Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13-10-2024 20:10
General
-
Target
41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe
-
Size
382KB
-
MD5
41d87fa0c9244a9a098742155a862e4d
-
SHA1
f80f8a9584fd4ec0a3e86f0a4bedd66bf204bcdc
-
SHA256
60767e516dcf017b6a446f383a87afda3ce002292866195bdcffb5c8e9dac0c9
-
SHA512
bed43d92325b572f9a1dde0f6088569679619b50d55f120b67b3db0c5dd3c1db604702881b0f7180f1a66069a9f0e2177b7bbd70af8e88da530563163afbd359
-
SSDEEP
6144:A0Ly6qr9+br6u1yvZgQHhEaBTuPwyQ9Hmdy1MsS:AxF9FZhH+aBaPUGY1Mz
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt
cerber
http://4kqd3hmqgptupi3p.xkfi59.top/7E9B-7759-0E39-0042-FFD6
http://4kqd3hmqgptupi3p.sdfiso.win/7E9B-7759-0E39-0042-FFD6
http://4kqd3hmqgptupi3p.wins4n.win/7E9B-7759-0E39-0042-FFD6
http://4kqd3hmqgptupi3p.we34re.top/7E9B-7759-0E39-0042-FFD6
http://4kqd3hmqgptupi3p.onion.to/7E9B-7759-0E39-0042-FFD6
http://4kqd3hmqgptupi3p.onion/7E9B-7759-0E39-0042-FFD6
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (16390) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Deletes itself 1 IoCs
-
Drops startup file 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies Internet Explorer settings 1 TTPs 61 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of UnmapMainImage 3 IoCs
-
Suspicious use of WriteProcessMemory 54 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe"1⤵
- Adds policy Run key to start application
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{03DCD65C-9679-444D-F105-BB6BAC813AA4}\wuapp.exe"C:\Users\Admin\AppData\Roaming\{03DCD65C-9679-444D-F105-BB6BAC813AA4}\wuapp.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:537601 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt3⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"3⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "wuapp.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{03DCD65C-9679-444D-F105-BB6BAC813AA4}\wuapp.exe" > NUL3⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "wuapp.exe"4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe" > NUL2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "41d87fa0c9244a9a098742155a862e4d_JaffaCakes118.exe"3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {9F28D2BD-E6DA-4B40-938D-17C6D1CBF0E7} S-1-5-21-1488793075-819845221-1497111674-1000:UPNECVIU\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{03DCD65C-9679-444D-F105-BB6BAC813AA4}\wuapp.exeC:\Users\Admin\AppData\Roaming\{03DCD65C-9679-444D-F105-BB6BAC813AA4}\wuapp.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5001⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD52748afaa19df012c8982f06910c8556a
SHA1ab6cbfa3a3de197777fa0eace5abbbdcaac12414
SHA256cd920effd67725660dd4e4442d91d9aa4fd788780f66fb374643a5fac67d3722
SHA512109affb40776d8016b367718cd6c4baa2edf73b194e23056073fddca0267a605cbe6be2eb4922d6850683f4de2052e0cf72fe0a9b842c845a2996182e652262c
-
Filesize
342B
MD53ae94034e31e8a954fe733ca8d8166a2
SHA1620e110185469bfc8ac98d3e37d758128f93600c
SHA2562a47a5926de24cfbffb1df0fd706b48a3daadda8e3003f225cc4f8c4b0d8292e
SHA5126973d89c618048d64a346404a43b5141e3136cc6de3ef14e29fa0f276f13392e43b869e73aceabf3fa97d1d75b90eca4a8d06d72c35ce8dc324fbc8ef917b805
-
Filesize
342B
MD5ff5aa3abd834504e07d9dc4d56909b10
SHA18967b333581c86f8b831fa10a845ae5c7e21efba
SHA256a06f40e21ae996ea27ef8bb9ebe2c26bd1ef1459f25ac85999252c7654d89d94
SHA51277759428aa968afafe5ebd95bf6bdc0aa84fdcfb840806d236d25880fea1b4ba22d6c1f601c67e391bf3625378ca86e6e24048a748862d4413aacdfb8113f19c
-
Filesize
342B
MD5e157646fe92ad428d1d85ab7eb35b7e0
SHA1f73fd3886bdd53a047f12c26ea75a76de34bc268
SHA25647b4cc034ba58099dde9245dc939b7124e367df95dad176ed2a105b1d8f9f500
SHA5121dcd86a69f7c286eb385c7f91c5a7333bc83ac0b8ec32a9cc8fbfa3591273c46d13900c1ac4565414dd6b448f24ddf746e0e86d9e000964ea918cff7d325fc9a
-
Filesize
342B
MD5694c4838cab8c204a5502882c89bd418
SHA18c6e8d88b23e4df5835167e8ea3c61c882765343
SHA256ac50faadce9342807aaf6ab619ad1d316885bf8f07bdd48f38a04d2f7de3a4d9
SHA512c432d8f5746a47374eb468065ce3855eb12a93aea567959e785a33cd6ee7e0ceae64662892f28f521650cf10b38d19bbef4d0a85fc4fa355f4cd5ec4d0c81027
-
Filesize
342B
MD5e36ced06802886c12f2707a937c36ce5
SHA169ef329dad491b02aba1c40715b8ea70b71c3190
SHA2567545745bca5f92adddfcc68d6097b3b33e6c61f5a119e3fc8f332bd28b85c84d
SHA51265c7f1b8c9ba2aae0fe833651e5fc9aa3e51f6a34ae4fea9c2a1c347d5d2aee868b1d61cf9664d991a28ed8efccb318611cf84dc39f10ccb0ad553c8c00e61fe
-
Filesize
342B
MD5069d5fc6fd3a14d092dc572a55a65405
SHA186066b34ef7cc5bab682be7f2fdfb28a02a1ae89
SHA256668bcbb283c36cf7f58f70d20051161e9ea8a20d770b5da607107a27a5a3f52b
SHA512d1287be4e5722c89c4a423baead45b3d852bf8a238ded7a558695a1980e3a136e6145947b8293dff44fda923498b70560615bbd1300fe5add3b41ebba786c275
-
Filesize
342B
MD5cd4db3ff31ee56e28cbfe81defcfbc0e
SHA1b9764d43c36fbba74559ea0af42d3087f9823b7d
SHA256a6c763660c09298e274fc22a9406beb9b99e6896c13f4c79d77cae834a221975
SHA512b46a73a9d90b37c246c94aa9485926fd9869afa34cc3c6a59ee6065e10d79ec21df5d724b4b313eb048d79004b30d30dc0fea961fc603d32e97c4adf312de80f
-
Filesize
342B
MD50b5da7345071b04996afdfd177ec306a
SHA1201ab42ddf5326ba663cc08730035bd2f98e22ea
SHA256c3426aa601698ca7ce207bf0a0512f9df116026a81e6776a76430c7d96c36839
SHA512ff1e526e1688703b627c9547d3ea662f27f002935ae665d8b4caac3185c53b60b0b727e1cb4338a0efde2c1ae89e8d35ec7f90a236d5b06744a6db2be61c46dd
-
Filesize
342B
MD5432e261c8cd7f8c2f10321b1e796c03c
SHA1663b4b023e9d60890b335dfeb89bcc3ffc94b9b7
SHA2569508992dc0d70d7a7a36af73b711b429cd752a60e7fe33dd435b513162fe2938
SHA512f730a6b7f457f3f8314b056fb141d7b8254ffafde602bbd994f56ab95bf0c25127df64be850f92cf658779d86c6328568839b40f6dc0a7704b53fa5225480e18
-
Filesize
342B
MD5b5a3e28bc2bc46381e6a0bf971606ef2
SHA1fa6cb70ed111ad453ed693409a0d7e41ed77956f
SHA25676c4956e77309ccc8def8481b8fcc547bcf2f5d364d83b033e1e7f0107c04ff6
SHA5128ba33c7c4e5841986d4900b53ec70a095facda27907825f613b4ad1aa5b98e5b26c0f8e1f396c5e9b3b5fb633a9de9799f078318db0fd74d220ec9da15d29f3c
-
Filesize
342B
MD588d69023a79bad3afb8753a092dacbdb
SHA19c3d9325b3c29873343a7b16d87562692d2f1705
SHA256ed89e331e63a5458470494919ae29646f231abc9b2b6adce01039c99953685cd
SHA512c7354a2cd1218cfded8ca1d12858e9d828f3e13909d460ad51a94d09466fca56abf188bc6044593fbd8ce8826fdd757dc3028966834db430285310a0a56b00ca
-
Filesize
342B
MD571270c0c51bde39bc989bc86633b3338
SHA1d6c7aaf815d0de5f6d9e14d83c44a0af522e4aaa
SHA256a1db7752897acd9af627e8ed9a46daf355784dcc15156bc9a0aae2166d2ca2a2
SHA51260a804992d42ede78b9adfac612094e5c628c85b1ff343f63d11ca99ee410f3f6f6283fa4d05a42fa9135ffca78f53943c6c63dfeb32a7bb2d5d359d9e19d6e8
-
Filesize
342B
MD596f81492eaa6ca9f5f1b4458daf3e7ef
SHA1b7415498df050b073557397dba897ca388a9c747
SHA256f81096f48b66127d342227b02716b957c33008e306377632a261525846b2e7c0
SHA51279bb7007d0bb62dc332b4e011d8b9c4efbb6ec68d98794c8f1462541a5561eb69c5d06eaabf176b243e808d6859093407342d872aa625fd68aa414fedd12fc2f
-
Filesize
342B
MD50cf139b1a16854bc5818eafb5e21495a
SHA15bbbabf7fa63bf193571df121ba668e370cd2c7f
SHA256cf5499e03209ff7fe9e40a719894111a7c88b82fc77199cd3c093c453631cacb
SHA512b702fc9bf91b3dd18c660facee3c3decac7b4de6acc5cb1a1bd75acab04bd505c0a5f8cf3678e6a4e37309bee41eac5cf710f8957092afaba6b330a494a17767
-
Filesize
342B
MD5245e3e9b247af061c60d00f4dc619845
SHA12ab59d3c748153f26bfe69ccfc20b646b2127388
SHA2564eb15476c767a43c924c3f30287d24de5b18db926ae0418d68d04e23895b70d7
SHA51216c297f588ba2fa98fa9140fbb0b3cee969ec7098d80c3d9cdddd2f900075d8d020fff5698a3c48f976de44e117e43aa76334ef299d2e8a7a8ceffc0eaf81915
-
Filesize
342B
MD51580a76aa8047d432ba19ac55002e559
SHA1d0c811584f17fa15a3658fa686aaf3bfbfdc7145
SHA256b0b9f7fbae27ef87b359ee1a6a7159c004bc442d013dad7b4881fa968fd15510
SHA51257cfa343c0c6f3377f7083165dcd2a5a7471aeb7ac9935a3fab817f19552481f0ae965487181c18d12768eb973deb29d9b7b57d28bccf4ebc7c12c541e78a6e7
-
Filesize
342B
MD576412cd94e4319b88706c23be4994f6d
SHA160e4eec950e39916a2a2dbc8008774cb23c7c171
SHA256feb79da2c0c18a0633a0b5490dc485fd0a0f8db5b3fa24f7133612bbfb3d49b8
SHA51283cf4eb3bad0e55acf391deec0996f1f9e1156df4b56d279adfacdd33afd87ce7d1c46ea43ae048f198a2445a1b4515e3a0f33252b3e42f791945cad0cb1eb87
-
Filesize
342B
MD5ff4ed74a159d8ca3bcf2756a019a377f
SHA1160c633a892b474e915632ceae2ac44deedc6efc
SHA256ac3bd72f846859387895073db1563e6b27673245646751ff81aa7354728a87ff
SHA5128d2a139006d3c7778756299fea68545881cba35a5ea952db96df9500c35abefdf3e5392b9dc22b1678ebe7669f4d8c2377cdbe152dd2fd5658c39b41e8b4b2f7
-
Filesize
342B
MD5717df19ce3027fb0facf928da9b03fc1
SHA1d5d3adec4d121148b0851d6416f5845fda391e40
SHA2569fe81396d403b66bb0b2f3da6ad3973494a2c4719d5ad021c786dc991d7b4323
SHA512ebefd2eebe0b46969a4b215829625425eba6f55c85e9fc1544c933c31a3bea6fa39d8a50cf4c3690839c5d5bcb595b4da3b373f4c9e80bff55fbb2b1fb00a11d
-
Filesize
342B
MD5aaad7ac9e3fe99637314b12f8ebc5e32
SHA146528e490d9b6f68b49f4da3364d32e279016db7
SHA25630751f71a2e19c1432486298ae08416268b8c7461170ade90e233aa7dc7e29b0
SHA512a2a811d2f219e8979825827f25b8c6d78a96d65ffcc121703156ecc5464a167ce0a7ba1d74d4b1a7dc2b8577588bbc7c22e419d096cedde5d2130f835a3fa043
-
Filesize
5KB
MD5d528fbfb5ba645a1bf2dc16c081b287b
SHA1727de4de3148763a8ef9d9c4efb94359c2fb4e64
SHA2561feb42f01f4f340bcc3d3079911fb4d3c35b93b3cd42ae2a65a9d4b2640faae9
SHA512bb0bd3053d1bf6eee5459dbecd139af32b59b50c0d9b4fca15055ce6c51a88306e9a409f7027126decb609bb5dda71c4f19773da4c0080c04d2f96eca74da702
-
Filesize
5KB
MD533db61068f7ba26192f8db666e879924
SHA14f2e3da17bca0414993fef44f78054f5bcd418c8
SHA256343860178734d1f3c0314c73179d17a0236a4f7bc58d0ae9c182b3ed8e6c5641
SHA512b08a3dc981314d299133d3d514344dfd1920c31b2b904a6d0fe0bc0752490c3d2c2f9fbf6790a86669375a49f9726921e27b8a29ad448af762e19a39568bb5bb
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
12KB
MD55b72d03aca7fe500e25dfe3cf4153e4d
SHA1cefc9997476d01ce8e1bf2143c862ba5dbdc1945
SHA25626276f469e6878fdad412f4356cb105285822645e67c7294c45680fff886b00e
SHA512598cf914010a720e57685e481a1aa4efd499930c380aef75beb040b47e33b1767598c3a5e7b215b5912f5e80bb74aa7cd6c35e2b5f2e53e99763eb8d374210b7
-
Filesize
85B
MD5c70358e6d08c7adfa8b9993caab55735
SHA1e05cb65aa6c73ae8ec4d138ba738a92a1cf69656
SHA25631cb8fa266d4150cf917c6c5225c99db61eb19e3d3192fd66bbee84ebd204c69
SHA512fd199ab6d9ff784d5d042c4b5340633fe88bfd69cdaf28d166121dd825ade73039619227ca6da045768e5734ecaa986c7009ee7adf0504eeec58011bb77b1bce
-
Filesize
231B
MD59d8c4bfbd009c4d6001e2125abaa8b02
SHA1cd040558172b5fca5b200447a281843956243741
SHA256a652297987f14317100f8c5f7eb26d1bc67eb8a64f0b39b72b5fd5046a9f29b0
SHA512c4c84f43642b805a105acce9ebc9f01aa0e6ef553ea32be3f8b890fc7440f0b7d3ddf99b9336bce20ce7a3d9b9f6434a704651a8af425ffc8407ba39d5de735f
-
Filesize
1KB
MD57d127e3a72f190aafb18318883ad37d8
SHA15e5fad534a9dd74e21fa2480b9535cd45cdff649
SHA256fc56a29ca3c190419b4aff13af1c1b45510e156f9f24ccafcc9a5ef46bde7b7d
SHA512802a2f3f2832101eba3cc64210df5e3b4654bce0982b990de930f25492a64a12204849f138e37ef168675714ffc12c768bc5bdd109a9ebb53c07c2263326ba42
-
Filesize
382KB
MD541d87fa0c9244a9a098742155a862e4d
SHA1f80f8a9584fd4ec0a3e86f0a4bedd66bf204bcdc
SHA25660767e516dcf017b6a446f383a87afda3ce002292866195bdcffb5c8e9dac0c9
SHA512bed43d92325b572f9a1dde0f6088569679619b50d55f120b67b3db0c5dd3c1db604702881b0f7180f1a66069a9f0e2177b7bbd70af8e88da530563163afbd359
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
8KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
392KB
-
Filesize
4KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
392KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
132KB