Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
15-01-2025 04:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe
Resource
win7-20241010-en
windows7-x64
13 signatures
150 seconds
General
-
Target
JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe
-
Size
92KB
-
MD5
4ce01fc975e1270f6b9e319d003c50b0
-
SHA1
25276f5b9f362b2245c1a358e00bfc6a60bb2d72
-
SHA256
1869574a285fe291181ce592bde19eb1299e9cf0ea58f4a65592ef6e37c1a39e
-
SHA512
803f9c645deb6b47a0332b19a71ab1ae5538a106ffce047bd18a43e238887553e486bf48d4923581a2fd889a5b76e60422a35263456a43f363b4cb4fc7f62dde
-
SSDEEP
1536:VVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:FnxwgxgfR/DVG7wBpE
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 1860 WaterMark.exe -
Loads dropped DLL 2 IoCs
pid Process 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/2328-1-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-2-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-5-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-7-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-4-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1860-28-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-8-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-6-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1860-70-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1860-588-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2328-3440-0x0000000000050000-0x000000000008D000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\mlib_image.dll svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\NBDoc.DLL svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html svchost.exe File opened for modification C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\F12.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\jp2native.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\pdmproxy100.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\javafx-font.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\rmiregistry.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Defender\MSASCui.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\jsoundds.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\j2pcsc.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\dt_shmem.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\glass.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavutil.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
pid Process 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 1860 WaterMark.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe 2592 svchost.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1860 WaterMark.exe Token: SeDebugPrivilege 2592 svchost.exe Token: SeDebugPrivilege 1860 WaterMark.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 1860 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2328 wrote to memory of 1860 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 29 PID 2328 wrote to memory of 1860 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 29 PID 2328 wrote to memory of 1860 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 29 PID 2328 wrote to memory of 1860 2328 JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe 29 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2860 1860 WaterMark.exe 30 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 1860 wrote to memory of 2592 1860 WaterMark.exe 31 PID 2592 wrote to memory of 256 2592 svchost.exe 1 PID 2592 wrote to memory of 256 2592 svchost.exe 1 PID 2592 wrote to memory of 256 2592 svchost.exe 1 PID 2592 wrote to memory of 256 2592 svchost.exe 1 PID 2592 wrote to memory of 256 2592 svchost.exe 1 PID 2592 wrote to memory of 336 2592 svchost.exe 2 PID 2592 wrote to memory of 336 2592 svchost.exe 2 PID 2592 wrote to memory of 336 2592 svchost.exe 2 PID 2592 wrote to memory of 336 2592 svchost.exe 2 PID 2592 wrote to memory of 336 2592 svchost.exe 2 PID 2592 wrote to memory of 372 2592 svchost.exe 3 PID 2592 wrote to memory of 372 2592 svchost.exe 3 PID 2592 wrote to memory of 372 2592 svchost.exe 3 PID 2592 wrote to memory of 372 2592 svchost.exe 3 PID 2592 wrote to memory of 372 2592 svchost.exe 3 PID 2592 wrote to memory of 384 2592 svchost.exe 4 PID 2592 wrote to memory of 384 2592 svchost.exe 4 PID 2592 wrote to memory of 384 2592 svchost.exe 4 PID 2592 wrote to memory of 384 2592 svchost.exe 4 PID 2592 wrote to memory of 384 2592 svchost.exe 4 PID 2592 wrote to memory of 420 2592 svchost.exe 5 PID 2592 wrote to memory of 420 2592 svchost.exe 5 PID 2592 wrote to memory of 420 2592 svchost.exe 5 PID 2592 wrote to memory of 420 2592 svchost.exe 5 PID 2592 wrote to memory of 420 2592 svchost.exe 5 PID 2592 wrote to memory of 464 2592 svchost.exe 6 PID 2592 wrote to memory of 464 2592 svchost.exe 6 PID 2592 wrote to memory of 464 2592 svchost.exe 6 PID 2592 wrote to memory of 464 2592 svchost.exe 6 PID 2592 wrote to memory of 464 2592 svchost.exe 6 PID 2592 wrote to memory of 480 2592 svchost.exe 7 PID 2592 wrote to memory of 480 2592 svchost.exe 7 PID 2592 wrote to memory of 480 2592 svchost.exe 7 PID 2592 wrote to memory of 480 2592 svchost.exe 7 PID 2592 wrote to memory of 480 2592 svchost.exe 7 PID 2592 wrote to memory of 488 2592 svchost.exe 8 PID 2592 wrote to memory of 488 2592 svchost.exe 8 PID 2592 wrote to memory of 488 2592 svchost.exe 8 PID 2592 wrote to memory of 488 2592 svchost.exe 8 PID 2592 wrote to memory of 488 2592 svchost.exe 8
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:336
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:372
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:464
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:580
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:608
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:1644
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:660
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:748
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:796
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1164
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:832
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:984
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:268
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:344
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1072
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1112
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1276
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:1928
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:1344
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:480
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:488
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:384
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:420
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4ce01fc975e1270f6b9e319d003c50b0.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2860
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2592
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD54ce01fc975e1270f6b9e319d003c50b0
SHA125276f5b9f362b2245c1a358e00bfc6a60bb2d72
SHA2561869574a285fe291181ce592bde19eb1299e9cf0ea58f4a65592ef6e37c1a39e
SHA512803f9c645deb6b47a0332b19a71ab1ae5538a106ffce047bd18a43e238887553e486bf48d4923581a2fd889a5b76e60422a35263456a43f363b4cb4fc7f62dde
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize197KB
MD5dcaa1ca92deee79af74532c30cf71976
SHA108cf7f443df8847033a949982e5afd3d5826d152
SHA256a9cdf4a4d4c43e59e3a0948672eea9604f6bf8a89d1df612a688b90fa1365062
SHA51241eb11ed31157f2e3b217b7e0b3493455627654a67ce769070d37cfc75d356db2294fb3ad9219c667ede8456afa48f9e28e185e16cd65785e4ed7f895946d0e1
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize193KB
MD5ac4e433c1723ec8750a294787cca4cc5
SHA1d542a17378267fb376647a1c24543cc99bfc5798
SHA256fa8cfe26d363fa6a78fa96c32d3bb54efd21cf5bda1361be12a62dbdc498384b
SHA51207f9300a7ee70adb9c642932ae8f383330b015014003047beaa4d260e846a6353febc87bdf56d5b8ff13ccbc186b6681a91020efc5f8ad18361b7431fcb3bd17