Analysis
-
max time kernel
135s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
14-01-2025 13:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
JaffaCakes118_3e346fe10e91a9192557613917eea053.exe
Resource
win7-20241023-en
windows7-x64
13 signatures
150 seconds
General
-
Target
JaffaCakes118_3e346fe10e91a9192557613917eea053.exe
-
Size
92KB
-
MD5
3e346fe10e91a9192557613917eea053
-
SHA1
8400dbe5534686ab6a98390ab596d3254dc5a68b
-
SHA256
1fecf0196322eee948f2a0fa86a791f09ad5281190b33c2f4402dfff288d56f2
-
SHA512
51fb3e5fe65425e7c7f854bf5c6a807f0bcfcef063ee9fc216b770e03f6a5c0e837658e72c8311e46dc41fd8d9d3bbfd2c2ca7e8e02565c8f563a69ed9f74dbb
-
SSDEEP
1536:lVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:1nxwgxgfR/DVG7wBpE
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 2476 WaterMark.exe -
Loads dropped DLL 2 IoCs
pid Process 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/2476-29-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2476-27-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2476-26-0x0000000000400000-0x0000000000431000-memory.dmp upx behavioral1/memory/1676-9-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-8-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-7-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-6-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-3-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-2-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-1-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1676-0-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2476-75-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2476-593-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll svchost.exe File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\j2pcsc.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\splashscreen.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe svchost.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdaosp.dll svchost.exe File opened for modification C:\Program Files\Windows Photo Viewer\PhotoBase.dll svchost.exe File opened for modification C:\Program Files\DVD Maker\OmdBase.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Media Player\wmpnssci.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Photo Viewer\PhotoAcq.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Mail\MSOERES.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\msvcr100.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll svchost.exe File opened for modification C:\Program Files\7-Zip\7zG.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Defender\MpAsDesc.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\Journal.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\oledb32.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\libGLESv2.dll svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_3e346fe10e91a9192557613917eea053.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 35 IoCs
pid Process 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2476 WaterMark.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe 2688 svchost.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2476 WaterMark.exe Token: SeDebugPrivilege 2688 svchost.exe Token: SeDebugPrivilege 2476 WaterMark.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 2476 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1676 wrote to memory of 2476 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 30 PID 1676 wrote to memory of 2476 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 30 PID 1676 wrote to memory of 2476 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 30 PID 1676 wrote to memory of 2476 1676 JaffaCakes118_3e346fe10e91a9192557613917eea053.exe 30 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2928 2476 WaterMark.exe 31 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2476 wrote to memory of 2688 2476 WaterMark.exe 32 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 256 2688 svchost.exe 1 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 336 2688 svchost.exe 2 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 384 2688 svchost.exe 3 PID 2688 wrote to memory of 396 2688 svchost.exe 4 PID 2688 wrote to memory of 396 2688 svchost.exe 4 PID 2688 wrote to memory of 396 2688 svchost.exe 4 PID 2688 wrote to memory of 396 2688 svchost.exe 4 PID 2688 wrote to memory of 396 2688 svchost.exe 4 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 432 2688 svchost.exe 5 PID 2688 wrote to memory of 476 2688 svchost.exe 6 PID 2688 wrote to memory of 476 2688 svchost.exe 6 PID 2688 wrote to memory of 476 2688 svchost.exe 6 PID 2688 wrote to memory of 476 2688 svchost.exe 6 PID 2688 wrote to memory of 476 2688 svchost.exe 6 PID 2688 wrote to memory of 492 2688 svchost.exe 7 PID 2688 wrote to memory of 492 2688 svchost.exe 7 PID 2688 wrote to memory of 492 2688 svchost.exe 7 PID 2688 wrote to memory of 492 2688 svchost.exe 7 PID 2688 wrote to memory of 492 2688 svchost.exe 7 PID 2688 wrote to memory of 500 2688 svchost.exe 8 PID 2688 wrote to memory of 500 2688 svchost.exe 8 PID 2688 wrote to memory of 500 2688 svchost.exe 8 PID 2688 wrote to memory of 500 2688 svchost.exe 8 PID 2688 wrote to memory of 500 2688 svchost.exe 8
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:336
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:384
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:608
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:1624
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:468
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:688
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:756
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:820
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1060
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:868
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵PID:1220
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:980
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:292
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:1108
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1120
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1184
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1084
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:1920
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:2152
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:492
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:500
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:396
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:432
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1100
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3e346fe10e91a9192557613917eea053.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3e346fe10e91a9192557613917eea053.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2928
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2688
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD53e346fe10e91a9192557613917eea053
SHA18400dbe5534686ab6a98390ab596d3254dc5a68b
SHA2561fecf0196322eee948f2a0fa86a791f09ad5281190b33c2f4402dfff288d56f2
SHA51251fb3e5fe65425e7c7f854bf5c6a807f0bcfcef063ee9fc216b770e03f6a5c0e837658e72c8311e46dc41fd8d9d3bbfd2c2ca7e8e02565c8f563a69ed9f74dbb
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize197KB
MD5cdbea69e76224848c1b5ae0b19b061fc
SHA15e641aa1aae674792c472ec24be14e09a32fa294
SHA2565eb06af76301800e390ab4637885a988d5280f163869c756a00aa4421655b1ed
SHA5128ce1433fe79cc344862d318ee95eccba86f65d4f6125f38fa76d85428f8eca6aab558d6e906cc225e115af741412e89b56a76b8c55185fd68515748b156adf52
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize193KB
MD5922add98b06286f4571429bc75f34363
SHA191754e9bd19ad3d76e208e089af8307a0d6c08aa
SHA256191f273fe6668d4027de9b14faf923d2a44971f3d639b0f9216967a7e2978e5f
SHA5121ea914388bc3bbd0d7583b2aeb5dc7af548fa6f452d3ce596219e441729768ebb7a36c9165803b936d367f809f252973cc05116ffd138e21bd101cfd6f88ccf4