Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 07:55
Static task
static1
Behavioral task
behavioral1
Sample
5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe
-
Size
1.6MB
-
MD5
5647eaaab2fdb519ee6dfa37c41ed4bc
-
SHA1
e4a8d404159f195dd0f697d54c7048f7a1052f6d
-
SHA256
ea82fd18e2bc55984294a2f16f5fa56c6f6917cfd11b7199934a5f2ae3957f98
-
SHA512
41929071f4f2a284b3229b15359cacf5a84c8320913438fe49f950b0403e1b67af56e8459cc2a780eaa8206d729fdf8c88a966fbda0d38ce1434e25404fd18a7
-
SSDEEP
49152:dNHe8fAIwgw4lAAx9BhmaCldEbi0z2sD9XYxfXCogCbF51+/ng6g/tu7jbCIeI:/He8fAIwgw4lAAx9Bhma+4isnBYxfXCz
Malware Config
Extracted
latentbot
dr00wsupden.zapto.org
Signatures
-
Modifies firewall policy service 3 TTPs 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe = "C:\\Users\\Admin\\AppData\\Roaming\\4ozcy5729OZ.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\winlogon.exe = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe:*:Enabled:Windows Messanger" reg.exe -
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run 4ozcy5729OZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\Winlogon = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe" 4ozcy5729OZ.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1AD870AD-7ACC-1FA0-77DB-08BAB1DDBD76} 4ozcy5729OZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1AD870AD-7ACC-1FA0-77DB-08BAB1DDBD76}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe" 4ozcy5729OZ.exe Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{1AD870AD-7ACC-1FA0-77DB-08BAB1DDBD76} 4ozcy5729OZ.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{1AD870AD-7ACC-1FA0-77DB-08BAB1DDBD76}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe" 4ozcy5729OZ.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation 3ozcy5729OZ.exe Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation 3swrq7270SW.exe Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe -
Executes dropped EXE 4 IoCs
pid Process 4936 3ozcy5729OZ.exe 1204 4ozcy5729OZ.exe 4416 3swrq7270SW.exe 4924 4swrq7270SW.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Winlogon = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe" 4ozcy5729OZ.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon = "C:\\Users\\Admin\\AppData\\Roaming\\winlogon.exe" 4ozcy5729OZ.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 25 whatismyip.com -
resource yara_rule behavioral2/files/0x0007000000023c9e-24.dat upx behavioral2/memory/1204-31-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral2/memory/1204-71-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral2/memory/1204-73-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral2/memory/1204-76-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral2/memory/1204-81-0x0000000000400000-0x000000000045A000-memory.dmp upx behavioral2/memory/1204-90-0x0000000000400000-0x000000000045A000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4ozcy5729OZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3swrq7270SW.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 2100 timeout.exe -
Modifies registry key 1 TTPs 4 IoCs
pid Process 3976 reg.exe 1836 reg.exe 3696 reg.exe 4232 reg.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4924 4swrq7270SW.exe 4924 4swrq7270SW.exe 4924 4swrq7270SW.exe 4924 4swrq7270SW.exe 4924 4swrq7270SW.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4924 4swrq7270SW.exe -
Suspicious use of AdjustPrivilegeToken 39 IoCs
description pid Process Token: SeDebugPrivilege 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe Token: 1 1204 4ozcy5729OZ.exe Token: SeCreateTokenPrivilege 1204 4ozcy5729OZ.exe Token: SeAssignPrimaryTokenPrivilege 1204 4ozcy5729OZ.exe Token: SeLockMemoryPrivilege 1204 4ozcy5729OZ.exe Token: SeIncreaseQuotaPrivilege 1204 4ozcy5729OZ.exe Token: SeMachineAccountPrivilege 1204 4ozcy5729OZ.exe Token: SeTcbPrivilege 1204 4ozcy5729OZ.exe Token: SeSecurityPrivilege 1204 4ozcy5729OZ.exe Token: SeTakeOwnershipPrivilege 1204 4ozcy5729OZ.exe Token: SeLoadDriverPrivilege 1204 4ozcy5729OZ.exe Token: SeSystemProfilePrivilege 1204 4ozcy5729OZ.exe Token: SeSystemtimePrivilege 1204 4ozcy5729OZ.exe Token: SeProfSingleProcessPrivilege 1204 4ozcy5729OZ.exe Token: SeIncBasePriorityPrivilege 1204 4ozcy5729OZ.exe Token: SeCreatePagefilePrivilege 1204 4ozcy5729OZ.exe Token: SeCreatePermanentPrivilege 1204 4ozcy5729OZ.exe Token: SeBackupPrivilege 1204 4ozcy5729OZ.exe Token: SeRestorePrivilege 1204 4ozcy5729OZ.exe Token: SeShutdownPrivilege 1204 4ozcy5729OZ.exe Token: SeDebugPrivilege 1204 4ozcy5729OZ.exe Token: SeAuditPrivilege 1204 4ozcy5729OZ.exe Token: SeSystemEnvironmentPrivilege 1204 4ozcy5729OZ.exe Token: SeChangeNotifyPrivilege 1204 4ozcy5729OZ.exe Token: SeRemoteShutdownPrivilege 1204 4ozcy5729OZ.exe Token: SeUndockPrivilege 1204 4ozcy5729OZ.exe Token: SeSyncAgentPrivilege 1204 4ozcy5729OZ.exe Token: SeEnableDelegationPrivilege 1204 4ozcy5729OZ.exe Token: SeManageVolumePrivilege 1204 4ozcy5729OZ.exe Token: SeImpersonatePrivilege 1204 4ozcy5729OZ.exe Token: SeCreateGlobalPrivilege 1204 4ozcy5729OZ.exe Token: 31 1204 4ozcy5729OZ.exe Token: 32 1204 4ozcy5729OZ.exe Token: 33 1204 4ozcy5729OZ.exe Token: 34 1204 4ozcy5729OZ.exe Token: 35 1204 4ozcy5729OZ.exe Token: SeDebugPrivilege 1204 4ozcy5729OZ.exe Token: SeDebugPrivilege 4936 3ozcy5729OZ.exe Token: SeDebugPrivilege 4924 4swrq7270SW.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1204 4ozcy5729OZ.exe 1204 4ozcy5729OZ.exe 4924 4swrq7270SW.exe -
Suspicious use of WriteProcessMemory 40 IoCs
description pid Process procid_target PID 4784 wrote to memory of 4936 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe 87 PID 4784 wrote to memory of 4936 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe 87 PID 4784 wrote to memory of 1204 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe 88 PID 4784 wrote to memory of 1204 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe 88 PID 4784 wrote to memory of 1204 4784 5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe 88 PID 1204 wrote to memory of 2528 1204 4ozcy5729OZ.exe 89 PID 1204 wrote to memory of 2528 1204 4ozcy5729OZ.exe 89 PID 1204 wrote to memory of 2528 1204 4ozcy5729OZ.exe 89 PID 1204 wrote to memory of 3100 1204 4ozcy5729OZ.exe 90 PID 1204 wrote to memory of 3100 1204 4ozcy5729OZ.exe 90 PID 1204 wrote to memory of 3100 1204 4ozcy5729OZ.exe 90 PID 1204 wrote to memory of 3804 1204 4ozcy5729OZ.exe 91 PID 1204 wrote to memory of 3804 1204 4ozcy5729OZ.exe 91 PID 1204 wrote to memory of 3804 1204 4ozcy5729OZ.exe 91 PID 1204 wrote to memory of 3036 1204 4ozcy5729OZ.exe 92 PID 1204 wrote to memory of 3036 1204 4ozcy5729OZ.exe 92 PID 1204 wrote to memory of 3036 1204 4ozcy5729OZ.exe 92 PID 3804 wrote to memory of 3976 3804 cmd.exe 97 PID 3804 wrote to memory of 3976 3804 cmd.exe 97 PID 3804 wrote to memory of 3976 3804 cmd.exe 97 PID 2528 wrote to memory of 1836 2528 cmd.exe 98 PID 2528 wrote to memory of 1836 2528 cmd.exe 98 PID 2528 wrote to memory of 1836 2528 cmd.exe 98 PID 3100 wrote to memory of 3696 3100 cmd.exe 99 PID 3100 wrote to memory of 3696 3100 cmd.exe 99 PID 3100 wrote to memory of 3696 3100 cmd.exe 99 PID 3036 wrote to memory of 4232 3036 cmd.exe 100 PID 3036 wrote to memory of 4232 3036 cmd.exe 100 PID 3036 wrote to memory of 4232 3036 cmd.exe 100 PID 4936 wrote to memory of 4416 4936 3ozcy5729OZ.exe 103 PID 4936 wrote to memory of 4416 4936 3ozcy5729OZ.exe 103 PID 4936 wrote to memory of 4416 4936 3ozcy5729OZ.exe 103 PID 4936 wrote to memory of 4924 4936 3ozcy5729OZ.exe 104 PID 4936 wrote to memory of 4924 4936 3ozcy5729OZ.exe 104 PID 4416 wrote to memory of 392 4416 3swrq7270SW.exe 105 PID 4416 wrote to memory of 392 4416 3swrq7270SW.exe 105 PID 4416 wrote to memory of 392 4416 3swrq7270SW.exe 105 PID 392 wrote to memory of 2100 392 cmd.exe 107 PID 392 wrote to memory of 2100 392 cmd.exe 107 PID 392 wrote to memory of 2100 392 cmd.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5647eaaab2fdb519ee6dfa37c41ed4bc_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4784 -
C:\Users\Admin\AppData\Roaming\3ozcy5729OZ.exe"C:\Users\Admin\AppData\Roaming\3ozcy5729OZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Users\Admin\AppData\Roaming\3swrq7270SW.exe"C:\Users\Admin\AppData\Roaming\3swrq7270SW.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Roaming\3SWRQ7~1.EXE4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:392 -
C:\Windows\SysWOW64\timeout.exetimeout 55⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:2100
-
-
-
-
C:\Users\Admin\AppData\Roaming\4swrq7270SW.exe"C:\Users\Admin\AppData\Roaming\4swrq7270SW.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4924
-
-
-
C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe"C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe"2⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1836
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3100 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\4ozcy5729OZ.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3696
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3804 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3976
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\winlogon.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\winlogon.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\winlogon.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\winlogon.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4232
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5149da29919fe1d4e3e9e55bee2be2648
SHA1a2e9401e1c6b17f70d004381637dd7d84714d6e9
SHA256f56f353c87a1e492208756a4d9788d82953ef1d565ec6f4404e5ec10024230a9
SHA51299b035a9a76343ded42f359a93702d2ae843ebd6f863ef093556ae9eaffc32395ee027d2b71dd2b9c092a34a2fccbb7e3865e2d71518eeccbaacdb2907348215
-
Filesize
18KB
MD5c1d71ae4a72894851d141ac619d98214
SHA1cc94fea6ad8fe862bf042619ec66604e4203bfad
SHA256feb8687e854e1b65613adf8b93155ea6f6d48a4c7e7e92ac1f3d62636c3a9deb
SHA5128e2307c75a07bd1db0d7da47abcae10ca678425a7eec9f0095d418bc17882b3a848f7b0656a64f6b2ff404faf824869d10d3f9f5fc2d9e9f56c8409d23bbce8b
-
Filesize
129KB
MD535fc32c18b4b90779f019acc95010e7b
SHA1d886b87fac85a585f85c831504dece1f78219898
SHA2561d2d5c51711e369ec41e7ff54e97420cf2b6c3d589efed25a9ad6b4ddc8f2f10
SHA5121f22e259ecdc7ed076f0f9479d612ee7c12d301ad4d4e52ead97b09fae46c361fb75e0b13ddf5db05cb4ec90739755ba944b92ff14eb24773ec65d47dfc55ec5
-
Filesize
1.1MB
MD5cdbce78bd80687b566d97b0dc81e700c
SHA15f7a6c19a25973db9905bbc9c7530106d74543a0
SHA2563fe06750849ae72a8584a4bc44e83139d494d046f45c05eb23d6b6d374e5ba18
SHA51218e505ff713e93c25da30c51228ce462edb5e69e3f204710092086b4790e53ce2b5b9fbc2cee85eac23ddeba0ff55d3b043ed7c9c0f8a7bdcbe11cde8b4b3ba2
-
Filesize
34B
MD516e0abc6bba66ebb9e8e3626da5e4e67
SHA13fe92695e95313d9fd998c6c5d5aa0d42bf0777d
SHA256330df529d0e4a065b67e4fcb59df03549dac1cb8db472996b2c9137c27b194cb
SHA512e87ef159d90fbecbe97b1b83196c6d8b30b113d7f9966235ee23d7653e1ea904c59c03e5390b3d09d629fd220fb440782a6ab55c1da9a4370518fc31672724dc