Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 18:43
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe
Resource
win7-20241010-en
General
-
Target
JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe
-
Size
6.5MB
-
MD5
cfe3ccd4e51148fc43af6918502968ed
-
SHA1
fe08ac064dd792ec012929a1873e60ac2a517859
-
SHA256
2dd4cf403fe7d85d7d32cfc69239c479f4d25067facf6f38be38593582280b2c
-
SHA512
9245582ff6373fdf44795fa276ccf950bbeaa97b8427d3e47c304d74c0ac93ba30c92879d81c03ce3e6ad19f29d85d08e6b527d63660e3d922b01210cdd97435
-
SSDEEP
98304:TEI26o3CUY0XAKnx/tbTlu3DkaihIlYRVMN4lk7vYxNKtODx/JNkAJPWMx3QTw0:PGRY2AItbhuwaielYRVM7vKK0oAdDgTf
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation SETUPD~1.EXE -
Executes dropped EXE 11 IoCs
pid Process 2212 files.exe 3604 SETUPD~1.EXE 1512 BandooUI.exe 4812 GLJ9BA5.tmp 4692 GLJ9BA5.tmp 4784 GLJ9BA5.tmp 3736 GLJ9BA5.tmp 1860 BndCore.exe 1452 Bandoo.exe 1520 Bandoo.exe 3052 SearchquMediaBar.exe -
Loads dropped DLL 64 IoCs
pid Process 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 3604 SETUPD~1.EXE 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 1512 BandooUI.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4812 GLJ9BA5.tmp 4812 GLJ9BA5.tmp 4692 GLJ9BA5.tmp 4784 GLJ9BA5.tmp 3736 GLJ9BA5.tmp 1860 BndCore.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 1452 Bandoo.exe 1520 Bandoo.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 3604 SETUPD~1.EXE 3604 SETUPD~1.EXE 3052 SearchquMediaBar.exe 3052 SearchquMediaBar.exe 3052 SearchquMediaBar.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 5 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ = "Bandoo IE Plugin" GLJ9BA5.tmp Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\NoExplorer = "1" GLJ9BA5.tmp Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}\ = "Searchqu Toolbar" regsvr32.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\1055.dat JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\button-hover-left.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\rss.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css SearchquMediaBar.exe File created C:\Program Files (x86)\Fun4IM\Resources\~GLH001f.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1004.dat JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\remove.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\uwa\throbber.gif SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\FlashAnimator.dll JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\highlight_lime.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\slideron.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\widget_sudoku.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\uwa\border_08.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png SearchquMediaBar.exe File created C:\Program Files (x86)\Fun4IM\Plugins\Yahoo\Resources\HTML\~GLH003e.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\blank.gif SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\pop.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\radio-options.png SearchquMediaBar.exe File created C:\Program Files (x86)\Fun4IM\Plugins\IE\Resources\HTML\~GLH0041.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\modules\datastore.jsm SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\logo-about.png SearchquMediaBar.exe File created C:\Program Files (x86)\Fun4IM\Plugins\IE\Resources\~GLH003f.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\Program Files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\~GLH0031.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\youtube.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\uwa\border_19.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\BandooGo.exe JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\toolbar.htm SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\searchbar\searchbar-background-left.png SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\~GLH000d.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\~GLH0021.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\~GLH0023.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\1011.dat JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\HTML\~GLH003b.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\button-down-splitter.png SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\Resources\~GLH001d.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\uwa\templateFF.html SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\rsstopback.gif SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\yellow.gif SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images\~GLH0039.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\lib\external.js SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\graphred0_5.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png SearchquMediaBar.exe File opened for modification C:\Program Files (x86)\Fun4IM\InstallerHelper.dll JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File opened for modification C:\Program Files (x86)\Fun4IM\~GLH0010.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File opened for modification C:\Program Files (x86)\Fun4IM\Plugins\MSN\Resources\Toolbar\Images\~GLH0024.TMP JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\scroll-right.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\panels\images\icon-Add.png SearchquMediaBar.exe File created C:\PROGRA~2\WIA6EB~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png SearchquMediaBar.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 14 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLJ9BA5.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SearchquMediaBar.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLJ9BA5.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SETUPD~1.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BndCore.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bandoo.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language files.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BandooUI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLJ9BA5.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLJ9BA5.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bandoo.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
NSIS installer 5 IoCs
resource yara_rule behavioral2/files/0x0007000000023cb8-216.dat nsis_installer_2 behavioral2/files/0x0007000000023cb7-320.dat nsis_installer_1 behavioral2/files/0x0007000000023cb7-320.dat nsis_installer_2 behavioral2/files/0x0007000000023d1b-568.dat nsis_installer_1 behavioral2/files/0x0007000000023d1b-568.dat nsis_installer_2 -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\AppName = "Bandoo.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\AppPath = "C:\\Program Files (x86)\\Fun4IM" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\AppName = "BndCore.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\AppName = "BandooUI.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\Policy = "3" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\AppPath = "C:\\Program Files (x86)\\Fun4IM" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\AppPath = "C:\\Program Files (x86)\\Fun4IM" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\Enabled = "1" SETUPD~1.EXE Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes SETUPD~1.EXE Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}\Compatibility Flags = "1024" Bandoo.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}\Compatibility Flags = "1024" Bandoo.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\WarnOnClose = "1" SETUPD~1.EXE Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\SearchScopes SETUPD~1.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{8A96AF9E-4074-43b7-BEA3-87217BDA7402}" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{7FF99715-3016-4381-84CE-E4E4C9673020} = "Searchqu Toolbar" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{8A96AF9E-4074-43b7-BEA3-87217BDA7402}" SETUPD~1.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\DisplayName = "Web Search" SETUPD~1.EXE Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\Policy = "3" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\AppName = "ExtensionsManager.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}\Compatibility Flags = "1024" Bandoo.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}\Compatibility Flags = "1024" Bandoo.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\OpenInForeground = "0" SETUPD~1.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\PopupsUseNewWindow = "1" SETUPD~1.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\Deleted = "0" SETUPD~1.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\SuggestionsURL_JSON = "http://www.searchqu.com/suggest.php?src=ieb&systemid=402&qu={searchTerms}&ft=json" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\AppName = "BndCore.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{074E4EFE-81BB-4EA4-866E-082CB0E01070}\Compatibility Flags = "1024" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F5379B4B-24D8-432A-9A96-BE75EE5117DB} Bandoo.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\Groups = "1" SETUPD~1.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\ShowTabsWelcome = "0" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\AppPath = "C:\\Program Files (x86)\\Fun4IM" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShowClosedTabs = "1" SETUPD~1.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\ShortcutBehavior = "1" SETUPD~1.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\UseHomepageForNewTab = "1" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\DisplayName = "Web Search" SETUPD~1.EXE Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101} Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1} Bandoo.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold = "1" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\URL = "http://www.searchqu.com/web?src=ieb&systemid=402&q={searchTerms}" SETUPD~1.EXE Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\Compatibility Flags = "1024" BndCore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\Policy = "3" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key deleted \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\USER PREFERENCES SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\Deleted = "0" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\SuggestionsURL_JSON = "http://www.searchqu.com/suggest.php?src=ieb&systemid=402&qu={searchTerms}&ft=json" SETUPD~1.EXE Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\Compatibility Flags = "1024" BndCore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\Policy = "3" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\AppPath = "C:\\Program Files (x86)\\Fun4IM" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}\ShowSearchSuggestions = "1" SETUPD~1.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}\AppName = "uninstall.exe" SearchquMediaBar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}\AppPath = "C:\\PROGRA~2\\WIA6EB~1\\ToolBar" SearchquMediaBar.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\AppName = "BandooUI.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8} Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{074E4EFE-81BB-4EA4-866E-082CB0E01070} Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0CE5B352-9D9C-41E1-9551-FCCD92820217} Bandoo.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{EF2B6317-C367-401B-83B8-80302D6588A7}\Compatibility Flags = "1024" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\AppName = "ExtensionsManager.exe" JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.searchqu.com/402" SETUPD~1.EXE -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CURL.HTTPDataAccessor Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217} Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC}\TypeLib GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\CLSID BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\CLSID\ = "{27F69C85-64E1-43CE-98B5-3C9F22FB408E}" BndCore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} BndCore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}\TypeLib Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39}\TypeLib\ = "{4410C118-B23C-406C-9F52-9CDABD90A5EA}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}\InprocServer32\ = "C:\\Program Files (x86)\\Fun4IM\\FlashAnimator.dll" GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}\1.0\0\win32 GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI\ = "CoordinatorUI Class" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CURL.HTTPProxyInfo\CLSID\ = "{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D60A7941-4F69-4A79-BED7-72ADA784B8F7}\TypeLib\Version = "1.0" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ = "Searchqu Toolbar" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl\CLSID\ = "{CE1CB632-6817-47b3-8587-D05AF75D6D5A}" GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin\CLSID\ = "{EB5CEE80-030A-4ED8-8E20-454E9C68380F}" GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}\TypeLib\ = "{4410C118-B23C-406C-9F52-9CDABD90A5EA}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}\LocalServer32\ = "\"C:\\PROGRA~2\\Fun4IM\\Bandoo.exe\"" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}\TypeLib\Version = "1.0" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}\TypeLib\ = "{B59DD5A8-33B8-4525-8A2B-B0943736F927}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}\ = "PlugInNotifier Class" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CURL.HTTPProxyInfo.1\CLSID\ = "{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A288B32D-1001-479F-8DA2-E259010B7A31}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}\ProgID GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin\CurVer\ = "BandooIEPlugin.BandooIEPlugin.1" GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39} Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}\ProxyStubClsid32 Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94FBDF11-676E-42E5-A516-1FD39970386B}\ProxyStubClsid32 Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A288B32D-1001-479F-8DA2-E259010B7A31}\TypeLib Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} BndCore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\Programmable BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}\ = "IStatisticMngr" BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BandooCoordinator.CoordinatorUI\CLSID\ = "{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}\ProgID Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A}\ProxyStubClsid32 Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A288B32D-1001-479F-8DA2-E259010B7A31} Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\InprocServer32\ = "C:\\PROGRA~2\\WIA6EB~1\\ToolBar\\SearchquDx.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F} GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\CurVer BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5E9B4D72-C58D-48BF-AC09-68182D472160}\ProxyStubClsid32 Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9C123289-82E1-4da7-A3C2-B8D28AAD114B}\ = "GIFAnimator" GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}\1.0\HELPDIR GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CURL.HTTPDownloadStatus Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}\ProgID Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{929FCA79-44E2-4408-83E7-F93AAE0B0909}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}\TypeLib\Version = "1.0" BndCore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}\ = "HTTPDataAccessor Class" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}\ = "HTTPServiceFactory Class" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5} Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5D99259-ADA3-48A5-B861-39813B713DCB}\ = "IHTTPDataAccessor" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}\ = "CFlashAnimatorCtrl Object" GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}\MiscStatus\1 GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CURL.HTTPProxyInfo\CurVer Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFFA986E-4B0F-4F15-9DDC-19FE8129602A} Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5E9B4D72-C58D-48BF-AC09-68182D472160}\ = "_ICoordinatorUIEvents" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1 GLJ9BA5.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}\1.0\FLAGS GLJ9BA5.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}\TypeLib\ = "{B59DD5A8-33B8-4525-8A2B-B0943736F927}" Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}\1.0\ = "BandooCoordinator 1.0 Type Library" Bandoo.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}\TypeLib Bandoo.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72434BC1-E46D-47A1-A597-8749DFBCC24A}\TypeLib\ = "{4410C118-B23C-406C-9F52-9CDABD90A5EA}" Bandoo.exe -
Suspicious behavior: EnumeratesProcesses 52 IoCs
pid Process 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe -
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 1452 Bandoo.exe Token: SeDebugPrivilege 1452 Bandoo.exe Token: SeDebugPrivilege 1520 Bandoo.exe Token: SeDebugPrivilege 1520 Bandoo.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe Token: SeDebugPrivilege 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe -
Suspicious use of WriteProcessMemory 39 IoCs
description pid Process procid_target PID 4488 wrote to memory of 2212 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 82 PID 4488 wrote to memory of 2212 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 82 PID 4488 wrote to memory of 2212 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 82 PID 4488 wrote to memory of 3604 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 85 PID 4488 wrote to memory of 3604 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 85 PID 4488 wrote to memory of 3604 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 85 PID 4488 wrote to memory of 1512 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 86 PID 4488 wrote to memory of 1512 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 86 PID 4488 wrote to memory of 1512 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 86 PID 4488 wrote to memory of 4812 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 87 PID 4488 wrote to memory of 4812 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 87 PID 4488 wrote to memory of 4812 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 87 PID 4488 wrote to memory of 4692 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 88 PID 4488 wrote to memory of 4692 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 88 PID 4488 wrote to memory of 4692 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 88 PID 4488 wrote to memory of 4784 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 89 PID 4488 wrote to memory of 4784 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 89 PID 4488 wrote to memory of 4784 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 89 PID 4488 wrote to memory of 3736 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 90 PID 4488 wrote to memory of 3736 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 90 PID 4488 wrote to memory of 3736 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 90 PID 4488 wrote to memory of 1860 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 91 PID 4488 wrote to memory of 1860 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 91 PID 4488 wrote to memory of 1860 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 91 PID 4488 wrote to memory of 1452 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 92 PID 4488 wrote to memory of 1452 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 92 PID 4488 wrote to memory of 1452 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 92 PID 4488 wrote to memory of 1520 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 93 PID 4488 wrote to memory of 1520 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 93 PID 4488 wrote to memory of 1520 4488 JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe 93 PID 3604 wrote to memory of 3052 3604 SETUPD~1.EXE 95 PID 3604 wrote to memory of 3052 3604 SETUPD~1.EXE 95 PID 3604 wrote to memory of 3052 3604 SETUPD~1.EXE 95 PID 3052 wrote to memory of 1188 3052 SearchquMediaBar.exe 96 PID 3052 wrote to memory of 1188 3052 SearchquMediaBar.exe 96 PID 3052 wrote to memory of 1188 3052 SearchquMediaBar.exe 96 PID 3052 wrote to memory of 1904 3052 SearchquMediaBar.exe 97 PID 3052 wrote to memory of 1904 3052 SearchquMediaBar.exe 97 PID 3052 wrote to memory of 1904 3052 SearchquMediaBar.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cfe3ccd4e51148fc43af6918502968ed.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4488 -
C:\Users\Admin\AppData\Local\Temp\FUN4IM~1\files.exe"C:\Users\Admin\AppData\Local\Temp\FUN4IM~1\files.exe" "-oC:\Users\Admin\AppData\Local\Temp\Fun4IMFiles" -y2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2212
-
-
C:\Users\Admin\AppData\Local\Temp\SETUPD~1.EXE"C:\Users\Admin\AppData\Local\Temp\SETUPD~1.EXE" /S2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Users\Admin\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe"C:\Users\Admin\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe" /S /NOADDREMOVE /D=C:\PROGRA~2\WIA6EB~1\ToolBar3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /u /s "C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll"4⤵
- System Location Discovery: System Language Discovery
PID:1188
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll"4⤵
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
PID:1904
-
-
-
-
C:\Program Files (x86)\Fun4IM\BandooUI.exe"C:\Program Files (x86)\Fun4IM\BandooUI.exe" cookie http://fun4im.com2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1512
-
-
C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp"C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp" C:\Program Files (x86)\Fun4IM\GIFAnimator.dll2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4812
-
-
C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp"C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp" C:\Program Files (x86)\Fun4IM\FlashAnimator.dll2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4692
-
-
C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp"C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp" C:\Program Files (x86)\Fun4IM\CrashRpt.dll2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4784
-
-
C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp"C:\Users\Admin\AppData\Local\Temp\GLJ9BA5.tmp" C:\Program Files (x86)\Fun4IM\Plugins\IE\ieplugin.dll2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3736
-
-
C:\PROGRA~2\Fun4IM\BndCore.exe"C:\PROGRA~2\Fun4IM\BndCore.exe" /RegServer2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
PID:1860
-
-
C:\PROGRA~2\Fun4IM\Bandoo.exe"C:\PROGRA~2\Fun4IM\Bandoo.exe" /Service2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1452
-
-
C:\PROGRA~2\Fun4IM\Bandoo.exe"C:\PROGRA~2\Fun4IM\Bandoo.exe" /Start2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD58d7cb5fcdf17a103001382928c52b0d5
SHA10953c55a825aca3e08816fcded479268628d2870
SHA256fa52dd26ac2216eba4c2b55512fff492a916dec3b7d135b5d7f3170e1a05a0b4
SHA512b9beaef4cbafc3dd3de8b819230ad8d9e857e004defa07ee964312cce88b20d99ab9ff617eb172b4f9970d3be5e2fd730091a9861d40e3c6ce6f5025f5c04dad
-
Filesize
1.5MB
MD5d0c1e5654ae09f42dee564572511ef2e
SHA1e2895459d69e93e944755dc007c612cc777df502
SHA256cf3a68d5b82382817679d77f6a1af18ad48dda3d16f52c4cf43e81b54fd463c2
SHA512271e3e76d4a9c199a2487b95f22b0cd589845b41f18e7b283c0f8bbe898b941128b0a6d9773c08d05b5b7f325effabf8eb77b16db96b422a2c7228544bd01c56
-
Filesize
149KB
MD5973567b98cdfc147df4e60471d9df072
SHA13c4735750c99c63e6861170a8c459a608594211e
SHA25669b9dd6160524e0eb44905224f5b1747dfce43243c00c11c87f5c2ec55102876
SHA512e891e3a413691eddd895a31293117aec8d151ecf18f84d3aa73bc1c4eb95582df1dfe04d51b7011eb55b5e754e2240de4c6269f9547f3cab3519985da1e07294
-
Filesize
85KB
MD55341d89ccc497fcdb3cb2b0ee447af2c
SHA121569742db2e4b878560c81b1c4d660aa411f2ee
SHA2566cbf7ea6d40cf18fd45be290cf450fa49ca589603c36b193a43d40479b2053a6
SHA5125cb97e4c32c5086358611323be03ee831667ed980e5b7315d51533724f4459099cb5993a44d644d6c59670e297870cd52e0693f7a78f6485cd19349c7e16bef4
-
Filesize
591B
MD5ec52771cc9f815db8567ed6d7cfe1b09
SHA1e1a93767f8336a722d5f6dc1e24bd0336e34a77e
SHA256ddc97723151b88824e949b565eab55b2acd9ef0df9b95ad1ee6f0dd1f97bced0
SHA51278f6030e570164703d1e7fb4ed407bed8f7de879c861cc6ab27df6a3919ebb4aff5c1826f3e57c535294bca256336e359564df1ce35b21c7a242b42a40bfbebd
-
Filesize
627B
MD553c02dc4ee48e77ea7e6f15b8cd9b632
SHA1278a37d0be98089abab95b1438082edf21e33b83
SHA256d5275d4eacef964ceac13a7c71c25cf8169477df7254e5d672524394e23f4457
SHA5129e953bcec9221e40ee67b1abc2e713064ffc63be5b7727424219a399e4ffecaea53deae1d734cae5354b5aab4f65721e84f7baf4861bc863c3ceb3d28a4d300b
-
Filesize
633B
MD59a8d072191d4e475e5e480fc3543b16b
SHA1783592cbcf2d9d9417d1c3ea7e80b8cca46dd590
SHA256e7cf677144d89ca7eff48d4179bfff6fa976ef07a7c72c5287a8e64e261dfafb
SHA5123ac524ba93c5d0ce3e80dfd251da4cc6bde325d46bd9ef63f24ab442122957e312107053c85fec24d0366767424361fcb0cd162bc6ed769a9025b2b8e1bf1000
-
Filesize
667B
MD510783b75928207bf1dd84b5a1f65c7c9
SHA1a3d4f71415026150a7e87535e359ca390c2eae1b
SHA2566728d4c55ad14ca07fbb022dfb993f677ebd13c6c164db489c5b6c33b443211c
SHA51290a4a3bfdc265ba14b27107135eb6ab658d556e3b6198f3e6fb60f035a40dabc73d1a47dc327fd95664d18b624cb5a6cfed1316371e46e127d4eda35d21fab1d
-
Filesize
677B
MD5809a59f13e2410bc684ba26004c19a26
SHA173a8d3364be3a2585b4096beeeca8f7ec0e57f87
SHA256c734caf5170d50ce5e51b7512c8a795d0ca5aa0a3e201e6a2900967e016afa69
SHA512f52e269104480d3979f1245e61bcbc433b39bb0d75ad4e6d4f86627fba1e4a09d24620e0f7cf4570d6d1c89fcdd34af10270738639c51c4f946c9846a7875d5a
-
Filesize
1.7MB
MD51cb076b06346feee33ec3e409ea0ec42
SHA18cf322d41f7c8e326c6a0a697b90eb813cf256bc
SHA256307f36ef56a1443a22b838e7d5188fe6d6f04a08194c8789285e599096af5605
SHA512c9a4ee681ea51c2a3515321a776fe3acc32f9626d0de343a2b12e09095e9e9b3983f7f3b97289033fa8c1e93618194b8ee01bf0d3571aff991e24c8e323c8439
-
Filesize
339KB
MD56674549585e1adbc9a453d864e0d70be
SHA1108dd53d267a3039e8ec61a589e39b55c8c1b664
SHA2568cb8a63fcb283a8b633ddaac0bf54d8ed208d4898388ff980107470b4860fc37
SHA5128be6a47c1c87b12f6426aaca4594c51136ed530028e786dfa7f667392a164b2cf929285df445208b214e4cc57a06ef5e0cfdbec57f7f3dc105de75f7f89496b3
-
Filesize
1.1MB
MD58becc2a870db96977054b01cd1409720
SHA18b4dcd16a8dd63e476ddcdfd0b0c7d838a6651aa
SHA2563943ca184a48976a6e61a703c9fb08598f2c3256265461a495fcf9de974ec0c7
SHA51258b7c83b118381b69ffd6509cf2c8782003d0027d4d7663c8c01b3e358625aba681d2142c1136e35efcdc26ef067f04549e17ae8755ec590765d0c1d31249879
-
Filesize
188KB
MD5425a1f948efb36e5ed37e7a9a25f357f
SHA167672df006a6313116b5bfa26e493bcc76a720c7
SHA256d4bcfd1d80d2dae506cecbd64f43886ff822bc3f17f409017a6e6e2dc687407b
SHA512b937752c802217d598ba3bae9267429534ca9d57942ce9f806d8231a49a2646189f20678bb6c88ee29499b99abc6840c15a78fab83827237b07f36e919a6a8e0
-
Filesize
161KB
MD5a9fd2046ebaed67672113870c545959e
SHA1c838473ab1d2ba2e7a7a4d71242750d4fe4d3203
SHA256063f9ddadb5a48bc4960dc579bca62cf8a64779d3d34cce2f0a20588b9872a7b
SHA512a4311f328fd13d3cddc7b4970f59b183d8a72dfe55229584dd4f0a54d233743bfd72ff7642fec368c0ffe4ef29b68fa45bcbbf216202cd237f9123bdd9bb38c5
-
Filesize
2.1MB
MD52545b89113e0ecbe1df70e27d02b1a11
SHA16627431addba4d8db91c5a88ca74bf1b7eeeba79
SHA256c2199938c3989c3e7471f2a219588a68e4e531742d7246e64ef053e6bfc265ee
SHA512ba340e293e5107424b9cc22a2a88a6f71b7a39ccf02c7fc6af4a1a3566be5428fe99619392f46ad964d634e4f5239744e843b13918a4a904bc9d5a6b7af692a7
-
Filesize
1KB
MD54b24730682e1bd265e08bec28bd68c2b
SHA1a9ada2a9ec74268874601731c7e3b41c7b0846e0
SHA2569c1eff07cf8d7f35bc62238e5c7fc51e413ddc8f80a1071e4ae41411961815ed
SHA51290d730486e788f5b1e33cfc9f8ab9946845fd125d6dbe48df9b5b3b128d5236066ff62b9304f32ffdbc3023967046aa83d52e4da99bdf19b9c04d1b0c6a387be
-
Filesize
1KB
MD5e5f04b872687c16acebb60726886b67d
SHA11ab298337ddb7cebc97b03e512ac1257e50dd149
SHA2560f146fae3d2e3aaadb90687dfeccd0a26927254a048be7828bf2b12b6237bed3
SHA512421dd77fee2d065bdc683c5ee3254bce9d6d52aff7190cc15d193590a6e58b92ca3095d143e7a73c993f955c5d2620868f8d566e706df7d97ddbd69302ccfdb0
-
Filesize
1KB
MD592b06f6952fd2e0266d5246506515b8b
SHA17ba5807536048f3c5fc0cc76d6e5984f4fab88e5
SHA256baeb3bac49604023c3093d1340af6c5c0a9e20c2d479b6141e52ced932dd092c
SHA512714098c30460784d99f5aa8b2268dc7820770f3e35d93ad319d8fc319ead6adc1ec8ea30cd535f729165b4d8a4258e5d00f18838c541f36ab71c9e3c0c95ae38
-
Filesize
3KB
MD571d54a61b44e3aec554f30ba43986a53
SHA1d87ac38081c01a8b8dfd50cf129a94692cc84849
SHA2567cb8db9993d52bc66f45e0900e5acc36ad40c2f6b3ac25d7f4aa892a0bf5c0bd
SHA5121a6f730801a57d99d995847512c6b079f9f963b968dea49d43e6c45a05018ec8bee2c4b058f847cc245b07667392d5a6aa6908074d3a7d79883980a704fdabb7
-
Filesize
3KB
MD58b518642a7ed21cb2008ef4ea558aaa2
SHA1d811236f78fe3e2f4d7fe93653addd58da6253a1
SHA256411b37dd8a13a1da1cf688ca3a646fef36113956be76c7c6630647fa7382324c
SHA512662fea897287ddf520781262c9745f2a6ad508333e0177ca7f18f1a39ef1321ed781648bd77f54d788d2b5ebeb7fb266fa477638363c5eab1a71b5a6eff22663
-
Filesize
3KB
MD5bd503fc079afbb9593e01e3f77f684a5
SHA1caccaeab77250dc2f3ca6cc37d1efdcf59251997
SHA2565b93440f929865a5d80106358550b64d18df20a42ca5254a2b5a5c6b7653eaa5
SHA512b947cb0d4b35a238626448b5b8c081bd2c984b07929523b13e43185e450b269f934084659ec2583f14ceda68d4814f9fe25cbc07d9ef2afad15e2a8d8c8bf8e7
-
Filesize
1KB
MD5dc77d8c55634ed66b8625c987eb25946
SHA15ad7bdc1ca076e94d465fa343ab4cbcf9858597c
SHA2562b3a45b5f2f7cb5e3f7112e59d4e94ace459d16126a8107a93bad1e6f15b6c5c
SHA512ea662835239dbf9b2e9ef9965e66984867bf25b7a5698cfa8c97123912622c1e8e1f0b2475ee41f8df5ebd8a217741bc69afd06481a9991f79a15f00eab328e9
-
Filesize
1KB
MD5d4c76de55315e8eee5b34ea403af3fd9
SHA1551cca2f1a1cf1f2b71d5a65ee7cf6a391b72f91
SHA256184007ae605ee4ffbdbf779e6275f6a75aa9250cda8652bf9ce73b5dac54d76a
SHA51278f3049bfb91e9d43f963f8f1a05ca2fdb867c2ed2661a43787c0066b9f101a0c1adb0bca211ffb0240f33529e8bfed8d4552b4d4f49015b59044a650cef0126
-
Filesize
10KB
MD597c46521e75a3a738208cf5711782523
SHA1d09ec7c63d8bc27bb29c700a4ba73d864bc28d98
SHA256e7e326b997de54efeb2c4a260836ca19c24de9f3a3b603aaafb59132db12a1a5
SHA512771234afedd61d13f8caf0744b7416c07bf13ca2cc8f8ae57504a15b4cc1ce867612a5c7531d1360e8bed600b8f6b1790ee80bbee0ad7d860c967df642c12bd0
-
Filesize
1KB
MD5e57db08b1b405864e28e9282c05a5e26
SHA1761bc01a3fed758253cb32fa9674edaa08a1fe9a
SHA25617d73f59930d91b4eeb1abe7695d547a3a7e6d7be419e07b188b95a21236d7fa
SHA5127b0b9c3c8811729dfaf4354d79d37f51f4d8accdbed147fe3ed50289bcd328cbad8f87d44d62fad275125e23d63c974f7d48eed3f3350a7f7d3b8c0c672a8f47
-
Filesize
21KB
MD5db507d76fe5408b3ecab582b545fbd04
SHA16c32d18157dde92d056a86a4f23c57da5f82d889
SHA256d5202d30e318458df7a56605937a20eafa37714884edf43dd4c7a6324794323d
SHA512834745c1bcb5482f2d37b821248120fa4b605969e6c381d8c74bcaade63836fd9f627ec386963262b833626f3cfc1fd5bb903a539189c5ddac13808001d7e6cd
-
Filesize
53KB
MD58ea6b0aec1769520e28c9c4a4ee97011
SHA1cf469dd89b588e79f254c41c61a7012adbfbe061
SHA256a42a6fae8baef018de0c25d35a3fdfe28abb72066ef7a4169b19748e5e4e1002
SHA51227603c9efc258ff97956a1aeb3a321b921366eb62613fb67f5acb908fcf4b600422b696a97d92f8742a219114b709d340ed853fd7f7d76243c5f21499dd12bad
-
Filesize
32KB
MD52ac2fcfa7469d5fa2d7e6a762aad45a9
SHA108358fcdf1efcfe6938f5ab0db19a745544f1b79
SHA256627a38c6c239a51d77780bc5bde4cbe6e91d60a43cb2359116295aca766dce90
SHA5123c910b4bdf064f82f3662f6399a3fe7facb9de19202d460fd9f99a3d6de015e46248b325c4902373c195bb62b789315c4c051691b9750ba3dd16f4ee9fae415e
-
Filesize
43KB
MD56efa068d4c5e66d296249eead5d4588b
SHA1798706d0094c74f12f99163987ed324d40dae9dc
SHA256f91c7ccd4653dc7f91938510434c16031f591bc498254f93125967a5e0b63782
SHA5129dd1675180aa54884e0dcf282408a0b7385079a43e7476dd945edab7fc204a7e09634594971a59821cdee68b2d66bbed023964554f96bd347a73142f394301b5
-
Filesize
368KB
MD5232a46f8c6f6cad04924e2099e440b91
SHA17eb3ae0b0b9fcc485e7d1d3fa73f2e38c6301e62
SHA2568e492251e684f4edd18d7e746ec874999c448d266e94573f3a2233fe68279371
SHA5126bb476730452b930df9a5b0383ad4bdaa5b24fe3203786d8af4c6079eaec773831f844d262b77acfdec1d0085747da7d006ae5f35dc6f39b58ddacab7fd6b469
-
Filesize
1.0MB
MD5a7dea79ec917f96b8cbdec261bd41099
SHA1669557ef4a43b26dbcd5e7ae74bfa22a9c7a7c9a
SHA2561d5700fee2fb5419941d9ab6cd591391ea3b312206467ce141d01aa23c446223
SHA512b84b170ef6be1c0ebb9814db97fa66b4629f960f8402e6bb2ee99d5606875a8290c5f4631220ad93b40cc70374fc96173bb164e5b03cedbd49e829209cda477a
-
Filesize
66KB
MD58cb713d89900f7e1f0237b4a861954a3
SHA110340c3f8f98fb29eff9372f3b92a8055760a31d
SHA2561e587122f60fedb5c3a733ccea333eb751dd1123e9293e7e4338f69547d8f3f6
SHA5125e250988a93aa24f78fe1a824abd86d2ccb553aac7e55711628810ca43966c4574afd16fa8f0954b096e2990bddff2db9fb61ac04d3eb6ebd2208f1133133e29
-
Filesize
1.3MB
MD58b8d57a7822c281d136813a6a6bee3f5
SHA1baaaffa093dcd78d1e33f82aa52d13bd88e7c704
SHA25641a463a7409350e1b937d0e5ed4d6c89addd30b7f582904174b689c6537a4b36
SHA51219d186b668050d1e857f1fd5a210b62db3e84e3b859d99c42be707bf06c6fc362fc920b45b310d480c0811443deff968a6a8348b71d8f4a120d43bddfed21070
-
Filesize
2.3MB
MD57a9f2aff217e8a318659c78ed9dac210
SHA1dce41c98488c5e7422ac2a4300a51733ac9ca849
SHA256144852657dda3f989671ee9c4c2122f54bbdfa4a11c502fd8d490c0d8bfafffd
SHA512cbd93c901eacd3a8d08cc9b6bcaf1979361604eeb73caefee32e3f2c81834334e4f224bffdca20304ce7d326573e407645ce2a14679f2ac5254e4c93a217fa74
-
Filesize
185KB
MD56b4c2474ab43b101158dc9249d625471
SHA1e9205b8cbb5eb5a1d0a487c9401023a6ee853cd5
SHA256dc5d27aea969527bada1d4cf6080fac59fe497c1f77d36db51deddb2e0047d9e
SHA5126b0fb876ebf3270aebae2df530d3591aa90f99432924454b3fcfdf8224895dbe90bdc1ccfc0bd83ae01383d0d89f59fa92fc71d256a5b343848fac071fa4aaef
-
Filesize
222B
MD5b80866b84490c8974ec17ab899bfbe5d
SHA13f1b794e1e035d2d5aa60069ce32af89165692aa
SHA256f4404b5e92163280a0fb077a1a51c0bf033945f5d6b5b0fb4c7d423aca07a5ad
SHA51219a0295bd652f38ad481743b0dbce3a612edf4a57a92a4f2fec4e728f216e85fcdc435529c5886db89996d36a12d974c28d6b053f7761b875e874b1de7dab0db
-
Filesize
11KB
MD5f96b12eff2e280fa46bcc195d2d057cc
SHA1fa5a8151ad4f5389bd212ec9dcd038c6eb9c5805
SHA25654d7ac010bcfbd438f1d5c0d0c499490868eeb554391080eecf1080631f97f04
SHA5125ced80ac083a32783e833244d6396868a307556a87af687cdcc6757278ecf49badbd388a4c667567dd9a05fa179187ce1b95f0cc5922deb56207dd5d34a48168
-
Filesize
12KB
MD5a28a7e96196efea17fa5ca7d2a58f5bf
SHA12521a16cb673df46a691e9627bc9ccb87bcfa6da
SHA2560ad6f4b78a6f6ecbd194c3d2ce99346400141ba495bd3beb103d03282b30dd69
SHA512770127ee43bfe8370676c9b5c82f4961bb8914842553dcb0482da0dd2a1c996a59fdcbd583d0b0b4e3b64ddc4de86af373dd1fb192d428a130d6fa3d73ab1980
-
Filesize
14KB
MD54e32717c73d79a7d6a6c070cc603a039
SHA1c8ccfec55fac31756d55795f6d91d3f1314a8580
SHA25670c7247a884aa000d618eacdb55abfd7647956ec736065e816533b362249b9a3
SHA512097137c44f7f47b10661ddc93e76060d163b96d4a2ab8da6281f20ef4ddadacc8b3029296f5fac173e7137f8e94a78cb18751d496a9289d400e7b98ca00eb1ca
-
Filesize
4KB
MD5bc362084976315380681b927283baedd
SHA1105d4921ed9a5509acdf9084f6dc0944d8c10091
SHA2569dd81522c42dd6f9e8cdcb9d127d812408d9853a9d9ce058e761c56348b39576
SHA512b5f661600922de63798d642db3abcac493275ad24e8badb8aefe4b9e02333dd1fb1ebc9a02d8705a2ac7415f6beb768357b93cb7136cbea2f6da511afaa3d203
-
Filesize
2.1MB
MD59185881e390416beb23302bf0d74f44c
SHA1dd01084315589f18731d81c02181a39c8aedd7c5
SHA25640e3d7c3ad8b68140cca42c4570dd0b5d0ece9610b982da644350e369f622891
SHA51248243048c8702b71c659262a173e050a9b649ed6f9ac1c77df4e19db66087f1425e19d3c610e9065dc4cdd198922edac6e7acff68228591b8a42f69c1a6cc02a
-
Filesize
137KB
MD505406f548d5422924529bb265d616930
SHA1aa67ea5ef6557c418ca15adae6f46f7c86e3b86e
SHA256d23991ad4ad6fd69dc6ff12393ecf388ea862cfecb2c862cffe47c168ea1f138
SHA51275b1b791aaca896121f4ecb881adf79863a5a74ae2fcdbab06c6583800c2102fc56d9ddf31b5a4d236e42c8a2ee0d36e4daffc796ee394e8b84ced62506d6649
-
Filesize
30KB
MD55395d8552b99dacf6f4cc4610dc317fe
SHA196187f9d487600268428a98c77788f5be9c195c0
SHA256f3deaa142f26b1596d73ea7d5f2844ded23265c215f1b0ad435d6203bf1544f5
SHA512d1cb0f8a598cbeec8bc954795530e7a41df4f9cca631604ec69c02d4d697fef7ff071446ec29f48370e96bd8a9e151bc0748a33a7d52dd9552ddd6b7f05dd2ae
-
Filesize
2.0MB
MD55b5555b6af246dfea73b585a1db26c6e
SHA1ed352d072c5bd309af464986792c09c83b847caf
SHA25630818c8c924c4124f3544d4c3e51e597bcae41798c6573329a2d710601521528
SHA51293bcf786041c3f9475eeb0d2419d6f0c4c2e9a3ad7c4a60795ee8ba84d8624af92466b59ef5db649a6b2263dea8685c4456ed695024efaa4e8c0599a63c33b30
-
Filesize
1KB
MD5aeb8a0f98aa3c7ab18d5ff3c7adaf12f
SHA1a10588232218b98bdc57d6a7dc6dbf63b9981ceb
SHA256a69c0d2985d39d49165cde5c9662ee642526459fb44a0469b1c57b535f0bd730
SHA5120238482a2546528494e977530c165f266ba8bd354d244bbb47af5d61736670e2686278488002d70eeaaab39fba203b1c2b915f4bf51c645bd349e93ea4a9d1de
-
Filesize
6.4MB
MD5f211b2557e7858ae124653d7cb29f0dd
SHA1d9eb4d799047a942f826d5261a22b0aba1a0d753
SHA256648d2021bcb77c24602f634f7db9c9b190c27df07aa95aa983ff00488ceaf395
SHA512a949d67b5899888417648cdaf0fe379960ee74b48e9a2b9e763b3c0b84804dba921e2a45a35b5cc3fc2c9a9fdbfea25157849287a89efe6473a3abf138b26478
-
Filesize
471B
MD58adb616d567aa9bff9e4ae0706bccb3b
SHA10bbf2ce61145358a89cf4af14340071a9c680b8d
SHA2565bc3f1f0e802f4143a88186e9eb7a8d0465bf788c04d109512ae73942f378be8
SHA5121d1b08ef9ee0a47ae2888711b042229c66e1d2d1dacb705d820793300670f81de7a62f8f117dfe8de406133d778519519bde3205e9914658256c8f8b6181bcbf
-
Filesize
723B
MD5b7c7467f89925c675476492aed843958
SHA13357ffd23d718bf60ce999a1f82987a40da4ae0e
SHA256690db044770f1d0e1d9350ff3bb41a5151a0a75c47d7dbef50e48efbae14d656
SHA512cf4ba2f79dc908c8e6d73cb9f7399e2993df47604f7c9f8332c4f1cbcdca6d5756219930c9e526fd0e909be8c60feb13bf16fefc112cb97d47c34939afcacdd1
-
Filesize
161KB
MD58c97d8bb1470c6498e47b12c5a03ce39
SHA115d233b22f1c3d756dca29bcc0021e6fb0b8cdf7
SHA256a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a
SHA5127ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f
-
Filesize
10KB
MD53b2e23d259394c701050486e642d14fa
SHA14e9661c4ba84400146b80b905f46a0f7ef4d62eb
SHA256166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1
SHA5122b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88
-
Filesize
35KB
MD55614b11b85320c6e526b9ccff1fa7448
SHA11c01ecdc58643d752344c8dd1fd6ff04c554d874
SHA256e4993861e8dc24757dd9983086203a078fc48f7a71efd6f3746c23bb12bf9b60
SHA51258cb7cd54a81ae7f40ab0036b8479c18b16536ba4676dabb494b7eeb6c02283c3170b99048dc08476fd7d3b833efcd89842a871a1ed5b89d1ddd3bcb43c98d1e
-
Filesize
232B
MD5f680b584d6946840d1ac2dfc145a59bd
SHA19d8f7624f8788af592e8f1cf61f7e5f1f60f3133
SHA256dae4d55ef25b9036abca41aaae23563f9153246d9801b07e46ad47393adb929b
SHA512a7b7adb0831885f5b115926408789e7d4099c5b2f33605ccb5d95ecb3f72cf2515807fa0335b2f3f0369b859614c4163a2d077c5c62d4b94ab6889a28f3c73f6
-
Filesize
985KB
MD50cc6b522d6d5a0a434cab814b6fc060e
SHA1954edee56185e5edb04ed2975831a7b3e359c355
SHA256340b17703b82755262173c8218c4601928244c6dea2d68c53e1b9985c4ca47fa
SHA512c45c5f47f6b91810ba4e17ddc22646e512062cc0f2044710a2ea813c42132a6221176018a6b16d843651e179026863167f3a52b29989afb13e51974cf8e99c21
-
Filesize
17KB
MD5e241424579fdfd683f0adff02b7483a8
SHA1c4cde72b3e5e34730a41d43383d1234279dff1f6
SHA256c8601ee8eda1952ac188c05ae0527b51e525ee4ff36f67218dfdd2d48c79fd6a
SHA512a0c0f4bb55b8c0143266705292805fcb98f72dbdc4b724569cb31bd7488258ded63583e1f060c1d7bf003d3df2018b05a0720cee3064b6f6c60247e959636947
-
Filesize
16KB
MD50d422e0c03a7d9428c6c02175d7dc9f8
SHA15e13d49521cfbbe52cd74de8e1682789f0268969
SHA2569f47ec720d74e538bbc8d0c1118efcbc52e52050dbe98c27029fc35329996f7c
SHA5122edf47b24c4201e082841824d6ad9047a06e9a877d799e87befaf5d54179c924849d2e608cf9f60a1480828edcd98e19f3d139d19bdb4b96ee4939fe58bf0887
-
Filesize
26KB
MD5fbda05aa26e02d38effb82294e83ea69
SHA1aa2291ace177515173315668480c74442e21549d
SHA256565e439a6262cbe6c8164312ad330930738efa8d4defcbcdcc1eeb752fdb75b3
SHA5123fd4dcbe059df3078f7709b2b9edbe30744ad7ff6e4cd1c494b40bb796a31838d5c9761fe9db860c38bd929c364df4767435fb85dc4e4115e361dd9d640c256f
-
Filesize
6KB
MD55264f7d6d89d1dc04955cfb391798446
SHA1211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc
SHA2567d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4
SHA51280d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7
-
Filesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667