Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 11:26
Static task
static1
General
-
Target
f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe
-
Size
672KB
-
MD5
f0f21b42ad4fc3652edd2111eac1099b
-
SHA1
0f555174e839b85c52e47eb5c66645d2ce1ac4c0
-
SHA256
ec83c2c1eec33e0da96d042d70338877a95ab967b5882e1c6a2ebe8f11f62f0a
-
SHA512
8cb7f96eb8c9d99b12883f148546715c495dec7e44df83bc22382319136e46a62c5470e0424dd8fdd39d6210845a4eedeea3f3d9826eb9713163b162c78e23db
-
SSDEEP
12288:mCCGxTwAe2mjiVg69cvig2t8aLhREsG4w4hRtZx1afUbGe49:mClxc0gKg2tRREso4hTYsbxK
Malware Config
Signatures
-
Expiro payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2572-39-0x00007FF6D0840000-0x00007FF6D09C0000-memory.dmp family_expiro1 behavioral1/memory/1484-72-0x00007FF71B450000-0x00007FF71B587000-memory.dmp family_expiro1 -
Disables taskbar notifications via registry modification
-
Executes dropped EXE 6 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemsdtc.exepid process 1484 alg.exe 4904 DiagnosticsHub.StandardCollector.Service.exe 5068 fxssvc.exe 3184 elevation_service.exe 2492 elevation_service.exe 4536 msdtc.exe -
Processes:
alg.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3198953144-1466794930-246379610-1000 alg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3198953144-1466794930-246379610-1000\EnableNotifications = "0" alg.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
alg.exedescription ioc process File opened (read-only) \??\G: alg.exe File opened (read-only) \??\N: alg.exe File opened (read-only) \??\O: alg.exe File opened (read-only) \??\U: alg.exe File opened (read-only) \??\Z: alg.exe File opened (read-only) \??\K: alg.exe File opened (read-only) \??\Q: alg.exe File opened (read-only) \??\R: alg.exe File opened (read-only) \??\X: alg.exe File opened (read-only) \??\Y: alg.exe File opened (read-only) \??\M: alg.exe File opened (read-only) \??\S: alg.exe File opened (read-only) \??\P: alg.exe File opened (read-only) \??\T: alg.exe File opened (read-only) \??\V: alg.exe File opened (read-only) \??\E: alg.exe File opened (read-only) \??\H: alg.exe File opened (read-only) \??\I: alg.exe File opened (read-only) \??\J: alg.exe File opened (read-only) \??\L: alg.exe File opened (read-only) \??\W: alg.exe -
Drops file in System32 directory 64 IoCs
Processes:
alg.exef0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exemsdtc.exedescription ioc process File opened for modification \??\c:\windows\system32\svchost.exe alg.exe File opened for modification \??\c:\windows\system32\fxssvc.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\cmjopade.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\syswow64\perfhost.exe alg.exe File opened for modification \??\c:\windows\system32\sgrmbroker.exe alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification \??\c:\windows\syswow64\perfhost.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\spectrum.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\alg.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\cnicpnje.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\dllhost.exe alg.exe File opened for modification \??\c:\windows\system32\msdtc.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\snmptrap.exe alg.exe File opened for modification \??\c:\windows\system32\spectrum.exe alg.exe File created \??\c:\windows\system32\bjeklmpe.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\wbem\wmiApsrv.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\lsass.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\nhdkjacl.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\sgrmbroker.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\hgjpndbk.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\syswow64\kfiankje.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\locator.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\tieringengineservice.exe alg.exe File created \??\c:\windows\system32\ohnmkapl.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\msiexec.exe alg.exe File opened for modification \??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\openssh\ssh-agent.exe alg.exe File opened for modification \??\c:\windows\system32\vds.exe alg.exe File created \??\c:\windows\system32\lqngeecf.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\sensordataservice.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\aefcoifa.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\vds.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\lsass.exe alg.exe File opened for modification \??\c:\windows\system32\fxssvc.exe alg.exe File opened for modification \??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe alg.exe File opened for modification \??\c:\windows\system32\wbengine.exe alg.exe File created \??\c:\windows\system32\bfnkjjnp.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\Appvclient.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\wbem\wmiApsrv.exe alg.exe File created \??\c:\windows\system32\jgajqmin.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\cacaeimp.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\svchost.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\sensordataservice.exe alg.exe File opened for modification \??\c:\windows\system32\Agentservice.exe alg.exe File opened for modification \??\c:\windows\system32\Agentservice.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\wbengine.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\msdtc.exe alg.exe File opened for modification \??\c:\windows\system32\searchindexer.exe alg.exe File created \??\c:\windows\system32\perceptionsimulation\kacibend.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\snmptrap.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\diphkkog.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\diagsvcs\kdadkefk.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe alg.exe File opened for modification \??\c:\windows\system32\vssvc.exe alg.exe File opened for modification \??\c:\windows\system32\openssh\ssh-agent.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\aflolfpg.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\dllhost.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\locator.exe alg.exe File opened for modification \??\c:\windows\system32\tieringengineservice.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\Appvclient.exe alg.exe File created \??\c:\windows\system32\openssh\cbdfglpp.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\msiexec.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\system32\cljifenh.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe -
Drops file in Program Files directory 29 IoCs
Processes:
alg.exef0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exedescription ioc process File created \??\c:\program files (x86)\mozilla maintenance service\ainmjnej.tmp alg.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File created C:\Program Files\7-Zip\gkooamha.tmp alg.exe File opened for modification \??\c:\program files (x86)\google\update\googleupdate.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\program files (x86)\google\update\googleupdate.exe alg.exe File created \??\c:\program files\google\chrome\Application\110.0.5481.104\fclgdgan.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created C:\Program Files\7-Zip\lncjookl.tmp alg.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification \??\c:\program files\google\chrome\Application\110.0.5481.104\elevation_service.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification \??\c:\program files\windows media player\wmpnetwk.exe alg.exe File opened for modification \??\c:\program files\common files\microsoft shared\source engine\ose.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe alg.exe File created C:\Program Files\7-Zip\jgpijieg.tmp alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe alg.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cedpmnkl.tmp alg.exe File created \??\c:\program files\common files\microsoft shared\source engine\fihjefke.tmp alg.exe File opened for modification \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe alg.exe File opened for modification \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe alg.exe File created \??\c:\program files\google\chrome\Application\110.0.5481.104\elevation_service.exe alg.exe File opened for modification \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created C:\Program Files\7-Zip\nccafaqk.tmp alg.exe File created \??\c:\program files\google\chrome\Application\110.0.5481.104\lbjleflp.tmp alg.exe File created \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\oengeomi.tmp alg.exe File opened for modification \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\program files\common files\microsoft shared\source engine\ose.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe File opened for modification \??\c:\program files\windows media player\wmpnetwk.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification \??\c:\program files\google\chrome\Application\110.0.5481.104\elevation_service.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe -
Drops file in Windows directory 6 IoCs
Processes:
alg.exef0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exemsdtc.exedescription ioc process File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe alg.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification \??\c:\windows\servicing\trustedinstaller.exe alg.exe File opened for modification \??\c:\windows\servicing\trustedinstaller.exe f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe File created \??\c:\windows\servicing\dhkkhhla.tmp f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
fxssvc.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
Processes:
alg.exepid process 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe 1484 alg.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 696 696 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exealg.exefxssvc.exedescription pid process Token: SeTakeOwnershipPrivilege 2572 f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 1484 alg.exe Token: SeAuditPrivilege 5068 fxssvc.exe -
System policy modification 1 TTPs 2 IoCs
Processes:
alg.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer alg.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth = "1" alg.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2572
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Windows security modification
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:1484
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:4904
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:3972
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5068
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2492
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5ba57de6587dcf695c81067a977c0a454
SHA1c3ea79da6f8482b5a0f4c8bc7aeeafe2a715afd6
SHA256e83baeef5e3764099a8d9d9111cff71d774afa8b2838a933de7988865ed21867
SHA512b49ee778ac9494b6bc4ef246ccca5dd01bc5aee2b00d08e718c780c930d7407f1dc67c3a469c5c37ac1899b735470b176e43031651c466fb232ae5998fde6434
-
Filesize
682KB
MD513002bbaa205db9ae35b1e747973bfc5
SHA1041b6d53d426cad51ac5731d2d6586495d2a0f62
SHA256c7c96a30787b0f8229eaf59b4399f47357a864b5930d9c297c3640a4d0c9e588
SHA5120409a730358033985021d0dc64c4357f9dce5b4aa8a8c7f8dab70ba823c3212e3bfe22af848638481c0db30010172a2e7701112bfb576fd6ee5e02d3e3b0100d
-
Filesize
491KB
MD518d57ffc76363af1fbfcb5d1ef65a3ef
SHA1b154abb2f88e1bcf9c52b92e93805c63bb541db9
SHA2565979bc4fc282a9ae32bf237eb11a24b929aff2bd2817280fe83969f68d1f682a
SHA5127aa0c21d01971c2a12eaa27f28fa948b36c9ba26119a80ad37c152ce2899e1a17f05c5800ce419ab5b34211e724ec30f59b298c10669c528c6cc135fc98060be
-
Filesize
1.0MB
MD5526927b3dccb1e69abcab6b0aa7d6086
SHA12e403da115730bc64a8ace1493290244d34d0a1e
SHA256629c12f45cf89043aae1cb59d8239cd248d7a451ad53ffe03530311f1ae819cb
SHA512ac763d04d72eef904e7981ac4dcdf38bb342f9b101e09280a9f3a69771530a619dc7b56e09e286c3f619df6d9b8a5ff1469ff316adbd2904a9622eabc54d3c18
-
Filesize
493KB
MD517ed3ea573334ce5831ebd0ef514390b
SHA1a306cf5674b29c406013f5cda8c6a8f50d8e85eb
SHA256e88d7882d2996d07a6f8e20419fb46dd103175c447779a05f05f6899a185aa96
SHA5124a2df5c824d25eeafae1403d6f2024bf30908e9d6088cf08397c405991092fef162ead1c14aa992c97d8912cf9b101f496e5d61e0fdb966f02276f1e59bdba55
-
Filesize
544KB
MD5145f294892622995d680508e6b3a59c5
SHA1f449a7816742693a68b2c88013478ccc09274105
SHA256e81356c57b6f1ba277a441b78b00daff5988e1771112ef372281a8d51b3d6600
SHA5122392113b51c7fb919f7f58291edc07118b2eedb6e8fb7ec91df0d35a7f25d9043ad573268564f45f488b3ca0ce28bb719f8bf2bd6ca6c63ba52f15dc1d090e85
-
Filesize
1.9MB
MD5a99116296796ddf1e7370d0679043337
SHA1eb4a7160a7bba1b9de17d5b5d1539ca957f5c03a
SHA256e6173c8129e64c3e89a8cb7aacc02ae0d5c950a85067bc73e886e60a222a0e9c
SHA512464a909e794615f2c516201b0080c738c033d4a07f1a0d37583f045f59d85a981da07fb32d0f1b36874f3ac81cc7fe60d9c58def63769d1c500ff1356ab2455f
-
Filesize
637KB
MD5990d189bb14a21d96acd358a8a3ff80f
SHA14be302011bad2d002179b483ab6be091d45a7b60
SHA256456cfe0e4e4bc4f70d37adf2926fb590af9b08c64530a2a3b238c254626a6664
SHA5124df016026ccd6ec6ef41dd3a7c1286daf3c05f9acaec101de1d802c9fcaa7abfa2af9d79c94bb1c8f65893ba5c9f06c27a5745393fdc74781a6fd7fe5950a87f
-
Filesize
1.1MB
MD55d6fc1027c3e34ea0084f5763dfee5ea
SHA1b37e5726c0db7722340434a05036be3cbe4f0057
SHA25622c3e98f58bb51ddc62113bf70560d131b407cf5e275fdaf78d7fdbd105ff55b
SHA5126a09ed89b21cc41c140a124979e3acf24c782eeb203691e9dd2fe7527ebc4a61f48689ff949bf3932631396d9b3e6aee861e429f2951b005622b2683de53235a