJZAHP = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NNYJZAHP = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe -
Executes dropped EXE 6 IoCs
pid Process 1080 avscan.exe 2784 avscan.exe 2848 hosts.exe 2776 hosts.exe 1916 avscan.exe 2940 hosts.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend REG.exe -
Loads dropped DLL 5 IoCs
pid Process 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 1080 avscan.exe 2848 hosts.exe 2848 hosts.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" avscan.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" hosts.exe -
Drops file in Windows directory 5 IoCs
description ioc Process File created C:\windows\W_X_C.vbs 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe File created \??\c:\windows\W_X_C.bat 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe File opened for modification C:\Windows\hosts.exe 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe File opened for modification C:\Windows\hosts.exe avscan.exe File opened for modification C:\Windows\hosts.exe hosts.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe -
Modifies registry key 1 TTPs 9 IoCs
pid Process 1504 REG.exe 2100 REG.exe 2988 REG.exe 2292 REG.exe 1484 REG.exe 1100 REG.exe 600 REG.exe 784 REG.exe 828 REG.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 1080 avscan.exe 2848 hosts.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 1080 avscan.exe 2784 avscan.exe 2848 hosts.exe 2776 hosts.exe 1916 avscan.exe 2940 hosts.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2960 wrote to memory of 2100 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 30 PID 2960 wrote to memory of 2100 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 30 PID 2960 wrote to memory of 2100 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 30 PID 2960 wrote to memory of 2100 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 30 PID 2960 wrote to memory of 1080 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 32 PID 2960 wrote to memory of 1080 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 32 PID 2960 wrote to memory of 1080 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 32 PID 2960 wrote to memory of 1080 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 32 PID 1080 wrote to memory of 2784 1080 avscan.exe 33 PID 1080 wrote to memory of 2784 1080 avscan.exe 33 PID 1080 wrote to memory of 2784 1080 avscan.exe 33 PID 1080 wrote to memory of 2784 1080 avscan.exe 33 PID 1080 wrote to memory of 2844 1080 avscan.exe 34 PID 1080 wrote to memory of 2844 1080 avscan.exe 34 PID 1080 wrote to memory of 2844 1080 avscan.exe 34 PID 1080 wrote to memory of 2844 1080 avscan.exe 34 PID 2960 wrote to memory of 2760 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 36 PID 2960 wrote to memory of 2760 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 36 PID 2960 wrote to memory of 2760 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 36 PID 2960 wrote to memory of 2760 2960 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 36 PID 2844 wrote to memory of 2848 2844 cmd.exe 39 PID 2844 wrote to memory of 2848 2844 cmd.exe 39 PID 2844 wrote to memory of 2848 2844 cmd.exe 39 PID 2844 wrote to memory of 2848 2844 cmd.exe 39 PID 2760 wrote to memory of 2776 2760 cmd.exe 38 PID 2760 wrote to memory of 2776 2760 cmd.exe 38 PID 2760 wrote to memory of 2776 2760 cmd.exe 38 PID 2760 wrote to memory of 2776 2760 cmd.exe 38 PID 2848 wrote to memory of 1916 2848 hosts.exe 40 PID 2848 wrote to memory of 1916 2848 hosts.exe 40 PID 2848 wrote to memory of 1916 2848 hosts.exe 40 PID 2848 wrote to memory of 1916 2848 hosts.exe 40 PID 2848 wrote to memory of 2680 2848 hosts.exe 41 PID 2848 wrote to memory of 2680 2848 hosts.exe 41 PID 2848 wrote to memory of 2680 2848 hosts.exe 41 PID 2848 wrote to memory of 2680 2848 hosts.exe 41 PID 2844 wrote to memory of 804 2844 cmd.exe 43 PID 2844 wrote to memory of 804 2844 cmd.exe 43 PID 2844 wrote to memory of 804 2844 cmd.exe 43 PID 2844 wrote to memory of 804 2844 cmd.exe 43 PID 2760 wrote to memory of 2452 2760 cmd.exe 44 PID 2760 wrote to memory of 2452 2760 cmd.exe 44 PID 2760 wrote to memory of 2452 2760 cmd.exe 44 PID 2760 wrote to memory of 2452 2760 cmd.exe 44 PID 2680 wrote to memory of 2940 2680 cmd.exe 45 PID 2680 wrote to memory of 2940 2680 cmd.exe 45 PID 2680 wrote to memory of 2940 2680 cmd.exe 45 PID 2680 wrote to memory of 2940 2680 cmd.exe 45 PID 2680 wrote to memory of 2932 2680 cmd.exe 46 PID 2680 wrote to memory of 2932 2680 cmd.exe 46 PID 2680 wrote to memory of 2932 2680 cmd.exe 46 PID 2680 wrote to memory of 2932 2680 cmd.exe 46 PID 1080 wrote to memory of 784 1080 avscan.exe 48 PID 1080 wrote to memory of 784 1080 avscan.exe 48 PID 1080 wrote to memory of 784 1080 avscan.exe 48 PID 1080 wrote to memory of 784 1080 avscan.exe 48 PID 2848 wrote to memory of 2988 2848 hosts.exe 50 PID 2848 wrote to memory of 2988 2848 hosts.exe 50 PID 2848 wrote to memory of 2988 2848 hosts.exe 50 PID 2848 wrote to memory of 2988 2848 hosts.exe 50 PID 1080 wrote to memory of 2292 1080 avscan.exe 52 PID 1080 wrote to memory of 2292 1080 avscan.exe 52 PID 1080 wrote to memory of 2292 1080 avscan.exe 52 PID 1080 wrote to memory of 2292 1080 avscan.exe 52
Processes
-
C:\Users\Admin\AppData\Local\Temp\819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f2⤵
- Impair Defenses: Safe Mode Boot
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2100
-
-
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1080 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2784
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\windows\hosts.exeC:\windows\hosts.exe4⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1916
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\windows\hosts.exeC:\windows\hosts.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2940
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"6⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:2932
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2988
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:828
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1100
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1504
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"4⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:804
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:784
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2292
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1484
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:600
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\windows\hosts.exeC:\windows\hosts.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2776
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"3⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:2452
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD53acf4594268b3692d899f15ecc821d08
SHA1b6d04bdc23ef556b709ceb3e231083303b9232a9
SHA256d7d2115cd7724aca7b40554f8e58ab3786bc3d7f3093c3c8108bf98dcd073dd0
SHA5128b15dfdc6436a071f86cd6f71ace9bd9829fbe5b8818479cfcafd6bd87675c07b9bb7ef9267a6c44ed1a7bf0a9162f297e1ca2a3a5efeaaa2397ab126391a49a
-
Filesize
457KB
MD52b673985aae3c7a8fe4927404966a84f
SHA1349e97ebee31aafb8046dd37ef2cf4812c36ce48
SHA256723acfa9240ad38d92792afe7cc526ffa242f49d69724a64573a23ad823d4867
SHA51213eaee9884bd08f467944c0c18bc0080eb53f5d74f08272f650ffd08a7abe8c8f8b2ce904abc26c000e2557b6e53bbf004d774a0ca5a6e0bbc625d64a6a38596
-
Filesize
593KB
MD520e177c2d59e823eedee317eab5291ef
SHA16b1bd74fa53e2210d49c235c8fa4a58241dee962
SHA256b5a656be042dc297c73cd2b1edee0aa833d04e45a73e0a624d6649691a3ff66f
SHA512e5efea0a6afaf3fd48539bb15c5667e1c36dfa10df62140cb79c84ac0f799645d1d9edb5b23ee158d389fc92d6b781781c14332704c75c9fccaec936db64df43
-
Filesize
729KB
MD5950528c44009d2b635e960660b6cb20b
SHA1d2ab938041e2b99a0a7002d9b5ee145553389a57
SHA25608b4fdec80b523dc5dab2d07f49b105555b4571ebdc7dad0828241ee4b3bd74e
SHA512ac268f4402022e0592db7a090c2dcc349a299456b3e5bbd5173d531578d877083d49c0a64a37ae09ebfa979ba4936d265f62f387452fc9661153d31f2eec2051
-
Filesize
866KB
MD5124c4f5fb578efcdd0c711c7b04256ff
SHA11b474e1514aa703161a93bda2a80840a42d6d6dc
SHA256debc471babe633232c8427c12a7a2f532639fd83ab4922e1937065a4b50260a5
SHA512f4861da8cb13c249050de37525ccc8376ef21f285be7eec3e28728ba666217f351d17f8bd99ff7474cd711f28e9fb3462672b92e269f70bd26ebb523cb0721ee
-
Filesize
1002KB
MD5c1571d11eb250671a536738c4aa78965
SHA1bf6b1ff64c7da031dd54da639c8389ace3f224ce
SHA2565e08375748cacf62f247e535b4e5a8e5bd63a23e5bf44d45f0cfa3fe61dfdc88
SHA5127294e890c6db022453d130aef99c66ca81c9bcdd340370e378214b4fad26014c18de2df42bf48dd23bdb66f9739600c10fffd20d93e18f794939757c4d9c6690
-
Filesize
1.1MB
MD59053e2a2773e1573ffdcb5f795e80ff2
SHA169bf0208d0dc7f47fe51485fce6e25a08015fbc2
SHA25644154bb54f8fbee6b9e471a1a4430d75a2c96f4b2103e8ff83eecd57c6b58fc1
SHA512048287d4ba834d32408b4807221896d68378ef535db5a6c906af28a1ebdf0e071a2e8577bbc0575df8304553f503deccd3471a9b536d3475697629c51849194e
-
Filesize
136KB
MD56affc08c4cc74775a7bd9e2fdca55ee0
SHA1533445d44d179a3e9e10666e5c91afdb002d7384
SHA25601834cd5fcb17cc2d02d34c9299fda3dcaee13f2c46769ecea405bbd784a2ac9
SHA51202854605877d1e2161d87bba95e1db8a3aef229d9176a31dbdb49a56857057b7ec6091417661408dbf2cbb801d712a4cbe496b6a146a10c146ccbc2fb45c4876
-
Filesize
195B
MD5e1551d79cbac725a6adfcbb4290820bb
SHA1d66b66449fceeaa6715bea11a69986fe2ea0483f
SHA256c7619c996c4bb083af1901d74b765b5058b4b0268d772c5f58c8215987734113
SHA512e85b74bd0e11ef737753e323a6f6a587da48feda162c87d048840c58721a6ef1be6462fa3a2e855c6a846ba45da7280b134935dbbf246807f0b662352bded0df
-
Filesize
136KB
MD50113d3bfd3ef111307acbde36b22ad1f
SHA108cd63fbc51e5b37ef3efbca87a3b4668cc421f0
SHA2568891f846340760ce99882b7877d867c91dfb0f3077c7d28245d09541328e14bd
SHA51247203c016e49d8b302317f019ed81249ae02799ff9c533e1d3da3e6f669eb7c17224a34b274374b3b133b897b55a9f05288b7dfed4a8879f2550c1f2981b8a81
-
Filesize
336B
MD54db9f8b6175722b62ececeeeba1ce307
SHA13b3ba8414706e72a6fa19e884a97b87609e11e47
SHA256d2150b9e5a4ce55e140f0ca91c4e300715d42095c8fddf58c77037cdd2cfaf78
SHA5121d6dc274cf7a3dd704f840e6a5ad57ab4c4e35d5f09489aeff520bb797e1c825bac53fc335156fe41e767a46520d031855fe42fe7b175409ebe5e9e986fb9b8b