Analysis
-
max time kernel
124s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05/10/2024, 00:17
Static task
static1
Behavioral task
behavioral1
Sample
15705d87729cb4bbb7ea4981298a3a94_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
15705d87729cb4bbb7ea4981298a3a94_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
15705d87729cb4bbb7ea4981298a3a94_JaffaCakes118.html
-
Size
159KB
-
MD5
15705d87729cb4bbb7ea4981298a3a94
-
SHA1
757078e8e96a8759217187defa5e121ceda90aba
-
SHA256
09819d7c86badccdbaccb03b3fdcdc91a27feeb9f817c22d196c8752c0c8ba18
-
SHA512
a09fa480fb0bff1fe4ce305987b3ab51223e3a4703d125843dd416b3270edfc0ef2e17f52b3976cd519322947aeb72b336bf56fe7140ab1f85ec02319ce45182
-
SSDEEP
3072:iJQfAitP3iyfkMY+BES09JXAnyrZalI+YQ:i2IitP3nsMYod+X3oI+YQ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 844 svchost.exe 1464 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 3008 IEXPLORE.EXE 844 svchost.exe -
resource yara_rule behavioral1/files/0x002f000000018eb2-430.dat upx behavioral1/memory/844-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/844-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1464-451-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1464-447-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1464-446-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1464-449-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px8ED7.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434249308" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F118DF1-82AF-11EF-968D-EE9D5ADBD8E3} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1464 DesktopLayer.exe 1464 DesktopLayer.exe 1464 DesktopLayer.exe 1464 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2532 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2532 iexplore.exe 2532 iexplore.exe 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 3008 IEXPLORE.EXE 2532 iexplore.exe 2532 iexplore.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2532 wrote to memory of 3008 2532 iexplore.exe 30 PID 2532 wrote to memory of 3008 2532 iexplore.exe 30 PID 2532 wrote to memory of 3008 2532 iexplore.exe 30 PID 2532 wrote to memory of 3008 2532 iexplore.exe 30 PID 3008 wrote to memory of 844 3008 IEXPLORE.EXE 35 PID 3008 wrote to memory of 844 3008 IEXPLORE.EXE 35 PID 3008 wrote to memory of 844 3008 IEXPLORE.EXE 35 PID 3008 wrote to memory of 844 3008 IEXPLORE.EXE 35 PID 844 wrote to memory of 1464 844 svchost.exe 36 PID 844 wrote to memory of 1464 844 svchost.exe 36 PID 844 wrote to memory of 1464 844 svchost.exe 36 PID 844 wrote to memory of 1464 844 svchost.exe 36 PID 1464 wrote to memory of 2508 1464 DesktopLayer.exe 37 PID 1464 wrote to memory of 2508 1464 DesktopLayer.exe 37 PID 1464 wrote to memory of 2508 1464 DesktopLayer.exe 37 PID 1464 wrote to memory of 2508 1464 DesktopLayer.exe 37 PID 2532 wrote to memory of 1324 2532 iexplore.exe 38 PID 2532 wrote to memory of 1324 2532 iexplore.exe 38 PID 2532 wrote to memory of 1324 2532 iexplore.exe 38 PID 2532 wrote to memory of 1324 2532 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15705d87729cb4bbb7ea4981298a3a94_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:844 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2508
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:603146 /prefetch:22⤵
- System Location Discovery: System Language Discovery
PID:1324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD519263089c19dd52deda24d30cefbb3d6
SHA14dc8c94606064c8e6aaecc78a6976a52211dbe7c
SHA25669bbdd2ebd3172f15860344615062cf105da227edeb28d847b51c144ad8d633c
SHA512610fa5e6d07a378a67fa9340c32f5ccc5796da81fc09f37427018fe704b91f4142fa74dcfca3d7928d8ae0bc5ee74cf842b8251714d79c32a01a046342611980
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e18c421388d3666dcd5d647182f1ded3
SHA1ac9b1ad3d97c0b8e5b58064eb408b5cdd05a007a
SHA256bda15869a1b838c1e4e7b0978dd5ce5f07e2cd519efff8fea1089253922f7903
SHA51258f36f40f301e1a6220052f7660ce5f54af84b587da9dd3ed16a85605b981303852b559dfb89fc5d1a5b0fd646040dab3125614389b43391c0c0290b3111db8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50036602e853e6bac5cb5d44daea9ed99
SHA1fc3bc1bd0c6e4b555ea9ed88867299801aa09678
SHA25653fd8b263ad620b823c6cb3dbc9240d4b1f3182dd8794226d806f3221dd419fc
SHA512d7fcbb85ccce2418e0ab17ee51d2b81c1c3f0b93fa7526ce841bad9dd2f22183c235a61225b76d5f64e31bf8645d90f46d51f0710cbb2b270b94bd0e8c6648f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5324eda3adbdce710e69baaf97214385f
SHA1f0da958aec652d32d65d30327d990894f18f9a80
SHA256767f5904a2fc9ba24180d2efcf8f71ae08622225b85ab6d1a0dd285ec0d5b694
SHA512f8b43f1822e8ad0125b00770b31baf775751f41c4c9d3c9430bedf8307ade4e61f764586188209d8b9d7dcad44535a705e89452689fda72d315d8167f4b3b4a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a7a5e9aca0accc363a6efb833af0a69b
SHA1c650cbb14c5b39aa8200ba77c6a85fc8a5cc4728
SHA25679a1dcb4863289778b4c2cc07a14077b206112b5800730ac99f728a69e8d3ad1
SHA5120c0371c5da945a6c04f79e693aa22ced79ba3ba64bda2c8aee5a3b734656b52393b62b7a28a7c1afe3451646eebdaa7628486676c033460d988a53525345dfd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50add27f6fe4ddacca3f7fcb411ff7ab9
SHA18a5375961413da052e939955296809cab7ab3692
SHA2564ba9e2a074c669995d441b91f67d0e60c7b58c9b3bee0c4d7b46d950df305616
SHA512a2acff557593d0d426c2e02d165b9844617b5513d3991d7ff6c0a32176b2973d085a4ef19ca22dd75c1c6292c2ddee60bb0e67ceb4a9daa424db5d9a476471a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535fed8d09ca2bf52fc1641adcf6d8414
SHA19e21a141dc0b2104bae14e5682e3b13f295696db
SHA256aa167f3630695455d83b0794ae9de26ba1ab401d31987e7b3fb22443d51c8be2
SHA5126970c846e11824e7e66046bd05b40fea4d8bac98d97732df97cac6fe32b1b328ed33f77a202e7ab9ff325014ab257c3e872428de475de8cd5f58fb8295bbab38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a35055822e2ac5f23f66e9f98f207f2e
SHA1f37b69f6f9ffcb6f5bcd3097c7f0406b1fefd016
SHA256e50da5f0989374a82ea39089520bb4c504b78c8bab0106a97a2622566d0f6e24
SHA51239e9d96872a9bebe4c8ebc927c0945fb1edca4b1ce201fe157f17c7e2145910bb4e44828e581ee51a7f6cb2cbd25f71e5227f5ce41cbf2d59115e524c8c4f2a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554bf6a8264eb081b044aef467c18f583
SHA154d56cc6fb47fe064450580c562059b73138b129
SHA256a4cf6bb41f0d0ef3e72e8714230e58a58c4ae2279daee7ec79d6be6fe9d4c4f9
SHA512210b6e8cca8c313517e27bcfd7eab8094d24cc9a3eb6df784bdfe2a606ef0ef906a5f60cb33bc59ab36f1bf665e0d590b90f54753ab08bf37eab8c9811798564
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5642b0e60e6f842e0a5fef1c7fd18f6a2
SHA1d77f07d15aa0a9f2cb0c3e65074b7f6a13387c2e
SHA256801a1d5ac60c5e615ce1976bc762afe9cb3052d8fd5b49512f95b1d349113e19
SHA512fd87e974d764f67ffb5f9c71b7f0b9f1f1abf006f03dc3ccc0e4923a10f32fd0dda221e3f06953aa9324cfa6bf28ee841bc0b61a85db09745e4539c0e88f6e1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5551176187440223d4cf60564282150f1
SHA1ffc97d04edde5ca829a739189dfa416ad30ae500
SHA256014bb130a87222124f301fd236c6aba31ebee4b258fe34291a77206c09c24b1f
SHA51261b0045bce6c4512c7e112d7c3c2ca1e39bef2f04b47eceabd8b7278121e282e9f6c7a3149bde7677d092dd1086c42b044dae02d327c2fa60d61c986c436c587
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6630b47d29a6ded97611c0c404b847d
SHA1bd923e793fb0819378840ecd28e57b9f488593c6
SHA2562479ff8a5c6ff6317439a85898f2b5dff392534c323284a1365edd42b5ecd04e
SHA5124f7938aa2fd6b7ee0bafa676935196d270e49d772f7cf9d3afffdf2536921db979626deb8cef0a6f4c215ca22a042c1b2ff115174adec39a905fa3284dbbd447
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543661cd12c8654fd03c6f1e38f516410
SHA1069ddc2150879d162c8f7d6e7fc7816bc2bfefb7
SHA256aca566a8b247d3ea2445709ff364324112dd488eeb6743197db211d77d239eea
SHA512f945a51685e031a6dbc8164fc041f060420d2eeeb6bec1c4f5b34521b811b33b033ef4a086bbf82ab8c973e570aebc27ece576a7dae526967ae9084f1e34996f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c34d7fbb032ac83244595be6a6406c8a
SHA199c30b8ba787873b4dc0f5d12774b9e1efa55af4
SHA2567efe2a6d87c71d7edeeea5ffa827da5d7be0b7aa6edc4f6ddad9d20309189a30
SHA512d3aa3d3f2a531fb1417645a819f5c9037a4e746c5ff444cdd08a67165e02e6e64da53dbc5f6feba5f0d0ddfcfbaa0a204222693a5812bb235f4c6e63e729f876
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d505aa1846f8d41bd00bb72600339d45
SHA17d3e2383aa8ecebce7978d7712fa8c3901a9b926
SHA2565ecdd061e35ad1cff92948505d0b01f68fdf998cc087fb7ea887ab163b158acd
SHA5126fc410891835f3a4f1149708f47fb775dcdeca8e325999ff1c00a01115f94572c0e9008d5546d3b7f3f54426d29856d3205655fff458281baf95f341568e4d1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56844d478b5c54ac8c0ca3c08738814e8
SHA1cb8d115e9f4f1374fa11e0226f7af6c3cece723c
SHA2568dd537e03b8205f296e6b48b1a495f8491234bd7312d2ae1a1c5248065e73422
SHA5120597170da77ee9c89afc59b01f76bcdbcc143f03547be043df6f3ca1454817371e276bfc5c2a1bf2beba81a9780daf80bcd8bc1fdaf529b35963264c05b617ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa2a1a43d355e701ca0a7bb380f900ca
SHA18ad3891184bab5fbe80846414a6a17d1e18641d3
SHA2569d2f64f4ee6b408bc3e073576f0640a8f326a85ddd47df35458146b31d3f9ed2
SHA512db117eac5584f06490b3b22ad0f6dc6b3f4398a3ea479f425603639dd56f29d4b5504c250874a6b82f4fad27d2c12c3afac4ddc24ec549c6a56755d4a12a190f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b2d23e2305b0eb50f4b8bc6d9a0414ee
SHA1001848aa427f7d868d7e86fc6c245e0f0c591d2c
SHA256c84953c4bdb2c0802dcc77c7fd05e32852f76f380e2bb9ac33281dd301417e21
SHA5123be9817fc4921234b43a590637179d6702f173e38f6cac362ba54bed42e14c86b6f335c5e49f7e9139991517768097248137ff0f45c00fb274c782d0330f8e2f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a