Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
23/02/2025, 18:07
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_21975899b65652222255a5c663a34b9e.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_21975899b65652222255a5c663a34b9e.exe
Resource
win10v2004-20250217-en
General
-
Target
JaffaCakes118_21975899b65652222255a5c663a34b9e.exe
-
Size
596KB
-
MD5
21975899b65652222255a5c663a34b9e
-
SHA1
7669700d05191542e4086ad6e0edcb20ca5794c8
-
SHA256
6907c8a0c3e6fb03fde042da76510e8a002eea4ec3b67a1e32eb35202299aae2
-
SHA512
9ac91e48455f9f04df39c344b9ae9a6263d4cfecca3597b2b64e24ca3ef722606c314d53f6a65e6299e83815b27f819b4915cebed6fde04a5293be6b82be7ea7
-
SSDEEP
12288:RV9YMRAECWNUNc2+L0TOeJJ3zxOeZ4yrfYMe1nig:RV2cUx+L0ZLjOWxIn
Malware Config
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 13 IoCs
resource yara_rule behavioral1/memory/2788-34-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-27-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-43-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-56-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-57-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-59-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-60-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-61-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-64-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-65-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-67-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-70-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades behavioral1/memory/2788-72-0x0000000000400000-0x0000000000470000-memory.dmp family_blackshades -
Modifies firewall policy service 3 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile reg.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\rundll.exe = "C:\\Users\\Admin\\AppData\\Roaming\\rundll.exe:*:Enabled:Windows Messanger" reg.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List reg.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe:*:Enabled:Windows Messanger" reg.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JaffaCakes118_21975899b65652222255a5c663a34b9e.exe JaffaCakes118_21975899b65652222255a5c663a34b9e.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JaffaCakes118_21975899b65652222255a5c663a34b9e.exe JaffaCakes118_21975899b65652222255a5c663a34b9e.exe -
Executes dropped EXE 1 IoCs
pid Process 2788 svchost.exe -
Loads dropped DLL 2 IoCs
pid Process 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2600 set thread context of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 -
System Location Discovery: System Language Discovery 1 TTPs 14 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cvtres.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_21975899b65652222255a5c663a34b9e.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cvtres.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Modifies registry key 1 TTPs 4 IoCs
pid Process 1168 reg.exe 2872 reg.exe 2664 reg.exe 2544 reg.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: 1 2788 svchost.exe Token: SeCreateTokenPrivilege 2788 svchost.exe Token: SeAssignPrimaryTokenPrivilege 2788 svchost.exe Token: SeLockMemoryPrivilege 2788 svchost.exe Token: SeIncreaseQuotaPrivilege 2788 svchost.exe Token: SeMachineAccountPrivilege 2788 svchost.exe Token: SeTcbPrivilege 2788 svchost.exe Token: SeSecurityPrivilege 2788 svchost.exe Token: SeTakeOwnershipPrivilege 2788 svchost.exe Token: SeLoadDriverPrivilege 2788 svchost.exe Token: SeSystemProfilePrivilege 2788 svchost.exe Token: SeSystemtimePrivilege 2788 svchost.exe Token: SeProfSingleProcessPrivilege 2788 svchost.exe Token: SeIncBasePriorityPrivilege 2788 svchost.exe Token: SeCreatePagefilePrivilege 2788 svchost.exe Token: SeCreatePermanentPrivilege 2788 svchost.exe Token: SeBackupPrivilege 2788 svchost.exe Token: SeRestorePrivilege 2788 svchost.exe Token: SeShutdownPrivilege 2788 svchost.exe Token: SeDebugPrivilege 2788 svchost.exe Token: SeAuditPrivilege 2788 svchost.exe Token: SeSystemEnvironmentPrivilege 2788 svchost.exe Token: SeChangeNotifyPrivilege 2788 svchost.exe Token: SeRemoteShutdownPrivilege 2788 svchost.exe Token: SeUndockPrivilege 2788 svchost.exe Token: SeSyncAgentPrivilege 2788 svchost.exe Token: SeEnableDelegationPrivilege 2788 svchost.exe Token: SeManageVolumePrivilege 2788 svchost.exe Token: SeImpersonatePrivilege 2788 svchost.exe Token: SeCreateGlobalPrivilege 2788 svchost.exe Token: 31 2788 svchost.exe Token: 32 2788 svchost.exe Token: 33 2788 svchost.exe Token: 34 2788 svchost.exe Token: 35 2788 svchost.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2788 svchost.exe 2788 svchost.exe 2788 svchost.exe -
Suspicious use of WriteProcessMemory 56 IoCs
description pid Process procid_target PID 2600 wrote to memory of 2144 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 29 PID 2600 wrote to memory of 2144 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 29 PID 2600 wrote to memory of 2144 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 29 PID 2600 wrote to memory of 2144 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 29 PID 2144 wrote to memory of 2484 2144 csc.exe 31 PID 2144 wrote to memory of 2484 2144 csc.exe 31 PID 2144 wrote to memory of 2484 2144 csc.exe 31 PID 2144 wrote to memory of 2484 2144 csc.exe 31 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2788 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 32 PID 2600 wrote to memory of 2808 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 33 PID 2600 wrote to memory of 2808 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 33 PID 2600 wrote to memory of 2808 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 33 PID 2600 wrote to memory of 2808 2600 JaffaCakes118_21975899b65652222255a5c663a34b9e.exe 33 PID 2808 wrote to memory of 2980 2808 csc.exe 35 PID 2808 wrote to memory of 2980 2808 csc.exe 35 PID 2808 wrote to memory of 2980 2808 csc.exe 35 PID 2808 wrote to memory of 2980 2808 csc.exe 35 PID 2788 wrote to memory of 2856 2788 svchost.exe 36 PID 2788 wrote to memory of 2856 2788 svchost.exe 36 PID 2788 wrote to memory of 2856 2788 svchost.exe 36 PID 2788 wrote to memory of 2856 2788 svchost.exe 36 PID 2788 wrote to memory of 2728 2788 svchost.exe 37 PID 2788 wrote to memory of 2728 2788 svchost.exe 37 PID 2788 wrote to memory of 2728 2788 svchost.exe 37 PID 2788 wrote to memory of 2728 2788 svchost.exe 37 PID 2788 wrote to memory of 2284 2788 svchost.exe 39 PID 2788 wrote to memory of 2284 2788 svchost.exe 39 PID 2788 wrote to memory of 2284 2788 svchost.exe 39 PID 2788 wrote to memory of 2284 2788 svchost.exe 39 PID 2788 wrote to memory of 2692 2788 svchost.exe 41 PID 2788 wrote to memory of 2692 2788 svchost.exe 41 PID 2788 wrote to memory of 2692 2788 svchost.exe 41 PID 2788 wrote to memory of 2692 2788 svchost.exe 41 PID 2284 wrote to memory of 2544 2284 cmd.exe 44 PID 2284 wrote to memory of 2544 2284 cmd.exe 44 PID 2284 wrote to memory of 2544 2284 cmd.exe 44 PID 2284 wrote to memory of 2544 2284 cmd.exe 44 PID 2728 wrote to memory of 2664 2728 cmd.exe 47 PID 2728 wrote to memory of 2664 2728 cmd.exe 47 PID 2728 wrote to memory of 2664 2728 cmd.exe 47 PID 2728 wrote to memory of 2664 2728 cmd.exe 47 PID 2856 wrote to memory of 1168 2856 cmd.exe 45 PID 2856 wrote to memory of 1168 2856 cmd.exe 45 PID 2856 wrote to memory of 1168 2856 cmd.exe 45 PID 2856 wrote to memory of 1168 2856 cmd.exe 45 PID 2692 wrote to memory of 2872 2692 cmd.exe 46 PID 2692 wrote to memory of 2872 2692 cmd.exe 46 PID 2692 wrote to memory of 2872 2692 cmd.exe 46 PID 2692 wrote to memory of 2872 2692 cmd.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_21975899b65652222255a5c663a34b9e.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_21975899b65652222255a5c663a34b9e.exe"1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xmxi_d58.cmdline"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7DF7.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7DE7.tmp"3⤵
- System Location Discovery: System Language Discovery
PID:2484
-
-
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788 -
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:1168
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2664
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2544
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\rundll.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\rundll.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\rundll.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\rundll.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2872
-
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xmxi_d58.cmdline"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES80C5.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC80C4.tmp"3⤵
- System Location Discovery: System Language Discovery
PID:2980
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5826742820580d9911d4d99a8566efaee
SHA12f897e4c9fca96a4e59a3dc4f09f780bad5e0b6e
SHA2563c13f9d25c35f863dada15a2a384f240d3c385a6f27445e9d3169d6fc091d3ef
SHA5128a7db43e0e0b9cb75119fae7d997cc2574561e4b89dafef1b7ac318bbeb24446df9ab033087369fb55c477bb6a754a00087f971b516248a05e4a64a6f30b67f3
-
Filesize
1KB
MD5c5ac7d7cf19969a1be994b5950febb81
SHA1a7ec93087ce90fdcfc05e9deff0c432fdd8db142
SHA2560db2a29c32c724112e680eff5a96cee0a612f1528a84130df4f7fc34d8ec58d4
SHA51260e5d93aa7b243ca53e9710bacd925cf418cf0eee8f71f76960ac78aecc1a6294b0a8200bd1cb3b9447176e382666b8059be5d19917e675fd85014dc1882e34b
-
Filesize
3KB
MD54609d79db0b99e787143cbd9d97fcf64
SHA1049bee435e1c93d6ee6f39fb039228822b607c7a
SHA256d8badcc25983b7a7eb8f9b8e3ac1c1874ff32531b25adc77ffd2aa65788aa9ed
SHA512f1df4e2de09d245b27966e1a7417d289e2ef43bb9b75dd5d47b783f47ea2de4ec436ca1649c90e3a5402601ffb60ad5f4dec9a6b84329d81f99dcc26abaa53b4
-
Filesize
10KB
MD596dbb19afa4c97165e741d958d6db2d3
SHA1dbbf3c7a4b4515e70ea65e840c0585041861e4cf
SHA256931b7ced00baac0831e3330acf98fb40634aa19a1e3b252c32838d11d780657a
SHA5128043e4aea00835c9cc911355b0bf9857efacf63f3684d43c00d604a881c503988459eb9bbbe49a59b57f2adfe725542d4278285402490be27382fbe277551dbd
-
Filesize
652B
MD5d9755b2e4731075e0b0fc5693217c3bb
SHA1149c99e1567a0a187a8db36a59c49f82f7b65442
SHA25600ea8e6f1ac378b388a83951c00e391d403e6b37f59599b82c9a849d889321dd
SHA512cb576015f0211e5f5e0288fc10677c9d4adcec8998ddf797ded46a6883f3f8d134246694b496951c442ee5eed78944ff3949d696030999e7b7c1f9513e32c930
-
Filesize
8KB
MD5164dc3f006aea54e9f83a8d96e366164
SHA1a32fb4dd0b29075a0f94000b61ee441be21c879e
SHA25638ce0b573e1aa8eac080f26b57829a5bbc49104f98305932cc8bc1e3cc226d14
SHA512b6391ccf6e150039056e98c82e47a45f328c699a130412863c633d1506af50c9babe2a299383ce1c32a8abdb7fe61a9b3724a5afda61605e2844114ca0e47ee7
-
Filesize
571B
MD5ffbf968e7e7ddb392daa00f9ff61f4eb
SHA1569a6f2b38fb6971c766b39d21f74aee2e3d2765
SHA256e6085f3cf5b1b4b91c4cb1efd863a115920283a566d9484e9288829b40119d69
SHA5129438c30d52a01b4923daee6733547db95bc933338358959c40658abf5a5dcd394e890eb2ad5ff07d1c5f4d33596c6d5bf1e0b6f76a274c50cd5a5bdf920b2340
-
Filesize
187B
MD5c8709d8ebbd49b391d2f8443275f155d
SHA1fae81a9d67900362411ef9aa6f15395dfcae48d2
SHA256b8808f00a8813152a32a6cc20876bf3dab169ae3d16b82c03a3a86379b95a0e0
SHA512a548060671bfbaf43bbce14cbb0e97d65af8442058ec528cf5354a041e1b4da18ffd8ab04687a767d564c4b62616c8eade43fdef787d1632ae88039937b17078
-
Filesize
203B
MD528eb06d4549a9cf388217a9e9aa418aa
SHA190714c4922ab665bdb3a89300c1128abd5f93ba4
SHA256d08936b1024a8b3efdada90f64889db833381b4830b6702a50f400ba78f4dc01
SHA512c89b9ede2a501ced80963a520ac9f6bc90bfae4ecd96e901b594a394932b11e5fdde7e0a35aeec31e5ae1d06877abd5f8753cb130e18c0fd4118c70b651da6d3
-
Filesize
1KB
MD5caf7ad8a6755ca9190121f60fc7d1886
SHA1434e415c5db0560ac70a22546ce138a9190d0fbd
SHA2567bfaa18112edd91b95795d1a080c3b768b585d1ed559e60d0d7368cfd9513d89
SHA512d9b924cb49c2ebcaf58cfd0ecaa7c026076c22ddc75008b40bc0f62a9d76d464e20cae93028974f73ee1232e6ad6f9927882a20f42a728ec6d821d030002f1ae