Analysis
-
max time kernel
146s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 05:47
Static task
static1
Behavioral task
behavioral1
Sample
8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
8985a736ddb0cd7d6ade4db9a9d1a1a4
-
SHA1
11b6a860c985e0764b985858c99feb8d46758763
-
SHA256
f827af4dc7d3f6ca6b352c4d9e2f65573a386a3285a7e621126cd0b0a95d58a6
-
SHA512
c526b2d8184ea4f70ec68314d9d2b743674d7f4d20cd2cede37ac01c6fd82dc657854dfe7f758a81342c23ff55cd04c23a874860f093b646d040f4a94c8ac56c
-
SSDEEP
12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistV:U/eDNAuaE6tiQ
Malware Config
Signatures
-
Downloads MZ/PE file
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 1 IoCs
resource yara_rule behavioral2/files/0x000200000001e5c6-50.dat nsis_installer_1 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 480696.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3560 msedge.exe 3560 msedge.exe 2972 msedge.exe 2972 msedge.exe 3716 identity_helper.exe 3716 identity_helper.exe 6088 msedge.exe 6088 msedge.exe 6088 msedge.exe 6088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1504 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe 1504 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe 1504 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1504 wrote to memory of 2972 1504 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe 86 PID 1504 wrote to memory of 2972 1504 8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe 86 PID 2972 wrote to memory of 1964 2972 msedge.exe 87 PID 2972 wrote to memory of 1964 2972 msedge.exe 87 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 5116 2972 msedge.exe 88 PID 2972 wrote to memory of 3560 2972 msedge.exe 89 PID 2972 wrote to memory of 3560 2972 msedge.exe 89 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90 PID 2972 wrote to memory of 3212 2972 msedge.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe"1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bigfishgames.com/download-games/2580/hot-dish/download.html?afcode=af628d3a27a22⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1bd46f8,0x7ff9a1bd4708,0x7ff9a1bd47183⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:83⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:13⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:13⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:83⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5400 /prefetch:83⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:13⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:13⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:13⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 /prefetch:83⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:13⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:13⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8710159343867837024,5226861519575910893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:6088
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3268
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
393B
MD52a649f5faddd98d5738f5e5bfb078ea3
SHA1666ae0c54fd1b3ef27c0dbc261f8c7d0230f18d5
SHA25686bb4293a7ae796bc7a76446b11a85d5e4bf9e3a4afb1f0950f515beca101e84
SHA5121157fa9330735d655fd9013698389b4cf1ab6e0efbc9b138f51eb49c4d10e820449c1c84b181d008f0a9efc5ca1f21cdc698ef5eb64f7c660af7dc99d7b45727
-
Filesize
6KB
MD508f2c4aa3d941775fb245db896b08762
SHA1102f90933c9491996869c150b92361c3283e84fe
SHA256c5f341d526173253c33d64bfa2aefb714cfed523940dc477b9adf0a0c6d380ef
SHA5128350d4889580b80d223a6f9825ec220cce576424633930be90e9f41dc5a801e256cbf94663bb02179367b158e57971d966de5b3f16efc4fe06e4712ee36ac96e
-
Filesize
5KB
MD588061df7ebffee4d0c3304637c51f271
SHA1c7789d16623082a5230cf5e3147cecef68c157b0
SHA256116d51044cee6d559a57f1c6640512c6877e57ecbdf92b834df24bfc58e0f0f4
SHA5128142423755ccebef3539e0d08e57bd6a751ef5fffea91fc4c173114f5f22bca6c0850b5d4150fe2c2796736c7921a15694da34d4fbc2967b0af2448a61090b45
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59f51d6735f0e7ebe5a009c2c95eb5530
SHA1d3a775ac762d4fe6bcd4108048ac20de007589ac
SHA256d9bebcea0740a67aace5fd031a14e73700b7c63c3a5b773e7c2c1a3bdec54c82
SHA512d49e2c25968de526d9c1a12333fb2efcba978902901a81742beed735cf0a327b5e09426343e1faf6b493ebfb64f58aed90779f76d76de3e86c527dddc19c40ba
-
Filesize
192B
MD5b32e479bd009ed83990c9673269a8679
SHA1c90602796792d73b8e14df593d28c88639957537
SHA2564da0710275fe2edc624ceae921dfed794450221c88daaac73467fc885cff1a3b
SHA512d29415020d7ddc493ac36ad2351414523f9804f3031a50c6bfded58d8b9a83f13877ae73571e9dcc50eedd7014230196313dfab8618e587e118ae6ba4d94db12
-
Filesize
1KB
MD52ea8b7850f62af1fa6cad79c60f76540
SHA1d332d37287c8b0afb78c07501900b214ade207a5
SHA256500c501f3a5e565a1cc5ba2c24943308a68b86776b4c229590e2a4f832e72539
SHA5125f0228b5215b2dee265b05de194a8e8f2282d95359e94041dfc3e19ee302627c5a614a7e4bee3183907b4dbc6f5c9b80921011b29f6f21604607eb951bb14430
-
Filesize
232KB
MD51e47566685a6d793d1df722d2ffe76ab
SHA1f04e325b6ac258ca221791b841c3187f10b2b7b1
SHA2567901dbe3b12f7b5e91127f957e3e6dc9fb7461d66a831c71b9bbb6385c699da9
SHA51290dff89738b72d07025d26d3c137fe2e5ce10d7abfe5b2cc10d82dcdb3e94914ad18592121f69269c041c82dacffe856e179cb3012f4ff65fa52d44462661b35