Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe
-
Size
3.1MB
-
MD5
144769859640eab70ec9ed969401e8e3
-
SHA1
cb6603e8867a74d2d27059cdc47438cf2340920a
-
SHA256
7a9776c90605606de12e06a0088cbf44c12e8be266c13c5894304eda81035711
-
SHA512
9a9d4b67a04ef8a1cbea7bc2574dbc42db6e1460650b951a322d62e6e92c64b3ee6924ce0bec5664a4c4668224f62a5ca1d3ed81430a77d31e40fb56c7fdbbef
-
SSDEEP
24576:9lW4wul8bp7gzsRMgZsdfbk/OwSsvKf1ympTTdD+dFCx2gdtsdsqo:9lW4wulcgGMos6ONsydympTZD+3CXw
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\setup" 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe -
Modifies firewall policy service 3 TTPs 3 IoCs
Processes:
explorer.exedescription ioc process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile explorer.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" explorer.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "0" explorer.exe -
Modifies security service 2 TTPs 1 IoCs
Processes:
explorer.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4" explorer.exe -
Processes:
explorer.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" explorer.exe -
Disables RegEdit via registry modification 1 IoCs
Processes:
explorer.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" explorer.exe -
Disables Task Manager via registry modification
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate explorer.exe -
Executes dropped EXE 2 IoCs
Processes:
BROUF_POP.EXEBROUF_POP.EXEpid process 2540 BROUF_POP.EXE 1628 BROUF_POP.EXE -
Identifies Wine through registry keys 2 TTPs 2 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Wine 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key opened \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Wine explorer.exe -
Loads dropped DLL 4 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exepid process 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe 2480 explorer.exe 2480 explorer.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exenotepad.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\setup.exe = "C:\\setup" 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\setup.exe = "C:\\setup" notepad.exe -
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exedescription ioc process File opened for modification \??\PhysicalDrive0 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe File opened for modification \??\PhysicalDrive0 explorer.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exepid process 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe 2480 explorer.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exedescription pid process target process PID 2124 set thread context of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
explorer.exe144769859640eab70ec9ed969401e8e3_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier explorer.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString explorer.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
Processes:
explorer.exe144769859640eab70ec9ed969401e8e3_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exepid process 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe 2480 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
explorer.exepid process 2480 explorer.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exedescription pid process Token: SeIncreaseQuotaPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeSecurityPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeLoadDriverPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeSystemProfilePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeSystemtimePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeBackupPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeRestorePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeShutdownPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeDebugPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeUndockPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeManageVolumePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeImpersonatePrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: 33 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: 34 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: 35 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe Token: SeIncreaseQuotaPrivilege 2480 explorer.exe Token: SeSecurityPrivilege 2480 explorer.exe Token: SeTakeOwnershipPrivilege 2480 explorer.exe Token: SeLoadDriverPrivilege 2480 explorer.exe Token: SeSystemProfilePrivilege 2480 explorer.exe Token: SeSystemtimePrivilege 2480 explorer.exe Token: SeProfSingleProcessPrivilege 2480 explorer.exe Token: SeIncBasePriorityPrivilege 2480 explorer.exe Token: SeCreatePagefilePrivilege 2480 explorer.exe Token: SeBackupPrivilege 2480 explorer.exe Token: SeRestorePrivilege 2480 explorer.exe Token: SeShutdownPrivilege 2480 explorer.exe Token: SeDebugPrivilege 2480 explorer.exe Token: SeSystemEnvironmentPrivilege 2480 explorer.exe Token: SeChangeNotifyPrivilege 2480 explorer.exe Token: SeRemoteShutdownPrivilege 2480 explorer.exe Token: SeUndockPrivilege 2480 explorer.exe Token: SeManageVolumePrivilege 2480 explorer.exe Token: SeImpersonatePrivilege 2480 explorer.exe Token: SeCreateGlobalPrivilege 2480 explorer.exe Token: 33 2480 explorer.exe Token: 34 2480 explorer.exe Token: 35 2480 explorer.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
explorer.exepid process 2480 explorer.exe -
Suspicious use of WriteProcessMemory 61 IoCs
Processes:
144769859640eab70ec9ed969401e8e3_JaffaCakes118.exeexplorer.exedescription pid process target process PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2700 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe notepad.exe PID 2124 wrote to memory of 2540 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe BROUF_POP.EXE PID 2124 wrote to memory of 2540 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe BROUF_POP.EXE PID 2124 wrote to memory of 2540 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe BROUF_POP.EXE PID 2124 wrote to memory of 2540 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe BROUF_POP.EXE PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2124 wrote to memory of 2480 2124 144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe explorer.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1988 2480 explorer.exe notepad.exe PID 2480 wrote to memory of 1628 2480 explorer.exe BROUF_POP.EXE PID 2480 wrote to memory of 1628 2480 explorer.exe BROUF_POP.EXE PID 2480 wrote to memory of 1628 2480 explorer.exe BROUF_POP.EXE PID 2480 wrote to memory of 1628 2480 explorer.exe BROUF_POP.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\144769859640eab70ec9ed969401e8e3_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\SysWOW64\notepad.exenotepad2⤵
- Adds Run key to start application
PID:2700 -
C:\Users\Admin\AppData\Local\Temp\BROUF_POP.EXE"C:\Users\Admin\AppData\Local\Temp\BROUF_POP.EXE"2⤵
- Executes dropped EXE
PID:2540 -
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"2⤵
- Modifies firewall policy service
- Modifies security service
- Windows security bypass
- Disables RegEdit via registry modification
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe3⤵PID:1988
-
C:\Users\Admin\AppData\Local\Temp\BROUF_POP.EXE"C:\Users\Admin\AppData\Local\Temp\BROUF_POP.EXE"3⤵
- Executes dropped EXE
PID:1628
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260B
MD5d98926e26231d491cd5d40854453f3cf
SHA13a3a1d71b37b7c8b54a80a7917c12c63ba2480fd
SHA2568f523b0f039109f042f5a0a807ae36a1cde13ee7a9512bb746e2c6e8bf90beab
SHA512565e295523e06a56507ea6096d23f0ce2a00acd5c376b3badea4f6aa591991b5e21c831d45e24b33f34d4dcf7eaa5263077cf86f9d905952ff944aab6d11399a
-
Filesize
3.1MB
MD5144769859640eab70ec9ed969401e8e3
SHA1cb6603e8867a74d2d27059cdc47438cf2340920a
SHA2567a9776c90605606de12e06a0088cbf44c12e8be266c13c5894304eda81035711
SHA5129a9d4b67a04ef8a1cbea7bc2574dbc42db6e1460650b951a322d62e6e92c64b3ee6924ce0bec5664a4c4668224f62a5ca1d3ed81430a77d31e40fb56c7fdbbef
-
Filesize
323KB
MD53bed4a376b5fce52fc08539e95ae369f
SHA1feb471bdf3f78a2140fecfa474eda876e3f75e78
SHA2567cb7d9efb92bfbb8aaee1df39c63a02092c6e6552bec1fd0cda3c68c3eb2d034
SHA512e25578774eac1d88b883c32446096e7b882fcb4256b901ae8cba277a6f1ba948a311e61f64ee5d43661e72f72f5c96aacdc285176304df5a0867ea39669c62b7