Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 19:12
Static task
static1
Behavioral task
behavioral1
Sample
10337612da603f1161073c76d05d688f_JaffaCakes118.dll
Resource
win7-20240903-en
General
-
Target
10337612da603f1161073c76d05d688f_JaffaCakes118.dll
-
Size
200KB
-
MD5
10337612da603f1161073c76d05d688f
-
SHA1
25f1156fc48b4e228e5b82ae3a5abbb3b488daa1
-
SHA256
ced6fbce9082d81bfcd1667693a93057a0a19c00af72d6d797681fd84b9ee54a
-
SHA512
f8927557114c81163a2261fcc42d92f771de1143e709b7e112b3daaf3ec152db89d2941686e575035316c1d2846d19f2a3642c16c2ddd779276e574d6bf8ecc9
-
SSDEEP
3072:fNEqkap78EQfA32wSYHj7oJjKetpsHV0l3LSIVJxb/ymJywQyis:FEqkE4uHholKetpsWk+b/pywQyP
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 2400 rundll32Srv.exe 2964 rundll32Srvmgr.exe 316 DesktopLayer.exe 2340 DesktopLayermgr.exe -
Loads dropped DLL 10 IoCs
pid Process 2680 rundll32.exe 2400 rundll32Srv.exe 2400 rundll32Srv.exe 2400 rundll32Srv.exe 316 DesktopLayer.exe 316 DesktopLayer.exe 2964 rundll32Srvmgr.exe 2340 DesktopLayermgr.exe 2964 rundll32Srvmgr.exe 2340 DesktopLayermgr.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32Srvmgr.exe rundll32Srv.exe File created C:\Windows\SysWOW64\rundll32Srv.exe rundll32.exe -
resource yara_rule behavioral1/files/0x000900000001620e-34.dat upx behavioral1/memory/2964-54-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2964-41-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/316-38-0x0000000000400000-0x0000000000447000-memory.dmp upx behavioral1/memory/2400-25-0x0000000000400000-0x0000000000447000-memory.dmp upx behavioral1/memory/2400-8-0x0000000000400000-0x0000000000447000-memory.dmp upx -
Drops file in Program Files directory 4 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayermgr.exe DesktopLayer.exe File opened for modification C:\Program Files (x86)\Microsoft\pxBF49.tmp rundll32Srv.exe -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32Srvmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayermgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32Srv.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DF74801-81BB-11EF-A58E-EA7747D117E6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434144642" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 316 DesktopLayer.exe 316 DesktopLayer.exe 316 DesktopLayer.exe 316 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2336 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2336 iexplore.exe 2336 iexplore.exe 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE 2732 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 31 IoCs
description pid Process procid_target PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 1152 wrote to memory of 2680 1152 rundll32.exe 30 PID 2680 wrote to memory of 2400 2680 rundll32.exe 31 PID 2680 wrote to memory of 2400 2680 rundll32.exe 31 PID 2680 wrote to memory of 2400 2680 rundll32.exe 31 PID 2680 wrote to memory of 2400 2680 rundll32.exe 31 PID 2400 wrote to memory of 2964 2400 rundll32Srv.exe 32 PID 2400 wrote to memory of 2964 2400 rundll32Srv.exe 32 PID 2400 wrote to memory of 2964 2400 rundll32Srv.exe 32 PID 2400 wrote to memory of 2964 2400 rundll32Srv.exe 32 PID 2400 wrote to memory of 316 2400 rundll32Srv.exe 33 PID 2400 wrote to memory of 316 2400 rundll32Srv.exe 33 PID 2400 wrote to memory of 316 2400 rundll32Srv.exe 33 PID 2400 wrote to memory of 316 2400 rundll32Srv.exe 33 PID 316 wrote to memory of 2340 316 DesktopLayer.exe 34 PID 316 wrote to memory of 2340 316 DesktopLayer.exe 34 PID 316 wrote to memory of 2340 316 DesktopLayer.exe 34 PID 316 wrote to memory of 2340 316 DesktopLayer.exe 34 PID 316 wrote to memory of 2336 316 DesktopLayer.exe 35 PID 316 wrote to memory of 2336 316 DesktopLayer.exe 35 PID 316 wrote to memory of 2336 316 DesktopLayer.exe 35 PID 316 wrote to memory of 2336 316 DesktopLayer.exe 35 PID 2336 wrote to memory of 2732 2336 iexplore.exe 36 PID 2336 wrote to memory of 2732 2336 iexplore.exe 36 PID 2336 wrote to memory of 2732 2336 iexplore.exe 36 PID 2336 wrote to memory of 2732 2336 iexplore.exe 36
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\10337612da603f1161073c76d05d688f_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\10337612da603f1161073c76d05d688f_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\SysWOW64\rundll32Srvmgr.exeC:\Windows\SysWOW64\rundll32Srvmgr.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2964
-
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Program Files (x86)\Microsoft\DesktopLayermgr.exe"C:\Program Files (x86)\Microsoft\DesktopLayermgr.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2732
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152KB
MD52c60a0eb60587e6e9dbd389576a30d91
SHA19fc335861b437bb6cb3079fb07e420d8f39a4b12
SHA256e8452f0b8c328b8737d3244729cfb9b5e4295167bfda075b2679c0c9978ab631
SHA51210f7f201c1c6a36d23df72bf333663de844b7dc1b7ab7cdfeb787e66bff2bc47cda3dbe96db2d6ecb2b33364923c8334310ba1a00937e7de3e1cf8e4869e3697
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1e66ef24b05630de689acead3ccb4fa
SHA154b94eb03f12ec3eddaf77366b0fccfd1cc2666f
SHA256ceca37387039a4f9ffc2e2f4062ea8a2f1459d1a136370242078ddc5eb576e65
SHA51292171b93cb50cb61881e6cbb483bd6f1b350d5243161dd6be942e68fe9e2c5bb3d06392718039df8815a37e24b611e56f78be23274bc1dfd49a063150d0291bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb04257a70d4d8bd987e435987e49842
SHA1b67a84ea5f06e460d38b8c854346dd9301e546b3
SHA256a8d1a5ca11aa8d77367bdce91042a4450166e1148a95d011f3dbe2e241c9af4c
SHA51205c32551b5569ccd7cdd56ff37397aa53283417f568bc6fb4ad34897b4c3e841677fe53ac65ba18f686adcb4b6a93ac9da2b91024ffd184cbc0a17a0863aa179
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec442f438ad62def7e907da93af4b88e
SHA14152ef8518d3365b97a82b48c933de36ecea195e
SHA2569bf641fbf83557dee2e92c88b966da53236d306b75b00bfd6753d73a391311e7
SHA51225a6149f3ef53529ef5e5b2da947e0e4dd21956307bfb8ec3588643210d85d55e7f848ef5f8a7a3b70a496d51d532138b402df536ce5b849d9b64a808e751ccb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5487721468cfcb1b3e97c22553aa8abcb
SHA12c9fde576c8b19a8cd33bb4c1e9fcbc39dc30d77
SHA256e7487c9dc0f2b8654cc575e33411c466a8c55da64542db252accd4b9a7a32c49
SHA512317b42101ac1eaba731aee14142389ce284526e58896ba68efc6acd97c9c5e487691e974f2122f40d74d40a0f1fd36163ccc67786f4353f4c2ca3f4c5aade42f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560f70f42b288756e51cedcb198e33204
SHA132bbf08c117a98d138139ebc899971dd835281b8
SHA25684494334d6bd6e84eb8aa51d9928746fff243afbdc0e567dbd72fb5ad8000e21
SHA5124063f48a2da28605d89e2232982e74fb087c4a0781ae1e51ed2ee51598e00d1dc2bd04eda7c3e12e75ff353c4757cbf0b97fee7523642ddd865c0c6f639bbb3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50858dbc60af965c0cd21f4fe8be841e8
SHA198145f0c4f489bec9202df83a3b171f1b155feb2
SHA25620fd90800f82737d31b9e886ecf11feee54c5cdb9b67c96a349211bbaa494345
SHA51294012fb788b4e85f1aa2084ba7b81b5e9b9a533e61505951884e0312e286486a0822838dba11208de0b761a90f7fda7cb6785a604fcb193c3e73211dae7994c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554bcd18acb3df8ac8c7012338b556e57
SHA173de28f8abf9f75822b15a2ee1959120649a219a
SHA256151751b707ee884a2427cb26012a72c899454a8f1fbd448770c707a4ed667501
SHA512fa83eb0869da79b665ad0cf7343cbb6b009112ccec36d2f35e57cfef2da28a421402c349f89096f7b97db57623f345c6b35486991b27644ed6b08e45fd3caa1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5910bc30d64757c8a2b00cf80debbd462
SHA133a71b19adf725b5b8fbcc72db5cf67d9e4fdcd1
SHA2566e2afa038de86d962b5f13a988b2d6412fc4b6122b1c4b95bbba18dc41049293
SHA512d512e21ecab51eb5559d4ed222092ea609933c250bd2d26941f7a76dc042d818046e77fdf622298be2b667df56d6adf99af608dc10226fa33ccac49ad69898d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f5c71a86406bc9f5ec0d376dd3a2423
SHA12cf235a5764c46e06caf60f4c28cb628c3a9d8bd
SHA256dcd5ed32c6dc1c89f68fb7baa452253522959b10df7498f030b69b03c63e2c50
SHA5124a0de1277fe00a8c75b8d9df12ce6a766932e89a534c8cf0d3eb5311b73517da856f98c99f0e2c29a51ae6ab09ef6886290eaea24d3c44dce644b5733d2c3ec2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552d3c413e450a67b78660015ba80f2cd
SHA19d229fbe6ebd3701b5bfeb944ece0fd2186e4eec
SHA2569f22a6bc59fd4773e35ce466ae7fe1b8911f6916dfdc35712e0e7e2c49d943d5
SHA51289db7700b0b9761ec0574020ec4d8c74512328ee542f5c41e5ba0856e35be394e59a859459552ef1855dcee585efe2059b4272fb523f9476c3c906d75fda568d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a531a5e5ab7778d807eee900982145dd
SHA155c87641d6adb9eee95542c69d8b4aab3e5a8ea6
SHA25635b7e379c9c60376da3c7d5e69a0d89eef8de80c2d250c4f034dc4c05aba212a
SHA51288a5df7aaefb559e61d3ad2ebe0189facc7933bc11d2df3045ac80e9530ca4b2553241ef14bb451b8b71afcd240150dc18d810e3d7174ea7842f0bcae72546a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52764c1b58df58efc4ecbfa2e57c802fe
SHA1872a6cce205c1adb5eaa0c0657ed5635a26c5cda
SHA2561b30f86e87e142ecae774fe84a4ca05b5e72c44806e5622eb3bb3dc4523795ab
SHA512e1f6ab1f64c3028876d2bb3283f782f14519b867b5aa45e8fa870f9f63e820bc8e9f5911f707bece776bde7b09d3b7c7700e0b935b8fc570c172ca3c02d26e57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db0f7c847a90212f6e4f030a6f6b3c17
SHA14b8fbfbad935330ddc7d4d061bb33ffa1db354c4
SHA256085410ee6536bb062927b363883a8e43bea846342c8651c64a6fea7675c90304
SHA51294022c4cbafb9e637435df3820d2930a991d59d6e857f028f1695c1a1fcaffd23ecf6137c6b79e21dc76d639634ff3673939d42d6b321b7e6fdd408bff31fd8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b08f5551a90bf73d9818a3db7ce8d80
SHA1b521589a1e57885909b540aded494819f07b8d9a
SHA25693b967f67f302e2fa379c45f3c01f2230465789c44deca93db33adaafd5a41f5
SHA512f5d42969e195e996beedc21d17f910de34dedde0e9b6ba4a576c1f790d62346c605ddc2d1d826dbdf16c169160801a7d165aaf44edf2b750e644b36f0751b40f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5029a4686934291622278557d3b62d630
SHA12bd7cd5d48278c2d2e0098797774787c12ab7e7e
SHA256c2cff780d943912ef92a5276defc9ccae0f60ccc41fc38347b6f22a68f1b775d
SHA51251317575caacc574139f22ab3d43acfeb27077d13f0b9636fe4e39f3d269600eb7eb32d5e24f9c8cedd15256f3be2f462ca9e0755b6da0aaa769ca018943ba94
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
94KB
MD5f8434f362add5334f4f050f4b4b373a7
SHA1f5915cb0d72c8faffe11126bc29da1b1db8092bc
SHA256d34b378ede04c585c2bff8cf32112904e8512ee80c5a9fbb34ba224d8dbc868b
SHA5126c6b4ea2b0e37a346145ee2814789d9da4c2688aff1c3e1cced16a620e8dc81566670336a3fe8a510b1754bbac6c3c6ac20aa7e20359b9c322bb220b50ac30b9
-
Filesize
1.2MB
MD5d124f55b9393c976963407dff51ffa79
SHA12c7bbedd79791bfb866898c85b504186db610b5d
SHA256ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef
SHA512278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06
-
Filesize
1.1MB
MD59b98d47916ead4f69ef51b56b0c2323c
SHA1290a80b4ded0efc0fd00816f373fcea81a521330
SHA25696e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b
SHA51268b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94