Analysis
-
max time kernel
138s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
16-12-2024 02:37
Static task
static1
Behavioral task
behavioral1
Sample
f6e9da15c4b55cecb35d19f11bc63be1_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
f6e9da15c4b55cecb35d19f11bc63be1_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f6e9da15c4b55cecb35d19f11bc63be1_JaffaCakes118.html
-
Size
161KB
-
MD5
f6e9da15c4b55cecb35d19f11bc63be1
-
SHA1
18bcc844acdee2aa8e407cc90b0dd3b900c7aa56
-
SHA256
6e8811751becb6a09255f36ae6fe6b97671ab48e41e4b2819c3d3c6265cfcca9
-
SHA512
2b01ff2fec78dd8a963f5c4265e7bc9653438007751814bd959ef316a5521432d86ff814bb08dcdb1dfae0517629a77209c9e5f5f803f955183aa53ce075b2b0
-
SSDEEP
3072:iGWX6q7isoQyfkMY+BES09JXAnyrZalI+YQ:ikq7isoNsMYod+X3oI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2736 svchost.exe 2512 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2788 IEXPLORE.EXE 2736 svchost.exe -
resource yara_rule behavioral1/files/0x0032000000019c3e-430.dat upx behavioral1/memory/2736-436-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-443-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-444-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2512-447-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\pxC40.tmp svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440478492" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2B58F61-BB56-11EF-8E54-C2CBA339777F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2512 DesktopLayer.exe 2512 DesktopLayer.exe 2512 DesktopLayer.exe 2512 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2660 iexplore.exe 2660 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2660 iexplore.exe 2660 iexplore.exe 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE 2788 IEXPLORE.EXE 2660 iexplore.exe 2660 iexplore.exe 2280 IEXPLORE.EXE 2280 IEXPLORE.EXE 2280 IEXPLORE.EXE 2280 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2660 wrote to memory of 2788 2660 iexplore.exe 30 PID 2660 wrote to memory of 2788 2660 iexplore.exe 30 PID 2660 wrote to memory of 2788 2660 iexplore.exe 30 PID 2660 wrote to memory of 2788 2660 iexplore.exe 30 PID 2788 wrote to memory of 2736 2788 IEXPLORE.EXE 35 PID 2788 wrote to memory of 2736 2788 IEXPLORE.EXE 35 PID 2788 wrote to memory of 2736 2788 IEXPLORE.EXE 35 PID 2788 wrote to memory of 2736 2788 IEXPLORE.EXE 35 PID 2736 wrote to memory of 2512 2736 svchost.exe 36 PID 2736 wrote to memory of 2512 2736 svchost.exe 36 PID 2736 wrote to memory of 2512 2736 svchost.exe 36 PID 2736 wrote to memory of 2512 2736 svchost.exe 36 PID 2512 wrote to memory of 2160 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2160 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2160 2512 DesktopLayer.exe 37 PID 2512 wrote to memory of 2160 2512 DesktopLayer.exe 37 PID 2660 wrote to memory of 2280 2660 iexplore.exe 38 PID 2660 wrote to memory of 2280 2660 iexplore.exe 38 PID 2660 wrote to memory of 2280 2660 iexplore.exe 38 PID 2660 wrote to memory of 2280 2660 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6e9da15c4b55cecb35d19f11bc63be1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2160
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:406538 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2280
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc0ce1b3aff45e1ca14d1de81d03b8a4
SHA11a857e6a6c2e219ac9850a20d03716007c527522
SHA2561f91b71a5670f8c00b079d3dcc49f2af4c37a204a67c5ca215f6807ef6cf6522
SHA5127de8c903657bcf948fa458e24b96666227e4f1a68b456c9b52487cbed2a71c90fa340989567cbe7774623b2519b8944c8fae950523b8bb2696dc5b4410b76f9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5557202190264554623985d3c7e2e0349
SHA1110fb676adcc67efc8e99da4e52bfa2490e529d8
SHA256f6e0a5e00e5e87205eabd602198c4117555f95062cc63dca50f8ae61baecc67a
SHA512a12876f5137c001e20eb60de46e8a3db8ca752fe984716f1c7614b50a52ffaa613a7abf813fd6a9f57883877843e5cdf1e41561c7fc5e649dedbfb76f4b1addc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565ae8e1197cec0be007ef1323c102385
SHA1e6cc3aa02ea3361421735bfdecf33043b9624528
SHA25670f633bdae570792be8dac185ca98b57e1e50aa22db3add431716971a99173fd
SHA512608d6b4a6430edc940df63a9050169312a45e5c758974783e93f3c58be68178b573b8aac4417e94a1d8e5d73d393dc03f3f5f6674a5ddfdbc08926bcd95f23f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f99d6393dccadb9d1c849a4265407fc6
SHA13057a0e4af0ebe23641ae61dc635fe36d793e16f
SHA256ac6132220c83893e2a42d7e4f39b3fb9bb7453df2cf0af4d3256b663cebae146
SHA512e33b587b14dbcd672b6a4385489c11802440ec0bada6c86d34e9f5103d368e0afdae41ba0022bc70c34e9da871a9da948d68e6714e76cdfbc29158b68fb36487
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa622a1c91908c17e231c45330d35452
SHA1b066b3b44d4ddb5d8a7beb00776b425a43555005
SHA2562e832483502a1fcd832fe335d3c3864c6c9d8c4e0f54cc6ecf963326e048413a
SHA512f4fa57a2d7ec81c62ee9e0203e765dc07cc5492117a90654c29b4cafe6b0ccc33e26325fa73dc3acfdadb6168bb791493dd496d233fff4a33fd71eeebb58d6e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fbd4dc6b96deb82915d73d799d1cd75
SHA1a1dbe97d9c0d8cb721bf08dfb76f52c968411e5d
SHA256e9724ddf730a98a29b12f0ee744e905dfd60456d3c5eb4ea08a05ed38a795520
SHA5121819930b8abb1cc88a44035159b84e17ecf5e9b00adcfde9d9881a390ff6b90e98e09e7db7f8c1026d6da678d897f042225b406dc52441fa4b7ec013c9579f87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffbf3934fd779275b315ab1b44a0f6f6
SHA1a01029b448410bc2c921b956ca55e95751147ff7
SHA256c061b121a4b6d0fd7ab88b0330de4b78bfd1ed0dffb926f02fa0a193e39cc46a
SHA512c7df5fd63f3ee44ef833a290fbcb36c33c83774879eb70e1778e8eba42ec19d1e4a0f096d965e422fe491ce45e82dc574fbe8509827dfa3d7ee5d2ac3dda3e65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a637ec24f9a00133bb0bdcd4620ce745
SHA123fe0e256a7d3f9576ad397300c55f7754b6bc4a
SHA25674098351bb48d7ae76369007307d9285f187e9e5daf659a61be74a720c874905
SHA512aa1432e0c8976b86840829c00cfbb175fb81b474a3e55b0ecbbf8230c82b3b9a4f785b17bc8439e6c86020b1a2ce8b9ef0662173c798c3fb3ee98f4d647bbce8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e6c551d467f877095fbf751281c4baa
SHA127417c6e083b8a49240437293a315871352cf065
SHA256f495cedfd3b6e0060b065ae982040132b63526c3bef37b71106fdd133aed7f8b
SHA512c1713e3f9e1e6abd103a704ac0525bfc98aa1da2c435bb0704529ffeabbadc58c708037abcf3a53bce269932f0193f5fb2e2e9b6936bbaf9646bfce9aad320d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f6a17f348e7f7edc948135015adc7e5
SHA1bdac83075e8063a2b5413cb81fbe18fa31b9264c
SHA2565d8dcdb016faebc5119718894c9efeaff853c4942a83e97547cb5669621559e7
SHA51243a532d4e0afb826d2bf103fae73e6ee761006c88aa6d258f99764a943e63c08e5f8f5586687f495a0de78a6c7347727acecaf5f44a7255763757e7cf74dac03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b857a86e2405b1915804450c6477c1f7
SHA1e5f7a99a54a27b45425af4cd5ca271b814b00b52
SHA256412ae988e7d254b6b73e2587a645cf63175abd122287641d19b9bf05608eb1c9
SHA5124a1ac142e8d182dcf568935b419d2720f288c8b9eca2268fc751bebfaad105d2d94fb24cdb8ddabc19dd0ead0db0c402bbadae2ba0f0cdbf36f55a591e5a9910
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55173a329476e77467678c02cb7bf387c
SHA1c4e75e474ae7482bddd21ffaf62b451007f71a68
SHA25668a7e0d482682cdf3ae9de09d9ef4beb83a613eda6222f4c1ea473f9701274d6
SHA512f32e8b627411a9c7a01e5315494ba65f3f6e20280ec653f07b29ae677c5dc611b5eb7218ffded621d2fd10e64f5453048f76c21743925b120fb61852e2df1c69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b33f9bf032a9eb02af68435b90633cf
SHA13e3f3ab38fc98e9b522ca3ee846e83d72b2407dd
SHA256a27fd1df05e78f321e2ca6ebd1098e7384ee46bc8338fd4f4bd188ff7d3bd717
SHA512d7b232d1c0c58ca4deea1bf26086bbbd93d2295b160ea37df61ed28028a8caa1ea0798b0da378a409e3f6567bea41a944d2739717ddbfe7caf231b5e78a9113b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e00c20b96c58d06b58638abc3a99f5a
SHA1a71e41048968914449a277e7106e827406ac643d
SHA256b7acf45832d3c61cb062ab3b82e8a150c68ea30429138c726f119f516d4bfb3b
SHA51236c9878e82352e0d0e34af47f7c86933edf477f2147f49930d1b01338c70508aa9b08830e3ebf5682519d92d3522d0b90d3e62039060d6b4a1f26afd26e9f429
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9e85e47e44b45237b9f5ede7b20bd46
SHA12a74d4bbbcbfd4598242db85e9558046a0c75b2f
SHA256fe354b3ea78a5170046018635375f8e5ef34f72b8397e9daa57c07d1ef7f92f7
SHA512c44dff68202c4d825a25467c2091b1311eed263ffe0e366e160282a390525a25007959b7ce19dcf352f7b172c02058094400b7c24c91962ac2a7e2c75c5b02c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5968a554750541d8d461bc1b085f79200
SHA1646a4c1e6de1c1613a10a4a3bcac57da337f57e4
SHA256ed7464a776506850d003f719291d5f3626d8b4994b134eb4883e9cb5bca716d4
SHA5126d9eae092ba927efe7188103496051ca88c89c4ca6a4380b2b33355b4b797b3ca8abb1b2cdec6fc37fd9a2f981fbcfb2692472246dadd50118b9ea0d0770b438
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bbefa5b86124d5a54f570addb5a6029c
SHA17d80440b180d764ff2fe41998416a8da9e4ca7b7
SHA2566189f1171381c67bb4e2e010855aeaf152c006cba4611b5944f723e482e6815f
SHA51248ba43777cc07d631b0d36e5670d2baf7b1b83b1acec462ad1eaa7262da24f3d296a3cd1ef0f8ad9a58b7c0d0861d10bc8157fde09d67b319f02c0a893b7a0e2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a