Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-12-2024 19:03
Static task
static1
Behavioral task
behavioral1
Sample
fcc50e2449a09a9373e8564ed11b3439_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fcc50e2449a09a9373e8564ed11b3439_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
fcc50e2449a09a9373e8564ed11b3439_JaffaCakes118.html
-
Size
158KB
-
MD5
fcc50e2449a09a9373e8564ed11b3439
-
SHA1
6ca9dd1f350d6c37d7609f3f4364e5a71ffd4b3a
-
SHA256
e57fe3c52cf71d4328b0a36783c98e3c77c302368d35c89645b442e7fd906555
-
SHA512
fca1c18ece73f462012a70e8277932edb33d9af5d7ff4344d1ba60f7c090ea1f131d906ca6f0e0cf68d04dbbd8ec695b9cb60dd5e8e641666395f8910cf5357d
-
SSDEEP
1536:iVRTCPrVj5aFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:iD45aFyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2000 svchost.exe 2492 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 320 IEXPLORE.EXE 2000 svchost.exe -
resource yara_rule behavioral1/files/0x002b000000016d18-430.dat upx behavioral1/memory/2000-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2000-436-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2000-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2492-444-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2492-446-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2492-447-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2492-449-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px845C.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440710494" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEB2DAA1-BD72-11EF-81C1-5EE01BAFE073} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2492 DesktopLayer.exe 2492 DesktopLayer.exe 2492 DesktopLayer.exe 2492 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2548 iexplore.exe 2548 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2548 iexplore.exe 2548 iexplore.exe 320 IEXPLORE.EXE 320 IEXPLORE.EXE 320 IEXPLORE.EXE 320 IEXPLORE.EXE 2548 iexplore.exe 2548 iexplore.exe 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE 2308 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2548 wrote to memory of 320 2548 iexplore.exe 30 PID 2548 wrote to memory of 320 2548 iexplore.exe 30 PID 2548 wrote to memory of 320 2548 iexplore.exe 30 PID 2548 wrote to memory of 320 2548 iexplore.exe 30 PID 320 wrote to memory of 2000 320 IEXPLORE.EXE 35 PID 320 wrote to memory of 2000 320 IEXPLORE.EXE 35 PID 320 wrote to memory of 2000 320 IEXPLORE.EXE 35 PID 320 wrote to memory of 2000 320 IEXPLORE.EXE 35 PID 2000 wrote to memory of 2492 2000 svchost.exe 36 PID 2000 wrote to memory of 2492 2000 svchost.exe 36 PID 2000 wrote to memory of 2492 2000 svchost.exe 36 PID 2000 wrote to memory of 2492 2000 svchost.exe 36 PID 2492 wrote to memory of 872 2492 DesktopLayer.exe 37 PID 2492 wrote to memory of 872 2492 DesktopLayer.exe 37 PID 2492 wrote to memory of 872 2492 DesktopLayer.exe 37 PID 2492 wrote to memory of 872 2492 DesktopLayer.exe 37 PID 2548 wrote to memory of 2308 2548 iexplore.exe 38 PID 2548 wrote to memory of 2308 2548 iexplore.exe 38 PID 2548 wrote to memory of 2308 2548 iexplore.exe 38 PID 2548 wrote to memory of 2308 2548 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fcc50e2449a09a9373e8564ed11b3439_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:320 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:872
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:209946 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2308
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5021b12e367b908dbc8c6291029bd268d
SHA10d072ee7bc89f8a1feb7db4f9de38e8b7e6146cd
SHA25613f48a5d2c429efb2de0f1e0bf9dd211c009a0b3627e663f9e5ad0e5fa43bffc
SHA512f5be534ef7fafc64d78f9e54a9b8a96702ba58e7b9844e82dfc9418aaa377bf86a1c2ea05fd6f4d4f2c3b0b5e55353920d72d388c916227bdb84e5eebd8adab4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5afed807b7ed5f542ddd3cb52cfd27fd5
SHA1cb1a9de8e1ac2b3ae68d35b97efa44a556f7e45e
SHA256a48671876053521471a51e6892ad0ae5929270cd414d0260bec700688cd7efeb
SHA51204ffa4f57c7789c6b9d4de0cf7a8cc8aa8e53ef33f9208105b3bf9ebfd705e9a98718df5abc28e6042ada44c9c1138236633988d8347b50fb0d79dad2dcf739c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5000596c031744ff36b7cd2d0a5b842c9
SHA1f999dc591fce567997a48460873cfa7036c25dbd
SHA256fc7caa1742701b0a04dee485101f6ebd09a72940f3f0acd423a8fe2eb67974d0
SHA5124174f5b05231a9923cf09e97332ec5b7d53085d40b177d992fd68c2230c9cdfc43b0909ef2289cbeff96412ee5108fe2a3f599bfebe3ac6f96a28c69259e8618
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506259df1475c3f69c75b61139f22a58e
SHA1ef64174c778babbd0da4691e0e00df60e6b06680
SHA25665ca99c212ec0fb8087f5142f23e19ed555729c53b83a131dd36e6de8dca55b7
SHA5120ebf412b38b8e950b22d8e830aa1ced545fe35138d16552050c6321d697a5aa7ee193071734cb8d753daebd923e5d4444eb013d549e77042953ebcb66db48690
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5814aa78b0f1b7dcf280e2a959c6f0270
SHA15115100744f125cb76d575a00178085ae889a3a7
SHA256498493edd0959c9b43ce186685a1c70b10712d07ef6c6a013409929775551baa
SHA5122d1849ed33ab79a488a4fdf514ca518b492f82ac5712eb51a414cae740772b4b9f381f002fb29befa11a7adc4e9eb3cd4f72abd2df668bcb5cb3a2d50d2e8b4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d70785e2acc527e7163854d889e6a1f
SHA164d01d53f95649fe859f046ea38542de33e6d077
SHA256e851f6fda4b72bdb7ab1c17dbeed9dc5e9a5d7b3f3a833428598ec2a1561932d
SHA512e199654056081930e542eca1c0cad8e8fa8161c40fa91135ca7ba3248e196734d1fc94d706420d1849abf8c935771b6af333259b67b679ce8ad5c3cf3c480da8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1edfdb528aedbede4519b7b68242dc9
SHA14720e239068b03e615d01a1937c20db1716f925c
SHA256194190b562d32cd8284c54a06e91f2a565a38251d263fdb01169603f83bf07b8
SHA51269f9a51bb1eb5bd7e3e00e12aae6dcec7e7fe68e2f2e311275290e2edb58c630f18d8b8e93981d2c4c53e870bfa7faf787d60da8fdba25928d5f74acebefae61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5856a614dab09868eae6940f0cc9faf8f
SHA1ab91a457239a5d20d377d11356754e62379673e6
SHA2561cb4af5461aee51965ba4785ef6c7298229b6ad74acb89571bdcca83f4f133a3
SHA5122d4f2e8ad151a75dd53ef249cfbbde85e0e4ceaa41df298115ca0b6b684f141f92cdb2be703ad81b68f019509f190f04a472482be64965a1e04d8ff3d4abcad9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD520cb323c211214218a13fdd597908b91
SHA18d34ee4f67ee824b4c71506a320381551c76143a
SHA25683abb029fc2a9d663f88f475ec83046b3a50fbf18edd0c20fca277b637497579
SHA5122ffed761dccbabef57da3490d6b6f1c130f195bbb21c0b7498ea2206a9e8f61d1af70d96a7ea408679210d91a2f79789a6e6ecf6531b4f98e8bb0bd62adcda9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c21ab2000110e7f1b1daf85863849885
SHA1e80cc2b8f5ba282a70b26fc399e1d251ad77b034
SHA256abbcd36429199d692886b294b12256fd8ad3289d590dd096448ef82bba9ed5e2
SHA5121b06350739c9b66f2e1bd3c61f69fdbd75ce1bd38915b01a0b45c876ff536ea9255fdaab18401e8e7b6c2b6765f7022bf4e2465b0fad1ee4d0c3fa4b7628aeae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fca48362f10dda116b4531b6bbaaf25
SHA1a2906232d0a47d4c4f77ddcdcd2a738194ebcdae
SHA25667890f3af8604f16ff98d8c55dbbdd50b2fd902a012023e0ddaf46c15d02dfaf
SHA512ff211e4fdf772166ccdf655b4a26ded92e37f16c2175f45f623459dcae7cb2feae87877256545bd37eddd09ad57f37acbc1d1858db5f9fa9d2e906171072c0a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb39a4915c6849d32924a159ab36a26c
SHA1b96de72db6c70bcb97a24277656f31ad0da7fc4d
SHA2565138f7ba94c8d8ed3fb3b80596eb1ef2a9a06625c1cc030feeabdb8afbf35a3c
SHA5129131fd6c3c4b7bd863fc87a467a62b67f414d25fabbbdf05d3f181019f9b836d97bd5becedb6f83161a2a7b3d633eb84cb1eb20031c3213f1814945fb39a37a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5577ee3762a441932b6582506b7f10467
SHA1924b0d6decc00efd4dd498327d359cce316818df
SHA25665cd3eded99ca3967a8ee0b93053752cb7c50fdb31a473aad1e15b1e3822ad8b
SHA512fb6996ec461102aa096ca8ffb3f1510993b58064cfa6869ac98b79059c3032e268114829fe61f8f9e8df7f27998738db79926e308d9fb37b636c1cc177ecd6bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3613de86f9eba70e898e50cf13dd0ca
SHA19bc6e5a71f1d13f4130da0eed47b548fd42af753
SHA256433510271a414b771f138fc6d648bfed5ffbfae776cec181d2c03ca3edb9f16a
SHA5127cfd6fc58b415064752654e4bac132386ca05f31ac43149c592fde717f6d0d92f67c05ae9cba73239adca6df1ce0587cc36cae805b776379e92dad8127ff6c08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3b2dca85dd35c8d79f605d32963fa02
SHA149f70ab0c73bed0f557b8bc256d12c7275cce2dd
SHA2567127c2681f1777f55c1525e40a9bcd86605ef4a7112e4decb524aa05a5b639ec
SHA51250eedd70e00b2ac6f89840304ea0b1f8a66b43f19258535f5897ac055491a6a99641549d9cc3d4ec28005fd239d4dc3882aff571faa60383063ce9bf4f28cebb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5374e5aaefcf70b1761e6a3814be70f49
SHA1397c94b9703d6f7c4d0b5e76c785102e251ba9fd
SHA25633f48f1b8a75430fc064c2c4640a31a87cedafdb0be4e06199e9a0d8eb16d16e
SHA512f8ae5ef93b9777a8608ebe9fb51620824c75dd74db5ab33b75746ce60ceaec25719fcbe4f2f8dbb912d9d6b651f0a16ffc3d19ee83ed7fedc5a1e6eea6ebb690
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a