Overview
overview
10Static
static
3JaffaCakes...c2.exe
windows7-x64
3JaffaCakes...c2.exe
windows10-2004-x64
10$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...nk.exe
windows7-x64
1$PLUGINSDI...nk.exe
windows10-2004-x64
1$PLUGINSDI...cx.exe
windows7-x64
1$PLUGINSDI...cx.exe
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
1$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...71.dll
windows7-x64
3$PLUGINSDI...71.dll
windows10-2004-x64
3$PLUGINSDI...71.dll
windows7-x64
3$PLUGINSDI...71.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDIR/xml.dll
windows7-x64
3$PLUGINSDIR/xml.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2025, 22:27
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Common.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Common.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UninstallVista64MCLink.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UninstallVista64MCLink.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UnregisterVista64Ocx.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UnregisterVista64Ocx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/certmanager.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/certmanager.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/msvcp71.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/msvcp71.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/msvcr71.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/msvcr71.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/xml.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/xml.dll
Resource
win10v2004-20250129-en
General
-
Target
JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe
-
Size
776KB
-
MD5
764c68cc55891b7abdd68c768e5cdfc2
-
SHA1
b11965e1403bb088406f531322e8a847601d2905
-
SHA256
5a283c7d6a5eeacaad0a28780ec39037a2baac74dfdd1c2d7a372560b03e6833
-
SHA512
6c813c0d0c0b6ddffe6757ec532088ea1649740a602913a89e6e23937585c51c2715c15626ddd847fba0359dc7c8eaf0fa327bd86e81e3c64312048ad9478f84
-
SSDEEP
12288:jQCjbTv7BdOmF1FHYSqZTSuXHoeaWjezQC6Q8D8IwSec5F2XZdJ/+g:XjbT/UZpojzxZ8DSO8XZr+g
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Sality family
-
UAC bypass 3 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe -
Executes dropped EXE 1 IoCs
pid Process 2136 Au_.exe -
Loads dropped DLL 5 IoCs
pid Process 2136 Au_.exe 2136 Au_.exe 2136 Au_.exe 2136 Au_.exe 2136 Au_.exe -
Checks whether UAC is enabled 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe -
resource yara_rule behavioral2/memory/1988-1-0x00000000023E0000-0x0000000003410000-memory.dmp upx behavioral2/memory/1988-5-0x00000000023E0000-0x0000000003410000-memory.dmp upx behavioral2/memory/1988-4-0x00000000023E0000-0x0000000003410000-memory.dmp upx -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM.INI JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Au_.exe -
NSIS installer 2 IoCs
resource yara_rule behavioral2/files/0x000a000000023b5a-29.dat nsis_installer_1 behavioral2/files/0x000a000000023b5b-34.dat nsis_installer_1 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe Token: SeDebugPrivilege 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 1988 wrote to memory of 764 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 8 PID 1988 wrote to memory of 772 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 9 PID 1988 wrote to memory of 1020 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 13 PID 1988 wrote to memory of 2960 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 50 PID 1988 wrote to memory of 3036 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 51 PID 1988 wrote to memory of 992 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 52 PID 1988 wrote to memory of 3440 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 56 PID 1988 wrote to memory of 3556 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 57 PID 1988 wrote to memory of 3744 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 58 PID 1988 wrote to memory of 3888 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 59 PID 1988 wrote to memory of 3952 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 60 PID 1988 wrote to memory of 4044 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 61 PID 1988 wrote to memory of 4144 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 62 PID 1988 wrote to memory of 4000 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 74 PID 1988 wrote to memory of 3532 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 76 PID 1988 wrote to memory of 2136 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 82 PID 1988 wrote to memory of 2136 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 82 PID 1988 wrote to memory of 2136 1988 JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe 82 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe
Processes
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:764
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:772
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵PID:1020
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2960
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:3036
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵PID:992
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3440
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_764c68cc55891b7abdd68c768e5cdfc2.exe"2⤵
- UAC bypass
- Checks whether UAC is enabled
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2136
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:3556
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:3744
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:3888
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3952
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:4044
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4144
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵PID:4000
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3532
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
700KB
MD5e1f22a3796634f2bdea37475a2395688
SHA142ddb668573c99a705c64d65f07d067e66b8a87e
SHA256915443a20943cbaf624c10af639f883ae10e7ffe29723adfe8f1a7807a33e157
SHA512a43d29a643a7b9a45b3f7b1fd8ac52acd157163bfb8af36852324279e6fe0f24f06cf62bdf6aff7f39bf3bd1543d04cb6a62ed78724fb797740b69344208d0c9
-
Filesize
9KB
MD5a68834422939ba1823fb1f5ac9bee312
SHA109ae60e23f7748bf7c05e34dcc707f4283836806
SHA25639c10b2d8b0811e4e94867f1e7fa00e429bd4f89bf86ad2d8cc41da597ea70c2
SHA512f87d59584096a73235ebfd581a804c4f97f689a9c39b3d7ce01740a7a10a4bdf7283a062c1d4bb2f97789642d1fe515372706ce0c56d0c10a6ee5e9e3e46c4c2
-
Filesize
3KB
MD5987adfbe3c777b9fa35875302eac8d22
SHA1def74308b0c7ae2036d9d0e1306d4c7158bdb6c7
SHA2563925ee3235f1acb0acfac6bcc71a311de75792ff81e7b55bc9124319198f7bd6
SHA5129b3b1b2ef1dabba63b91dd6a8879f1137c3b3e7394afc99f92a6cacd74b1eda286e33b3817d0634e489425f031961b5a647aaee4efecc99e4057a7fde01cb8ad
-
Filesize
776KB
MD5764c68cc55891b7abdd68c768e5cdfc2
SHA1b11965e1403bb088406f531322e8a847601d2905
SHA2565a283c7d6a5eeacaad0a28780ec39037a2baac74dfdd1c2d7a372560b03e6833
SHA5126c813c0d0c0b6ddffe6757ec532088ea1649740a602913a89e6e23937585c51c2715c15626ddd847fba0359dc7c8eaf0fa327bd86e81e3c64312048ad9478f84