Analysis
-
max time kernel
133s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 18:03
Behavioral task
behavioral1
Sample
b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe
-
Size
2.2MB
-
MD5
b4788750c2c9f255a3d2373dd3e21a8d
-
SHA1
b16f2a14a200a97dcc4c8a40d9b4dafa5ec4f4c7
-
SHA256
5a2562967cf60ce8575c6ab431c8cd932bbf0820725d57c038770f6c8d2af4ab
-
SHA512
a95e2cb6961b1d570657d97bb092d9ab9b42a7d67d49ec7bf60ac49caaab7c0cade665aa38ce66bdd76528e8177fc68916b93a636a23adba61737359be6cec74
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZS:0UzeyQMS4DqodCnoe+iitjWwwm
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe" explorer.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe -
Modifies Installed Components in the registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR" explorer.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe -
Executes dropped EXE 64 IoCs
pid Process 1940 explorer.exe 4304 explorer.exe 4328 spoolsv.exe 1636 spoolsv.exe 2024 spoolsv.exe 3956 spoolsv.exe 744 spoolsv.exe 4700 spoolsv.exe 4348 spoolsv.exe 1876 spoolsv.exe 392 spoolsv.exe 1996 spoolsv.exe 2516 spoolsv.exe 748 spoolsv.exe 4648 spoolsv.exe 1940 spoolsv.exe 3948 spoolsv.exe 4312 spoolsv.exe 4724 spoolsv.exe 2700 spoolsv.exe 3472 spoolsv.exe 1300 spoolsv.exe 1796 spoolsv.exe 3172 spoolsv.exe 2880 spoolsv.exe 1484 spoolsv.exe 2716 spoolsv.exe 4392 spoolsv.exe 2448 spoolsv.exe 4808 spoolsv.exe 1240 spoolsv.exe 396 spoolsv.exe 856 spoolsv.exe 3632 spoolsv.exe 2552 spoolsv.exe 1192 spoolsv.exe 3732 spoolsv.exe 4920 spoolsv.exe 3700 explorer.exe 3492 spoolsv.exe 3620 spoolsv.exe 624 spoolsv.exe 1428 spoolsv.exe 4720 spoolsv.exe 3836 explorer.exe 5020 spoolsv.exe 4428 spoolsv.exe 4300 spoolsv.exe 2972 spoolsv.exe 4380 spoolsv.exe 4292 spoolsv.exe 4792 spoolsv.exe 1612 spoolsv.exe 4756 spoolsv.exe 4068 spoolsv.exe 1432 spoolsv.exe 3832 explorer.exe 5076 spoolsv.exe 2828 spoolsv.exe 3960 spoolsv.exe 1416 spoolsv.exe 956 spoolsv.exe 4092 spoolsv.exe 4928 spoolsv.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO" explorer.exe -
Suspicious use of SetThreadContext 43 IoCs
description pid Process procid_target PID 1512 set thread context of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 1940 set thread context of 4304 1940 explorer.exe 92 PID 4328 set thread context of 4920 4328 spoolsv.exe 128 PID 1636 set thread context of 3492 1636 spoolsv.exe 130 PID 2024 set thread context of 3620 2024 spoolsv.exe 131 PID 3956 set thread context of 1428 3956 spoolsv.exe 133 PID 744 set thread context of 4720 744 spoolsv.exe 134 PID 4700 set thread context of 5020 4700 spoolsv.exe 136 PID 4348 set thread context of 4428 4348 spoolsv.exe 137 PID 1876 set thread context of 4300 1876 spoolsv.exe 138 PID 392 set thread context of 2972 392 spoolsv.exe 139 PID 1996 set thread context of 4380 1996 spoolsv.exe 140 PID 2516 set thread context of 4292 2516 spoolsv.exe 141 PID 748 set thread context of 4792 748 spoolsv.exe 142 PID 4648 set thread context of 4756 4648 spoolsv.exe 144 PID 1940 set thread context of 4068 1940 spoolsv.exe 145 PID 3948 set thread context of 1432 3948 spoolsv.exe 146 PID 4312 set thread context of 5076 4312 spoolsv.exe 148 PID 4724 set thread context of 2828 4724 spoolsv.exe 149 PID 2700 set thread context of 3960 2700 spoolsv.exe 150 PID 3472 set thread context of 1416 3472 spoolsv.exe 151 PID 1300 set thread context of 956 1300 spoolsv.exe 152 PID 1796 set thread context of 4092 1796 spoolsv.exe 153 PID 3172 set thread context of 4928 3172 spoolsv.exe 154 PID 2880 set thread context of 3036 2880 spoolsv.exe 155 PID 1484 set thread context of 1688 1484 spoolsv.exe 157 PID 2716 set thread context of 2232 2716 spoolsv.exe 158 PID 4392 set thread context of 2852 4392 spoolsv.exe 160 PID 2448 set thread context of 5028 2448 spoolsv.exe 161 PID 4808 set thread context of 3092 4808 spoolsv.exe 162 PID 1240 set thread context of 4856 1240 spoolsv.exe 163 PID 396 set thread context of 2332 396 spoolsv.exe 164 PID 856 set thread context of 1684 856 spoolsv.exe 166 PID 3632 set thread context of 3012 3632 spoolsv.exe 168 PID 2552 set thread context of 1928 2552 spoolsv.exe 169 PID 1192 set thread context of 4860 1192 spoolsv.exe 171 PID 3732 set thread context of 4384 3732 spoolsv.exe 176 PID 3700 set thread context of 1436 3700 explorer.exe 179 PID 624 set thread context of 2416 624 spoolsv.exe 186 PID 3836 set thread context of 3180 3836 explorer.exe 189 PID 1612 set thread context of 2668 1612 spoolsv.exe 197 PID 3832 set thread context of 436 3832 explorer.exe 200 PID 3796 set thread context of 3456 3796 spoolsv.exe 206 -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\system\udsys.exe explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification \??\c:\windows\system\spoolsv.exe explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification C:\Windows\Parameters.ini explorer.exe File opened for modification \??\c:\windows\system\explorer.exe b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe File opened for modification \??\c:\windows\system\explorer.exe explorer.exe File opened for modification C:\Windows\Parameters.ini spoolsv.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4304 explorer.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4304 explorer.exe 4920 spoolsv.exe 4920 spoolsv.exe 3492 spoolsv.exe 3492 spoolsv.exe 3620 spoolsv.exe 3620 spoolsv.exe 1428 spoolsv.exe 1428 spoolsv.exe 4720 spoolsv.exe 4720 spoolsv.exe 5020 spoolsv.exe 5020 spoolsv.exe 4428 spoolsv.exe 4428 spoolsv.exe 4300 spoolsv.exe 4300 spoolsv.exe 2972 spoolsv.exe 2972 spoolsv.exe 4380 spoolsv.exe 4380 spoolsv.exe 4292 spoolsv.exe 4292 spoolsv.exe 4792 spoolsv.exe 4792 spoolsv.exe 4756 spoolsv.exe 4756 spoolsv.exe 4068 spoolsv.exe 4068 spoolsv.exe 1432 spoolsv.exe 1432 spoolsv.exe 5076 spoolsv.exe 5076 spoolsv.exe 2828 spoolsv.exe 2828 spoolsv.exe 3960 spoolsv.exe 3960 spoolsv.exe 1416 spoolsv.exe 1416 spoolsv.exe 956 spoolsv.exe 956 spoolsv.exe 4092 spoolsv.exe 4092 spoolsv.exe 4928 spoolsv.exe 4928 spoolsv.exe 3036 spoolsv.exe 3036 spoolsv.exe 1688 spoolsv.exe 1688 spoolsv.exe 2232 spoolsv.exe 2232 spoolsv.exe 2852 spoolsv.exe 2852 spoolsv.exe 5028 spoolsv.exe 5028 spoolsv.exe 3092 spoolsv.exe 3092 spoolsv.exe 4856 spoolsv.exe 4856 spoolsv.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1512 wrote to memory of 4828 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 82 PID 1512 wrote to memory of 4828 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 82 PID 1512 wrote to memory of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 1512 wrote to memory of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 1512 wrote to memory of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 1512 wrote to memory of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 1512 wrote to memory of 4208 1512 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 87 PID 4208 wrote to memory of 1940 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 88 PID 4208 wrote to memory of 1940 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 88 PID 4208 wrote to memory of 1940 4208 b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe 88 PID 1940 wrote to memory of 4304 1940 explorer.exe 92 PID 1940 wrote to memory of 4304 1940 explorer.exe 92 PID 1940 wrote to memory of 4304 1940 explorer.exe 92 PID 1940 wrote to memory of 4304 1940 explorer.exe 92 PID 1940 wrote to memory of 4304 1940 explorer.exe 92 PID 4304 wrote to memory of 4328 4304 explorer.exe 93 PID 4304 wrote to memory of 4328 4304 explorer.exe 93 PID 4304 wrote to memory of 4328 4304 explorer.exe 93 PID 4304 wrote to memory of 1636 4304 explorer.exe 94 PID 4304 wrote to memory of 1636 4304 explorer.exe 94 PID 4304 wrote to memory of 1636 4304 explorer.exe 94 PID 4304 wrote to memory of 2024 4304 explorer.exe 95 PID 4304 wrote to memory of 2024 4304 explorer.exe 95 PID 4304 wrote to memory of 2024 4304 explorer.exe 95 PID 4304 wrote to memory of 3956 4304 explorer.exe 96 PID 4304 wrote to memory of 3956 4304 explorer.exe 96 PID 4304 wrote to memory of 3956 4304 explorer.exe 96 PID 4304 wrote to memory of 744 4304 explorer.exe 97 PID 4304 wrote to memory of 744 4304 explorer.exe 97 PID 4304 wrote to memory of 744 4304 explorer.exe 97 PID 4304 wrote to memory of 4700 4304 explorer.exe 98 PID 4304 wrote to memory of 4700 4304 explorer.exe 98 PID 4304 wrote to memory of 4700 4304 explorer.exe 98 PID 4304 wrote to memory of 4348 4304 explorer.exe 99 PID 4304 wrote to memory of 4348 4304 explorer.exe 99 PID 4304 wrote to memory of 4348 4304 explorer.exe 99 PID 4304 wrote to memory of 1876 4304 explorer.exe 100 PID 4304 wrote to memory of 1876 4304 explorer.exe 100 PID 4304 wrote to memory of 1876 4304 explorer.exe 100 PID 4304 wrote to memory of 392 4304 explorer.exe 101 PID 4304 wrote to memory of 392 4304 explorer.exe 101 PID 4304 wrote to memory of 392 4304 explorer.exe 101 PID 4304 wrote to memory of 1996 4304 explorer.exe 102 PID 4304 wrote to memory of 1996 4304 explorer.exe 102 PID 4304 wrote to memory of 1996 4304 explorer.exe 102 PID 4304 wrote to memory of 2516 4304 explorer.exe 103 PID 4304 wrote to memory of 2516 4304 explorer.exe 103 PID 4304 wrote to memory of 2516 4304 explorer.exe 103 PID 4304 wrote to memory of 748 4304 explorer.exe 104 PID 4304 wrote to memory of 748 4304 explorer.exe 104 PID 4304 wrote to memory of 748 4304 explorer.exe 104 PID 4304 wrote to memory of 4648 4304 explorer.exe 105 PID 4304 wrote to memory of 4648 4304 explorer.exe 105 PID 4304 wrote to memory of 4648 4304 explorer.exe 105 PID 4304 wrote to memory of 1940 4304 explorer.exe 106 PID 4304 wrote to memory of 1940 4304 explorer.exe 106 PID 4304 wrote to memory of 1940 4304 explorer.exe 106 PID 4304 wrote to memory of 3948 4304 explorer.exe 107 PID 4304 wrote to memory of 3948 4304 explorer.exe 107 PID 4304 wrote to memory of 3948 4304 explorer.exe 107 PID 4304 wrote to memory of 4312 4304 explorer.exe 108 PID 4304 wrote to memory of 4312 4304 explorer.exe 108 PID 4304 wrote to memory of 4312 4304 explorer.exe 108 PID 4304 wrote to memory of 4724 4304 explorer.exe 109
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:4828
-
-
C:\Users\Admin\AppData\Local\Temp\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b4788750c2c9f255a3d2373dd3e21a8d_JaffaCakes118.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4208 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"4⤵
- Modifies WinLogon for persistence
- Modifies visiblity of hidden/system files in Explorer
- Modifies Installed Components in the registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4304 -
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:4328 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4920 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3700 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:1436
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1636 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3492
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2024 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3620
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3956 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:744 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4720 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3836 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:3180
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:4700 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5020
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4348 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4428
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1876 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4300
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:392 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1996 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4380
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2516 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4292
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:748 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4792
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4648 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4756
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1940 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4068
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3948 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3832 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:436
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:4312 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5076
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4724 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2700 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3960
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3472 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1300 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1796 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4092
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3172 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4928
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2880 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:3036
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1484 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:1688
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2716 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:2232 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Drops file in Windows directory
PID:3112 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:4260
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:4392 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:2852
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2448 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:5028
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:4808 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:3092
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1240 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
- Suspicious use of SetWindowsHookEx
PID:4856
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:396 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2332
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:856 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:1684
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Drops file in Windows directory
PID:4784 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:1644
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3632 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3012
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:2552 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:1928
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1192 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:4860
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Drops file in Windows directory
PID:3128 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:1036
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3732 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:4384
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:5072
-
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:4472
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:624 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2416
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Drops file in Windows directory
PID:4716 -
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"8⤵PID:728
-
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:1612 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2668
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
- Drops file in Windows directory
PID:4076
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
PID:3796 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3456
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:3076
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:4852 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:4712
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:4104
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:1824 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2064
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:1624 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:5108
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:3040 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:5000
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:4252 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:384
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:3104 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:380
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:3444 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3604
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:4960
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:4484 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3540
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2792 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2244
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:3784
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:3896 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2016
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:1932
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:4804
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:3116 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:2996
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:892 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3968
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵PID:1708
-
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:5040
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:3080
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:1268 -
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵PID:1884
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2748
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2528
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2992
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:4332
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:1904
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:1508
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2096
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:5012
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:804
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Drops file in Windows directory
PID:2896
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:4824
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:3848
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:3852
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:2480
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:1944
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:4052
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵PID:216
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:3844
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74B
MD56687785d6a31cdf9a5f80acb3abc459b
SHA11ddda26cc18189770eaaa4a9e78cc4abe4fe39c9
SHA2563b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b
SHA5125fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962
-
Filesize
2.2MB
MD5300a19bb7665742658a4a63f79dedc70
SHA1dde7c7296b0a44a94164f4593c927d9b07081fa8
SHA2564c91d7e93362275a461f472098bb884ef149d7b8393cc5948a691c0f3d47b438
SHA512f5f8dd07da5dab63a0b124e2b595a5cf209b72a91ca67369c2ba7b7c98965c1c08aeadf0fe5d7fa4bf3b12b8ad2e72595125787e22693a91168f7c8e453809cd
-
Filesize
2.2MB
MD574d6bc9280f7eaa8e7a53a79f4989bc8
SHA1ea0e58c914fa3cc95a6872e1cfd0f976f053f643
SHA2568a35d43028a53490afa808517b0c4b506997c11eeb41d143aef9a613d5cdfe45
SHA5123617fcd78d36059dc534240e5128b37490c2802c2b6b3d994db36ba82813579eae92e707d7a315ed804edc9f31dc00967eaf87314e86e83bfef358188437d104