Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 03:40
Static task
static1
Behavioral task
behavioral1
Sample
906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe
-
Size
13.0MB
-
MD5
906c4effd6a20be22ea026a43a3cb7b3
-
SHA1
89df6ca0d893d9355741d8ca11cdebea1fbbb095
-
SHA256
08e5e7e5f30801b363f08a6106425faa1c505bd048a18c846a5b3e5959a4998e
-
SHA512
fa866adaa965c98e809a3efc57550c5c9464668f619922e9b769550fc58623b3815cfbbf1473877e551a7f0d9a6634a7b02157eb2b8e1156ca2c892c32063c2e
-
SSDEEP
393216:TjnUwmatWZ+mgSbBXxKqLupZr6KbkeJO2:TjnJmapSDsu7eN
Malware Config
Signatures
-
Modifies boot configuration data using bcdedit 1 TTPs 1 IoCs
pid Process 2576 bcdedit.exe -
Executes dropped EXE 11 IoCs
pid Process 1528 ISBEW64.exe 2544 ISBEW64.exe 2440 ISBEW64.exe 2792 ISBEW64.exe 2832 ISBEW64.exe 1208 ISBEW64.exe 2112 ISBEW64.exe 620 ISBEW64.exe 544 ISBEW64.exe 320 ISBEW64.exe 2776 ISBEW64.exe -
Loads dropped DLL 14 IoCs
pid Process 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe 2628 MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\R: msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2288 msiexec.exe 2628 MsiExec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2288 msiexec.exe Token: SeIncreaseQuotaPrivilege 2288 msiexec.exe Token: SeRestorePrivilege 2700 msiexec.exe Token: SeTakeOwnershipPrivilege 2700 msiexec.exe Token: SeSecurityPrivilege 2700 msiexec.exe Token: SeCreateTokenPrivilege 2288 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2288 msiexec.exe Token: SeLockMemoryPrivilege 2288 msiexec.exe Token: SeIncreaseQuotaPrivilege 2288 msiexec.exe Token: SeMachineAccountPrivilege 2288 msiexec.exe Token: SeTcbPrivilege 2288 msiexec.exe Token: SeSecurityPrivilege 2288 msiexec.exe Token: SeTakeOwnershipPrivilege 2288 msiexec.exe Token: SeLoadDriverPrivilege 2288 msiexec.exe Token: SeSystemProfilePrivilege 2288 msiexec.exe Token: SeSystemtimePrivilege 2288 msiexec.exe Token: SeProfSingleProcessPrivilege 2288 msiexec.exe Token: SeIncBasePriorityPrivilege 2288 msiexec.exe Token: SeCreatePagefilePrivilege 2288 msiexec.exe Token: SeCreatePermanentPrivilege 2288 msiexec.exe Token: SeBackupPrivilege 2288 msiexec.exe Token: SeRestorePrivilege 2288 msiexec.exe Token: SeShutdownPrivilege 2288 msiexec.exe Token: SeDebugPrivilege 2288 msiexec.exe Token: SeAuditPrivilege 2288 msiexec.exe Token: SeSystemEnvironmentPrivilege 2288 msiexec.exe Token: SeChangeNotifyPrivilege 2288 msiexec.exe Token: SeRemoteShutdownPrivilege 2288 msiexec.exe Token: SeUndockPrivilege 2288 msiexec.exe Token: SeSyncAgentPrivilege 2288 msiexec.exe Token: SeEnableDelegationPrivilege 2288 msiexec.exe Token: SeManageVolumePrivilege 2288 msiexec.exe Token: SeImpersonatePrivilege 2288 msiexec.exe Token: SeCreateGlobalPrivilege 2288 msiexec.exe Token: SeCreateTokenPrivilege 2288 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2288 msiexec.exe Token: SeLockMemoryPrivilege 2288 msiexec.exe Token: SeIncreaseQuotaPrivilege 2288 msiexec.exe Token: SeMachineAccountPrivilege 2288 msiexec.exe Token: SeTcbPrivilege 2288 msiexec.exe Token: SeSecurityPrivilege 2288 msiexec.exe Token: SeTakeOwnershipPrivilege 2288 msiexec.exe Token: SeLoadDriverPrivilege 2288 msiexec.exe Token: SeSystemProfilePrivilege 2288 msiexec.exe Token: SeSystemtimePrivilege 2288 msiexec.exe Token: SeProfSingleProcessPrivilege 2288 msiexec.exe Token: SeIncBasePriorityPrivilege 2288 msiexec.exe Token: SeCreatePagefilePrivilege 2288 msiexec.exe Token: SeCreatePermanentPrivilege 2288 msiexec.exe Token: SeBackupPrivilege 2288 msiexec.exe Token: SeRestorePrivilege 2288 msiexec.exe Token: SeShutdownPrivilege 2288 msiexec.exe Token: SeDebugPrivilege 2288 msiexec.exe Token: SeAuditPrivilege 2288 msiexec.exe Token: SeSystemEnvironmentPrivilege 2288 msiexec.exe Token: SeChangeNotifyPrivilege 2288 msiexec.exe Token: SeRemoteShutdownPrivilege 2288 msiexec.exe Token: SeUndockPrivilege 2288 msiexec.exe Token: SeSyncAgentPrivilege 2288 msiexec.exe Token: SeEnableDelegationPrivilege 2288 msiexec.exe Token: SeManageVolumePrivilege 2288 msiexec.exe Token: SeImpersonatePrivilege 2288 msiexec.exe Token: SeCreateGlobalPrivilege 2288 msiexec.exe Token: SeCreateTokenPrivilege 2288 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2288 msiexec.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2180 wrote to memory of 2380 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 28 PID 2180 wrote to memory of 2380 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 28 PID 2180 wrote to memory of 2380 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 28 PID 2180 wrote to memory of 2380 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 28 PID 2380 wrote to memory of 2064 2380 cmd.exe 30 PID 2380 wrote to memory of 2064 2380 cmd.exe 30 PID 2380 wrote to memory of 2064 2380 cmd.exe 30 PID 2180 wrote to memory of 2576 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 31 PID 2180 wrote to memory of 2576 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 31 PID 2180 wrote to memory of 2576 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 31 PID 2180 wrote to memory of 2576 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 31 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2180 wrote to memory of 2288 2180 906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe 33 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2700 wrote to memory of 2628 2700 msiexec.exe 35 PID 2628 wrote to memory of 1528 2628 MsiExec.exe 36 PID 2628 wrote to memory of 1528 2628 MsiExec.exe 36 PID 2628 wrote to memory of 1528 2628 MsiExec.exe 36 PID 2628 wrote to memory of 1528 2628 MsiExec.exe 36 PID 2628 wrote to memory of 2544 2628 MsiExec.exe 37 PID 2628 wrote to memory of 2544 2628 MsiExec.exe 37 PID 2628 wrote to memory of 2544 2628 MsiExec.exe 37 PID 2628 wrote to memory of 2544 2628 MsiExec.exe 37 PID 2628 wrote to memory of 2440 2628 MsiExec.exe 38 PID 2628 wrote to memory of 2440 2628 MsiExec.exe 38 PID 2628 wrote to memory of 2440 2628 MsiExec.exe 38 PID 2628 wrote to memory of 2440 2628 MsiExec.exe 38 PID 2628 wrote to memory of 2792 2628 MsiExec.exe 39 PID 2628 wrote to memory of 2792 2628 MsiExec.exe 39 PID 2628 wrote to memory of 2792 2628 MsiExec.exe 39 PID 2628 wrote to memory of 2792 2628 MsiExec.exe 39 PID 2628 wrote to memory of 2832 2628 MsiExec.exe 40 PID 2628 wrote to memory of 2832 2628 MsiExec.exe 40 PID 2628 wrote to memory of 2832 2628 MsiExec.exe 40 PID 2628 wrote to memory of 2832 2628 MsiExec.exe 40 PID 2628 wrote to memory of 1208 2628 MsiExec.exe 41 PID 2628 wrote to memory of 1208 2628 MsiExec.exe 41 PID 2628 wrote to memory of 1208 2628 MsiExec.exe 41 PID 2628 wrote to memory of 1208 2628 MsiExec.exe 41 PID 2628 wrote to memory of 2112 2628 MsiExec.exe 42 PID 2628 wrote to memory of 2112 2628 MsiExec.exe 42 PID 2628 wrote to memory of 2112 2628 MsiExec.exe 42 PID 2628 wrote to memory of 2112 2628 MsiExec.exe 42 PID 2628 wrote to memory of 620 2628 MsiExec.exe 43 PID 2628 wrote to memory of 620 2628 MsiExec.exe 43 PID 2628 wrote to memory of 620 2628 MsiExec.exe 43 PID 2628 wrote to memory of 620 2628 MsiExec.exe 43 PID 2628 wrote to memory of 544 2628 MsiExec.exe 44 PID 2628 wrote to memory of 544 2628 MsiExec.exe 44 PID 2628 wrote to memory of 544 2628 MsiExec.exe 44 PID 2628 wrote to memory of 544 2628 MsiExec.exe 44 PID 2628 wrote to memory of 320 2628 MsiExec.exe 45 PID 2628 wrote to memory of 320 2628 MsiExec.exe 45 PID 2628 wrote to memory of 320 2628 MsiExec.exe 45
Processes
-
C:\Users\Admin\AppData\Local\Temp\906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\906c4effd6a20be22ea026a43a3cb7b3_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\system32\cmd.execmd.exe /c bcdedit.exe > "C:\Users\Admin\AppData\Local\Temp\usb343A.tmp"2⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\system32\bcdedit.exebcdedit.exe3⤵PID:2064
-
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set testsigning on2⤵
- Modifies boot configuration data using bcdedit
PID:2576
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\QualcommWindowsDriverInstaller.msi" REBOOTNEEDED=12⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2288
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D0C9DF6317ADDF2742D799C15122DCF1 C2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{81D96D21-22FB-4CAE-96D7-605EBFCDF17E}3⤵
- Executes dropped EXE
PID:1528
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{30800951-EE10-4792-90B6-C65BDE1BAB57}3⤵
- Executes dropped EXE
PID:2544
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{97BACE8B-0229-41A8-9C9E-D67D3A21AFCE}3⤵
- Executes dropped EXE
PID:2440
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F89F8BD4-C35D-40CE-AEA6-98E6737EABF4}3⤵
- Executes dropped EXE
PID:2792
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8119C05A-A801-4B12-82FF-0085996E880A}3⤵
- Executes dropped EXE
PID:2832
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC0D47C2-16B2-4C2E-B1C9-867C49C707FD}3⤵
- Executes dropped EXE
PID:1208
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A89F21B-C9B8-4C52-A4C5-3A3498DE43D5}3⤵
- Executes dropped EXE
PID:2112
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A38E201D-AA3C-48D3-8860-4B4064F88D67}3⤵
- Executes dropped EXE
PID:620
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FAB04425-C584-44AE-9159-F54054F9F4BA}3⤵
- Executes dropped EXE
PID:544
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9F0CF3A-3277-42DE-89F4-C11F94F06E2C}3⤵
- Executes dropped EXE
PID:320
-
-
C:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{2CFB83C8-9CC1-4834-8239-F92EA883E843}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF843DAD-31B2-4A83-9C97-9E1C9B1681A3}3⤵
- Executes dropped EXE
PID:2776
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD57a2798d06f6ff4bb08381e75e1202277
SHA1123875bd02231d8e06d234e400f64ebb6ce622f2
SHA256c73541a041134a4e9d7e9e5f68aef83fa3f6caad9e9b44b7cba52cd5441a38de
SHA51216784c47c85b5c446422d6c17c933fbe1bd0b4f02bf43d487b404180c2b53567e587c527b5c4b23c4af96780499e01e5871fb67ccbf83d5ed90df433f15a120a
-
Filesize
11.6MB
MD52c35cb1d6bc7e9e2c1fd18e401de3a02
SHA1cfba57b4d521dc1d9bd5f226ab954f7ec8da3108
SHA256ec29ea59edf79119f5cb06fc7e742cd191652e2afebb223d94a98b38dc7c3c5b
SHA512fe2ee417f6bd8687116297c4c09872aa8d5c9e1cb048fe792befc494dddc0f2a100f21680b210fcace2b0562055ce9443091e409e74e1136c8b2c9643c0ed2b5
-
Filesize
1KB
MD5b29137fabacbaffd06344b24cc6ff015
SHA1ed9fda988d5b3cb4aef5281789c27627fc4486e3
SHA25609e29dde461114b1040749d9cfa04f5d0aa9ba11b2879f91177204f4ed846be6
SHA512902824267f555e1bac819357a97eec016fce90d412d8d00b076090b830913ed24b05a9c7923013476662f6e25ea71dedc74e1c693f140930a9868b8efccda5cf
-
Filesize
146KB
MD5c3b2acc07bb0610405fc786e3432bef9
SHA1333d5f2b55bd00ad4311ba104af7db984f953924
SHA2569acc6cb5d01a4e4dbc92c8774c6999fab5f0e49f097e83098ba740842f5a2894
SHA5122438e5dd11c8322101d9dc2d0f89ed0b1fc3cb5a65f644a1cf07f4c5a7f353c648e715fb910e09a444b623b3384eecd628e312608bcec63aa3b0107630df32bd
-
Filesize
260KB
MD5a93f625ef42b54c2b0f4d38201e67606
SHA1cbfebc1f736ccfc65562ede79a5ae1a8afb116a1
SHA256e91a865c3d60d9d0bce5d5a0a2f551c5e032d5bc13bc40f85091ce46d38064e0
SHA512805f0d535022de3d03aa191239fd90c54f2f6745bf02e0ce9cbe59ea34eecac7f9ebb600864c7cbcad5d011fa61bdb5b65889136617edc44178f87bd3970b198
-
Filesize
540KB
MD5d6bbf7ff6984213c7f1f0f8f07c51e6a
SHA1cfe933fc3b634f7333adec7ec124c14e9d19ac21
SHA2566366e18a8cbf609c9573f341004e5c2725c23a12973affa90ee7bcc7934ae1b2
SHA512a1364c96848f54b241c8e92ed1887ca599255c8046e31af11cd4b0b23d97c00243808dff9086a536c0084d6815223685283844a9e27f2c20c4d3b85a794a9e9d