Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-01-2025 11:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe
Resource
win7-20240903-en
windows7-x64
13 signatures
150 seconds
General
-
Target
JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe
-
Size
123KB
-
MD5
e5ccd11f357324e62abf863e7a52bcac
-
SHA1
4ce9f8d7a4e9140ede744f9cb757fcedee577c27
-
SHA256
1bc22219bc6cc69f055cebd24cac26cdbba363a56b89adc97161da6576751bee
-
SHA512
501a7413c43f5db1ba28df2013478878a351532f41671458dad8d5a18a7d5f62ba073951d75d1873edb1c46a31a05f273acf44023fed134531cd2c76b0c2e597
-
SSDEEP
768:l06R0UtgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9ICW:TR0Zn3Pc0LCH9MtbvabUDzJYWu3B
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 1804 WaterMark.exe -
Loads dropped DLL 2 IoCs
pid Process 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/1796-2-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-3-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-9-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-7-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-6-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-4-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-1-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1796-19-0x0000000000050000-0x000000000008A000-memory.dmp upx behavioral1/memory/1804-30-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1804-29-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1804-336-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/1804-605-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\README.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\unpack.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\libvlc.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm svchost.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\instrument.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\JdbcOdbc.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\jnwmon.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\JNWDRV.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\jfxmedia.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\wab32res.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\jsdbgui.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\eula.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\ado\msador15.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadcf.dll svchost.exe File opened for modification C:\Program Files\DebugClose.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe svchost.exe File opened for modification C:\Program Files\Internet Explorer\perf_nt.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\jsdt.dll svchost.exe File opened for modification C:\Program Files\Windows Defender\MpAsDesc.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\rmiregistry.exe svchost.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
pid Process 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 1804 WaterMark.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe 2700 svchost.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1804 WaterMark.exe Token: SeDebugPrivilege 2700 svchost.exe Token: SeDebugPrivilege 1804 WaterMark.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 1804 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1796 wrote to memory of 1804 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 30 PID 1796 wrote to memory of 1804 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 30 PID 1796 wrote to memory of 1804 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 30 PID 1796 wrote to memory of 1804 1796 JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe 30 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2328 1804 WaterMark.exe 31 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 1804 wrote to memory of 2700 1804 WaterMark.exe 32 PID 2700 wrote to memory of 256 2700 svchost.exe 1 PID 2700 wrote to memory of 256 2700 svchost.exe 1 PID 2700 wrote to memory of 256 2700 svchost.exe 1 PID 2700 wrote to memory of 256 2700 svchost.exe 1 PID 2700 wrote to memory of 256 2700 svchost.exe 1 PID 2700 wrote to memory of 332 2700 svchost.exe 2 PID 2700 wrote to memory of 332 2700 svchost.exe 2 PID 2700 wrote to memory of 332 2700 svchost.exe 2 PID 2700 wrote to memory of 332 2700 svchost.exe 2 PID 2700 wrote to memory of 332 2700 svchost.exe 2 PID 2700 wrote to memory of 380 2700 svchost.exe 3 PID 2700 wrote to memory of 380 2700 svchost.exe 3 PID 2700 wrote to memory of 380 2700 svchost.exe 3 PID 2700 wrote to memory of 380 2700 svchost.exe 3 PID 2700 wrote to memory of 380 2700 svchost.exe 3 PID 2700 wrote to memory of 392 2700 svchost.exe 4 PID 2700 wrote to memory of 392 2700 svchost.exe 4 PID 2700 wrote to memory of 392 2700 svchost.exe 4 PID 2700 wrote to memory of 392 2700 svchost.exe 4 PID 2700 wrote to memory of 392 2700 svchost.exe 4 PID 2700 wrote to memory of 428 2700 svchost.exe 5 PID 2700 wrote to memory of 428 2700 svchost.exe 5 PID 2700 wrote to memory of 428 2700 svchost.exe 5 PID 2700 wrote to memory of 428 2700 svchost.exe 5 PID 2700 wrote to memory of 428 2700 svchost.exe 5 PID 2700 wrote to memory of 472 2700 svchost.exe 6 PID 2700 wrote to memory of 472 2700 svchost.exe 6 PID 2700 wrote to memory of 472 2700 svchost.exe 6 PID 2700 wrote to memory of 472 2700 svchost.exe 6 PID 2700 wrote to memory of 472 2700 svchost.exe 6 PID 2700 wrote to memory of 488 2700 svchost.exe 7 PID 2700 wrote to memory of 488 2700 svchost.exe 7 PID 2700 wrote to memory of 488 2700 svchost.exe 7 PID 2700 wrote to memory of 488 2700 svchost.exe 7 PID 2700 wrote to memory of 488 2700 svchost.exe 7 PID 2700 wrote to memory of 496 2700 svchost.exe 8 PID 2700 wrote to memory of 496 2700 svchost.exe 8 PID 2700 wrote to memory of 496 2700 svchost.exe 8 PID 2700 wrote to memory of 496 2700 svchost.exe 8 PID 2700 wrote to memory of 496 2700 svchost.exe 8
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:332
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:380
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:472
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:596
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:1536
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:1328
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:676
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:748
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:812
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1172
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:860
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵PID:2132
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:972
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:268
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:328
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1068
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1108
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1740
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:2976
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:1936
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:488
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:496
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:392
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:428
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1208
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e5ccd11f357324e62abf863e7a52bcac.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2328
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize260KB
MD53aa9ca1b81d9e924ef0109b27b17c222
SHA1ceff4a0f9a32d08c527914ab6c1db1014f4e2633
SHA256867d0a6eee4cc606f5ba933f781bc1679b667f5a982d5ccee7091c6d14b8f934
SHA51224c16d779a8c2a5f965e7a28f6e19db4034e1d6caf45768419c80d0db48a87473b693e8a550959f41ec125b7b7db6f0f5b80fc97e769aae8eeb60ebe7d681241
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize256KB
MD571407194214bc7ffeb6e52a163d419f9
SHA16974fabfd244c0f34d3ccc95b27d88aa51538820
SHA2569dfad59867ff4176be5404496320453073225206751b446f8d83600891ede192
SHA512c9ef4733ff601767356416003be38018e713583d1678f6d34f69020a632167a3ffc9f83b1ec7b5c4196916a16457c1e16589597a7f2db4e02316b65a4a9da850
-
Filesize
123KB
MD5e5ccd11f357324e62abf863e7a52bcac
SHA14ce9f8d7a4e9140ede744f9cb757fcedee577c27
SHA2561bc22219bc6cc69f055cebd24cac26cdbba363a56b89adc97161da6576751bee
SHA512501a7413c43f5db1ba28df2013478878a351532f41671458dad8d5a18a7d5f62ba073951d75d1873edb1c46a31a05f273acf44023fed134531cd2c76b0c2e597