Analysis
-
max time kernel
148s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-05-2024 20:55
Static task
static1
Behavioral task
behavioral1
Sample
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe
-
Size
115KB
-
MD5
147330a7ec2e27e2ed0fe0e921d45087
-
SHA1
5c1113d0280326cef5f4085f7620a81001837041
-
SHA256
92247fc31f92d78870fbb2de0226d1f54ecb04534a04a265bd9b82159543a7ee
-
SHA512
4284af59a6b7391e661c9af3c953204e511d91ce26e7db1e6fd322bfdcde627d86e9b616af6ebdae56834d6a3b4d4ca0c4482f289f8138e5abf19988754cba14
-
SSDEEP
1536:htKa4ZMnzF22qNmTIMhboDlYkAN5xsnm7UAYekc9oG9/Jmi7Rt/T0:WBZ6zQ2qYTxbp1AYqH4oG9rRt/T0
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SHELL = "explorer.exe, \"C:\\Users\\Admin\\AppData\\Local\\KB9201616\\KB9201616.exe\"" svchost.exe -
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions svchost.exe -
ModiLoader Second Stage 8 IoCs
Processes:
resource yara_rule behavioral1/memory/2388-1-0x0000000000400000-0x0000000000415000-memory.dmp modiloader_stage2 behavioral1/memory/3028-2-0x0000000000950000-0x0000000000975000-memory.dmp modiloader_stage2 behavioral1/memory/3028-3-0x0000000000950000-0x0000000000975000-memory.dmp modiloader_stage2 behavioral1/memory/3028-4-0x0000000000950000-0x000000000096C000-memory.dmp modiloader_stage2 behavioral1/memory/3028-7-0x0000000000950000-0x000000000096C000-memory.dmp modiloader_stage2 behavioral1/memory/3028-8-0x0000000000950000-0x000000000096C000-memory.dmp modiloader_stage2 behavioral1/memory/3028-21-0x0000000000950000-0x000000000096C000-memory.dmp modiloader_stage2 behavioral1/memory/3028-22-0x0000000000950000-0x000000000096C000-memory.dmp modiloader_stage2 -
Adds policy Run key to start application 2 TTPs 4 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\KB9201616 = "\"C:\\Users\\Admin\\AppData\\Local\\KB9201616\\KB9201616.exe\"" svchost.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run svchost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\KB9201616 = "\"C:\\Users\\Admin\\AppData\\Local\\KB9201616\\KB9201616.exe\"" svchost.exe -
Disables RegEdit via registry modification 1 IoCs
Processes:
svchost.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" svchost.exe -
Disables Task Manager via registry modification
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools svchost.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
svchost.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion svchost.exe -
Deletes itself 1 IoCs
Processes:
svchost.exepid process 3028 svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB9201616 = "\"C:\\Users\\Admin\\AppData\\Local\\KB9201616\\KB9201616.exe\"" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\KB9201616 = "\"C:\\Users\\Admin\\AppData\\Local\\KB9201616\\KB9201616.exe\"" svchost.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
svchost.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 svchost.exe -
Processes:
iexplore.exesvchost.exeIEXPLORE.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\UseThemes = "1" svchost.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Display Inline Images = "yes" svchost.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Play_Animations = "yes" svchost.exe Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01E95A21-0A59-11EF-86DB-FA8378BF1C4A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize = "yes" svchost.exe -
Suspicious behavior: EnumeratesProcesses 38 IoCs
Processes:
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exesvchost.exepid process 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe 3028 svchost.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exepid process 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1416 iexplore.exe 1416 iexplore.exe 1588 IEXPLORE.EXE 1588 IEXPLORE.EXE 1588 IEXPLORE.EXE 1588 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exesvchost.exepid process 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe 3028 svchost.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exesvchost.exeiexplore.exedescription pid process target process PID 2388 wrote to memory of 3028 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe svchost.exe PID 2388 wrote to memory of 3028 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe svchost.exe PID 2388 wrote to memory of 3028 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe svchost.exe PID 2388 wrote to memory of 3028 2388 147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe svchost.exe PID 3028 wrote to memory of 1416 3028 svchost.exe iexplore.exe PID 3028 wrote to memory of 1416 3028 svchost.exe iexplore.exe PID 3028 wrote to memory of 1416 3028 svchost.exe iexplore.exe PID 3028 wrote to memory of 1416 3028 svchost.exe iexplore.exe PID 1416 wrote to memory of 1588 1416 iexplore.exe IEXPLORE.EXE PID 1416 wrote to memory of 1588 1416 iexplore.exe IEXPLORE.EXE PID 1416 wrote to memory of 1588 1416 iexplore.exe IEXPLORE.EXE PID 1416 wrote to memory of 1588 1416 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\147330a7ec2e27e2ed0fe0e921d45087_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Windows\SysWOW64\svchost.exe"svchost.exe" "c:\users\admin\appdata\local\temp\147330a7ec2e27e2ed0fe0e921d45087_jaffacakes118.exe"path<<c:\users\admin\appdata\local\temp\147330a7ec2e27e2ed0fe0e921d45087_jaffacakes118.exe>>path2⤵
- Modifies WinLogon for persistence
- Looks for VirtualBox Guest Additions in registry
- Adds policy Run key to start application
- Disables RegEdit via registry modification
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Deletes itself
- Adds Run key to start application
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://inmaster.biz/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1416 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1588
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a2874c24089b636ffbf7937eba5ab64
SHA159212539ee9d605c6fe52b5d56485599eb03dd19
SHA256c48158eb189a00fb890c52653b2d9a57b3d9ab6a45f4cf13a6ee80a4b48da444
SHA512b69cd57a10adc51c45cd54e824c156ad6fc3cc2b5c64672dc670111c15f169179cb8307d4064194d4b055626292682adf037d42cd06a8b6fb9bcd33422611c3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55b9c6b3fc8f8401cf4202226efca9e42
SHA165011b435d6271b57ed4677bbc16d1e3d86c8b82
SHA2569d55bb675242c65f33fde723d933e30c32a4bbb6d2577483ccd1d620db5f6fcc
SHA512a7b2a3e96b104fcd1ed3b037143a679389c5a250557349a11724ac1acef3e283cbd9106239a9088a3ad02825078e640507b5ca65847f488e142ddd9002c3766e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD594b4e966c90af229e9281f725b94d4a9
SHA1b1678e5e29d976733242670078ed3af0a0767449
SHA25621361b6480e6a76c3e1211d1ec91579e8087462c164562d4ef1c5aa37b37dcf0
SHA5125d1d15ad50be076254ca91572a1178db39d0dd6ade16d40e56c710e6ce0ed13ebc48f42350aa3cd1bde4702665f093d764b330e4ae0a9072e6d12a529d37e0ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e0b4439b95f9b30dc6567bfc953f9d9b
SHA1b152867c12ca25de419f9bf7941d874cf3bccc8b
SHA256bf45727263cc755ae4cb67de960cbce5bb8371a9ba40a915f2d420e8f2486d69
SHA5128917ecdf01350d30ad1eec40f3468d810742321da2371423d38adad164c8d0e7fb35049d23801ef25899741cbd1ae4e39cd77b1f150fc95cb6dbd4e63a3c5b76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53409ca8ad890fed076f7c4013a232fee
SHA133937e0e1d552ca1f2c6247d039ea9bbb8779b2e
SHA256cd37d6b2993017761a0e6836fdb3c9677b35491e5ed7f5a16f0926bff4b9d8ce
SHA512da8929cae752dd9eeed771428682fb26d89cdbb7220a992a4d63eaa160b395bb106e16d3b94d49cf3aee24e81614101b7ca50a416d876dec1aefb15837b3992b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3213af1cd3da4e08f343968d85d91c7
SHA18b79ca52ec93f474167c58f07d6be2220bf87c9d
SHA256e1ba8646add50ccb30ac520da30fa3bed7d092b8d91e011823049bf77c1035c7
SHA512d140d4639567b37594ad7c35fb37f99e4712687c337e1a9c7654d2f32b3b8d4760f982855dc3d84eb08b5215d5b2cf69299eda48532c0835a97a0d67332e9dbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD526b1351c000f17a32a50e5b289cadf6c
SHA1671cb724dba322a8b618f449b65946d95f715b84
SHA25628bb51cc157866a02e67b658ed5ab561c6f3d7ef817126cc85ebd6548c77ebfe
SHA5127dd41141446cf9bfd1d579bafec03ba6069f3a7110b0be2eae17411576ce364119a2339618b4f8691474800521a6c40d5a9d5d2ca8ec104446296505e98d88ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD565b77e56c0193891ea8a67075ddd0c46
SHA14dcda3b0e3eb8c0bde3a32c7e628832ecf2e53d0
SHA25671f2d2b86cb2bf261e29db92ff548d6df1b15f97aa21b6182006d17339dd0eb5
SHA5123e73fe61d2b60baf80e9a6c5cc198023c48e38226dd96da4e4968a59ad2fba0b6899f95ac7baded21467a869aebca33bcb5778f861e9a33b935439b3f7d62270
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5263464424b5d9b4b6bc5a0bcad5f9d7f
SHA10abb17417b1f074585f4dc438580f6439e446361
SHA256ec6e02d9f7b5786a1e50c8e832f1ab4597440aa6446e0710cc0dd0b129b1b94c
SHA51263d8b82bad85a253e06d50a1a37cbda5d12704109a288cd3d5bb9cd251a432f7f725aea081f531c1c4830d2a9e3ec20d652b8d2eb4a0d367180d73b43093f147
-
Filesize
115KB
MD5147330a7ec2e27e2ed0fe0e921d45087
SHA15c1113d0280326cef5f4085f7620a81001837041
SHA25692247fc31f92d78870fbb2de0226d1f54ecb04534a04a265bd9b82159543a7ee
SHA5124284af59a6b7391e661c9af3c953204e511d91ce26e7db1e6fd322bfdcde627d86e9b616af6ebdae56834d6a3b4d4ca0c4482f289f8138e5abf19988754cba14
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a