Analysis
-
max time kernel
147s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 03:31
Static task
static1
Behavioral task
behavioral1
Sample
8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe
Resource
win7-20241010-en
General
-
Target
8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe
-
Size
4.8MB
-
MD5
8173bdfafc135aa867c33525bcbbee03
-
SHA1
4b66034fcc78184b5267b98b9644af6857f395f4
-
SHA256
df3d4b03c2fcd0050c01e5be70962d833c960aaf937765e2a043ec4ae14bba9a
-
SHA512
4b9f289accbce3bdce2916eda477f3c3692551c72fb24312eedbe5402e02b2e2795c4ad44c8be65cf20b99bb313de479fc5a8113e294eec107dda94ac0603cdb
-
SSDEEP
98304:8lG4ybJ2aU8LTT8Cz43cYl80kXdEW+iD5tx20SCVRFHylfGgkWGXYgMq9V:pV2r8/T8Ck2v+iD5iCVXHyG/1BMqD
Malware Config
Signatures
-
Gh0st RAT payload 2 IoCs
resource yara_rule behavioral2/files/0x00040000000229c7-4.dat family_gh0strat behavioral2/memory/1312-11-0x0000000000400000-0x0000000000421000-memory.dmp family_gh0strat -
Gh0strat family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
pid Process 1312 server.exe 4256 VIP加强版.exe -
resource yara_rule behavioral2/files/0x0007000000023c88-16.dat vmprotect behavioral2/memory/4256-23-0x0000000000A20000-0x00000000014AF000-memory.dmp vmprotect behavioral2/memory/4256-25-0x0000000000A20000-0x00000000014AF000-memory.dmp vmprotect behavioral2/memory/4256-27-0x0000000000A20000-0x00000000014AF000-memory.dmp vmprotect behavioral2/memory/4256-80-0x0000000000A20000-0x00000000014AF000-memory.dmp vmprotect behavioral2/memory/4256-83-0x0000000000A20000-0x00000000014AF000-memory.dmp vmprotect -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1668 1312 WerFault.exe 86 -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VIP加强版.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4256 VIP加强版.exe 4256 VIP加强版.exe 544 msedge.exe 544 msedge.exe 4900 msedge.exe 4900 msedge.exe 3076 identity_helper.exe 3076 identity_helper.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4256 VIP加强版.exe 4256 VIP加强版.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4388 wrote to memory of 1312 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 86 PID 4388 wrote to memory of 1312 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 86 PID 4388 wrote to memory of 1312 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 86 PID 4388 wrote to memory of 4256 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 88 PID 4388 wrote to memory of 4256 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 88 PID 4388 wrote to memory of 4256 4388 8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe 88 PID 4256 wrote to memory of 4900 4256 VIP加强版.exe 92 PID 4256 wrote to memory of 4900 4256 VIP加强版.exe 92 PID 4900 wrote to memory of 3984 4900 msedge.exe 93 PID 4900 wrote to memory of 3984 4900 msedge.exe 93 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 1456 4900 msedge.exe 94 PID 4900 wrote to memory of 544 4900 msedge.exe 95 PID 4900 wrote to memory of 544 4900 msedge.exe 95 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96 PID 4900 wrote to memory of 2652 4900 msedge.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8173bdfafc135aa867c33525bcbbee03_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Users\Admin\AppData\Local\Temp\server.exe"C:\Users\Admin\AppData\Local\Temp\server.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1312 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 3323⤵
- Program crash
PID:1668
-
-
-
C:\Users\Admin\AppData\Local\Temp\VIP加强版.exe"C:\Users\Admin\AppData\Local\Temp\VIP加强版.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tg.94fz.com/3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf2d446f8,0x7ffaf2d44708,0x7ffaf2d447184⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:24⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:84⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:14⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:14⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:14⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:14⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:14⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:14⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:84⤵PID:264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:14⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:14⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:14⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:14⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14148589509624424632,8763747336013610190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:3924
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1312 -ip 13121⤵PID:452
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
6KB
MD57bc4b882525a04e4ce0a460ed7e0d228
SHA1351e1f7efaab8ca7b79988919dd9af24a428dd72
SHA2566ff7c74ddec7273ff8ba46e75b36edb0921f053ef0016b0d6c2b5d5c6bc6ebdf
SHA5127c4259a79f4848b6e806e3d8c8061f04f5f030559ef419ee97d6dcde88aa7750a2886c698d0b2f4d45736819032a8cb2d19404d70d9b88e1e4ac4ac282bd8801
-
Filesize
5KB
MD5e039d5a82f4fe646523f453f53b54e78
SHA102103706035d740192a23cca1e441dcb9f63e16a
SHA25674fb9f63913a1539e9821ae4e6ac0fec30649f92a4dd47348d028d00c486790f
SHA512082aab75543d749c3ca9ec47fa904dbc4da444e375d745b530366c666e8123abb9031804db94e03c0dc80f4a3ad12cc6c04e9f3ca84bc9d9136d04b78e2dd32c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5cc279eedb75aa89648747a79d2118064
SHA17f796e8fa049daa46c45605804a7818218016af6
SHA2567017bcc83366702647a26ac257224b3c340db8762dba6bd2dfe6f0308750697d
SHA512d450951370815725b3ea533e52f5f31912de083c00b4ae371e219c9a4b7c849fb510e34ed34639cedef322baddef8528d9138f857f67bc0b80ebd844b94e7c1e
-
Filesize
4.9MB
MD5c477707537564645109268f1b8312185
SHA1075a960a93f706fb1d8516ff5e402814a99eabf1
SHA256019f06b57860be00c9f1f3d118dbfff1c692052c595299b9e9e4407e380967b1
SHA5126b9ca69f531fe705a7905a3e30c2de3257937ef8e65e3260a130bc8f08b6afbc3c8c5de0bebc9938c7c8a149574148f1098874e31e4d02644736a52c21fa0d2d
-
Filesize
123KB
MD58e1f7b3bd7b1296e645a57fbe8cd5b22
SHA1f7374b8a9b2b36b5103e0297be27b62583447156
SHA25602e1dfc8f92ca1932a25e00fdf7c71811b73b0e4f394234faa1057b54a3cbccd
SHA512b96137b5ec95bb5adc16c9984a6d4794f811b47d36e019aedf2e5b1eb501e61dbaae9587317deb2f6adc2e317130e7754f6ac699e68d5e98c82116b1c6f0f67e