Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 22:19
Static task
static1
Behavioral task
behavioral1
Sample
13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe
-
Size
239KB
-
MD5
13ad479f43406e00dd2eb7599be31527
-
SHA1
5aaf553aee6b73fe0f46f74987101647b002706a
-
SHA256
0d1dc5f2f30c132fa08fb762029057458f71c115c71eae8184e45a87e2607353
-
SHA512
44fcbc5081c0dde42828c2a6fcc4fb79a936253a6788de4809e98502df82c75dbd48ae315c753461b194bf1f98986fa9b6fea89ca0c6ae59bb3691fa1da303b2
-
SSDEEP
3072:A7mXb6igvd+2s7OBRgaPee7Ly2+XysjmyzSu8GSp0G2Rc+jUoC+:Amb6igk1O/gpe7GP5jSRucY
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\sdra64.exe," hsl.exe -
Modifies firewall policy service 3 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List scss.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile scss.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications scss.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\scss.exe = "C:\\Windows\\scss.exe:*:Enabled:Microsoft Windows Update Platform" scss.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation svcchost.exe -
Executes dropped EXE 4 IoCs
pid Process 2328 svcchost.exe 100 hsl.exe 640 exploree.exe 2904 scss.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys REG.exe -
resource yara_rule behavioral2/memory/2328-48-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2328-39-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral2/memory/2328-31-0x0000000000400000-0x000000000044C000-memory.dmp upx behavioral2/memory/2328-2989-0x0000000000400000-0x000000000041E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SDKhlpUser = "C:\\Windows\\svcchost.exe" svcchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\systme = "C:\\WINDOWS\\system32\\scss.exe" scss.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\sdra64.exe hsl.exe File created C:\Windows\SysWOW64\sdra64.exe hsl.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\svcchost.exe 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe File created C:\Windows\exploree.exe 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe File created C:\Windows\hsl.exe 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe File created C:\Windows\scss.exe 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1040 640 WerFault.exe 82 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 4772 REG.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4580 Taskmgr.exe 4580 Taskmgr.exe 100 hsl.exe 100 hsl.exe 100 hsl.exe 100 hsl.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 2328 svcchost.exe 2328 svcchost.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2328 svcchost.exe 4580 Taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 4580 Taskmgr.exe Token: SeSystemProfilePrivilege 4580 Taskmgr.exe Token: SeCreateGlobalPrivilege 4580 Taskmgr.exe Token: SeDebugPrivilege 100 hsl.exe Token: SeDebugPrivilege 2328 svcchost.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2328 svcchost.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe 4580 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2328 svcchost.exe -
Suspicious use of UnmapMainImage 5 IoCs
pid Process 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 2328 svcchost.exe 100 hsl.exe 640 exploree.exe 2904 scss.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4884 wrote to memory of 2328 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 81 PID 4884 wrote to memory of 2328 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 81 PID 4884 wrote to memory of 2328 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 81 PID 4884 wrote to memory of 640 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 82 PID 4884 wrote to memory of 640 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 82 PID 4884 wrote to memory of 640 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 82 PID 4884 wrote to memory of 100 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 83 PID 4884 wrote to memory of 100 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 83 PID 4884 wrote to memory of 100 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 83 PID 4884 wrote to memory of 2904 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 84 PID 4884 wrote to memory of 2904 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 84 PID 4884 wrote to memory of 2904 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 84 PID 4884 wrote to memory of 2484 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 86 PID 4884 wrote to memory of 2484 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 86 PID 4884 wrote to memory of 2484 4884 13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe 86 PID 2328 wrote to memory of 4580 2328 svcchost.exe 90 PID 2328 wrote to memory of 4580 2328 svcchost.exe 90 PID 2328 wrote to memory of 4580 2328 svcchost.exe 90 PID 2328 wrote to memory of 4772 2328 svcchost.exe 91 PID 2328 wrote to memory of 4772 2328 svcchost.exe 91 PID 2328 wrote to memory of 4772 2328 svcchost.exe 91 PID 2484 wrote to memory of 1056 2484 cmd.exe 93 PID 2484 wrote to memory of 1056 2484 cmd.exe 93 PID 2484 wrote to memory of 1056 2484 cmd.exe 93 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5 PID 100 wrote to memory of 616 100 hsl.exe 5
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:616
-
C:\Users\Admin\AppData\Local\Temp\13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\13ad479f43406e00dd2eb7599be31527_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Windows\svcchost.exe"C:\Windows\svcchost.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4580
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Impair Defenses: Safe Mode Boot
- Modifies registry key
PID:4772
-
-
-
C:\Windows\exploree.exe"C:\Windows\exploree.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:640 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 3443⤵
- Program crash
PID:1040
-
-
-
C:\Windows\hsl.exe"C:\Windows\hsl.exe"2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:100
-
-
C:\Windows\scss.exe"C:\Windows\scss.exe"2⤵
- Modifies firewall policy service
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of UnmapMainImage
PID:2904
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\154.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Windows\SysWOW64\chcp.comchcp 12513⤵PID:1056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 640 -ip 6401⤵PID:1968
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Safe Mode Boot
1Modify Registry
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
166B
MD5ca936c1244fd78ec8a6b5f23c92f9f1b
SHA1644f0296439c1c175d399a32bc8929cb692579a6
SHA256076b593a8d250953a255ef4cead2ee673b36e194ccf5e24152ce8b4c2359a925
SHA51244f179e904cfc5d1f8293ec5fe5768a438735850bb93e9da3eb3f956eb857dd86c05b15b1aa0c968a2bf4b3b473d71aa88c92c48a9db401e0d2cb7df6fc87c35
-
Filesize
35KB
MD531112dedf5f25bac5aef4c8e344b48f2
SHA1104551348e450ea824d9469afc0189a342140290
SHA256d346171cee29cb55204afeb44284480ebcbddee8000ec944a63f2655f0dcdb65
SHA5122ee76e84b70109906ff37cafe58c24ea0b88a2846a43290fa7ecd3abc3b754072dddea8af2b2375df10a7da4c97ceccc03d6f4fcd8243f94b7838072cf03262f
-
Filesize
93KB
MD5bb389d8f47db4a872087c37249b5347a
SHA18b6c0121e46b4af94c941d25fac2f2e7a3092b8d
SHA2567490c42628d70c748b16387e66c33b5989c24b6531a949d5fa10d3069d90adad
SHA5127b6c0ba266a9a611c2e713aeceb0b78a0400a405dbf48482fd0cbe00ea674591e324ffadb7900d4e9d444e81522c111e982410ebfe2f98e9eb2870df9a0f3950
-
Filesize
42KB
MD5875d7d741e71b84e8d620e96b442ffc8
SHA134b1d6223940df1e2c47e441a84451d11c24ed6a
SHA2569820f333dbe7cbd6ba2064999e7368efc3b4ce114925ede6d96d5fdfe3b1e909
SHA5127b0e3264197e52ebf6b701cb051f749008bf489ff02133b38e4a71111309d1eff3084b2428cc3ec0dce6472a2d0ac4ad3e6430daf701f2777f1852c69fd72180
-
Filesize
50KB
MD596536128805788b05b9335d674c19e1d
SHA1a44cde59321c0f9bb07ef975efc8370c8a51e23e
SHA25669693ac781a21bad65c7962e0afe1157c7cfcd088675a62a6afd92347178f2be
SHA512537e856222506c1200796ce750bfd12bb9933558f1e484c1cc4f1dfc2610385cfb4d2d0f72a9f4d125d97b47060289ff480fedfe64fb6e96c9c302cdd9ab6e1f