Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-12-2024 23:32
Static task
static1
Behavioral task
behavioral1
Sample
d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe
-
Size
3.4MB
-
MD5
d4285e886b4d81728de778b39b211e07
-
SHA1
7c9cfafda829af1f6bac158ade9b900441d84983
-
SHA256
73f8e850ab930de45a313a06b622f999e810e6edce5e3eabc6baeb728b94cabc
-
SHA512
c1ca7f058c12348102efeec7e20177cafd71bc8b39bf10bfb084e1b2698b8a5af0ea56e2d9bb476b59ee29e0bce6bd7181ba41694f23a724c49e3978edcf501e
-
SSDEEP
98304:/jduqnnua0zdqNQoJYVVI/vQ2iUP/lAyT3N3s:/jgqnnu1zdqN/+VaQ2Hl9zNc
Malware Config
Signatures
-
Darkcomet family
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Roaming\\GoogleToolbar\\GoogleUpdate.exe" Output.exe -
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate Output.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate GoogleUpdate.exe -
Executes dropped EXE 5 IoCs
pid Process 2420 Setup.exe 1856 Output.exe 2628 Output.exe 1012 GoogleUpdate.exe 1568 GoogleUpdate.exe -
Loads dropped DLL 22 IoCs
pid Process 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 2420 Setup.exe 2420 Setup.exe 2420 Setup.exe 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 1856 Output.exe 1856 Output.exe 1856 Output.exe 1856 Output.exe 2628 Output.exe 2628 Output.exe 2628 Output.exe 2628 Output.exe 1012 GoogleUpdate.exe 1012 GoogleUpdate.exe 1012 GoogleUpdate.exe 1012 GoogleUpdate.exe 1568 GoogleUpdate.exe 1568 GoogleUpdate.exe 1568 GoogleUpdate.exe 2420 Setup.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleUpdater.exe = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleToolbar\\GoogleUpdate.exe" Output.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\GoogleUpdater.exe = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleToolbar\\GoogleUpdate.exe" notepad.exe -
Drops autorun.inf file 1 TTPs 18 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
description ioc Process File created D:\Autorun.inf Output.exe File created C:\Autorun.inf Output.exe File opened for modification D:\Autorun.inf Output.exe File opened for modification C:\Autorun.inf explorer.exe File created D:\Autorun.inf GoogleUpdate.exe File opened for modification C:\Autorun.inf Output.exe File created C:\Autorun.inf explorer.exe File created D:\Autorun.inf explorer.exe File opened for modification D:\Autorun.inf explorer.exe File created F:\Autorun.inf explorer.exe File opened for modification C:\Autorun.inf GoogleUpdate.exe File opened for modification D:\Autorun.inf GoogleUpdate.exe File opened for modification F:\Autorun.inf GoogleUpdate.exe File created F:\Autorun.inf Output.exe File opened for modification F:\Autorun.inf explorer.exe File created C:\Autorun.inf GoogleUpdate.exe File created F:\Autorun.inf GoogleUpdate.exe File opened for modification F:\Autorun.inf Output.exe -
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 1856 set thread context of 2628 1856 Output.exe 32 PID 2628 set thread context of 2548 2628 Output.exe 34 PID 2548 set thread context of 1412 2548 explorer.exe 35 PID 1012 set thread context of 1568 1012 GoogleUpdate.exe 38 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GoogleUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GoogleUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Output.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Output.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe -
NSIS installer 2 IoCs
resource yara_rule behavioral1/files/0x0007000000012119-4.dat nsis_installer_1 behavioral1/files/0x0007000000012119-4.dat nsis_installer_2 -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier GoogleUpdate.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier GoogleUpdate.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Output.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Output.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier Output.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 GoogleUpdate.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString GoogleUpdate.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier Output.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier explorer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier GoogleUpdate.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier Output.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 1412 explorer.exe 2420 Setup.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2628 Output.exe Token: SeSecurityPrivilege 2628 Output.exe Token: SeTakeOwnershipPrivilege 2628 Output.exe Token: SeLoadDriverPrivilege 2628 Output.exe Token: SeSystemProfilePrivilege 2628 Output.exe Token: SeSystemtimePrivilege 2628 Output.exe Token: SeProfSingleProcessPrivilege 2628 Output.exe Token: SeIncBasePriorityPrivilege 2628 Output.exe Token: SeCreatePagefilePrivilege 2628 Output.exe Token: SeBackupPrivilege 2628 Output.exe Token: SeRestorePrivilege 2628 Output.exe Token: SeShutdownPrivilege 2628 Output.exe Token: SeDebugPrivilege 2628 Output.exe Token: SeSystemEnvironmentPrivilege 2628 Output.exe Token: SeChangeNotifyPrivilege 2628 Output.exe Token: SeRemoteShutdownPrivilege 2628 Output.exe Token: SeUndockPrivilege 2628 Output.exe Token: SeManageVolumePrivilege 2628 Output.exe Token: SeImpersonatePrivilege 2628 Output.exe Token: SeCreateGlobalPrivilege 2628 Output.exe Token: 33 2628 Output.exe Token: 34 2628 Output.exe Token: 35 2628 Output.exe Token: SeIncreaseQuotaPrivilege 1412 explorer.exe Token: SeSecurityPrivilege 1412 explorer.exe Token: SeTakeOwnershipPrivilege 1412 explorer.exe Token: SeLoadDriverPrivilege 1412 explorer.exe Token: SeSystemProfilePrivilege 1412 explorer.exe Token: SeSystemtimePrivilege 1412 explorer.exe Token: SeProfSingleProcessPrivilege 1412 explorer.exe Token: SeIncBasePriorityPrivilege 1412 explorer.exe Token: SeCreatePagefilePrivilege 1412 explorer.exe Token: SeBackupPrivilege 1412 explorer.exe Token: SeRestorePrivilege 1412 explorer.exe Token: SeShutdownPrivilege 1412 explorer.exe Token: SeDebugPrivilege 1412 explorer.exe Token: SeSystemEnvironmentPrivilege 1412 explorer.exe Token: SeChangeNotifyPrivilege 1412 explorer.exe Token: SeRemoteShutdownPrivilege 1412 explorer.exe Token: SeUndockPrivilege 1412 explorer.exe Token: SeManageVolumePrivilege 1412 explorer.exe Token: SeImpersonatePrivilege 1412 explorer.exe Token: SeCreateGlobalPrivilege 1412 explorer.exe Token: 33 1412 explorer.exe Token: 34 1412 explorer.exe Token: 35 1412 explorer.exe Token: SeRestorePrivilege 2628 Output.exe Token: SeBackupPrivilege 2628 Output.exe Token: SeIncreaseQuotaPrivilege 1568 GoogleUpdate.exe Token: SeSecurityPrivilege 1568 GoogleUpdate.exe Token: SeTakeOwnershipPrivilege 1568 GoogleUpdate.exe Token: SeLoadDriverPrivilege 1568 GoogleUpdate.exe Token: SeSystemProfilePrivilege 1568 GoogleUpdate.exe Token: SeSystemtimePrivilege 1568 GoogleUpdate.exe Token: SeProfSingleProcessPrivilege 1568 GoogleUpdate.exe Token: SeIncBasePriorityPrivilege 1568 GoogleUpdate.exe Token: SeCreatePagefilePrivilege 1568 GoogleUpdate.exe Token: SeBackupPrivilege 1568 GoogleUpdate.exe Token: SeRestorePrivilege 1568 GoogleUpdate.exe Token: SeShutdownPrivilege 1568 GoogleUpdate.exe Token: SeDebugPrivilege 1568 GoogleUpdate.exe Token: SeSystemEnvironmentPrivilege 1568 GoogleUpdate.exe Token: SeChangeNotifyPrivilege 1568 GoogleUpdate.exe Token: SeRemoteShutdownPrivilege 1568 GoogleUpdate.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1412 explorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2420 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 30 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 3052 wrote to memory of 1856 3052 d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe 31 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 1856 wrote to memory of 2628 1856 Output.exe 32 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2860 2628 Output.exe 33 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34 PID 2628 wrote to memory of 2548 2628 Output.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d4285e886b4d81728de778b39b211e07_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2420
-
-
C:\Users\Admin\AppData\Local\Temp\Output.exe"C:\Users\Admin\AppData\Local\Temp\Output.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Users\Admin\AppData\Local\Temp\Output.exe"C:\Users\Admin\AppData\Local\Temp\Output.exe"3⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Windows\SysWOW64\notepad.exenotepad4⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:2860
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"4⤵
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2548 -
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"5⤵
- Checks BIOS information in registry
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1412 -
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe6⤵
- System Location Discovery: System Language Discovery
PID:1364
-
-
-
-
C:\Users\Admin\AppData\Roaming\GoogleToolbar\GoogleUpdate.exe"C:\Users\Admin\AppData\Roaming\GoogleToolbar\GoogleUpdate.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1012 -
C:\Users\Admin\AppData\Roaming\GoogleToolbar\GoogleUpdate.exe"C:\Users\Admin\AppData\Roaming\GoogleToolbar\GoogleUpdate.exe"5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:1568
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35B
MD5934aa9eb81516482c6367fb116ec9b1f
SHA11a97f913ef76ff83b1ba87c735b597b7b7564ae6
SHA256ecb5eb3c67cb390de6fca259684385d1b839f2fa9b96c3198eb5837ebb65c609
SHA512608d4a3dffb258db8418197dbc28c5bd814ca15517b4a96e6b51a3f36da586379c724ba32f4d413cd9d155bcd47780964567860df7352f2c437de297ab30d118
-
Filesize
728KB
MD59c3dbd2ab74b4700c37db25700941c3d
SHA1f13b850a988924658f11b9b0a7b57f7b306edbcf
SHA25672c34b37c51263fd1661f3597e1aeb3e6383c247a5aaf1ecbf2361d0c3f7adc8
SHA51296e85901470e278d6e6d30bcc865b9710f98e6b3a17b7d824b92ed9fd8c1dddfc64bc5320247009f63646e511a067018a9f94bbadc5179caea33626c22eb24ea
-
Filesize
2.6MB
MD583d8747e88517d0b2caa0de6f51cdb0b
SHA10cd091f5b282e887e407950629c89fd808c9803c
SHA2566ddbe7bc2b9b330973353729a49532d5bfc8325ab025ef0034feb5bb8650bc2c
SHA512ee5eea6538a4076d824f7d703b1ca16ff5da8128fd544234ff44489cc253dfbdc6762205a17cd87ff1b18e88fd7f38ee16b8c44f10cd406630e4c83ddf0915c7
-
Filesize
6KB
MD513cc92f90a299f5b2b2f795d0d2e47dc
SHA1aa69ead8520876d232c6ed96021a4825e79f542f
SHA256eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
SHA512ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
-
Filesize
7KB
MD5a4173b381625f9f12aadb4e1cdaefdb8
SHA1cf1680c2bc970d5675adbf5e89292a97e6724713
SHA2567755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
SHA512fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82