Analysis
-
max time kernel
140s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 16:58
Static task
static1
Behavioral task
behavioral1
Sample
2c58b5f29c9b9ad9638cc55b66d0c4503eaa3ef9b6c786182d939d99fefb8d40.dll
Resource
win7-20220812-en
General
-
Target
2c58b5f29c9b9ad9638cc55b66d0c4503eaa3ef9b6c786182d939d99fefb8d40.dll
-
Size
123KB
-
MD5
4504aadb29c0e296ca92ed44db78e014
-
SHA1
0acc2e46bd1b7be7c3b88702fd46c01aa285946d
-
SHA256
2c58b5f29c9b9ad9638cc55b66d0c4503eaa3ef9b6c786182d939d99fefb8d40
-
SHA512
54d13dde80db82fe76c4af36171c8b4b6589cd5037a5335aa78ea8fb5235cab254d7c5682e96b3d23b0afe71ebb8d3e84cdff29e875e2bc516678c735019044b
-
SSDEEP
3072:CuevieaLqpG59j6kb9K5Yrwj7rfNmtOSL6+3XxCh:CuEivDqD5Yrc8OSL73Xxs
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
rundll32mgr.exeWaterMark.exepid process 3596 rundll32mgr.exe 2348 WaterMark.exe -
Processes:
resource yara_rule behavioral2/memory/3596-137-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3596-138-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3596-136-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3596-140-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3596-141-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3596-145-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2348-152-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2348-155-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2348-156-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
Drops file in Program Files directory 3 IoCs
Processes:
rundll32mgr.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\pxF978.tmp rundll32mgr.exe File created C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5044 4700 WerFault.exe svchost.exe -
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998388" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C019E556-6B67-11ED-89AC-72E5C3FA065D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2834768016" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2834768016" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C01EA8CC-6B67-11ED-89AC-72E5C3FA065D} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2559143037" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2559143037" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2720080122" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998388" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2720080122" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998388" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998388" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998388" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998388" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375997861" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
WaterMark.exepid process 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe 2348 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WaterMark.exedescription pid process Token: SeDebugPrivilege 2348 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
iexplore.exeiexplore.exepid process 3052 iexplore.exe 3480 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEpid process 3052 iexplore.exe 3052 iexplore.exe 3480 iexplore.exe 3480 iexplore.exe 2280 IEXPLORE.EXE 2280 IEXPLORE.EXE 1124 IEXPLORE.EXE 1124 IEXPLORE.EXE 1124 IEXPLORE.EXE 1124 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
rundll32mgr.exeWaterMark.exepid process 3596 rundll32mgr.exe 2348 WaterMark.exe -
Suspicious use of WriteProcessMemory 28 IoCs
Processes:
rundll32.exerundll32.exerundll32mgr.exeWaterMark.exeiexplore.exeiexplore.exedescription pid process target process PID 4828 wrote to memory of 4728 4828 rundll32.exe rundll32.exe PID 4828 wrote to memory of 4728 4828 rundll32.exe rundll32.exe PID 4828 wrote to memory of 4728 4828 rundll32.exe rundll32.exe PID 4728 wrote to memory of 3596 4728 rundll32.exe rundll32mgr.exe PID 4728 wrote to memory of 3596 4728 rundll32.exe rundll32mgr.exe PID 4728 wrote to memory of 3596 4728 rundll32.exe rundll32mgr.exe PID 3596 wrote to memory of 2348 3596 rundll32mgr.exe WaterMark.exe PID 3596 wrote to memory of 2348 3596 rundll32mgr.exe WaterMark.exe PID 3596 wrote to memory of 2348 3596 rundll32mgr.exe WaterMark.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 4700 2348 WaterMark.exe svchost.exe PID 2348 wrote to memory of 3480 2348 WaterMark.exe iexplore.exe PID 2348 wrote to memory of 3480 2348 WaterMark.exe iexplore.exe PID 2348 wrote to memory of 3052 2348 WaterMark.exe iexplore.exe PID 2348 wrote to memory of 3052 2348 WaterMark.exe iexplore.exe PID 3480 wrote to memory of 2280 3480 iexplore.exe IEXPLORE.EXE PID 3480 wrote to memory of 2280 3480 iexplore.exe IEXPLORE.EXE PID 3480 wrote to memory of 2280 3480 iexplore.exe IEXPLORE.EXE PID 3052 wrote to memory of 1124 3052 iexplore.exe IEXPLORE.EXE PID 3052 wrote to memory of 1124 3052 iexplore.exe IEXPLORE.EXE PID 3052 wrote to memory of 1124 3052 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c58b5f29c9b9ad9638cc55b66d0c4503eaa3ef9b6c786182d939d99fefb8d40.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c58b5f29c9b9ad9638cc55b66d0c4503eaa3ef9b6c786182d939d99fefb8d40.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3596 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵PID:4700
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 2046⤵
- Program crash
PID:5044 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3480 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2280 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1124
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4700 -ip 47001⤵PID:3008
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD5aea1462e5f1f31dd74df7833b5a07305
SHA1cea53b9b3311f1003df5d9266f9e3fbd5c971f28
SHA25662c957db467d22cf12af74a4dae478e7d239ecae5d53f3c6399583f38f5224af
SHA512776eeffb068df67e852191f5ec869df6e4cb6c4f14dbe8748cf6b3f9aad2f3b09baa7c61285cb5a5f1253b5bd9525470a25ca77fbe2d26ed02ae7d955142970e
-
Filesize
59KB
MD5aea1462e5f1f31dd74df7833b5a07305
SHA1cea53b9b3311f1003df5d9266f9e3fbd5c971f28
SHA25662c957db467d22cf12af74a4dae478e7d239ecae5d53f3c6399583f38f5224af
SHA512776eeffb068df67e852191f5ec869df6e4cb6c4f14dbe8748cf6b3f9aad2f3b09baa7c61285cb5a5f1253b5bd9525470a25ca77fbe2d26ed02ae7d955142970e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5e32d02ce684c01ef3af05fae9066160e
SHA129c7a6e8ed553ac2765634265d1db041d6d422ec
SHA256b00322d178a6cfc206458c26b26d6c80596073bb3283dcc3fc4e33a4b5f29d71
SHA512e4e3175fb131095e4681ecb76d14dc74d059c0beafb6340965516c6d3d0538deb314b36a3f09df03b491edac84d5c0580e764fed1d8bca9abd4e65cb56167148
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD563317d2753c6656844df106a81c1dd39
SHA1dc92d7514ff0f466271e8e61ed1e077a4ae28113
SHA256b775e80983a2ef44e526e341247b1f2f6dd4e756de988489e0407962dc63e40d
SHA512bd1114e2a32d147816ef14c982a606e8ae105aa4836bc83eca5d973997e8d4bab968e5080e3dffe13ad651791723600fe727abcd663a4cb28d1ef9f9db09117e
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C019E556-6B67-11ED-89AC-72E5C3FA065D}.dat
Filesize5KB
MD53c29c13f5613497a0a4ebb0251387c55
SHA15d4053583db716545c138cddb09b655b42c584fd
SHA256576ab95df611f082d740c7090e7514debcbc6c22c4a1d8f9eb56cb512d9af2f1
SHA5122624639e0b13e84d5bcf111a202385fc13b6a6e771c3c960e359bcdd86378aa3fe70506fdbb2c921e4b385766938d448b93bac05166b4a092a1c3cf6bd9f8226
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C01EA8CC-6B67-11ED-89AC-72E5C3FA065D}.dat
Filesize3KB
MD535bf7db6cfafad3ed1e45ff3cbd25553
SHA156fff0e47c9a6a5e4098a160e384487973e238f4
SHA2569aff72514eceae105c3da121bee9538a0e5dec74b749537ac8fead3b87d0722f
SHA51264f4713dd61dcb5337308d9f132e861d92d7480cd1d50c8b97dd5a372aaf176dcaa3650fb4231cee4081f2872fd6592a398488c753b4afebef16049b33da392d
-
Filesize
59KB
MD5aea1462e5f1f31dd74df7833b5a07305
SHA1cea53b9b3311f1003df5d9266f9e3fbd5c971f28
SHA25662c957db467d22cf12af74a4dae478e7d239ecae5d53f3c6399583f38f5224af
SHA512776eeffb068df67e852191f5ec869df6e4cb6c4f14dbe8748cf6b3f9aad2f3b09baa7c61285cb5a5f1253b5bd9525470a25ca77fbe2d26ed02ae7d955142970e
-
Filesize
59KB
MD5aea1462e5f1f31dd74df7833b5a07305
SHA1cea53b9b3311f1003df5d9266f9e3fbd5c971f28
SHA25662c957db467d22cf12af74a4dae478e7d239ecae5d53f3c6399583f38f5224af
SHA512776eeffb068df67e852191f5ec869df6e4cb6c4f14dbe8748cf6b3f9aad2f3b09baa7c61285cb5a5f1253b5bd9525470a25ca77fbe2d26ed02ae7d955142970e