Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2024 03:19
Static task
static1
Behavioral task
behavioral1
Sample
9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe
Resource
win7-20241010-en
General
-
Target
9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
9f86f954eac6b3d681d0cca5006902bf
-
SHA1
121baa6cd1713088a4aad05a2df1f337f8399c7b
-
SHA256
e955528268ea2c049598faf922c2acd83dc53b5579b2a6896d0c5d52067e619a
-
SHA512
d5af495dfacd252100843da128d09ca63d8eaea1c5d7950aa478c4490edd19c175cc892f9cf6fb9366280bbc1258c267679f439fe8a825389e316d4f50e93014
-
SSDEEP
24576:W64MVTz+VxRx9xJujv/0X8NK+UueUqF+vtX6xMb8vUVinY:W64MTaZx9Sjv/0sNnFeLQc48C2
Malware Config
Signatures
-
Ardamax family
-
Ardamax main executable 1 IoCs
resource yara_rule behavioral2/files/0x0008000000023c54-21.dat family_ardamax -
Disables RegEdit via registry modification 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe -
Disables Task Manager via registry modification
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation install.exe -
Executes dropped EXE 2 IoCs
pid Process 2624 install.exe 1520 BIC.exe -
Loads dropped DLL 2 IoCs
pid Process 1520 BIC.exe 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows LogOn Service = "C:\\Windows\\winlogon.exe" 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BIC Start = "C:\\Windows\\NDMKPG\\BIC.exe" BIC.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 7 IoCs
description ioc Process File opened for modification C:\Windows\NDMKPG\ BIC.exe File created C:\Windows\winlogon.exe 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe File opened for modification C:\Windows\winlogon.exe 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe File created C:\Windows\NDMKPG\BIC.004 install.exe File created C:\Windows\NDMKPG\BIC.001 install.exe File created C:\Windows\NDMKPG\BIC.002 install.exe File created C:\Windows\NDMKPG\BIC.exe install.exe -
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 2072 sc.exe 2476 sc.exe 220 sc.exe 2732 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 25 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language install.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe -
Kills process with taskkill 18 IoCs
pid Process 4032 taskkill.exe 400 taskkill.exe 4464 taskkill.exe 212 taskkill.exe 3240 taskkill.exe 780 taskkill.exe 828 taskkill.exe 2912 taskkill.exe 3176 taskkill.exe 4792 taskkill.exe 1604 taskkill.exe 2444 taskkill.exe 4532 taskkill.exe 4088 taskkill.exe 3832 taskkill.exe 4000 taskkill.exe 3900 taskkill.exe 1716 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 20 IoCs
description pid Process Token: SeDebugPrivilege 1716 taskkill.exe Token: SeDebugPrivilege 4532 taskkill.exe Token: SeDebugPrivilege 212 taskkill.exe Token: SeDebugPrivilege 3176 taskkill.exe Token: SeDebugPrivilege 2444 taskkill.exe Token: SeDebugPrivilege 4000 taskkill.exe Token: SeDebugPrivilege 780 taskkill.exe Token: SeDebugPrivilege 3240 taskkill.exe Token: SeDebugPrivilege 4088 taskkill.exe Token: SeDebugPrivilege 1604 taskkill.exe Token: SeDebugPrivilege 2912 taskkill.exe Token: SeDebugPrivilege 828 taskkill.exe Token: SeDebugPrivilege 400 taskkill.exe Token: SeDebugPrivilege 3832 taskkill.exe Token: SeDebugPrivilege 4032 taskkill.exe Token: SeDebugPrivilege 3900 taskkill.exe Token: SeDebugPrivilege 4464 taskkill.exe Token: SeDebugPrivilege 4792 taskkill.exe Token: 33 1520 BIC.exe Token: SeIncBasePriorityPrivilege 1520 BIC.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1520 BIC.exe 1520 BIC.exe 1520 BIC.exe 1520 BIC.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 628 wrote to memory of 2072 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 84 PID 628 wrote to memory of 2072 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 84 PID 628 wrote to memory of 2072 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 84 PID 628 wrote to memory of 2732 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 85 PID 628 wrote to memory of 2732 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 85 PID 628 wrote to memory of 2732 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 85 PID 628 wrote to memory of 220 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 86 PID 628 wrote to memory of 220 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 86 PID 628 wrote to memory of 220 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 86 PID 628 wrote to memory of 2476 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 87 PID 628 wrote to memory of 2476 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 87 PID 628 wrote to memory of 2476 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 87 PID 628 wrote to memory of 828 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 88 PID 628 wrote to memory of 828 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 88 PID 628 wrote to memory of 828 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 88 PID 628 wrote to memory of 4532 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 90 PID 628 wrote to memory of 4532 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 90 PID 628 wrote to memory of 4532 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 90 PID 628 wrote to memory of 2444 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 92 PID 628 wrote to memory of 2444 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 92 PID 628 wrote to memory of 2444 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 92 PID 628 wrote to memory of 3176 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 95 PID 628 wrote to memory of 3176 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 95 PID 628 wrote to memory of 3176 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 95 PID 628 wrote to memory of 780 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 96 PID 628 wrote to memory of 780 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 96 PID 628 wrote to memory of 780 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 96 PID 628 wrote to memory of 3240 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 97 PID 628 wrote to memory of 3240 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 97 PID 628 wrote to memory of 3240 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 97 PID 628 wrote to memory of 212 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 99 PID 628 wrote to memory of 212 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 99 PID 628 wrote to memory of 212 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 99 PID 628 wrote to memory of 1716 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 100 PID 628 wrote to memory of 1716 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 100 PID 628 wrote to memory of 1716 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 100 PID 628 wrote to memory of 3900 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 101 PID 628 wrote to memory of 3900 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 101 PID 628 wrote to memory of 3900 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 101 PID 628 wrote to memory of 4000 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 102 PID 628 wrote to memory of 4000 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 102 PID 628 wrote to memory of 4000 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 102 PID 628 wrote to memory of 3832 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 103 PID 628 wrote to memory of 3832 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 103 PID 628 wrote to memory of 3832 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 103 PID 628 wrote to memory of 400 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 104 PID 628 wrote to memory of 400 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 104 PID 628 wrote to memory of 400 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 104 PID 628 wrote to memory of 4032 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 105 PID 628 wrote to memory of 4032 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 105 PID 628 wrote to memory of 4032 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 105 PID 628 wrote to memory of 1604 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 106 PID 628 wrote to memory of 1604 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 106 PID 628 wrote to memory of 1604 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 106 PID 628 wrote to memory of 4464 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 107 PID 628 wrote to memory of 4464 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 107 PID 628 wrote to memory of 4464 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 107 PID 628 wrote to memory of 4792 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 110 PID 628 wrote to memory of 4792 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 110 PID 628 wrote to memory of 4792 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 110 PID 628 wrote to memory of 4088 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 111 PID 628 wrote to memory of 4088 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 111 PID 628 wrote to memory of 4088 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 111 PID 628 wrote to memory of 2912 628 9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118.exe"1⤵
- Disables RegEdit via registry modification
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Windows\SysWOW64\sc.exesc stop wscsvs2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2072
-
-
C:\Windows\SysWOW64\sc.exesc stop SharedAccess2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2732
-
-
C:\Windows\SysWOW64\sc.exesc delete shared access2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:220
-
-
C:\Windows\SysWOW64\sc.exesc delete wscsvs2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2476
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM CMain.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:828
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM CAVSubmit.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4532
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM navapsvc.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2444
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM nod32krn.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3176
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM mcvsescn.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:780
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM ashWebSv.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3240
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM istsvc.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:212
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM avp.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1716
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM avgamsvr.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3900
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM avgw.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4000
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM avguard.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3832
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM sockspy.dll2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:400
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM nanapsvc.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4032
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM SPBBCS.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1604
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM AvKWCtl.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4464
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM Nvoy.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4792
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM isafe.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4088
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /IM vsmon.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2912
-
-
C:\Users\Admin\AppData\Local\Temp\install.exe"C:\Users\Admin\AppData\Local\Temp\install.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2624 -
C:\Windows\NDMKPG\BIC.exe"C:\Windows\NDMKPG\BIC.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1520
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
934KB
MD5c8038a2d96c20a6664da287a49e1f451
SHA126ae3ddd4bae2ad6e5e2b3056a7a17e4c5c58dce
SHA2565d24b03937e102aee1248aef511905f159bce3df8509c3a8f22d0b3a2b7cc658
SHA5126bf27328e13245ad7680588fe605e327edba10eb11893e06229c1c3e25e5412d9cd8a02d84c2e72b36b1c22ea56e3cbb5b7269daec9174c630f359c0b93d6509
-
Filesize
61KB
MD5383d5f5d4240d590e7dec3f7312a4ac7
SHA1f6bcade8d37afb80cf52a89b3e84683f4643fbce
SHA2567e87f6817b17a75106d34ce9884c40ddfb381bf8f2013930916498d1df0a6422
SHA512e652c41ec95d653940b869426bc2cbd8e5b3159110ffaab7d623e23eebe1f34ca65be6a9a9cdcd5f41aec7567469d6b4d6362d24ae92267cddb8940e1265806a
-
Filesize
43KB
MD593df156c4bd9d7341f4c4a4847616a69
SHA1c7663b32c3c8e247bc16b51aff87b45484652dc1
SHA256e55b6eabf0f99b90bd4cf3777c25813bded7b6fc5c9955188c8aa5224d299c3e
SHA512ed2e98c5fd1f0d49e5bac8baa515d489c89f8d42772ae05e4b7a32da8f06d511adad27867034ca0865beae9f78223e95c7d0f826154fc663f2fab9bd61e36e35
-
Filesize
1KB
MD539947400e6f176b636ae3997f16e1904
SHA1a157f25c23774081f31e555c5bb7367982355527
SHA256ab9525e12b47738a89a5ddbb56f86a819e6c98fda24e0407d1c6412b61c17992
SHA51275f4ec191308ea233d346dca6805e000892b9d2eb7a8a10355d843113d368c17d37878e82b7b4ea90ec60c7b9c59b73f63fc7319fdb0aa8c2395b82544fb0e33
-
Filesize
1.7MB
MD53cd29c0df98a7aeb69a9692843ca3edb
SHA17c86aea093f1979d18901bd1b89a2b02a60ac3e2
SHA2565a37cd66508fa3fc85ae547de3498e709bd45167cb57f5e9b271dc3a1cb71a32
SHA512e78f3206b1878e8db1766d4038a375bbebcbcdb8d1b0a0cb9b0dc72c54881392b9c27e2864ad9118702da58f203f13e0ad5d230980ad1ef2370391a2c4acffc9