Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01/02/2025, 10:35
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe
Resource
win10v2004-20250129-en
General
-
Target
JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe
-
Size
644KB
-
MD5
70c9d1cd6056c6ed265dea8d413cfc97
-
SHA1
a653507de24c71577d431a5cd4d5bbd10e613299
-
SHA256
bcec96017b538e00d13e8836cf1f2ff922a24dd1d30a6e50b08144304476ed5a
-
SHA512
a2eef39593ee4e752cae90d67c589caa6df22df29d70b325f26d6930e26c4d56f8b87a0f4b82b5011b9aef67151d68e8c6164ffc3bb4b29db18f21e0dfcc9aae
-
SSDEEP
6144:B41m5vbRoTASrqzusXCOf0sTDFiE+t0nrZ7Q4Qo0SiWe6uxIHN:BZx3Srq6sXCqTDFihtIt4SNe6uxS
Malware Config
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 1 IoCs
resource yara_rule behavioral1/memory/182324-200637-0x0000000000400000-0x0000000000473000-memory.dmp family_blackshades -
Modifies firewall policy service 3 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\RacunLast.exe = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\racun\rracun.exe = "C:\\Windows\\racun\\rracun.exe:*:Enabled:Windows Messanger" reg.exe -
UAC bypass 3 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run rracun.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\RacunSys = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe" rracun.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9D7EAAC8-DA69-DFD3-FCC1-AC5FCEFDD6DA} rracun.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9D7EAAC8-DA69-DFD3-FCC1-AC5FCEFDD6DA}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe" rracun.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D7EAAC8-DA69-DFD3-FCC1-AC5FCEFDD6DA} rracun.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Active Setup\Installed Components\{9D7EAAC8-DA69-DFD3-FCC1-AC5FCEFDD6DA}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe" rracun.exe -
Executes dropped EXE 2 IoCs
pid Process 183248 rracun.exe 182324 rracun.exe -
Loads dropped DLL 4 IoCs
pid Process 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kluc name = "C:\\Windows\\racun\\rracun.exe" reg.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\RacunSys = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe" rracun.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\RacunSys = "C:\\Users\\Admin\\AppData\\Roaming\\RacunLast.exe" rracun.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 183248 set thread context of 182324 183248 rracun.exe 38 -
resource yara_rule behavioral1/memory/182324-200625-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/182324-200637-0x0000000000400000-0x0000000000473000-memory.dmp upx -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\racun\rracun.exe JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe File opened for modification C:\Windows\racun\rracun.exe JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 15 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rracun.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rracun.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe -
Modifies registry key 1 TTPs 4 IoCs
pid Process 182832 reg.exe 182852 reg.exe 182888 reg.exe 182860 reg.exe -
Suspicious use of AdjustPrivilegeToken 36 IoCs
description pid Process Token: 1 182324 rracun.exe Token: SeCreateTokenPrivilege 182324 rracun.exe Token: SeAssignPrimaryTokenPrivilege 182324 rracun.exe Token: SeLockMemoryPrivilege 182324 rracun.exe Token: SeIncreaseQuotaPrivilege 182324 rracun.exe Token: SeMachineAccountPrivilege 182324 rracun.exe Token: SeTcbPrivilege 182324 rracun.exe Token: SeSecurityPrivilege 182324 rracun.exe Token: SeTakeOwnershipPrivilege 182324 rracun.exe Token: SeLoadDriverPrivilege 182324 rracun.exe Token: SeSystemProfilePrivilege 182324 rracun.exe Token: SeSystemtimePrivilege 182324 rracun.exe Token: SeProfSingleProcessPrivilege 182324 rracun.exe Token: SeIncBasePriorityPrivilege 182324 rracun.exe Token: SeCreatePagefilePrivilege 182324 rracun.exe Token: SeCreatePermanentPrivilege 182324 rracun.exe Token: SeBackupPrivilege 182324 rracun.exe Token: SeRestorePrivilege 182324 rracun.exe Token: SeShutdownPrivilege 182324 rracun.exe Token: SeDebugPrivilege 182324 rracun.exe Token: SeAuditPrivilege 182324 rracun.exe Token: SeSystemEnvironmentPrivilege 182324 rracun.exe Token: SeChangeNotifyPrivilege 182324 rracun.exe Token: SeRemoteShutdownPrivilege 182324 rracun.exe Token: SeUndockPrivilege 182324 rracun.exe Token: SeSyncAgentPrivilege 182324 rracun.exe Token: SeEnableDelegationPrivilege 182324 rracun.exe Token: SeManageVolumePrivilege 182324 rracun.exe Token: SeImpersonatePrivilege 182324 rracun.exe Token: SeCreateGlobalPrivilege 182324 rracun.exe Token: 31 182324 rracun.exe Token: 32 182324 rracun.exe Token: 33 182324 rracun.exe Token: 34 182324 rracun.exe Token: 35 182324 rracun.exe Token: SeDebugPrivilege 182324 rracun.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 183248 rracun.exe 182324 rracun.exe 182324 rracun.exe 182324 rracun.exe -
Suspicious use of WriteProcessMemory 60 IoCs
description pid Process procid_target PID 2228 wrote to memory of 153704 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 30 PID 2228 wrote to memory of 153704 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 30 PID 2228 wrote to memory of 153704 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 30 PID 2228 wrote to memory of 153704 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 30 PID 153704 wrote to memory of 24676 153704 cmd.exe 32 PID 153704 wrote to memory of 24676 153704 cmd.exe 32 PID 153704 wrote to memory of 24676 153704 cmd.exe 32 PID 153704 wrote to memory of 24676 153704 cmd.exe 32 PID 2228 wrote to memory of 165604 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 33 PID 2228 wrote to memory of 165604 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 33 PID 2228 wrote to memory of 165604 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 33 PID 2228 wrote to memory of 165604 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 33 PID 165604 wrote to memory of 166540 165604 cmd.exe 35 PID 165604 wrote to memory of 166540 165604 cmd.exe 35 PID 165604 wrote to memory of 166540 165604 cmd.exe 35 PID 165604 wrote to memory of 166540 165604 cmd.exe 35 PID 2228 wrote to memory of 183248 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 36 PID 2228 wrote to memory of 183248 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 36 PID 2228 wrote to memory of 183248 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 36 PID 2228 wrote to memory of 183248 2228 JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe 36 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 183248 wrote to memory of 182324 183248 rracun.exe 38 PID 182324 wrote to memory of 182552 182324 rracun.exe 39 PID 182324 wrote to memory of 182552 182324 rracun.exe 39 PID 182324 wrote to memory of 182552 182324 rracun.exe 39 PID 182324 wrote to memory of 182552 182324 rracun.exe 39 PID 182324 wrote to memory of 182592 182324 rracun.exe 40 PID 182324 wrote to memory of 182592 182324 rracun.exe 40 PID 182324 wrote to memory of 182592 182324 rracun.exe 40 PID 182324 wrote to memory of 182592 182324 rracun.exe 40 PID 182324 wrote to memory of 182596 182324 rracun.exe 41 PID 182324 wrote to memory of 182596 182324 rracun.exe 41 PID 182324 wrote to memory of 182596 182324 rracun.exe 41 PID 182324 wrote to memory of 182596 182324 rracun.exe 41 PID 182324 wrote to memory of 182656 182324 rracun.exe 44 PID 182324 wrote to memory of 182656 182324 rracun.exe 44 PID 182324 wrote to memory of 182656 182324 rracun.exe 44 PID 182324 wrote to memory of 182656 182324 rracun.exe 44 PID 182592 wrote to memory of 182832 182592 cmd.exe 47 PID 182592 wrote to memory of 182832 182592 cmd.exe 47 PID 182592 wrote to memory of 182832 182592 cmd.exe 47 PID 182592 wrote to memory of 182832 182592 cmd.exe 47 PID 182552 wrote to memory of 182852 182552 cmd.exe 48 PID 182552 wrote to memory of 182852 182552 cmd.exe 48 PID 182552 wrote to memory of 182852 182552 cmd.exe 48 PID 182552 wrote to memory of 182852 182552 cmd.exe 48 PID 182656 wrote to memory of 182860 182656 cmd.exe 49 PID 182656 wrote to memory of 182860 182656 cmd.exe 49 PID 182656 wrote to memory of 182860 182656 cmd.exe 49 PID 182656 wrote to memory of 182860 182656 cmd.exe 49 PID 182596 wrote to memory of 182888 182596 cmd.exe 50 PID 182596 wrote to memory of 182888 182596 cmd.exe 50 PID 182596 wrote to memory of 182888 182596 cmd.exe 50 PID 182596 wrote to memory of 182888 182596 cmd.exe 50
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_70c9d1cd6056c6ed265dea8d413cfc97.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\259428539.bat" "2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:153704 -
C:\Windows\SysWOW64\reg.exeREG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
PID:24676
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\259432299.bat" "2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:165604 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kluc name" /t REG_SZ /d "C:\Windows\racun\rracun.exe" /f3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:166540
-
-
-
C:\Windows\racun\rracun.exe"C:\Windows\racun\rracun.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:183248 -
C:\Windows\racun\rracun.exe"C:\Windows\racun\rracun.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:182324 -
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:182552 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:182852
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\racun\rracun.exe" /t REG_SZ /d "C:\Windows\racun\rracun.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:182592 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\racun\rracun.exe" /t REG_SZ /d "C:\Windows\racun\rracun.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:182832
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:182596 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:182888
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\RacunLast.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\RacunLast.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:182656 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\RacunLast.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\RacunLast.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:182860
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
6Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118B
MD5a7abd9bdc5677f68c18d7524eb9ec1ab
SHA1948db612bae78b17e4df26d1884f9d2129e6ac9f
SHA25679192d9e9ebc7f9a864fdae37e771650afe5d41b8ba7da7a6ffeaff12b32e7b7
SHA512bfcbbb6f9a76457427000e05b241755c13f1a6def8f0b0afc5d491409b812bacceed8545bd3e781779b2e2cd3fe8b1c323c17d3665df868cacc063c2e38c465d
-
Filesize
121B
MD5ee46813d644e2f3527f7332b0e55af02
SHA10db88b645364c64e942c85f3c5e4a503ba940f21
SHA2569509158dad0060a9fb3cb8fbaef9957103df755a3f79d17c1029d1efc1e2aafe
SHA5127da3f1c6b6ed4ceb4307c2bbd43fb9b5fb969485e4388abfe07d5488b6da76f82a55d186ee5b59f7802f10e85e7f70d2f96fb0dd1f99be6f0aab4334cfce483e
-
Filesize
644KB
MD580e18361819c4f030c5e4d01fded06a3
SHA1756c79f570717f7a7973d6b4b53c1e203fc00289
SHA256db0fc46ff8418892ef63b42c95c88dafe659d2e7439367d9e2deaa320d329009
SHA51268e7e8b8634a612cb633218ba422e59396bbeaa08caf42b8b0cbdbc37dd7439937bfa8088cef784d4766394bce7209de321a407e78d575166f323f34ee155c75