Analysis
-
max time kernel
132s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 14:37
Static task
static1
Behavioral task
behavioral1
Sample
0f2f0ad04b698dd20f1108cc9cabd655_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0f2f0ad04b698dd20f1108cc9cabd655_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
0f2f0ad04b698dd20f1108cc9cabd655_JaffaCakes118.html
-
Size
157KB
-
MD5
0f2f0ad04b698dd20f1108cc9cabd655
-
SHA1
6e03e23763fa23c92476295d943c7e44c647cd85
-
SHA256
281f5d57b4518bf0543b5b6f4ca4c3ed5cd2987b4818e2d1f28844716e73eb69
-
SHA512
b7f7c0155cc957df0e9f434e5b0b56fcfc26d5329a87c99b26b89b3e46d9c582c96308d98e27c464c933682deaccb1f4ede2137a4f90fa0a3eb9ca18514bac7e
-
SSDEEP
1536:i0RTwtjMDgqjDR+ylyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:imVaylyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2316 svchost.exe 1996 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2764 IEXPLORE.EXE 2316 svchost.exe -
resource yara_rule behavioral1/files/0x003200000001867e-430.dat upx behavioral1/memory/2316-435-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2316-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2316-440-0x00000000001D0000-0x00000000001FE000-memory.dmp upx behavioral1/memory/1996-446-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1996-447-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1996-444-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1996-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1996-451-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px6F75.tmp svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A14EB21-8195-11EF-9E99-E699F793024F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434128129" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1996 DesktopLayer.exe 1996 DesktopLayer.exe 1996 DesktopLayer.exe 1996 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2252 iexplore.exe 2252 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2252 iexplore.exe 2252 iexplore.exe 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE 2252 iexplore.exe 2252 iexplore.exe 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2252 wrote to memory of 2764 2252 iexplore.exe 29 PID 2252 wrote to memory of 2764 2252 iexplore.exe 29 PID 2252 wrote to memory of 2764 2252 iexplore.exe 29 PID 2252 wrote to memory of 2764 2252 iexplore.exe 29 PID 2764 wrote to memory of 2316 2764 IEXPLORE.EXE 33 PID 2764 wrote to memory of 2316 2764 IEXPLORE.EXE 33 PID 2764 wrote to memory of 2316 2764 IEXPLORE.EXE 33 PID 2764 wrote to memory of 2316 2764 IEXPLORE.EXE 33 PID 2316 wrote to memory of 1996 2316 svchost.exe 34 PID 2316 wrote to memory of 1996 2316 svchost.exe 34 PID 2316 wrote to memory of 1996 2316 svchost.exe 34 PID 2316 wrote to memory of 1996 2316 svchost.exe 34 PID 1996 wrote to memory of 1104 1996 DesktopLayer.exe 35 PID 1996 wrote to memory of 1104 1996 DesktopLayer.exe 35 PID 1996 wrote to memory of 1104 1996 DesktopLayer.exe 35 PID 1996 wrote to memory of 1104 1996 DesktopLayer.exe 35 PID 2252 wrote to memory of 2292 2252 iexplore.exe 36 PID 2252 wrote to memory of 2292 2252 iexplore.exe 36 PID 2252 wrote to memory of 2292 2252 iexplore.exe 36 PID 2252 wrote to memory of 2292 2252 iexplore.exe 36
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0f2f0ad04b698dd20f1108cc9cabd655_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1104
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:2634759 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f9aa0ba6b7ae303b152f7f560481ed1
SHA19cc07776433615af497b56cfd5773042f5cd752e
SHA256bad7e69cbdaab1fc7f32ec4080e074ae66d9be946a0d20cf12f57241200d6552
SHA512ae51c34414dc00e0b1beea85102e472ee509789fe973777df9b656f1946e1c35da11aae2a4b6c33847e091469ec2eb340cd064a17ed874bda3ff133325f1c2c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523bbd0585a676c4b6dff5111f6f34b8f
SHA1c1025f03f5016237d3cfd44b71bedcb3457b4072
SHA25682f367f05a7ba89fbd7a82720909eb59763e277c8ed1ec645a1d92701b9b3cb5
SHA51211b18ae719726b3046abce14059694d6471052f08678aca3cfa77dc5650c31c1c1cda28a870f10be9c013d240544d582daed3b82b3def57907ab677b98d6bfb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d0f00bbc9e31e2179180d540fc31aef
SHA129e376b9ebb45a9137c271d4b779ed6315967602
SHA256590331b41bba3c3e42c2c99353dca2fbeecc903612e7c51bbb58d1726bce2915
SHA5126ad9f0d0337e06c637811a9f073adf2e78d9f1aec6d48c04e184c5eea13138d9e880701871d13bf26a1c9a5be93e246be8245ae2bd88eded466e33a4e844b967
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4d224a0f2b7a9593ac93c1eade4a202
SHA1b111b8b99d522a7b32df710b4e463982fbbe56e7
SHA25649c760c4bfd69e7e60e5ae070a1a7c3f15503b6de066f00d6be0c4153427fc76
SHA5124aeb665918326fbb57e8d3309b47f227ec21b1f2b818e85b3f56d471a0fc535c3c7b55118a227c5bfa8776f4b1727c164ffecece2ce0ad8e377c4ab1b7b7ac9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c0d475c1d03e63b94f4fb628c253a1f
SHA16974b18af0e6d3676c97694db1239b1dbfdc2863
SHA2563b95c12577f77bf2d82f5190e9f1968390c12b3a5b888fd4342229185dd91c4e
SHA512a59c4546f30b01b04b65a307396beba17132372c060795acda0f59cfe5f56453b1b96ada5445d5e00bf2382df10ca3d14f714e5d09ce60e9c613bb3e36c6b1eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597151eee4892e53513065d4588369a66
SHA14593d0d4ef3727bea07a1a15e235c6740507885e
SHA2567baeee5b0c996789d0d3ca8fda2080ec56e829bf9094bf4b3c73bdcf222fdd57
SHA5121711a8f9502d192caa89a0a4c9bebcf23707b12b2434382693eb98be1effc784ce89d69da6bb766e504251f01c44bfc120822a6e3fe47d6e037e73638c71e850
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572b7d97bda0d3d8b3a815501fa6919b9
SHA1bf8db7ef8dc6ed65b170074631bbcc5fd058ed38
SHA256c4d38d9cb1ffec8b082cb8fdccbf78eff6dfdc0c0b2d03ad2e72b5985d04a8ed
SHA512aa8afc8dfb99d65457f2e0823db000720c7365a783323535453ba4c65234c449bc541755ed4a1c79a12386b9d5c84f7230fe2b9c247a931017b3496284c34786
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51661d38fccc89cd557058da2991276bd
SHA16534bc4ce83d841a87eab5650283c415f98c3ed3
SHA25675fe2dbe9432c03b771d13ba89e76a6c9454397448d965b709bf6cd58e023ae0
SHA512e072df91ce3eeb809d151d12ac6b91564772417080e6cc7e163227309d2f5a9b969fb10a9498e848191d2964d4881b13da9968462633c3e36ab65ce676f793d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b51985eb9254de52a28fedcf70a63a73
SHA1d7e108eeec9f941ae70a3d0e000d82bb2f526964
SHA256590f3a572d532562c2a436a0dac94f5038aff09a2830e35130b8664da66231eb
SHA51231f62573fd893fd5d2eeee5774929bc3e040d33089ca224a05ee1ebb38bb3ad38ff0e02366f705c135c6885c4ea4f9042d16392000c75064d06e7a9a89066abd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545993885ce25787eebfa4ab67a597b7d
SHA1dd39b374ec57a9dbe2f79b2283281628bc03ea03
SHA256d7442fc6cc779827fb83a8aec9173b6a9a6679e45bf1af1dba629864c2dc03ee
SHA5122b7f87809402b5c6dd829284a9004c49ca48115554adee04ad77f58fdfc8369b1dbad98cbbfa1d4bc2d9e72ed6760439363e6075de6bc94fd2ebdf9e8454d1ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b1cdbb952d8316e6b70d70d8396e1ab
SHA1614cb8886d9d91b6402d5bc88ca41192508453ae
SHA2560e222e40e0626af05a0e7b530a9b2bbbeb59a1ef8206f6eb8eb2987a318af95e
SHA5127e9cd4d74e428e481a08a383eb9f844b81f5c3aa97851e05b4476fd69eeccdc9e58fb4840a2b052f54c29fda83e795cb96162742ba028f295267b6575e976b85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521192b8286c4652738e737b01807e5f5
SHA1b65bd6039445e018b6fefae77a3f4b244e398522
SHA256d6c634085a83bd5fbf7fd98371d627487d00929ff11251bef5c58ce4d2134125
SHA512e2cc97c0edcbdec2ffcb3b0077bc72c01fcef6b4061393d0e4786dbc1a126e96921592a43c977ccfd55ae5e56c4cb6f8d5bc36d7c6cc41ff82e2e8cd7eb2897e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8144d68b341fba4fa88cf7d00492a84
SHA1038fce5dcfd0df4d412bf2b2c4a0f6ce68e3b5fb
SHA25699155ca32d32e41abc2200f636a28ffefa6f4fafb7f1bc2ce314d0e7c66733ae
SHA512400db8acbd0531ad4ff882e193a5cc8000f6c1b1b5867e5c900845b34665f4ffccb3a683194b31db5581d801e5da9d0e2dd55e5e3b34cc5bd1ebce4e961e5746
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8a56bf11721c3a8ccba4d1deb6f93f5
SHA1c89b10aa2b1c2f016137718f243a2e61b4059cfc
SHA25651f1f2835fb23f20488d76cef66b53a2c66778281add4ac33a3e39c5b2f41e12
SHA5127730a13dcfdd7ba0683191eb60fc2dc95b2abc177e5a150fee398ce5ef51f22b81fe9fa4eab8cacb1d31f829a2fe9d564da78aba97d318db40b04015c51653d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53428f23a65a7230cfafe731b437220d6
SHA1995f3221b2ea7ce0948567cf22365341d12b6e51
SHA2565f489114b3e7d395793732ef759df2c45ff7d421518ef9a4904e7f4dfd75e26c
SHA512e3719dcd9b16649dc552215d41e952378195c8d755c47ffa3be824eafa2de4ec2e85ac20fe9619498c6707aacd9f79874abc59d0a5f5cc2d913987df62a35c7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb40c67016e6687582a5bf43b24992b5
SHA162a1f817e4c097d73dd939a4e0a8bcdaa377ec53
SHA2564d985fe07ebc9eafdb1e507b764de151d1bd5a2f9096d10c00d254d184628e71
SHA512d6b36d1aea452d49cdb931d73e9cce6468473aa98efdd67db79f57b462bcdaf06211ecbcc5f19c1ddc55b72e9a8fbdb8ce596d02237e0bcf2afe6666c382c016
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5373387e280386ea4e41ad75600688cab
SHA16d497040ec4a4a534527942e018e251a8736107b
SHA2568d00a59f9dc9e1eb6b5ec17c8d79f428014f53bfa76053db568ac23dcd1d1d70
SHA51275379de007a98d94d3e78ccb219a97fe86aec3074b241c9aecd1d566cab7a9016936368dcb69b61e6621241a2d4eb0479ee766b7281be63c9ecf28c880061526
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a