Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 14:07
Static task
static1
Behavioral task
behavioral1
Sample
0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
0b0ac9c2e5e7dd24e5255a01926fbcca
-
SHA1
32f581394e2287a802e38b5993bdc20eb0ca0f2d
-
SHA256
89c7b7c161f5a7b5e7a43aac1bc0853628850682230a28ad55a4b739ee0966a8
-
SHA512
3bc01a71be63489e51925cdcd4fe416a6a032af467039aa37cbc0c4417e7cc5554b741c22bfb021bf1bf6e767627ccb62f6544c3e583a554ec72ed723f30bba5
-
SSDEEP
24576:frJKUK/juqkncxnfS//2oYP+ENxuIW/Rjl/lVlP64htKQtsVELVDiicYQRebMyHz:f1Kb/juqgcxfSE+HIuRjl/lVlP64htKB
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2552 crpD5A8.exe 1712 hpet.exe -
Loads dropped DLL 2 IoCs
pid Process 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language crpD5A8.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hpet.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFC9A831-80C7-11EF-9C49-4E0B11BE40FD} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000000f9adfdf485f8e991b303f11482e61eac54d26b67be6481a9569df764f697a2c000000000e800000000200002000000023353b95ed707680d64b909ee8a8c096a1bc9c320d8d3577c40bb40343bd80fa90000000e7711c0d827d2deefa000853e6046f1c8a01425e185b2f77f7e270bd1b7970ef24ac5b2dd0c218f3b8b4de1494a5e8c2dd3bab95c80e695dfacc1584b38082a48decfaf5ede578fd64182313398f609b4719f8844564e014348a986f703caca91a0a15aabfa54f291b4116b15197f357b0d52255f2f4e80d311e0ac4e300b7c0f1e9f3d293c7447f2d40607cfa605fc4400000008a62aa3f97cfcfa4ccabbea9578fba24c901c3a20d4241283af775293d0ef4e42ed9a25a5011343ae364259f098d4f7d5cfa7bac79f7d6a422823a5cd630510e iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434039979" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Start Page Before = "http://go.microsoft.com/fwlink/?LinkId=69157" hpet.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000007d8310dbb33befbd876778b2bcea4a3faf8d1f85184f680d2288b7d2632c3ea5000000000e8000000002000020000000aa0f6da714c2303322e0fb901da7b436b0b6d9932994bd1bb6271367104ca6d62000000023ee96de5d7ff2d31fcaf05fd680b3782ea616a6286786ea6915b91a3854b04940000000f788f864f877614b0f107e861dbab55dddb5bb5acbfd857b69cea7539d2b0c9b44651cd15ca758fdfb812a20b148059a0e04ed79b912a82cb06c32fa70a7400a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002d7394d414db01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Search Page = "http://search.b1.org/?bsrc=hmior&chid=c162341" hpet.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Search Page Before = "http://go.microsoft.com/fwlink/?LinkId=54896" hpet.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.b1.org/?bsrc=hmior&chid=c162341" hpet.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1712 hpet.exe 1712 hpet.exe 1712 hpet.exe 1712 hpet.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTcbPrivilege 2552 crpD5A8.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2784 iexplore.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe 2552 crpD5A8.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2552 crpD5A8.exe 2552 crpD5A8.exe 2784 iexplore.exe 2784 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 2552 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 31 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 1712 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 32 PID 1704 wrote to memory of 2784 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 35 PID 1704 wrote to memory of 2784 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 35 PID 1704 wrote to memory of 2784 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 35 PID 1704 wrote to memory of 2784 1704 0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe 35 PID 2784 wrote to memory of 2680 2784 iexplore.exe 36 PID 2784 wrote to memory of 2680 2784 iexplore.exe 36 PID 2784 wrote to memory of 2680 2784 iexplore.exe 36 PID 2784 wrote to memory of 2680 2784 iexplore.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0b0ac9c2e5e7dd24e5255a01926fbcca_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Users\Admin\AppData\Local\Temp\crpD5A8.exe/S /notray2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2552
-
-
C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe-home -home2 -hie -hff -hgc -spff -et -channel 1623412⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.4shared.com/file/9q0PlJOb/Finder-CWM.html?ref=downloadhelpererror2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56af8ce476e1b8a1292d1ca6d4977cf6b
SHA1caa30782931e81c4e574e77d484a62e110985917
SHA256a355c87a26d1703dcd6714d860eaf31e7c882e4dbb4fd770083a2e816581ca64
SHA512e15d25ab3e8c174663160957ff9041617ca4407e04aa40a01dd5b58c9b7ecbdbe922c9fc1bf12806864e4291370b5577e0c3ce6c747cb2a1af249a2dab63abe8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee86dd8a9758a3a77855062f9d7b90b0
SHA14ee43ef38d37473edb6f034d3b3f2fc7b5a832e5
SHA2566c69aa61ed13df1c91a10481afe1e062e1d2c244be67da0a71a4e8c5d53ac334
SHA5128962a6539ccaabe58f446a8833b92c3a6d9443c7d0e62b153ba98fd79aeec746f972bacfa8a211337d1345d2a35e091d9f8400534eeab03fe3e241f97dd678fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d6eac0db87ac099460176c3cd120b9a
SHA11aa8dffb3a1f34c4bb7fa06a9d90613f089967f5
SHA2566d55a7947e5e64e61ef60de445683cb00279961dc1e1b92d76dc31dce43d7fd8
SHA5121095cbc7f7510bba968fbefee25c5476fc63666871362a6001b6d2baef9e2bb6f2ad5490c7a608c71bd67c889036c34606940c13f6390e36a38b155c6e0b4e71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e364eafd6bf6753a82da69d859fab2fe
SHA1a84df03fd85c2d1a1d288f0cd49a7349f7deef7e
SHA25659a7b811183e539e18d23282a9d886e9b8772cb21bf11d69010fbbf7a8cd1d1b
SHA512e959be7cb0208c9035018553f4b771c5c331563fa3ab246d24bebd3fa03b976b062236872b7214fe35a776c66f5132f0b3a408976faabb2dea98434df6eb6b00
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
71B
MD5b9719882f64b508f5ec3c0be9cd6c359
SHA112388312f25b2a34f2c83029a88c52b9bf5ccf4c
SHA2561f7f16bf8af6f2e270f73cc85d0adba138bd86d0e3e81cd59f835d821bbf51e8
SHA512e70a3b7cd6e103ca77577e587bb9d167eae3e2a35a7e02cb0f0894570011f79a3dddfec2ab398689f2b721c6f252a241cf7a3c6802ccd3abeaf0a5b6b601f5c7
-
Filesize
806KB
MD5661cf9c90eb099fb7b6a394dd8cde2e4
SHA13704e119ea16a3c336f63dc808176a22fbb8582a
SHA2561570e0efe0cb98623913d942cf40f2eb5b10458f49842097125c6d6d8604cd07
SHA51213c26a514c2022a10b42566a527ef98adaaa9932ffd07612ccdeb371888c037be3b429c956ecb7705699a2b6e3463758735332c9e26ea5f4493a91f30dfb4761
-
Filesize
331KB
MD5a3e93460c26e27a69594dc44eb58e678
SHA1a615a8a12aa4e01c2197f4f0d78605a75979a048
SHA2563a81cefbc928fe136056257b8b57733164f2d1fa9d944dc02897b31b171335c6
SHA51239d17b7190f3ff5b3bc3170c8e21d7bba5c32c0f55bd372af2e848ff1ef1392083218a562f3361fdc2db95e4133a19c4ec1cab3e982174d76b8276358dac6530