Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-01-2025 14:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe
Resource
win7-20240903-en
windows7-x64
13 signatures
150 seconds
General
-
Target
JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe
-
Size
95KB
-
MD5
3ecbf128cf4880643399faeb0e1481aa
-
SHA1
087d74de76b891722b69ea4888d50ca0f35164f7
-
SHA256
149a0cf3e399ab0a0cd2dacb83ea607a10878c91f995125eaec31a9d83a01ce1
-
SHA512
ef5a44db5d6dc12504ccf114e8f2c099f3e50d736e3ae0eecf759c620eaf965b13b0615230ce9499ae54ee9f84ee4d64f6e73a8a006a4963b13e34c353201664
-
SSDEEP
768:UM06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYwK:DR0vxn3Pc0LCH9MtbvabUDzJYWu3B
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 2228 WaterMark.exe -
Loads dropped DLL 2 IoCs
pid Process 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/2908-7-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-8-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-9-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-6-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-4-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-3-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-2-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2908-1-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2228-26-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2228-27-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2228-75-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2228-551-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html svchost.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe svchost.exe File opened for modification C:\Program Files\Internet Explorer\perfcore.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEREP.DLL svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\glass.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\DiagnosticsTap.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\mozglue.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACETXT.DLL svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\splashscreen.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm svchost.exe File opened for modification C:\Program Files\Internet Explorer\pdm.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\j2pcsc.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Media Player\wmpconfig.exe svchost.exe File opened for modification C:\Program Files\Windows NT\Accessories\wordpad.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
pid Process 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2228 WaterMark.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe 2588 svchost.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2228 WaterMark.exe Token: SeDebugPrivilege 2588 svchost.exe Token: SeDebugPrivilege 2228 WaterMark.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 2228 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2228 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 28 PID 2908 wrote to memory of 2228 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 28 PID 2908 wrote to memory of 2228 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 28 PID 2908 wrote to memory of 2228 2908 JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe 28 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2388 2228 WaterMark.exe 29 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2228 wrote to memory of 2588 2228 WaterMark.exe 30 PID 2588 wrote to memory of 256 2588 svchost.exe 1 PID 2588 wrote to memory of 256 2588 svchost.exe 1 PID 2588 wrote to memory of 256 2588 svchost.exe 1 PID 2588 wrote to memory of 256 2588 svchost.exe 1 PID 2588 wrote to memory of 256 2588 svchost.exe 1 PID 2588 wrote to memory of 332 2588 svchost.exe 2 PID 2588 wrote to memory of 332 2588 svchost.exe 2 PID 2588 wrote to memory of 332 2588 svchost.exe 2 PID 2588 wrote to memory of 332 2588 svchost.exe 2 PID 2588 wrote to memory of 332 2588 svchost.exe 2 PID 2588 wrote to memory of 380 2588 svchost.exe 3 PID 2588 wrote to memory of 380 2588 svchost.exe 3 PID 2588 wrote to memory of 380 2588 svchost.exe 3 PID 2588 wrote to memory of 380 2588 svchost.exe 3 PID 2588 wrote to memory of 380 2588 svchost.exe 3 PID 2588 wrote to memory of 388 2588 svchost.exe 4 PID 2588 wrote to memory of 388 2588 svchost.exe 4 PID 2588 wrote to memory of 388 2588 svchost.exe 4 PID 2588 wrote to memory of 388 2588 svchost.exe 4 PID 2588 wrote to memory of 388 2588 svchost.exe 4 PID 2588 wrote to memory of 428 2588 svchost.exe 5 PID 2588 wrote to memory of 428 2588 svchost.exe 5 PID 2588 wrote to memory of 428 2588 svchost.exe 5 PID 2588 wrote to memory of 428 2588 svchost.exe 5 PID 2588 wrote to memory of 428 2588 svchost.exe 5 PID 2588 wrote to memory of 472 2588 svchost.exe 6 PID 2588 wrote to memory of 472 2588 svchost.exe 6 PID 2588 wrote to memory of 472 2588 svchost.exe 6 PID 2588 wrote to memory of 472 2588 svchost.exe 6 PID 2588 wrote to memory of 472 2588 svchost.exe 6 PID 2588 wrote to memory of 488 2588 svchost.exe 7 PID 2588 wrote to memory of 488 2588 svchost.exe 7 PID 2588 wrote to memory of 488 2588 svchost.exe 7 PID 2588 wrote to memory of 488 2588 svchost.exe 7 PID 2588 wrote to memory of 488 2588 svchost.exe 7 PID 2588 wrote to memory of 496 2588 svchost.exe 8 PID 2588 wrote to memory of 496 2588 svchost.exe 8 PID 2588 wrote to memory of 496 2588 svchost.exe 8 PID 2588 wrote to memory of 496 2588 svchost.exe 8 PID 2588 wrote to memory of 496 2588 svchost.exe 8
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:332
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:380
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:472
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:592
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:1048
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵PID:2300
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:668
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:732
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:804
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1160
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:844
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵PID:288
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:960
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:236
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:344
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1068
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1116
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:2076
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:1840
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:488
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:496
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:388
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:428
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3ecbf128cf4880643399faeb0e1481aa.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2388
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2588
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize204KB
MD5613718eede0849ce8c0f0f43ce5af921
SHA14dfd865e6c035e738d02f365bd7acd75ad385837
SHA256cc97f1d9c237624b525a2be370decfcd3532067b94272d24dafe2f6d9078b7a7
SHA512351ffdeac806b40826b99bc6bf774c5d019a271acee1fbdb893b3f887f75d4d4b47119a98acc62b922b72e497691d289fc271940d1e6327c4caa05f9a99b1bfe
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize200KB
MD5dfc4454e53461127f0ee2967989c5739
SHA13adeb9f45d3273d58df50976735b4aa827c5ebf0
SHA256614945997552d91166923be18ded1385e1b23e33d34bff9c50aeca8e15051169
SHA512f715d6294c678d56500caa17ee4458fbf9b42c2fcaeff40dc4eec55b5e959ee0878bea4f0705b75f35620cf614f453edd9c3a0c2d8bd43ee053bff8e71aa6f29
-
Filesize
95KB
MD53ecbf128cf4880643399faeb0e1481aa
SHA1087d74de76b891722b69ea4888d50ca0f35164f7
SHA256149a0cf3e399ab0a0cd2dacb83ea607a10878c91f995125eaec31a9d83a01ce1
SHA512ef5a44db5d6dc12504ccf114e8f2c099f3e50d736e3ae0eecf759c620eaf965b13b0615230ce9499ae54ee9f84ee4d64f6e73a8a006a4963b13e34c353201664