Analysis
-
max time kernel
121s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-10-2024 12:43
General
-
Target
1367b5544d880a04248b3552c3232c3e_JaffaCakes118.dll
-
Size
20KB
-
MD5
1367b5544d880a04248b3552c3232c3e
-
SHA1
587c8acd42db7c7efe49242f4ec6fde0ec8e7aeb
-
SHA256
02878d52de142bdbeb5102ade3fe322bac4b2577f7cd316583e3ed18840965c5
-
SHA512
fc745fe43577959c7629bf5f530286ac74809ef70520334b4143787928eb6aa3c8a57ef18947b0346a2c26699bbb0c9905cf88abec4e7e839a69b2614fde9f73
-
SSDEEP
384:lQEBWKZqvIX/r3QtqM+VFc0H0SsdcCFNF2w3VX1Hz70TozIM4Utl8M0:lQr0qaMkV3reFH3nzUPM4w8
Malware Config
Extracted
C:\Users\Admin\Pictures\readme.txt
magniber
http://107cc638c27ca6007cqbvpseec.m647u2xsjtlfyzuevlxjiiwjsg2btyhmbxbjz4in4hm76u6hjzc62wad.onion/qbvpseec
http://107cc638c27ca6007cqbvpseec.gosmark.space/qbvpseec
http://107cc638c27ca6007cqbvpseec.ourunit.xyz/qbvpseec
http://107cc638c27ca6007cqbvpseec.topsaid.site/qbvpseec
http://107cc638c27ca6007cqbvpseec.iecard.top/qbvpseec
Signatures
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process 15 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (74) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s) 5 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Interacts with shadow copies 3 TTPs 10 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies registry class 13 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\notepad.exenotepad.exe C:\Users\Public\readme.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cmd.execmd /c "start http://107cc638c27ca6007cqbvpseec.gosmark.space/qbvpseec^&2^&45695914^&74^&333^&12"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://107cc638c27ca6007cqbvpseec.gosmark.space/qbvpseec&2&45695914&74&333&123⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\system32\wbem\wmic.exeC:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.execmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\WMIC.exeC:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
- Modifies registry class
-
C:\Windows\system32\wbem\wmic.exeC:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"2⤵
-
-
C:\Windows\system32\cmd.execmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""2⤵
-
C:\Windows\system32\wbem\WMIC.exeC:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"3⤵
-
-
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1367b5544d880a04248b3552c3232c3e_JaffaCakes118.dll,#12⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\wmic.exeC:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
C:\Windows\system32\cmd.execmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""3⤵
-
C:\Windows\system32\wbem\WMIC.exeC:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"4⤵
-
-
-
-
C:\Windows\system32\wbem\wmic.exeC:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"2⤵
-
-
C:\Windows\system32\cmd.execmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\WMIC.exeC:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"3⤵
-
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\wmic.exeC:\Windows\system32\wbem\wmic process call create "vssadmin.exe Delete Shadows /all /quiet"2⤵
-
-
C:\Windows\system32\cmd.execmd.exe /c "%SystemRoot%\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\WMIC.exeC:\Windows\system32\wbem\wmic process call create "cmd /c CompMgmtLauncher.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c CompMgmtLauncher.exe1⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\CompMgmtLauncher.exeCompMgmtLauncher.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\cmd.execmd /c CompMgmtLauncher.exe1⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\CompMgmtLauncher.exeCompMgmtLauncher.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\cmd.execmd /c CompMgmtLauncher.exe1⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\CompMgmtLauncher.exeCompMgmtLauncher.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\cmd.execmd /c CompMgmtLauncher.exe1⤵
- Process spawned unexpected child process
-
C:\Windows\system32\CompMgmtLauncher.exeCompMgmtLauncher.exe2⤵
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
-
C:\Windows\system32\cmd.execmd /c CompMgmtLauncher.exe1⤵
- Process spawned unexpected child process
-
C:\Windows\system32\CompMgmtLauncher.exeCompMgmtLauncher.exe2⤵
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" process call create "vssadmin.exe Delete Shadows /all /quiet"3⤵
-
-
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet1⤵
- Process spawned unexpected child process
- Interacts with shadow copies
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5cacf98305709faa8e586191f9f361125
SHA1ad230761f52c2eba6b8a440a67eb1223c7387782
SHA256d0c1ee99ef2ec49cdfe76ba6fa076191501f3cce9cb0b3aa9462e1dba74c956f
SHA512dd347aa1c6c01c4e5e6626fb46cbb17a89fb84231a5a52dbc7c5ef05bcbe2d96937e131cb3aff6ccae6dec1b0a01a9bcdd528fe53177be501a1800ae4bc66b0c
-
Filesize
342B
MD5f18bf935710236e81efc724ea5655327
SHA1b6fd37f21601706c35a7409e21cadcf06b476b5e
SHA256d9a9fa1c4e5cc23c6f390542fdbe9f396efaac1d6aabaab5f70c132942489ae9
SHA512009104cb4fc12111b972c66f0c8f86614fc1d93e4fa2efba5c8c25b102a36f3fa449e798e75ea834c2060f4aeff1161c0e83f3e080fc3896507f7e57a0b00973
-
Filesize
342B
MD55146642f752f794f02faf600bace8b44
SHA1b5e74261a89b8c3ecb9ce19ffb216c132a5442c5
SHA25637d8318a310e49f1cef2788d2db86b24b8e37b0f3519b5ed48e1c728eb97bba8
SHA512b3bae42360654119d92f8a129f727af5b6070ac4b9c2cd199aa3c8dfd627c6e1ab4687c90145277eb8bc961a408ee159576ba617d9d9dd830401bec20712a31c
-
Filesize
342B
MD5d84815276981a05c9f238d3eb5483e06
SHA14f5896c2360834e454dfba2d8dcdb207ffe49d52
SHA2565c9f13ff610ec7d0a03193df401cd637262a29459af039629005b11cd1780e84
SHA5122293386a22b9209313efffddfe245d94a110a565a1cd7387a3eadf0074f1b18ea01c81368e40656aa5f5f3a6abc8f5945ab4279a4a34e47ca170f74bda272055
-
Filesize
342B
MD5a7481fd0df90cc1ea1c739006ed9f263
SHA10a2f783cc7aa1a43545be3173d7c0dff8e6573da
SHA2562df08c843978cbc7df447c24e84e5142eb4c8da70cde61f5d9e61384556f1661
SHA5120038201de285969a95b6cc150bb0fca8f6fe8db2ce6d732a4b3e9e8d9f18a26960c8d2b29345ca91d73f8c11789a6dad7bee94959882e5593caa92194ba85667
-
Filesize
342B
MD5d412218172f5b2686a7540aa0ccef1b4
SHA1aca9ac1bb0db893a3bab06b2b8b341763f85d6e0
SHA256aea9c3e86d4ef99211d23b0c27cb4068b1e11ff9f49511827354d2f56695024c
SHA512124d00356abdd2e11b0b9dadf57acf5d341235241c158e1d5b02bbcb713c24aaddc43aca090bf16d462965c5453a89287407f02eb7c794eab1b18343bc07350c
-
Filesize
342B
MD598c0c00b709810e72347a4a17ca170f3
SHA12ee1e634a423b03a791b94dce4fb02febdbffd56
SHA256f0887165c97d0d28062b075a516ef2a023cf6c596b02e174dcd7b15e38cb276d
SHA5127d26da1788bc4cf9a2ae7622710d3b68a918dfacb3c0ef0ac5e0ec11ed5d2d308ccf807295fe4c7597bde76d251dfa59d38b090a5808aa9f1b6bb118f8a1d4bd
-
Filesize
342B
MD5d2fc377d998744ca5c47d0f6e55db93f
SHA154572d20bdcb86a13e0e3b89097dc87d61cd9050
SHA25666d3803f8269d953457acfa59c885eab09b4c705ff3963d585bc5b357976f965
SHA512206dbcf9a2bd4a41924b0242fcdbb53829fb112b3263249f30121b71a16797cf4caeea987a0a5714e8536bad190c79c0ee34934bb3f6a65754b27530ad697ce4
-
Filesize
342B
MD5d42985d0a7a8cbf145fdf1dcaeb58f2d
SHA1f02f69d55042f62643fc478305f19c7a42041272
SHA256bf26ba8c654f124968bdf9925c76cdbcf14434763abc665c29856b2117a6fb8c
SHA512a2fc8c34fdf9d8210824c09adea9278c1ca6c246a3ba1045a9f63a089f62342a122ad2313b19debbb43917a2b8f1bbacbb88d360e4e8c2ec38c1af792efa043c
-
Filesize
342B
MD5eadf558a8f27063a0461cc28c1d51e11
SHA1a21f05e802606da25fbccfa1e9d3ade729645370
SHA2563711047d334e9c8a9dc895b846026af1f41d21d264f23ada9da75aaaecc33b00
SHA5126bb8882d3aa3db09c965f6712d4007059cb17d1b04e6e7dfb9c9d792ab8ddce33aeb1e469003b5fd5fbe37580f7eee64432dc1411fb4ead7a708c0b13803c676
-
Filesize
342B
MD5f2cee8154ac4b644768279aaabe1be2c
SHA15581477e851db503d9c27ac105252f3dc30c536c
SHA256d4a0dc196e39615f1e5fab5b9250631f2866f2ff47b24e529724e69e84e3cffb
SHA51248d38d60a2870d0b72c3e92acd1a7b95be7616ca72b5e6e28ff17244a9abbceb6df8412919c62f8b71e11b17648eef1decae4105a511d19c4be1c4a48332bb0b
-
Filesize
342B
MD59edce61fbc88ad1587f2fd46942dac31
SHA122a036d5369cc649834e9d246ab19a2265e84d8f
SHA256ce3907db8a282ecf75e82788c0f057efa99e2efb057fabec3db082d4332abddc
SHA512fddf494087df24676d1df4934a6a54e485918dbf450a960c8ed74fa4e85d24c9c573d2acb92c3e7f0a105ec6aa564286cbb7d0b2065510f772334b9d84827196
-
Filesize
342B
MD5a8816fc54c143e64fa412515ad778c08
SHA1c40b5727c2e108a8eaf5577607b6cd3c70b81f0a
SHA2566702332389bc4cece70bf23dbd2bb777fc40e05cc3048a6b4657e9b55aa0d5e9
SHA51217d327bda8935c6fbfe4a5844954d1fe63e15aa614cdde6bd898329e47bf7d7a12546ca4abe3dd0f6babe730965d8104c3a7bb5fe96ef0dcd096726017ea5313
-
Filesize
342B
MD514dd99f1b79970b05a12e9752dfb0ead
SHA1638b337590bb0d76bf676af71aa80bd1019a6c94
SHA2566e71f24ae944fb3b2a5db02f49652437f1516da9f3c75ffc78469060de3b9542
SHA512a5506d7244ce304bbaf81cc1ae614225418e81407d9c3ffcde7503d4cf428a7ad0a5bd9b201d2cd5bfdb47f8430f4500b1df8aca30a4577071aaf0d1cbe9f92a
-
Filesize
342B
MD5259ac24eb71c43879c789e45c22b0414
SHA118ebd4af3fdda14b32371ba780a64e88a81927f5
SHA25632747f784eedfe2c854105d166478fd8a81ee3fa4dec1023588f50bf011b78ed
SHA512e045da91a90c1113e69678dd8ccb1fd6dda09d43d7f071a526c50e22d8b1186051eb616147c08c9b643c9607a359c5e91b23340d5cc8f556acd77b8b9f1a5904
-
Filesize
342B
MD5a25944c5bb4fe069e45ba5b4be4af797
SHA1c1da91d059195e97a665c7a492cafc6ce24a9f49
SHA2567e7f6eb5dcad065f1038156c49a128f57f59e26f22ff9464ee6f063ff9577274
SHA512f6ea085b756dcfebe7e5e1e88acdd55eadcb4c58ad32362a81fe28f2a74a911dc4eeae61fc2a945c3b5d7ef4d570e64f9864c1b1a401e5a2ea911aa3c7e7cb7f
-
Filesize
342B
MD518b52133a53d5cb2bdac60c381a78548
SHA1b6c6e62401f44fc092fcd96f873113e7ef889f50
SHA256dd9b8f8cdf33e8d5778dc933dd25706297b9aa154a43f5a39615476e5ff961ba
SHA5122a5c8dba8064ec3bb94bd4e02ffddce30fee730427e2263c5694dfd9099b2ab5894ff9a1075faee9fd6ba2814f0b138014c4add7bb1094abb52fbe2ad3cdd0ef
-
Filesize
342B
MD52cfcacc31a721a3f6187586000aa1705
SHA16042053cc1a471d5ad335d5aea850ba6ec01ab6f
SHA256666a91daf2a4149dab74f64f2e2d2b73aeea91e35d71218dc5efb21abfc6595e
SHA51250f47386aa9b91b0449b51bcd754fb433a50f6eb084f704fef7eb39c72e421fa8a122ec41885eb53e63e2d60df25111b5b0d79f427c90855f0673c2bba247cbd
-
Filesize
342B
MD5c486dcb65be1d9c5b2e9c7fd4d3b2859
SHA19598e1e64de5b1be5163e0d42cdcf5e31aea4223
SHA2561537729bac94af93c080d39a5b3633bef822ef0ab06f2341d2c277839e6970e0
SHA512595dcf3f810746e4d7c963093b9e02510907cd0c939b842d2377a4434e17d8a8dc2ba5b47cb827be457f8ebeb7c70479d951a434b8ca41b36283d371794ffbd5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
203KB
MD5068ff9c33f208d2e46d495109558c60b
SHA15cb494a87fc4e1623419d33082ac7c7410570f8a
SHA2560e5d967de96a3b79debf85e8cfd6a15fa0c88186143dfe43618f5c1438815fc7
SHA51215f9cc50b0ae47309b00e359b986b0ac112e82d4799e2ffb6a018e78305aa36ccb613203e0d8a27c7c20698e0a61dff0ddf8ca0838d26311e8bf917969d1c156
-
Filesize
17KB
MD578c32799487cc790cffe09f0940afc0b
SHA109d40256d130fc44093366a62b32f1afa954bc29
SHA256dab5b74c9cc43c6b4e2d2f128e59e3f66d1a989c50fe3af9611308403398776b
SHA512dc515892eb374176e1d383b6b8f707405ba49798326f7aeded86d0798753123d564a868b894ea63d6f512ae2e1bed07f9351206c9ae7ebe8b8f4aa4aaf0f38c5
-
Filesize
18KB
MD5c57a09b07f09783dab5a6ea83a96ee89
SHA1348b5aa8b234183a9bfc0adc39ed56cc8010e7d4
SHA256dc29373ff8125f93b3eb01394266a41264d952f9ab7a3ab81459d0a806a8205c
SHA512abedbe9b25e8112ed95652fc3e235e747b79b5bd95a7d6f22d35c0bbabca19b01afe0b9935b618a61d7412cc73352d14e8476df13a101a5c081404f37bc9cbb3
-
Filesize
307KB
MD540b1fd2955c5c4547d741a17cea0c9b2
SHA123d9f6a3bab2565dae3262bd675e478f3cbfbaf8
SHA256eeb0ae191af871c611999db118118cc677ae2f605972297f7c9673eba672e804
SHA512d76eb9c8bedd7d20e5156a39b6a1b57ba057a86613711a54af8893ff7e846ebb2a968464b2f88f234f38e043eda55bf611c3524c2362f12eba73d9f0193d5390
-
Filesize
249KB
MD53d05860d6a7ec3ff1527bda5e1cf9a37
SHA1982f4d53b211f7124ca5921a2a8d6f92bac25e2a
SHA256c226ed1907821356d19d34672b51b2616d757d62dc974735213869b595ba8c24
SHA51286524cd577b131afb224d7d9949cadf45399279f9534b0c01588be5ff86059365d66e463c35191dd70070d21f43dc2a244f1ec3d1377213767c7776fc2f16128
-
Filesize
296KB
MD5acffa9ae4bea4cc20384be3fa2df63a5
SHA1e23c19bdd9fce18ac6e7b081fd99889838e4b91d
SHA2569a9a502bfab68c5576402edc8d187dd36b40f15806866523a367698f87f5951a
SHA51272ed126ce7f1d59690a6c8c9492b78c18ceafdca54614a263670c1a70124eec7fc35ccccc51f794e7f050adb285c386d89317ec8e53a4df34dbe2111201454d7
-
Filesize
226KB
MD533ba09b10bcec5fc1d87796a6da8bec5
SHA118a6216a3ff3f2c1dcb9880814df538c3f8edd8e
SHA256a3aa7c4de85350900d538e3e5ae8999c8df51054eab98015e7dfd53bd486fcb8
SHA5126525d3cf60ba518875c1d99a3b10b0d25370b3179f64e6997cf739dcdb7a08a32a166619978777580baef0490b65ffbaccc5756d50152da9d6d3266db935c25d
-
Filesize
122KB
MD5e274dc42cb1876b704ffe0ebc1e126f7
SHA1c20ffa6d14a30f65b737d825fc57635aaa4266bf
SHA2562f7d8d811fc1144664e039b3fe2268dab1c65850065b785ff7889afe74413606
SHA5120d3b6e7962b7f3583f178ac44c737e95afaaf12b8bf7886c0430d94079411a1046c9a1f42e8e09f74b3580739ec744c34eec06749bbc8cafb82227d3f620b7b1
-
Filesize
331KB
MD57d09513b98263e2438fc859d96dbd133
SHA128543f4f647407959779e3a3e0fdfaef0c13a9d7
SHA256ef5df9a242af66e7627913e88707b9f894e173eac21df1f3a78430b19e8c9e50
SHA512a3ad38b4e6ebc32e5b44cdb7ac0826c9c476601be7ed2ab562c5c0d04026ab68b2b4cfb5a13f5f2b8a40ad6013fc8ea4eac30ed0da7be84dbf2f31900da5700a
-
Filesize
1KB
MD56b003d65e0c69350dac80136704d0fb9
SHA149ee249b899e243cf6c75b765f24f3bd61d5e10c
SHA2560ed54958606471617dae5442924f1bc27087c6602d818b5ade37da34bd5207d3
SHA512ceaec0c5dda2fe3ee73537cfd85849494499f1ce3fd3a83cd7324183d292e45eeab34064e838922ff772cc637e6faf144d2ad0e25c9aacfe9c1a722cd4127959
-
Filesize
20KB
-
Filesize
24KB
