Analysis
-
max time kernel
136s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
16-12-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
-
Size
161KB
-
MD5
f6a04b5fb90fa9cf4772de2c0725f408
-
SHA1
38cf93f751a22dd60d83ee60fa4d73492f013244
-
SHA256
fa90292cf5f424119e3ed7a0ab3173a420fb5e964f9572865d615ebfed799f49
-
SHA512
a997acafea8d59b4a2ce8f20a4c54bdf695a60a06cb70813795e3cf24e54526e250337b27ef4198e85db723539304a2c7094184e08f3b5fa4a150a65d8aee5b3
-
SSDEEP
1536:iRRTZU/x5r2mMHpLtyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:in2uHpLtyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2076 svchost.exe 3040 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2724 IEXPLORE.EXE 2076 svchost.exe -
resource yara_rule behavioral1/files/0x0031000000019606-433.dat upx behavioral1/memory/2076-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2076-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2076-445-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/3040-450-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/3040-449-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px925.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3A036B1-BB4B-11EF-9188-62D153EDECD4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440473773" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3040 DesktopLayer.exe 3040 DesktopLayer.exe 3040 DesktopLayer.exe 3040 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2720 iexplore.exe 2720 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2720 iexplore.exe 2720 iexplore.exe 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2724 IEXPLORE.EXE 2720 iexplore.exe 2720 iexplore.exe 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE 2312 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2720 wrote to memory of 2724 2720 iexplore.exe 30 PID 2720 wrote to memory of 2724 2720 iexplore.exe 30 PID 2720 wrote to memory of 2724 2720 iexplore.exe 30 PID 2720 wrote to memory of 2724 2720 iexplore.exe 30 PID 2724 wrote to memory of 2076 2724 IEXPLORE.EXE 35 PID 2724 wrote to memory of 2076 2724 IEXPLORE.EXE 35 PID 2724 wrote to memory of 2076 2724 IEXPLORE.EXE 35 PID 2724 wrote to memory of 2076 2724 IEXPLORE.EXE 35 PID 2076 wrote to memory of 3040 2076 svchost.exe 36 PID 2076 wrote to memory of 3040 2076 svchost.exe 36 PID 2076 wrote to memory of 3040 2076 svchost.exe 36 PID 2076 wrote to memory of 3040 2076 svchost.exe 36 PID 3040 wrote to memory of 1224 3040 DesktopLayer.exe 37 PID 3040 wrote to memory of 1224 3040 DesktopLayer.exe 37 PID 3040 wrote to memory of 1224 3040 DesktopLayer.exe 37 PID 3040 wrote to memory of 1224 3040 DesktopLayer.exe 37 PID 2720 wrote to memory of 2312 2720 iexplore.exe 38 PID 2720 wrote to memory of 2312 2720 iexplore.exe 38 PID 2720 wrote to memory of 2312 2720 iexplore.exe 38 PID 2720 wrote to memory of 2312 2720 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1224
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:537613 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57750f7b71ddc38589f77027e17220c4e
SHA11a82515295a1ab3f6190b01a4f932c64fc6827bc
SHA2560c8ca93d4a6c6a637ef09999f0e2ed478696e39d02fe785fdc6017f300cc8544
SHA5121c395c2d28b5cc54ddba3c4f3c2a6246a2865e9f09b68af6c7c71a0e657b0a6b7ac0bc98aa3773c46bdd30cbf7a604115e3fdfc87afcdceb0d4c430eeb4e8216
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe2804b85e3ce6fd2a586fa9b7397408
SHA1d5ac780d18f2add0a932d3910955f78ecbaef0d2
SHA25675453b17754c9a1e9415e93053376be5458bb94761adb1195dcf6b26133c2b24
SHA512858189059a8223934d31a24ec9153bf70de21822a6050ed4a4be83289566f3b280662c1db945133e68944802f1125af97d4c703d335c1f20b1ac93a0dd831a8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566861393a0eae3e819af14f071652efc
SHA1b3de3bc852597476575747fcb125da28542d48d1
SHA256278ddb18428372d5e4e9dc416cbba83a4a6799139c8785159f1cf0969c794c25
SHA512c379c69e361ff9a6c695cf7b5fec04c249061ed8025c3650eda2acb358296a84636207791e80c464825e1408eb31c9a447b376504cae3c789862c7cc2e31d678
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f300100855f4aca1fa3731d9117dd37
SHA156c66d403349075163ebd01aedc64ee77584a824
SHA2568563285a004548488f7627c6a3f39725fe60dc8bf680493632d9252cca7a65b1
SHA512b9d3840447f3de3edd499eb1445d1de0504ac27ef72d74901f2dd649eefefbc57d5833db0266a2c99ea868cfe602f40bc2361aa3e5ea93785e35414038d457d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58aeee958bd47194250bdbd3a2928d301
SHA1af40950a58d8ef9dc84c241fbcbe175e678bd637
SHA25609f1934ab709516c7e3c31b4a9e6a5ebbe2540d0001ab1e59fe149a9e5e16286
SHA51292ef1d9754bad920947ae12f651ef1b08f127170442644ce0647a02a6130506d209dcd9af994a0c4e1e0e23b55a0d52bfe77f97e6a47187a78d29c349f8903df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cef37fff57e7e8dcb6f1c90f49df6db9
SHA1add0b9c9a064c7a34f7adc53d7e62b470f45c1c2
SHA25648a0375ade2d9f8be7625b11848cbfc9036763f962a1425b86226c174098b42a
SHA5129785aa59fdc8c9cbeb48e5da88008c998185f6e16a51c246d6688495c51e560332ab8f657e436afb8e9ba04a5534f51677dd86acf29f7e67e5753705b4dfa3e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dac66e504012045fea6cea953aed2bf9
SHA133eaacc53a555f16dfea379417b78cf371a45a7d
SHA256e6b7c53931d0e448a573dc70fc096507fd4b7c0e60285edd38a772a9ffd48b47
SHA5122cfa596ca9ab580e511307ec6c75eca1855216e742e280e64af97d768488a633bac0d06734a632f49b9498d629dd6025c32c4efcf7fae78a3dcd157203390195
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b96dd0bd85135f40bd088b80d4d0c7b
SHA19d72e62085809397e55c5b9f3b4fe87eef1081a6
SHA256e61b17cb7551e72baac5c4894ff2081ede622e9094ed217859e2516c1246cc23
SHA512f03383e7866f1c67e544dd1ac44b92f86f10255b0e972a96142ad7bcbb5d01f5182147cc36aea2d1adc65b672a8969ba6b26fc55a6022c2d8d6853a889c587f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b05ef91a9235ff3eef6eff123838ae4d
SHA16a2b1259d0ae86c5384a46979da3b881b98e012c
SHA256799a7bcfac9052c9b7ac12174c237555d281f4e1e9a7680ce6f6b7ec756fd760
SHA5127b3edfbfb8ea26eca68526b821777e8f62c7465f8389d008026b0cb982cda1ea4340cc620516aad9fe7557d3e67ad2c505631d2d84ff7eac584485c5c136f21b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ff0472bd95cac48d376754f8444b8f8
SHA1906b3e2d1f90c22a109b6e5d414c631766477ce1
SHA2569d0c14de320f0f9fd8323fca85a9ef017cb9e2fcee2118e53f2146670ee18370
SHA512692c434be9acd40eb879da303a98a933592f2cf9e33d5c009d8f2f9318744a89c0a20df7d24dace9be67ddef220f81a4b9a3cca87f35145955ae153cfb507137
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c903450dc635cadc0a6f82e47030fa0
SHA1387df7713b0e45a8d50a6043fd639ea0483a1a73
SHA25606448fd9226dc46dcc130e24a4e588cc7f78ce7178ed747c83212f795709ed0e
SHA51298fc2ce1930101cb7a730da9feea78365acb2cab0b8b7b3d0fcb2245059c386f2015a3bc0fefe8e1c34fe42ac3ab0be1f9190fbde5e8a829620e6ff07b97b932
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d3c2a9f918fe29f6b1b32702d2ef27c
SHA1946b95015d3b7f6a0b8e5cda72c4ff20153a8e9d
SHA2560a8db9fdd5146bf58a55f4cbb0971bcae0c19fd7d858560cd43141735088195c
SHA512c3109a9b524b54a503ca55356e4a2bcc6f549d2717afee5fdc8d612f601d35a70d8fdc6aea31c7693097fb2a77110ea53667a841cbb33a60d2b3d7cd2b68b9e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e7b9d0fcbaeb2184f589d2b8a70676d
SHA11589f3a65b4a0e43bd86435e6ece5737e17e2f9e
SHA256673551623ba4e21aa2472d91954a85a5b3801f2317a8ae058db67e45db4bfba7
SHA51207f67b000853f6482960e7f23084bb379a19e07f59d39d950216b127cab25e46c2de59e1bb52d0c2c74d63025c83817ca350e99fa4d36b9fc82784cd7a69336e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5973e4c4876a133e924ac95e8d0db90c2
SHA13a0bb58a2707fba9952a984220cc2a71eaca46e7
SHA256cb1713e0ec0f004693fb9458f7e711662e2a58af149441ee55c791e587a2c96f
SHA51201096c3b53e55556eb41af85fde4e57f976bb8a88f01be56264da52c873e2f0b74060641bc49ff396264407ce2dcf5ef7995d2917efd0b527e2bb0a3138a92d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560d5c8ecaf3da4ae0b1d9b28142e90d5
SHA109c3aaa74d9dca01ce870fb1f51956b2d2abbfe8
SHA25634c3a004d3a048d0a289d5df46437619c91e63b6a0cd0f0486a376281b16f5df
SHA51214b47c28a64e15a8a5457a57c6ae03fd3ad39598a7a6834f6e65b36a8f363e74bc1e2832fc056a95a2b22364aede6eaf33e721294084fd6198c1f104b1939b02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d4edda12b8b4cd687a06b68e5ab27c3
SHA1b1dae7619a875398a6b7e238d2a73102ed0385b2
SHA2568d950803946e3de8427418391b3b4077ad7f80f3e4c68d6f1f5c9bd3d9716f3b
SHA512cc185a42fd63690d6465cd399ca7d4232ce7653c039fd804dfca5bcbc0a600e00abb8e66b92ca541a18a020bcbfe8db23c5a73aa52de0016341d6ce61f3975ef
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a