Analysis
-
max time kernel
35s -
max time network
13s -
platform
windows11-21h2_x64 -
resource
win11-20231128-en -
resource tags
arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/12/2023, 14:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://raw.githubusercontent.com/SplashGG/dl/main/strless.exe
Resource
win11-20231128-en
General
-
Target
https://raw.githubusercontent.com/SplashGG/dl/main/strless.exe
Malware Config
Signatures
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 5340 strless.exe -
resource yara_rule behavioral1/files/0x000100000002a7bb-26.dat vmprotect behavioral1/files/0x000100000002a7bb-43.dat vmprotect behavioral1/files/0x000100000002a7bb-44.dat vmprotect behavioral1/memory/5340-45-0x000001B2EF9B0000-0x000001B2EFF6E000-memory.dmp vmprotect -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 5560 ipconfig.exe -
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 4368 vssadmin.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133465196035464824" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key deleted \REGISTRY\USER\S-1-5-21-3484251756-2814966285-185304317-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU strless.exe Key deleted \REGISTRY\USER\S-1-5-21-3484251756-2814966285-185304317-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache strless.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4548 chrome.exe 4548 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4548 chrome.exe 4548 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeBackupPrivilege 2168 vssvc.exe Token: SeRestorePrivilege 2168 vssvc.exe Token: SeAuditPrivilege 2168 vssvc.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeBackupPrivilege 5340 strless.exe Token: SeSecurityPrivilege 5340 strless.exe Token: SeBackupPrivilege 5340 strless.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe Token: SeShutdownPrivilege 4548 chrome.exe Token: SeCreatePagefilePrivilege 4548 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe 4548 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4548 wrote to memory of 1060 4548 chrome.exe 78 PID 4548 wrote to memory of 1060 4548 chrome.exe 78 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 3524 4548 chrome.exe 80 PID 4548 wrote to memory of 712 4548 chrome.exe 81 PID 4548 wrote to memory of 712 4548 chrome.exe 81 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 PID 4548 wrote to memory of 1504 4548 chrome.exe 82 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://raw.githubusercontent.com/SplashGG/dl/main/strless.exe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc87d9758,0x7ffcc87d9768,0x7ffcc87d97782⤵PID:1060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:22⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:1504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:12⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:12⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:3132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:6140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 --field-trial-handle=1808,i,15093434241284001485,14123266761129064371,131072 /prefetch:82⤵PID:3260
-
-
C:\Users\Admin\Downloads\strless.exe"C:\Users\Admin\Downloads\strless.exe"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5340 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /for=C: /quiet & exit3⤵PID:5644
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /for=C: /quiet4⤵
- Interacts with shadow copies
PID:4368
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C ipconfig /flushdns & exit3⤵PID:3960
-
C:\Windows\system32\ipconfig.exeipconfig /flushdns4⤵
- Gathers network information
PID:5560
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C FSUTIL USN DELETEJOURNAL /D C: & exit3⤵PID:872
-
C:\Windows\system32\fsutil.exeFSUTIL USN DELETEJOURNAL /D C:4⤵PID:5916
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1376
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
539B
MD5165cd881ff8843d0e0d4c1e1c63f5d04
SHA1ce3b7bda11a327ec62a631c9b06bbe2a13e43c8c
SHA256b6322383607d66c043f875688580f88c65cb955d6af516a635eae589435d0f73
SHA5121a339e99de79d795db9ac6b0ae1f1aa397016a6d3b61dd55e924f13690def1c2e69a3417d31accca6027e9761de9fb701565237369a35cc62e663cf8af2ce558
-
Filesize
6KB
MD58ee7c575ae20d83c4214f1563a140f16
SHA1cf77d99acccba0eacd7fdcba36684cb179d69303
SHA2566c45422858470fd5ac5b7cee1155aab93f29dd206473634fbc12bb5b459ad09b
SHA5123e92e130733981e4f5fefce8a750fb2c5e06d501c297c49278995909cff0b15b78d3c0d7c8d40986ce3a9321cf09880a9cac69001bcf8b172175af1dcec3b51a
-
Filesize
115KB
MD545f497f027d4f066ea3a924648ff637a
SHA1221bc91117694e484620a2fbcdaaaee6ca99d241
SHA256790536a0cd61027af69ca7cb9c1c9e2e60df53c42192ce4e844cc6db1d92e170
SHA5122fffb1899d6a3f71bb1a4cff98532b937fcba8dcc80881c12d1a1e7d51399423bc07b3fbbde76555c2c4847487e48784a4537ceb9a99d0e5b723a66fca4b26d9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2.6MB
MD57fb60ff8c9849f18a1cec88180389ef4
SHA14e7633c8e3b9b23a63e89b41f47918dbc7f78059
SHA256d3f0b6a5e1797be376a82e6887f414cfb448e4fcc87d9d42c2672b387f0e1f3c
SHA51212237d943a687ff3af4064d2870eebe13d1cfbf70147270b39f7d400ec5a1ad069754236759273045be7f0e41e73e539076a7202605f45b45aef979af90178d1
-
Filesize
2.6MB
MD57fb60ff8c9849f18a1cec88180389ef4
SHA14e7633c8e3b9b23a63e89b41f47918dbc7f78059
SHA256d3f0b6a5e1797be376a82e6887f414cfb448e4fcc87d9d42c2672b387f0e1f3c
SHA51212237d943a687ff3af4064d2870eebe13d1cfbf70147270b39f7d400ec5a1ad069754236759273045be7f0e41e73e539076a7202605f45b45aef979af90178d1
-
Filesize
2.6MB
MD57fb60ff8c9849f18a1cec88180389ef4
SHA14e7633c8e3b9b23a63e89b41f47918dbc7f78059
SHA256d3f0b6a5e1797be376a82e6887f414cfb448e4fcc87d9d42c2672b387f0e1f3c
SHA51212237d943a687ff3af4064d2870eebe13d1cfbf70147270b39f7d400ec5a1ad069754236759273045be7f0e41e73e539076a7202605f45b45aef979af90178d1