Analysis
-
max time kernel
14s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 20:40
Static task
static1
Behavioral task
behavioral1
Sample
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe
-
Size
213KB
-
MD5
0f7450e7497d1318dfbe4a85e2534612
-
SHA1
c1c8d7e44f6f274fc581f7f8f4816d41e79acba8
-
SHA256
bf0ba638e0d04ee95923ac4f8ef1b465914fae2a9af4b15dcc902dd334239d04
-
SHA512
ac4fba6001485dd8e4acd7ceddeef2702831edbd5f59cbfed73badb0f85aadf30695dc88221b7e6c1b637ea0cb48df72851e47fd4c1e70180afbd21ee04dcfdb
-
SSDEEP
3072:L3c1KtP4AJJLRJzNuQdkA7iBCIOox1sy0+w3CtlOSBRPue8V3FqgKh61IHMhOcke:jFPjnk8T657kS9TJ8VQgM6CHzLD5oJ
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Modifies firewall policy service 3 TTPs 6 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" Au_.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" Au_.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" Au_.exe -
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Au_.exe -
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Au_.exe -
Deletes itself 1 IoCs
Processes:
Au_.exepid process 2896 Au_.exe -
Executes dropped EXE 1 IoCs
Processes:
Au_.exepid process 2896 Au_.exe -
Loads dropped DLL 2 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exepid process 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe 2896 Au_.exe -
Processes:
resource yara_rule behavioral1/memory/2424-1-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-3-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-4-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-7-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-22-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-5-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-25-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-26-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-6-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-27-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-28-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2424-29-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2896-61-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-62-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-74-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-79-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-80-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-81-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-60-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-59-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-56-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-58-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2424-55-0x0000000001F50000-0x0000000002FDE000-memory.dmp upx behavioral1/memory/2896-83-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-82-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-84-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-86-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx behavioral1/memory/2896-243-0x0000000001DA0000-0x0000000002E2E000-memory.dmp upx -
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" Au_.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" Au_.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" Au_.exe -
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Au_.exe -
Enumerates connected drives 3 TTPs 7 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
Au_.exedescription ioc process File opened (read-only) \??\I: Au_.exe File opened (read-only) \??\J: Au_.exe File opened (read-only) \??\K: Au_.exe File opened (read-only) \??\L: Au_.exe File opened (read-only) \??\E: Au_.exe File opened (read-only) \??\G: Au_.exe File opened (read-only) \??\H: Au_.exe -
Drops file in Windows directory 1 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SYSTEM.INI 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 4 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe nsis_installer_2 C:\Users\Admin\AppData\Local\Temp\0F762896_Rar\Au_.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\0F762896_Rar\Au_.exe nsis_installer_2 -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exepid process 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe 2896 Au_.exe 2896 Au_.exe -
Suspicious use of AdjustPrivilegeToken 41 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription pid process Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe Token: SeDebugPrivilege 2896 Au_.exe -
Suspicious use of WriteProcessMemory 16 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription pid process target process PID 2424 wrote to memory of 1100 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe taskhost.exe PID 2424 wrote to memory of 1160 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Dwm.exe PID 2424 wrote to memory of 1188 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Explorer.EXE PID 2424 wrote to memory of 1560 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe hccjfr.exe PID 2424 wrote to memory of 1912 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe DllHost.exe PID 2424 wrote to memory of 2896 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Au_.exe PID 2424 wrote to memory of 2896 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Au_.exe PID 2424 wrote to memory of 2896 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Au_.exe PID 2424 wrote to memory of 2896 2424 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Au_.exe PID 2896 wrote to memory of 1100 2896 Au_.exe taskhost.exe PID 2896 wrote to memory of 1160 2896 Au_.exe Dwm.exe PID 2896 wrote to memory of 1188 2896 Au_.exe Explorer.EXE PID 2896 wrote to memory of 1912 2896 Au_.exe DllHost.exe PID 2896 wrote to memory of 1100 2896 Au_.exe taskhost.exe PID 2896 wrote to memory of 1160 2896 Au_.exe Dwm.exe PID 2896 wrote to memory of 1188 2896 Au_.exe Explorer.EXE -
System policy modification 1 TTPs 2 IoCs
Processes:
0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exeAu_.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Au_.exe
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵PID:1100
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵PID:1160
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1188
-
C:\Windows\System32\hccjfr.exe"C:\Windows\System32\hccjfr.exe"2⤵PID:1560
-
-
C:\Users\Admin\AppData\Local\Temp\0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0f7450e7497d1318dfbe4a85e2534612_JaffaCakes118.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2424 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\3⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2896
-
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:1912
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD5c36e02b8b4b8895f83b505445354e72f
SHA130d1a2e8a1f97f585727fc1d7b8cd4a59b379f0c
SHA2568051bf33b481ad52a4515d6c03c5782f663f855a0ff35dafb30efd1bec3b166b
SHA5120f6d91ddb93ab81507ef1789faf99b5f3fd3914c57ab1a84593364e04fdcc631eb6eb2cc53afdc519862326bd8f5b9ae1272af4c92e20cfa35a30b0b72cb398d
-
Filesize
728B
MD5950606fd8b26dba64b423298fdeea295
SHA18310ca44bdf2a26c210e4578ccab522b329b3c1b
SHA2562b8cc43d1408c40258c180998084a92255751c13979b629f64616c04721af6b4
SHA512c6d9e774a63e98a4a744e2373beba5f2dd398e86596de06f9957225b064f26da975436aebccd73051438191baef0470e3e14614098726373ca68a29dbcde9033
-
Filesize
213KB
MD50f7450e7497d1318dfbe4a85e2534612
SHA1c1c8d7e44f6f274fc581f7f8f4816d41e79acba8
SHA256bf0ba638e0d04ee95923ac4f8ef1b465914fae2a9af4b15dcc902dd334239d04
SHA512ac4fba6001485dd8e4acd7ceddeef2702831edbd5f59cbfed73badb0f85aadf30695dc88221b7e6c1b637ea0cb48df72851e47fd4c1e70180afbd21ee04dcfdb
-
Filesize
257B
MD5575904e2581895e163186461cc33ab5a
SHA14af59d866bf75a732ea2c0e73843fb64a16ee42c
SHA256dd289f879f54ec275735346871b9c902c2232acec5fdaee9cc2cfe173e77a1c8
SHA512a353fa9230e564731d58ea671b079e384c2d7bfabbb9c68181a0edcfb7d4e24ae20b055a16232c0c3db24cc694fe171742b37c8eed7d6abc14248de76c4028be
-
Filesize
96KB
MD5f188d2e6a6d9aacff03995dd19ac349b
SHA1b77c3a912795e4de10cf7a399b04850a07f16133
SHA256529066e77aa4fa099d5ff45d0738a0da1de7d30a8aa2c4d8dc60c66e58adc348
SHA5125952315d03f9d3c623b620b63b50f40b1d2f56f07a5f8748a38b2cdff41ca2106171695c6a29b5366147411dcb873bab5d5305ed24182b1bf9220363c74f5be3
-
Filesize
14KB
MD50dc0cc7a6d9db685bf05a7e5f3ea4781
SHA15d8b6268eeec9d8d904bc9d988a4b588b392213f
SHA2568e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
SHA512814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0