Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 03:40
Static task
static1
Behavioral task
behavioral1
Sample
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe
-
Size
96KB
-
MD5
65fda9d498ea814cd952167dcf175353
-
SHA1
65434c10b454627ec6e72fda161cf9442ea34485
-
SHA256
93036a31d57bb484184a6e56f3c85e028421c2c895859bb6ff8b0d7b50eb9c9d
-
SHA512
e949c8ed63379e0c40894470423738424ba17fb6e334f3f64dcf1e7223233017427f796ec48ec8778997c79dabb89e9f6299e2052d24c62bd84cfad246ca6e64
-
SSDEEP
1536:yxqjQ+P04wsZLnDrCTcICnouy8jPcVo6r7S/rab+Ee6S9GcUxW:zr8WDrCTchoutU7cWb6EcUg
Malware Config
Signatures
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Drops file in Drivers directory 2 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\Windows\System32\drivers\etc\hosts cmd.exe File opened for modification C:\Windows\System32\drivers\etc\hоsts cmd.exe -
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
Processes:
attrib.exeattrib.exepid process 2784 attrib.exe 4980 attrib.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exepid process 4244 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe upx behavioral2/memory/4244-13-0x0000000000400000-0x0000000000456000-memory.dmp upx behavioral2/memory/4244-690-0x0000000000400000-0x0000000000456000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\button = "C:\\Windows\\system32\\button.bat" reg.exe -
Drops file in System32 directory 2 IoCs
Processes:
cmd.exedescription ioc process File created C:\Windows\SysWOW64\end.bat cmd.exe File opened for modification C:\Windows\SysWOW64\end.bat cmd.exe -
Drops file in Program Files directory 64 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI9C33~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13187~1.41\MICROS~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MI391D~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~2.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MICROS~4.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\setup_wm.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.41\MIA062~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\svchost.com 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 27 IoCs
Processes:
65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe65fda9d498ea814cd952167dcf175353_JaffaCakes118.execmd.exedescription pid process target process PID 2456 wrote to memory of 4244 2456 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2456 wrote to memory of 4244 2456 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 2456 wrote to memory of 4244 2456 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe PID 4244 wrote to memory of 4360 4244 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 4244 wrote to memory of 4360 4244 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 4244 wrote to memory of 4360 4244 65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe cmd.exe PID 4360 wrote to memory of 4328 4360 cmd.exe chcp.com PID 4360 wrote to memory of 4328 4360 cmd.exe chcp.com PID 4360 wrote to memory of 4328 4360 cmd.exe chcp.com PID 4360 wrote to memory of 2400 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2400 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2400 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2784 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2784 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2784 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2984 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2984 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2984 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 4980 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 4980 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 4980 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2620 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2620 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 2620 4360 cmd.exe attrib.exe PID 4360 wrote to memory of 5096 4360 cmd.exe reg.exe PID 4360 wrote to memory of 5096 4360 cmd.exe reg.exe PID 4360 wrote to memory of 5096 4360 cmd.exe reg.exe -
Views/modifies file attributes 1 TTPs 5 IoCs
Processes:
attrib.exeattrib.exeattrib.exeattrib.exeattrib.exepid process 2784 attrib.exe 2984 attrib.exe 4980 attrib.exe 2620 attrib.exe 2400 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\65fda9d498ea814cd952167dcf175353_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4244 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\830B.tmp\end.bat" "3⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4360 -
C:\Windows\SysWOW64\chcp.comchcp 12514⤵PID:4328
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -r -h C:\Windows\system32\drivers\etc\hosts4⤵
- Views/modifies file attributes
PID:2400
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s -r +H C:\Windows\system32\drivers\etc\hosts4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:2784
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +s -H C:\Windows\system32\drivers\etc4⤵
- Views/modifies file attributes
PID:2984
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +H +s C:\Windows\system32\drivers\etc\hosts4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:4980
-
-
C:\Windows\SysWOW64\attrib.exeattrib +r +s C:\Windows\system32\drivers\etc\hоsts4⤵
- Views/modifies file attributes
PID:2620
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "button" /t REG_SZ /d "C:\Windows\system32\button.bat" /f4⤵
- Adds Run key to start application
PID:5096
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD5d9e8a1fa55faebd36ed2342fedefbedd
SHA1c25cc7f0035488de9c5df0121a09b5100e1c28e9
SHA256bd7696911d75a9a35dfd125b24cb95003f1e9598592df47fa23a2568986a4a9a
SHA512134644c68bd04536e9ea0a5da6e334d36b1ce8012a061fa6dabd31f85c16a1ac9eee8c40fee3d55f25c4d4edf0672de8ce204e344c800361cbcff092c09d7a33
-
Filesize
55KB
MD5c6f1b034bffaf62bc1254e72c9aa1662
SHA183725b60cfd544154ef71e78a0ebf777885a92b2
SHA256a19351ba29d0b6ddb6bc0999d8c52a6440ffeb09eb7b02f614b3c2f4a816f671
SHA512ff789248d206697665a61d3ed781e4f797641c3f81aaf94e3d24801b384b4780b7b546c3e61f73b8166735cbfc1d342216c1c5910858ef8db1255cefc5c5504f
-
Filesize
267KB
MD57587b2b0a5fc82e9e4cc74ce46ace872
SHA1ca819f39b8ad8e94fdf21dc9df86df47ba637d53
SHA2568a9dd393be84dcd564241a4f277605c91c237147ac5db202bc4b5536e2e1dce4
SHA512328f0613548c6014a072c7772d4822cea14b2637f009dc948271f19bc56d4b52af5b9f5c1767b686b6c31e2855a0520dacbb0f6868753a2c6aef53592f17a096
-
Filesize
1KB
MD59d86d0ef016df89edd6ac30c48ed5418
SHA1b97909e0e810c18df521f20759af43241c8700d2
SHA2565369a346a83a46e176e85a39ea14489f949514dc85b7f81d936fc243d71a4233
SHA512a25c77afb10f0ed0adc1c9a59f40bc53dd4e0d54b49a53fcf4a7f22a57ac84025321bcf137641a1a1818d49a0e4c2f443f83ee83ac7a6ec9500c50d1fd0b24f9
-
Filesize
4KB
MD5f84f78b89cbb5aeb42768b8e153b004e
SHA1d55251caa6c88cd07c70bb3be6948204f94ee33f
SHA256f9d304d34520daf475f8bda3bf3c8918071c1ddb829526a2b2ec50253e6b9d58
SHA512d87f30fd7ff7aa879b7bc93a61f8d2ef4ee3573620805e6d03f91db9e8a266dbf70388df7c251c244a069b2039326775d293da465e95f1ce4d1e3cf2e73b39e7