Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 02:50
Static task
static1
Behavioral task
behavioral1
Sample
199a8d08c1494d025330e8ef939fd6d4f183fd8395b5ce9d0d23583bbf22dc78.dll
Resource
win7-20220812-en
General
-
Target
199a8d08c1494d025330e8ef939fd6d4f183fd8395b5ce9d0d23583bbf22dc78.dll
-
Size
750KB
-
MD5
a2c658faafefc73827e31ee9f0d02a00
-
SHA1
8343119d82f68fa8c91e454e89cbfe685c58b9bd
-
SHA256
199a8d08c1494d025330e8ef939fd6d4f183fd8395b5ce9d0d23583bbf22dc78
-
SHA512
904b0a7bdaf9aae0a7b0628ebb322bb4af522183be9712738099320d5cd078a728c199f1225ba7e4d340d4ea392b23fc03261b6198527b3e85b7e56b33c0dfd5
-
SSDEEP
12288:nzb9rMfc+CKUQyUmjtc4euuzPrs9pGp8hunWoopooK9kwPMqMH:nzb1MlCKUQyUmjtczu6Prs9pgWoopoob
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4308 rundll32mgr.exe 1444 WaterMark.exe -
resource yara_rule behavioral2/memory/4308-140-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4308-141-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4308-142-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/4308-143-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/4308-144-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/4308-148-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/1444-155-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-156-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-157-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-158-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-161-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-162-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-163-0x0000000000400000-0x0000000000466000-memory.dmp upx behavioral2/memory/1444-164-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px8D5B.tmp rundll32mgr.exe File created C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 5020 3184 WerFault.exe 87 -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1815686138" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993516" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{93575C30-585F-11ED-89AC-E62BBF623C53} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993516" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1859122970" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "373905295" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1859122970" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1859122970" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993516" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993516" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1859122970" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{93573520-585F-11ED-89AC-E62BBF623C53} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1815686138" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993516" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993516" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe 1444 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1444 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3484 iexplore.exe 1952 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 3484 iexplore.exe 3484 iexplore.exe 1952 iexplore.exe 1952 iexplore.exe 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE 4668 IEXPLORE.EXE 4668 IEXPLORE.EXE 2140 IEXPLORE.EXE 2140 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4308 rundll32mgr.exe 1444 WaterMark.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 4812 wrote to memory of 4784 4812 rundll32.exe 82 PID 4812 wrote to memory of 4784 4812 rundll32.exe 82 PID 4812 wrote to memory of 4784 4812 rundll32.exe 82 PID 4784 wrote to memory of 4308 4784 rundll32.exe 84 PID 4784 wrote to memory of 4308 4784 rundll32.exe 84 PID 4784 wrote to memory of 4308 4784 rundll32.exe 84 PID 4308 wrote to memory of 1444 4308 rundll32mgr.exe 86 PID 4308 wrote to memory of 1444 4308 rundll32mgr.exe 86 PID 4308 wrote to memory of 1444 4308 rundll32mgr.exe 86 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 3184 1444 WaterMark.exe 87 PID 1444 wrote to memory of 1952 1444 WaterMark.exe 91 PID 1444 wrote to memory of 1952 1444 WaterMark.exe 91 PID 1444 wrote to memory of 3484 1444 WaterMark.exe 92 PID 1444 wrote to memory of 3484 1444 WaterMark.exe 92 PID 1952 wrote to memory of 4668 1952 iexplore.exe 94 PID 1952 wrote to memory of 4668 1952 iexplore.exe 94 PID 1952 wrote to memory of 4668 1952 iexplore.exe 94 PID 3484 wrote to memory of 2140 3484 iexplore.exe 93 PID 3484 wrote to memory of 2140 3484 iexplore.exe 93 PID 3484 wrote to memory of 2140 3484 iexplore.exe 93
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\199a8d08c1494d025330e8ef939fd6d4f183fd8395b5ce9d0d23583bbf22dc78.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\199a8d08c1494d025330e8ef939fd6d4f183fd8395b5ce9d0d23583bbf22dc78.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4784 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4308 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵PID:3184
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 2046⤵
- Program crash
PID:5020
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4668
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3484 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2140
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3184 -ip 31841⤵PID:4320
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD59d3d4023d6c9814fbe58d5284869555b
SHA15065b70e1cf14a0a7f7395da22cf4fb4101dbb75
SHA256a640e464766c1894408f11ea61089d7b603358335fa1026d6138931d5aeaf991
SHA5121da71af630504be7e36dd3a7207d86b20021fe836720e9f9503c6a4986b7ccea188a774e869e18beffcd2c0171678dcb629e36ec6ed0e17d9458f9190626770e
-
Filesize
92KB
MD59d3d4023d6c9814fbe58d5284869555b
SHA15065b70e1cf14a0a7f7395da22cf4fb4101dbb75
SHA256a640e464766c1894408f11ea61089d7b603358335fa1026d6138931d5aeaf991
SHA5121da71af630504be7e36dd3a7207d86b20021fe836720e9f9503c6a4986b7ccea188a774e869e18beffcd2c0171678dcb629e36ec6ed0e17d9458f9190626770e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD55ddb1febcd291eb59d3d67d24a05bfd0
SHA1fe957affe27cb991f332e7f5c86d3a15359bd3b9
SHA256ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb
SHA51262d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD590bcd1fd1da6cdae299cd9787346d417
SHA1cfcb664c5bb77738cd16a341fd2fd17d37b2d157
SHA2568d03ecb8fb5d2fd75596a68207e2c63dd8a12d3417f36490b35f5eaed76b41f4
SHA5120c6b002304db522408248053467eb738a522ba5586c0cc165b0022e0c3fadd94eec9d1edfc93ea34176c80f15467d76c36f42fc40c3b24da2ef10200d14db628
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93573520-585F-11ED-89AC-E62BBF623C53}.dat
Filesize3KB
MD5d0ea70f43fb931beda4c60ec31feaea5
SHA1dbbd2c85e6b43b689f478827e8ec93ea7b7417db
SHA2561626845044084881ef355d3c64f333aa1cd9ef95b1e5827a875f28abde6e977d
SHA512370e0aae9b484b5b689fc0434427cb3264ab79fdbe84992494f681fc24898d7e42421ba33a291cf0196dec37df8cffbda66dc2cf28c3c0b7e7f5da580fc94f18
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93575C30-585F-11ED-89AC-E62BBF623C53}.dat
Filesize5KB
MD566f9b3a09998ac787b6f681e100e1bd1
SHA130b567b63c4bcc6d0dcbbe601a31909b6e16065b
SHA25669da217d8c226584fe4b1619f1c7ae8d3c9654786c8f14c0126d4cf35c415a38
SHA5121fdf620fc3b7960ad048dd361c8575a7d28997f96359148446a7e0ad2d39d01f590c3c9fa0a291768523557e6dbbc812fc0fc7bc3730fc723a7809ba86cb46d9
-
Filesize
92KB
MD59d3d4023d6c9814fbe58d5284869555b
SHA15065b70e1cf14a0a7f7395da22cf4fb4101dbb75
SHA256a640e464766c1894408f11ea61089d7b603358335fa1026d6138931d5aeaf991
SHA5121da71af630504be7e36dd3a7207d86b20021fe836720e9f9503c6a4986b7ccea188a774e869e18beffcd2c0171678dcb629e36ec6ed0e17d9458f9190626770e
-
Filesize
92KB
MD59d3d4023d6c9814fbe58d5284869555b
SHA15065b70e1cf14a0a7f7395da22cf4fb4101dbb75
SHA256a640e464766c1894408f11ea61089d7b603358335fa1026d6138931d5aeaf991
SHA5121da71af630504be7e36dd3a7207d86b20021fe836720e9f9503c6a4986b7ccea188a774e869e18beffcd2c0171678dcb629e36ec6ed0e17d9458f9190626770e