Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
02/03/2025, 07:29
General
-
Target
JaffaCakes118_3ec86d0266e990db3a951f239687a6f0.exe
-
Size
120KB
-
MD5
3ec86d0266e990db3a951f239687a6f0
-
SHA1
c5c370331a12bf10115eeb17401aad1b95654f85
-
SHA256
31c67757417a79aca92d2a112d64245b8452080deeb8c96ea37e781d78c750ca
-
SHA512
9507dab9b169007bfe1afb060a2ded6fae5466469330f875b89cbcf24cc16b87514723cb89e942d7cbe05562b5edaf787dba2d55be8821b91d33f9a8f0237707
-
SSDEEP
3072:yLk395hYXJePspYCAh7Ap8DLPw3rywS3pWAgZjf0:yQqiHxkGDs+wS3pWAgZ8
Malware Config
Signatures
-
Gh0st RAT payload 11 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 33 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 33 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 35 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 44 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ec86d0266e990db3a951f239687a6f0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ec86d0266e990db3a951f239687a6f0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\install8403921.exe"C:\Users\Admin\AppData\Roaming\install8403921.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ec86d0266e990db3a951f239687a6f0.exe" -sC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ec86d0266e990db3a951f239687a6f0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 212 -ip 2121⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1696 -ip 16961⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1380 -ip 13801⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4736 -ip 47361⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1912 -ip 19121⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3228 -ip 32281⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3624 -ip 36241⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2024 -ip 20241⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3932 -ip 39321⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2796 -ip 27961⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4192 -ip 41921⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2624 -ip 26241⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4736 -ip 47361⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4896 -ip 48961⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1932 -ip 19321⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 5962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 980 -ip 9801⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4776 -ip 47761⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3884 -ip 38841⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s srservice1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4636 -ip 46361⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s srservice1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4380 -ip 43801⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s srservice1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2456 -ip 24561⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmi1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2424 -ip 24241⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmi1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1800 -ip 18001⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmi1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2252 -ip 22521⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmdmpmsp1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2612 -ip 26121⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmdmpmsp1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4480 -ip 44801⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s wmdmpmsp1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2308 -ip 23081⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s logonhours1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 556 -ip 5561⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s logonhours1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1708 -ip 17081⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s logonhours1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2584 -ip 25841⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s pcaudit1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 5962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4064 -ip 40641⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s pcaudit1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2560 -ip 25601⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s pcaudit1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 5922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2988 -ip 29881⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23.4MB
MD52aa07b0852ea1125035b7d250975c964
SHA1faa7cd73234d5e373a2f1158473b7445a76f750c
SHA256a4bd56257d047dda240f370018e1c595515178c4169fdf7e012a6890aa87480b
SHA512625227887ce52728e9e91d7006c0f66a2b66d6180696668c4176e41fe8519127319ae978ad905b0b0056e26ca5feb1f732ac9e41764d7a36578c75de1ec16c7b
-
Filesize
24.1MB
MD577c53a98aa70f1fb49cedf8555f52a40
SHA17df7cfd6d592d6477245432fadd37dcb426fa2a9
SHA2560528fafe353316d821400b7070bc0b0e33160bb6348d502f4681c618a64f78a9
SHA5124e1c88a855238ff0ca61152dbf4ad53b379b9ebd016dba7e37b3f3dc4b9938ece6b8131713c61a45ac087ef8a839e17807163254b6d4908987021bdf2c5e5cca
-
Filesize
19.1MB
MD57fc545d5f25ae7b25fcdef6ccba82f86
SHA164b05b0eaecbd8e802319192dfbc892818e21c41
SHA2561ad7966875ce833f2468f1079840eaeb69e437bae9b63ee57eed4a9fa17574cc
SHA512f439cf7f7426b121afd51f79c90893fa2950f943cb4c45c6daa5c5372955cfb7bf1f46259f47959d625bab3b483703ce581fd98656b8a5fb7c3c3f1c0d43dad1
-
Filesize
22.1MB
MD56fb0a2bb418d31cfc5e1eb633d8da241
SHA103dd4232bbf47cc6cd54a4a6a8e5b65df3137180
SHA2563df76668eba11fac750d49858191defc4537714fcdb6e06f9f9f941bc2e6a37a
SHA51238cc338b0570d6f75e8249be42a576dc92eaffe3032c8a73a4a1d2fde15fab54ffdfe96ac56bc69109dd630dba3563e6e28182051d8864b1c25a59b0f3cbc708
-
Filesize
24.0MB
MD5acbed64cff173c6d14bdcc55a18724b1
SHA19dd3ced98459c7371783deb21efef0806cc38dc4
SHA256a25d6bf651c281d3420fc1abdf4ee9f8b184d9e7affe996cc24e9f5ee3101e43
SHA512f5d4281d3ac733589431213b2fb6cc2eae74b5c351759db334f5c0fadfe7eb5483d4fd43ed7121e5f90e065533e0dfd6a49e4e8fd74d2630347c74e280026e09
-
Filesize
20.0MB
MD5d824006591487a431e3235be54545e6f
SHA17d905f8fd74a278e8f4051eb74aa002c292ffc8b
SHA25608d553b2244fff3b993f609dc0df8d89b740a1eb679a38cbf0d9ffbb0778f71e
SHA51245f6c42e5d0d4f3b6835e93e40db161684f152d174a400026a6e86a5fadd1c606ccf9490f27e229894674c94fef029a9d0ec0c4a03cf047d37032bece8fcb419
-
Filesize
19.1MB
MD55901a352cd8de7879cb8350587073c1b
SHA1da10dec50c2cc78932065fb06c94e291d38f03c7
SHA2565ef75466c257e6e30de6aca357bbb470875b6b54bc7f17680a43f571dd542628
SHA51243cf0d5645a9abea3b0e0ea187de4809451a422f9ef63ee75365cadeabe208dd23b0f2fd7710878363baadd9b494aa62e586f16a0e98246bb82189bc220aedd9
-
Filesize
23.1MB
MD50e284ff8a288e743ed56105209817a16
SHA10f930014fd2b0c1cbe8890a8fb6e5f4167baf284
SHA256ad4d9fe8f292508572bad30c02438e0a47d1fccebce474868ea840a15ad2838e
SHA512e19ae33da5d5036b6bae40dfb78b6bf17f08797000f0f5ce47cee8ec5cffd370030375f16a95ae782a2adc4a54e17de1ee7db4b105d4a2f7b2ccdb9cb9127ce2
-
Filesize
20.0MB
MD56c611a995c91eaafe9132dfca6a3f4d7
SHA1e4ec9a2f43a8a3dca58946ee3fb3179bad92ea68
SHA256de2849be428d2b33227a02c5d073a5e79e7be1e0bc5cec715657824df4f11261
SHA512c4a55b04e12c97fdec97644ebc83891f3695d20e4013aadf96f19f3b55bb8f1e3fa9b6fdc0be858ec9e3c42482714c02a19902e8d1fc74a9d2950c7deadfc9ea
-
Filesize
22.1MB
MD51d34d34b1d8cbe60ce6549315b3f6552
SHA14394a825fd1ac16e1f7396b66234551aa8354975
SHA256d8b136eab5dadfbab1a1e3ffd575f9f5f568f65a133a9a75edc0d4bbf83fa2bd
SHA51267eef6ba2f0177c88a58dd0604f78f45698581a4174fe0565eb24c19a3d491592f9e75fd6477a76fce823aad2e19bfb923154760f0db0d79583b045e17d6499c
-
Filesize
23.1MB
MD562c161d70743ae39166eca340a78b85a
SHA1576fd110d9abf9ae5ed23a96d4e17bcd0c5c0efc
SHA256ebeb53e56edd4d430f068eb9ef2760934b309e7f118c8d8d5ae96b5c13a0b626
SHA51236d29e1ea4950b5669ea9e9479b4cb7c21f48d05c73b3f5932a711fd8207718a8f1ea520b3f671c753d93b5c27de3d429612146b08a0536e3ec2e8a7917c9524
-
Filesize
24.1MB
MD5968ae16a3412e383ba14a65423619231
SHA194da1a55fab4e4f61e5d52bd6ee6c3c16b4aaacb
SHA2566a6d4666828d3b6d573ad1ba722d9be7c2ef0b5222b9e4630d9823db9a6cf47e
SHA51234e0b0ab06f8b808f9d62f7aa7a128bdf3f2d106a72dc398a3761d5b073b1b843c14367da3fa03d9e141c2010010c9a0999b16a3f867ed0e3cd1e5f72fc7134b