Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 03:40
Static task
static1
Behavioral task
behavioral1
Sample
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe
-
Size
96KB
-
MD5
65fda9d498ea814cd952167dcf175353
-
SHA1
65434c10b454627ec6e72fda161cf9442ea34485
-
SHA256
93036a31d57bb484184a6e56f3c85e028421c2c895859bb6ff8b0d7b50eb9c9d
-
SHA512
e949c8ed63379e0c40894470423738424ba17fb6e334f3f64dcf1e7223233017427f796ec48ec8778997c79dabb89e9f6299e2052d24c62bd84cfad246ca6e64
-
SSDEEP
1536:yxqjQ+P04wsZLnDrCTcICnouy8jPcVo6r7S/rab+Ee6S9GcUxW:zr8WDrCTchoutU7cWb6EcUg
Malware Config
Signatures
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Drops file in Drivers directory 2 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\Windows\System32\drivers\etc\hosts cmd.exe File opened for modification C:\Windows\System32\drivers\etc\hоsts cmd.exe -
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
Processes:
attrib.exeattrib.exepid process 2640 attrib.exe 2820 attrib.exe -
Executes dropped EXE 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exepid process 2876 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Loads dropped DLL 2 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exepid process 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe upx behavioral1/memory/2292-4-0x0000000002790000-0x00000000027E6000-memory.dmp upx behavioral1/memory/2876-11-0x0000000000400000-0x0000000000456000-memory.dmp upx behavioral1/memory/2876-743-0x0000000000400000-0x0000000000456000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\button = "C:\\Windows\\system32\\button.bat" reg.exe -
Drops file in System32 directory 2 IoCs
Processes:
cmd.exedescription ioc process File created C:\Windows\SysWOW64\end.bat cmd.exe File opened for modification C:\Windows\SysWOW64\end.bat cmd.exe -
Drops file in Program Files directory 64 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmpconfig.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\WORDICON.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOICONS.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmplayer.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\svchost.com 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 36 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe65fda9d498ea814cd952167dcf175353_JaffaCakes118.execmd.exedescription pid process target process PID 2292 wrote to memory of 2876 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2292 wrote to memory of 2876 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2292 wrote to memory of 2876 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2292 wrote to memory of 2876 2292 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2876 wrote to memory of 2744 2876 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 2876 wrote to memory of 2744 2876 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 2876 wrote to memory of 2744 2876 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 2876 wrote to memory of 2744 2876 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 2744 wrote to memory of 2752 2744 cmd.exe chcp.com PID 2744 wrote to memory of 2752 2744 cmd.exe chcp.com PID 2744 wrote to memory of 2752 2744 cmd.exe chcp.com PID 2744 wrote to memory of 2752 2744 cmd.exe chcp.com PID 2744 wrote to memory of 2756 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2756 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2756 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2756 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2640 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2640 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2640 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2640 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2656 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2656 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2656 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2656 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2820 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2820 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2820 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2820 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2856 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2856 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2856 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2856 2744 cmd.exe attrib.exe PID 2744 wrote to memory of 2552 2744 cmd.exe reg.exe PID 2744 wrote to memory of 2552 2744 cmd.exe reg.exe PID 2744 wrote to memory of 2552 2744 cmd.exe reg.exe PID 2744 wrote to memory of 2552 2744 cmd.exe reg.exe -
Views/modifies file attributes 1 TTPs 5 IoCs
Processes:
attrib.exeattrib.exeattrib.exeattrib.exeattrib.exepid process 2820 attrib.exe 2856 attrib.exe 2756 attrib.exe 2640 attrib.exe 2656 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\435.tmp\end.bat" "3⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2744 -
C:\Windows\SysWOW64\chcp.comchcp 12514⤵PID:2752
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -r -h C:\Windows\system32\drivers\etc\hosts4⤵
- Views/modifies file attributes
PID:2756
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s -r +H C:\Windows\system32\drivers\etc\hosts4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:2640
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +s -H C:\Windows\system32\drivers\etc4⤵
- Views/modifies file attributes
PID:2656
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +H +s C:\Windows\system32\drivers\etc\hosts4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:2820
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +s C:\Windows\system32\drivers\etc\hоsts4⤵
- Views/modifies file attributes
PID:2856
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "button" /t REG_SZ /d "C:\Windows\system32\button.bat" /f4⤵
- Adds Run key to start application
PID:2552
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
859KB
MD5754309b7b83050a50768236ee966224f
SHA110ed7efc2e594417ddeb00a42deb8fd9f804ed53
SHA256acd32dd903e5464b0ecd153fb3f71da520d2e59a63d4c355d9c1874c919d04e6
SHA512e5aaddf62c08c8fcc1ae3f29df220c5c730a2efa96dd18685ee19f5a9d66c4735bb4416c4828033661990604669ed345415ef2dc096ec75e1ab378dd804b1614
-
Filesize
267KB
MD57587b2b0a5fc82e9e4cc74ce46ace872
SHA1ca819f39b8ad8e94fdf21dc9df86df47ba637d53
SHA2568a9dd393be84dcd564241a4f277605c91c237147ac5db202bc4b5536e2e1dce4
SHA512328f0613548c6014a072c7772d4822cea14b2637f009dc948271f19bc56d4b52af5b9f5c1767b686b6c31e2855a0520dacbb0f6868753a2c6aef53592f17a096
-
Filesize
1KB
MD5ee78bd138aebea10902115d93a9ac62f
SHA1f380000215fda9a1978669a16b2d4d041c186f12
SHA2568c8c206ec7fcccd5b86ea8026b21649988cdb4cbea4af346029737552b6e381b
SHA51209a252dcfb572e3965c0d98e4593650f5105fd72bcbea25b7ff79f730dc8bec65207a73fbb91b974534b4e84ef9722e71808ffd1e0a8edd70a981271a78e16c9
-
Filesize
4KB
MD504085f0fc8a04703aa8d9d616726f0fc
SHA186ec391a6928845e6a67d91b2234a5cda1b51378
SHA2566d8a3b6c60e361aadce048f41bc0cdc69a8e41b0b8c322986e8baeffe0e33394
SHA5128b786d82e92af10ddf9e9fe059ca062a93c3adf2ec8d228d3cbb2b25ce664c741944de40cd0ca67c92cb80f90fd2db697e5c94a8f51a69834210c8d5bf991916
-
Filesize
252KB
MD59e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1ec66cda99f44b62470c6930e5afda061579cde35
SHA2568899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA5122ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156
-
Filesize
55KB
MD5c6f1b034bffaf62bc1254e72c9aa1662
SHA183725b60cfd544154ef71e78a0ebf777885a92b2
SHA256a19351ba29d0b6ddb6bc0999d8c52a6440ffeb09eb7b02f614b3c2f4a816f671
SHA512ff789248d206697665a61d3ed781e4f797641c3f81aaf94e3d24801b384b4780b7b546c3e61f73b8166735cbfc1d342216c1c5910858ef8db1255cefc5c5504f