Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 14:53
Behavioral task
behavioral1
Sample
da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe
-
Size
42KB
-
MD5
da95e3feb6a5a4f64a5f1c76bc5bf478
-
SHA1
d71e7eb56840c2099159b5d912099c1936ec8189
-
SHA256
d66d496c2b91cc2cd8db68aa68d9e0d6d9e2c96a9b3ecf1ae69732d6e74723ac
-
SHA512
085036740cc5d7134759345ff751328477dea9bbed3e2f8973a6c5e729227932e65afd911ca2e9d3371c6ba716cf0cefd4cc3d5a7ac0571b1c709c17171b7a89
-
SSDEEP
384:U65FZdgAkTiM79mgLeBDssn7bCcz/74aNJawcudoD7UjdS3beM4mxj:Uw3M7YueSsn7b9/NnbcuyD7Uhzk
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation b2e.exe Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 1120 b2e.exe -
resource yara_rule behavioral2/memory/2472-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/memory/2472-9-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b2e.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2336 msedge.exe 2336 msedge.exe 1372 msedge.exe 1372 msedge.exe 4168 identity_helper.exe 4168 identity_helper.exe 1964 msedge.exe 1964 msedge.exe 1964 msedge.exe 1964 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe 1372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2472 wrote to memory of 1120 2472 da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe 84 PID 2472 wrote to memory of 1120 2472 da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe 84 PID 2472 wrote to memory of 1120 2472 da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe 84 PID 1120 wrote to memory of 1912 1120 b2e.exe 86 PID 1120 wrote to memory of 1912 1120 b2e.exe 86 PID 1120 wrote to memory of 1912 1120 b2e.exe 86 PID 1912 wrote to memory of 1372 1912 cmd.exe 90 PID 1912 wrote to memory of 1372 1912 cmd.exe 90 PID 1372 wrote to memory of 2708 1372 msedge.exe 91 PID 1372 wrote to memory of 2708 1372 msedge.exe 91 PID 1120 wrote to memory of 4056 1120 b2e.exe 92 PID 1120 wrote to memory of 4056 1120 b2e.exe 92 PID 1120 wrote to memory of 4056 1120 b2e.exe 92 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 4248 1372 msedge.exe 94 PID 1372 wrote to memory of 2336 1372 msedge.exe 95 PID 1372 wrote to memory of 2336 1372 msedge.exe 95 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96 PID 1372 wrote to memory of 1788 1372 msedge.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2472 -
C:\Users\Admin\AppData\Local\Temp\7A31.tmp\b2e.exe"C:\Users\Admin\AppData\Local\Temp\7A31.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\7A31.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\da95e3feb6a5a4f64a5f1c76bc5bf478_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7B89.tmp\batfile.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ads.regiedepub.com/cgi-bin/advert/getads?x_dp_id=4334⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e39c46f8,0x7ff9e39c4708,0x7ff9e39c47185⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:25⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:85⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:15⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:15⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:15⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:15⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:85⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:15⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:15⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17759402614436511774,10332739548598239347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\selfdel0.bat" "3⤵
- System Location Discovery: System Language Discovery
PID:4056
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD59df02b8c7a67587bb6841ee39f3ad88e
SHA10dccfaf1e7ad161394df197f6e9dc663bb8bf1f2
SHA256e2d61bdeeea580e83c540ae47c3055fa66f49f5f757c180af5ce25c278d5fe2a
SHA512ee4248a573c60a9be224384d7b0f586c12d03a1546461553121cb562e144bbab5caece1dbda080087c69073b77ec9bcfbae7d3a5c86744d2ec7d4b74d8a29163
-
Filesize
954B
MD51ffd72f85702f78d9da3c90ca8999823
SHA134f1c12e9dcc328015b87368b92fdedccf848531
SHA256edb578f8e32cb1c27e8ee4ff0432fdf617028bfb0ddbf54f417537b5bdaab984
SHA5129ea4e056c3a33bc5b0c5ba5826a26a50fe07f50c90c0aba842d1a69829aecba45bed14547e21a0606363e9d02174c190d4d08dbe37cfb3efacfa1e307898d615
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD58e37b253e4649ce35200e0d2a9871e67
SHA18c07a878c84a9899ec61db269b83b5865e9c0087
SHA2561471e4f07c1379a913126c1af6210bd75fbfed134d995acad4b2d135b8e9abe6
SHA5123ae71349e9c9dd14313ef373da41825f851f9203651bdfab1c0c2de71a49281c1235ea35d6f136392724cd10751bb262011d888cadbde5c226c8d4e26ea50ce9
-
Filesize
6KB
MD5601a793b7ec2a4435c42077c7f202ec9
SHA165bad75a49e49594d211ad7c2c7f1d121b5f169f
SHA25681263c19c2617814d865e49bb5a08f77ad592b03720dbfcfabbf6021545d3e4b
SHA5122d2f2f7fc46d66ee89f06d5694cf9002edc1805dbee93b2339a506abf86808d3b93ab9c871cfb79a9d706ebce771803fbc8d7082115847bf16f119298ad00221
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5981f070a2eec3cc7626d94b36af1f92a
SHA104edb025e8a0b67e2071133b489da56059fdd781
SHA25632c00ccfe10d76e8e181490e464577233d1b09ba3a97bfe8a7f9a56e867a9453
SHA5124d262126b142b9fcf34c9f2f5a6ced1154510986fbeb49c5ee06e6b5a0c8b43ae4b1f5bb9057b60d69134f38afec869552022ad9137c3860670577068e270ae8
-
Filesize
8KB
MD52c74234eacda6e3fb5644e6284c205e5
SHA1758bdcec55755ebb001a5fa6258868e6dd3cf74d
SHA2564b1d9d0a406edcb5e99d88d7e59882fbd6650f6518aa1c6d2134dac3ad914006
SHA512c3e1bd7e496174a5da5a33db22a48616452aad1b2f5607ebc0ffd4511da5afa1634b713ea2f488864342b4f451e87f6c1fd25d3bea4ac7bfc382b138049f3992
-
Filesize
78B
MD59305a3bac8644db5711135490bdce8ad
SHA17a9581d064602ff34a35b67266239be55f044493
SHA2560c83a05ba8846d0ada490131bd1067bd5d97c3f0ff1214a6d23f24f12835669b
SHA512879a0338464da3eba1ccaea7d947dd54aeec0f1456446c626dea4c60c436d3795fa6eb77a1eba97c50c2b7401701bce3894b9ff815dc44701fe16bcf58f96f14
-
Filesize
158B
MD5c754f2863bbdf5c898c12cfd822c9a2a
SHA17c55391b53a7efc6a94d5ee3cfdd66987b716b21
SHA2560b2bd96e7a1bad9e15f2a4f5f2cb1f028d6318ccbe1855ed99a4dde19a6360c6
SHA5125c641382e1567421716e658b529adcf066a4caf0fa70b96e811b10657a31bf977e383fad191b9aa422b49f3f73475c4f98ee71c75995e7cf16bf03408281f9ba