Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 04:23
Static task
static1
Behavioral task
behavioral1
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe
-
Size
136KB
-
MD5
819de36e469867c9d6c6fdf84bcd9a9d
-
SHA1
8b61fe4d039453cb6f6ed9e116176b7a3a41f340
-
SHA256
debc992881ed63f6c7fcb5c39e7cb69c26ec9735c4a9bb6febbfe8c9d0d818d5
-
SHA512
420b375ee4c1d1eda4c7b77b7999fe0a2d88920bf7d0b0b1d958f21593319424233f7b17f0d3e9e4f6ef26213e1febd9e7860d3f04b5cbb6100fde90da5a0c0b
-
SSDEEP
1536:S4+aEpOwd/VxDy/5X2++jCx3kdjKsPGR7ehp3vmLvsZIZwTcNhLx8bZJLtgm8iuA:obpDCw1p3vmLvsZIaVwiwDcD
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" hosts.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" hosts.exe -
Adds policy Run key to start application 2 TTPs 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HGNBWBGW = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HGNBWBGW = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\HGNBWBGW = "W_X_C.bat" WScript.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation cmd.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation cmd.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation cmd.exe -
Executes dropped EXE 6 IoCs
pid Process 464 avscan.exe 4352 avscan.exe 2684 hosts.exe 3944 hosts.exe 4580 avscan.exe 700 hosts.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys REG.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" hosts.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" avscan.exe -
Drops file in Windows directory 5 IoCs
description ioc Process File opened for modification C:\Windows\hosts.exe avscan.exe File opened for modification C:\Windows\hosts.exe hosts.exe File created C:\windows\W_X_C.vbs 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe File created \??\c:\windows\W_X_C.bat 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe File opened for modification C:\Windows\hosts.exe 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avscan.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hosts.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language REG.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe -
Modifies registry key 1 TTPs 9 IoCs
pid Process 4536 REG.exe 3848 REG.exe 3872 REG.exe 2392 REG.exe 3456 REG.exe 368 REG.exe 624 REG.exe 1576 REG.exe 4996 REG.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 464 avscan.exe 2684 hosts.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 464 avscan.exe 4352 avscan.exe 2684 hosts.exe 3944 hosts.exe 4580 avscan.exe 700 hosts.exe -
Suspicious use of WriteProcessMemory 63 IoCs
description pid Process procid_target PID 3392 wrote to memory of 2392 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 84 PID 3392 wrote to memory of 2392 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 84 PID 3392 wrote to memory of 2392 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 84 PID 3392 wrote to memory of 464 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 87 PID 3392 wrote to memory of 464 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 87 PID 3392 wrote to memory of 464 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 87 PID 464 wrote to memory of 4352 464 avscan.exe 88 PID 464 wrote to memory of 4352 464 avscan.exe 88 PID 464 wrote to memory of 4352 464 avscan.exe 88 PID 464 wrote to memory of 664 464 avscan.exe 89 PID 464 wrote to memory of 664 464 avscan.exe 89 PID 464 wrote to memory of 664 464 avscan.exe 89 PID 3392 wrote to memory of 2484 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 90 PID 3392 wrote to memory of 2484 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 90 PID 3392 wrote to memory of 2484 3392 819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe 90 PID 2484 wrote to memory of 2684 2484 cmd.exe 94 PID 2484 wrote to memory of 2684 2484 cmd.exe 94 PID 2484 wrote to memory of 2684 2484 cmd.exe 94 PID 664 wrote to memory of 3944 664 cmd.exe 95 PID 664 wrote to memory of 3944 664 cmd.exe 95 PID 664 wrote to memory of 3944 664 cmd.exe 95 PID 2684 wrote to memory of 4580 2684 hosts.exe 96 PID 2684 wrote to memory of 4580 2684 hosts.exe 96 PID 2684 wrote to memory of 4580 2684 hosts.exe 96 PID 2684 wrote to memory of 3000 2684 hosts.exe 97 PID 2684 wrote to memory of 3000 2684 hosts.exe 97 PID 2684 wrote to memory of 3000 2684 hosts.exe 97 PID 664 wrote to memory of 1508 664 cmd.exe 100 PID 664 wrote to memory of 1508 664 cmd.exe 100 PID 664 wrote to memory of 1508 664 cmd.exe 100 PID 2484 wrote to memory of 3412 2484 cmd.exe 101 PID 2484 wrote to memory of 3412 2484 cmd.exe 101 PID 2484 wrote to memory of 3412 2484 cmd.exe 101 PID 3000 wrote to memory of 700 3000 cmd.exe 102 PID 3000 wrote to memory of 700 3000 cmd.exe 102 PID 3000 wrote to memory of 700 3000 cmd.exe 102 PID 3000 wrote to memory of 1224 3000 cmd.exe 103 PID 3000 wrote to memory of 1224 3000 cmd.exe 103 PID 3000 wrote to memory of 1224 3000 cmd.exe 103 PID 464 wrote to memory of 624 464 avscan.exe 113 PID 464 wrote to memory of 624 464 avscan.exe 113 PID 464 wrote to memory of 624 464 avscan.exe 113 PID 2684 wrote to memory of 1576 2684 hosts.exe 115 PID 2684 wrote to memory of 1576 2684 hosts.exe 115 PID 2684 wrote to memory of 1576 2684 hosts.exe 115 PID 464 wrote to memory of 3456 464 avscan.exe 120 PID 464 wrote to memory of 3456 464 avscan.exe 120 PID 464 wrote to memory of 3456 464 avscan.exe 120 PID 2684 wrote to memory of 368 2684 hosts.exe 122 PID 2684 wrote to memory of 368 2684 hosts.exe 122 PID 2684 wrote to memory of 368 2684 hosts.exe 122 PID 464 wrote to memory of 4536 464 avscan.exe 125 PID 464 wrote to memory of 4536 464 avscan.exe 125 PID 464 wrote to memory of 4536 464 avscan.exe 125 PID 2684 wrote to memory of 3848 2684 hosts.exe 127 PID 2684 wrote to memory of 3848 2684 hosts.exe 127 PID 2684 wrote to memory of 3848 2684 hosts.exe 127 PID 464 wrote to memory of 3872 464 avscan.exe 137 PID 464 wrote to memory of 3872 464 avscan.exe 137 PID 464 wrote to memory of 3872 464 avscan.exe 137 PID 2684 wrote to memory of 4996 2684 hosts.exe 139 PID 2684 wrote to memory of 4996 2684 hosts.exe 139 PID 2684 wrote to memory of 4996 2684 hosts.exe 139
Processes
-
C:\Users\Admin\AppData\Local\Temp\819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\819de36e469867c9d6c6fdf84bcd9a9d_JaffaCakes118.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3392 -
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f2⤵
- Impair Defenses: Safe Mode Boot
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2392
-
-
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:464 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4352
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:664 -
C:\windows\hosts.exeC:\windows\hosts.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3944
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"4⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:1508
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:624
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3456
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4536
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3872
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\windows\hosts.exeC:\windows\hosts.exe3⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4580
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat4⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\windows\hosts.exeC:\windows\hosts.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:700
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"5⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:1224
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1576
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:368
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3848
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:4996
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"3⤵
- Adds policy Run key to start application
- System Location Discovery: System Language Discovery
PID:3412
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1452
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Safe Mode Boot
1Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD5b5436bb6df903f83779bedd3c168595a
SHA13fae3dc913f5247bafda3892587a63a4d0ea9815
SHA2566c39ffa70d9994088d17894aa3f931e44b8a6815953d12058715c1aa93ea5580
SHA512f20dd032a08a33e24630332347ae34c7eb76f3baa75995f0d7205d9070bacb3a4aa5e9b7412b9c95fe59815938548e311fe3eeffc5ed6d026a8b7cb21a98bdfd
-
Filesize
195B
MD5e1ad4129d5dc3012106832f1cbc4eac9
SHA17c205558c728906c8dcaa5843cd401460ef1ef20
SHA2568197453abdc45c9231e84c5cb41001774165fdf9b884b46e5219ee620c231988
SHA512ec8848d95654cb3679d74cb8168a46db69dec2963a56c5165ba4f196a6fc8a90cfc7c3adae2294ad0f0721a5e263d3d3aba0bb680efa1928ba55638dad77dcc1
-
Filesize
136KB
MD556b2092fc836b2997bdf4830b2864a0f
SHA169d73c28c4af5ad1dcd969523551ca1a10c1c955
SHA256b7ba6ca378593295ed8cdf0e2c8421b09cf47cceac8d32340666a8d46db8985b
SHA51206ff9537e05050aea59accad658cf35c35a586bdf79c3ee814086c1de6e8e89aff220be4988c21cba5edf961364149b90aa02bc89545dadfbf0c0bfeb89197b7
-
Filesize
336B
MD54db9f8b6175722b62ececeeeba1ce307
SHA13b3ba8414706e72a6fa19e884a97b87609e11e47
SHA256d2150b9e5a4ce55e140f0ca91c4e300715d42095c8fddf58c77037cdd2cfaf78
SHA5121d6dc274cf7a3dd704f840e6a5ad57ab4c4e35d5f09489aeff520bb797e1c825bac53fc335156fe41e767a46520d031855fe42fe7b175409ebe5e9e986fb9b8b