Analysis
-
max time kernel
123s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:35
Behavioral task
behavioral1
Sample
c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe
-
Size
200KB
-
MD5
c073dc13278b3563542b80888b490e8f
-
SHA1
1d6a54bf2ff1818931dcdc4235a4ada8247fc43d
-
SHA256
078a4f6d1fc7ab17969f46111b4c9062ab54f21b214c7d2520b371f75be2ccf2
-
SHA512
a4fde107254e3bbfb3c38ca7c0f25c5e2287a415fff2a6b0030c77304331c456f07eaec408363fd220ad38334976e4b76c03c9ebd457328f60574fa0605b23ea
-
SSDEEP
6144:Ysui+5LM8X2TosROoVtW7vhOuw/TPhoS:YsGS1VtW7vhOuw/7hoS
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\05dmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kyw41f.exe" c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe -
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts kyw41f.exe -
Deletes itself 1 IoCs
pid Process 2604 cmd.exe -
Executes dropped EXE 3 IoCs
pid Process 2832 kyw41f.exe 2056 kyw41f.exe 1516 kyw41f.exe -
Loads dropped DLL 4 IoCs
pid Process 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 2832 kyw41f.exe 2832 kyw41f.exe -
resource yara_rule behavioral1/memory/1956-0-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/files/0x0007000000018702-11.dat upx behavioral1/memory/2832-16-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/1956-25-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/2056-31-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/2832-35-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/2056-36-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/2056-37-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/1516-47-0x0000000000400000-0x0000000000438000-memory.dmp upx behavioral1/memory/1516-48-0x0000000000400000-0x0000000000438000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\y78nw2o.log kyw41f.exe File opened for modification C:\Windows\SysWOW64\y78nw2o.log kyw41f.exe -
Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 2432 sc.exe 2932 sc.exe 2124 sc.exe 1880 sc.exe 2812 sc.exe 2704 sc.exe 2912 sc.exe 2072 sc.exe -
System Location Discovery: System Language Discovery 1 TTPs 29 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kyw41f.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kyw41f.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kyw41f.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main kyw41f.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main kyw41f.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main kyw41f.exe -
Runs net.exe
-
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 2832 kyw41f.exe 2832 kyw41f.exe 2832 kyw41f.exe 2056 kyw41f.exe 2056 kyw41f.exe 2056 kyw41f.exe 1516 kyw41f.exe 1516 kyw41f.exe 1516 kyw41f.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1956 wrote to memory of 2800 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 31 PID 1956 wrote to memory of 2800 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 31 PID 1956 wrote to memory of 2800 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 31 PID 1956 wrote to memory of 2800 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 31 PID 1956 wrote to memory of 2812 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 32 PID 1956 wrote to memory of 2812 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 32 PID 1956 wrote to memory of 2812 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 32 PID 1956 wrote to memory of 2812 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 32 PID 1956 wrote to memory of 2728 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 34 PID 1956 wrote to memory of 2728 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 34 PID 1956 wrote to memory of 2728 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 34 PID 1956 wrote to memory of 2728 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 34 PID 1956 wrote to memory of 2704 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 36 PID 1956 wrote to memory of 2704 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 36 PID 1956 wrote to memory of 2704 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 36 PID 1956 wrote to memory of 2704 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 36 PID 1956 wrote to memory of 2832 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 37 PID 1956 wrote to memory of 2832 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 37 PID 1956 wrote to memory of 2832 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 37 PID 1956 wrote to memory of 2832 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 37 PID 2800 wrote to memory of 2744 2800 net.exe 40 PID 2800 wrote to memory of 2744 2800 net.exe 40 PID 2800 wrote to memory of 2744 2800 net.exe 40 PID 2800 wrote to memory of 2744 2800 net.exe 40 PID 1956 wrote to memory of 2604 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 41 PID 1956 wrote to memory of 2604 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 41 PID 1956 wrote to memory of 2604 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 41 PID 1956 wrote to memory of 2604 1956 c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe 41 PID 2728 wrote to memory of 2628 2728 net.exe 42 PID 2728 wrote to memory of 2628 2728 net.exe 42 PID 2728 wrote to memory of 2628 2728 net.exe 42 PID 2728 wrote to memory of 2628 2728 net.exe 42 PID 2832 wrote to memory of 2924 2832 kyw41f.exe 44 PID 2832 wrote to memory of 2924 2832 kyw41f.exe 44 PID 2832 wrote to memory of 2924 2832 kyw41f.exe 44 PID 2832 wrote to memory of 2924 2832 kyw41f.exe 44 PID 2832 wrote to memory of 2912 2832 kyw41f.exe 45 PID 2832 wrote to memory of 2912 2832 kyw41f.exe 45 PID 2832 wrote to memory of 2912 2832 kyw41f.exe 45 PID 2832 wrote to memory of 2912 2832 kyw41f.exe 45 PID 2832 wrote to memory of 344 2832 kyw41f.exe 46 PID 2832 wrote to memory of 344 2832 kyw41f.exe 46 PID 2832 wrote to memory of 344 2832 kyw41f.exe 46 PID 2832 wrote to memory of 344 2832 kyw41f.exe 46 PID 2832 wrote to memory of 2072 2832 kyw41f.exe 47 PID 2832 wrote to memory of 2072 2832 kyw41f.exe 47 PID 2832 wrote to memory of 2072 2832 kyw41f.exe 47 PID 2832 wrote to memory of 2072 2832 kyw41f.exe 47 PID 2832 wrote to memory of 2056 2832 kyw41f.exe 48 PID 2832 wrote to memory of 2056 2832 kyw41f.exe 48 PID 2832 wrote to memory of 2056 2832 kyw41f.exe 48 PID 2832 wrote to memory of 2056 2832 kyw41f.exe 48 PID 344 wrote to memory of 2364 344 net.exe 53 PID 344 wrote to memory of 2364 344 net.exe 53 PID 344 wrote to memory of 2364 344 net.exe 53 PID 344 wrote to memory of 2364 344 net.exe 53 PID 2924 wrote to memory of 2980 2924 net.exe 54 PID 2924 wrote to memory of 2980 2924 net.exe 54 PID 2924 wrote to memory of 2980 2924 net.exe 54 PID 2924 wrote to memory of 2980 2924 net.exe 54 PID 2056 wrote to memory of 2640 2056 kyw41f.exe 55 PID 2056 wrote to memory of 2640 2056 kyw41f.exe 55 PID 2056 wrote to memory of 2640 2056 kyw41f.exe 55 PID 2056 wrote to memory of 2640 2056 kyw41f.exe 55
Processes
-
C:\Users\Admin\AppData\Local\Temp\c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c073dc13278b3563542b80888b490e8f_JaffaCakes118.exe"1⤵
- Adds policy Run key to start application
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Windows\SysWOW64\net.exenet.exe stop "Security Center"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Security Center"3⤵
- System Location Discovery: System Language Discovery
PID:2744
-
-
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DISABLED2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2812
-
-
C:\Windows\SysWOW64\net.exenet.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Windows Firewall/Internet Connection Sharing (ICS)"3⤵
- System Location Discovery: System Language Discovery
PID:2628
-
-
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2704
-
-
C:\Users\Admin\AppData\Local\Temp\kyw41f.exeC:\Users\Admin\AppData\Local\Temp\kyw41f.exe2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Windows\SysWOW64\net.exenet.exe stop "Security Center"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Security Center"4⤵
- System Location Discovery: System Language Discovery
PID:2980
-
-
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DISABLED3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2912
-
-
C:\Windows\SysWOW64\net.exenet.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:344 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Windows Firewall/Internet Connection Sharing (ICS)"4⤵
- System Location Discovery: System Language Discovery
PID:2364
-
-
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2072
-
-
C:\Users\Admin\AppData\Local\Temp\kyw41f.exeC:\Users\Admin\AppData\Local\Temp\kyw41f.exe -d4350F11B08CF16C9DE2FDAFD5B1F2AD8B6605C25005B0195264F6F10D83081EBCAB35676EE9B1D739BE22F87B7FC04275C9FC921983399C5360FB5C9A9D6244D9F19A00CB9ABC72A7F84DF569261B3A196904C3C7EF59B9E18BC51240AFC69129BCC424D0926319233F2F0A5DC1F6334DC167B4CF1BD4471182A672C8AFA9F5BD8D1F24BC083B708A094A5F1C711810FE73B2AD573731040BC3B5D3EFB1651B6B0E8A525FD8CF8E0EF8685CEC36DBA25B0DE6ED3C5D5BD75D0DCD85D6F2B4DA8B9C4909A2469D03C890854CD8201FCA970DE9DCEE8D347C85ABFBC3335879F49CF1E28D0D3675C9817F91781F5337337A1E54B531C6FEC55A50B2FB7E01B96FE09D62289ED75F9668279133F4C018C4BFB654E0AE3C128B53A0D95DC40F9BD97C19A738592D94377F2B9CDB3F8F7F40377BDBA7DFF82B99AE1D394EF651BE28C8FDE4F3923F219A4D2D30A50AB6F99514E73E4AE6FEF9B4BA4DE1166A24F118E4D392D60420C974BC9C9D0AF5684A720FA0C623974F00C51CAE5314B872A995C1420C027CF911AF1C28F62ED29DA8B2733250822918F88F9DF1B58C7E5E3051E3D65FF4CEC763F65E44447C99644F228F192EC0286CACD393⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Windows\SysWOW64\net.exenet.exe stop "Security Center"4⤵
- System Location Discovery: System Language Discovery
PID:2640 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Security Center"5⤵
- System Location Discovery: System Language Discovery
PID:1032
-
-
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DISABLED4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2432
-
-
C:\Windows\SysWOW64\net.exenet.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"4⤵
- System Location Discovery: System Language Discovery
PID:2060 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Windows Firewall/Internet Connection Sharing (ICS)"5⤵
- System Location Discovery: System Language Discovery
PID:792
-
-
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2932
-
-
-
C:\Users\Admin\AppData\Local\Temp\kyw41f.exeC:\Users\Admin\AppData\Local\Temp\kyw41f.exe -d05164EA4F63167B80BFAA780F1B5AA58E731641D0358D94D6C05DFA0AD45BFD54831DFFF3045ED83DAA318B0FEB55D7E4380F21A6EC55509C0F98CF0B3CC8EE737B1FF530F1D967B0FF4E76E44B77361454320504BC0897ABD08CDA849A0BDC9D6B49F82BF94DB704085530701D7356E12DD7D59E9A08DBE173285C8CCBA36F4696EEF43ADEC75A64273DF86B1622D510EEDDCCDD3DDBCF3C54FD4B0D92920FB7721601D87E85E4728484A0012B7248ADFB54CE2D7F4AD68FAF01B8A4D7AE537C446A4A2396ECE244A3E961A21B122676AC02063023D39B62CC9FC7345F72EC95585ACA5F0413DFE3AC904931AC27025D3E5E8F6A1D97BC210B957CF1FF2E48E7080A805199E67D3CF21142D7A3D984B7FD275304071CA669BA84D0C76D8300898C60AE26223426D1D2B89E5FFEE629A15CDD81EADC2C0E20243403428A57B1094C983FAB76F08B57A876238A56AD81078456228F57535E5BAC0D0A752BF6DF2681C034E450B33EF7A7AE19EAB7942C5CE38A4FF65E1431E7758DEA451FCF134586CBB5C79277B90F2BF87088B782A867B6D705A8997433230F48C13C2C42F27EBB71EA20163D989F865154504A458B92546D53B307CCE3A3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1516 -
C:\Windows\SysWOW64\net.exenet.exe stop "Security Center"4⤵
- System Location Discovery: System Language Discovery
PID:2212 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Security Center"5⤵
- System Location Discovery: System Language Discovery
PID:2732
-
-
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DISABLED4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2124
-
-
C:\Windows\SysWOW64\net.exenet.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"4⤵
- System Location Discovery: System Language Discovery
PID:1996 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Windows Firewall/Internet Connection Sharing (ICS)"5⤵
- System Location Discovery: System Language Discovery
PID:2596
-
-
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:1880
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\xq4xr07wv.bat2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
PID:2604
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5c073dc13278b3563542b80888b490e8f
SHA11d6a54bf2ff1818931dcdc4235a4ada8247fc43d
SHA256078a4f6d1fc7ab17969f46111b4c9062ab54f21b214c7d2520b371f75be2ccf2
SHA512a4fde107254e3bbfb3c38ca7c0f25c5e2287a415fff2a6b0030c77304331c456f07eaec408363fd220ad38334976e4b76c03c9ebd457328f60574fa0605b23ea
-
Filesize
218B
MD5d36b1960630a883513d357dfc80bf6b4
SHA1fdca99228df2dea2cf2e47753f79c54b091f71b7
SHA256d9fc6641f9a60c4473512bf8e41eb1a5d79b94ff9d68e27925b907fbb09bf2b6
SHA5124e5794197147c357b682a0bd6013e0dd4a1adbad72d1b7b4211496a3e7807feac97a1e2cd5c78a8f92e6cb39d7afcdd142433933faa272fcd2c555bf16270992