Analysis
-
max time kernel
61s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
20/12/2022, 13:46
Static task
static1
Behavioral task
behavioral1
Sample
b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe
Resource
win7-20220812-en
General
-
Target
b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe
-
Size
4.6MB
-
MD5
1149579eb5df3bc7dcebb2e463b24417
-
SHA1
0bf20cad723541dc19fbe24d930f6c801a5a99bb
-
SHA256
b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c
-
SHA512
8084de607d1e7566660dbcc68e271602f8013a8f8f3ee88f0c468dd5492be1ef3fb74b1f79456ba057772744c2dcfcb3f2373c2a5464ee76845e9f774c9e7b07
-
SSDEEP
98304:gVxKTOLtxrGqnwEZr9zhYrTaUKnR8jTNDJAKRHpQZ1ubZXZ:qhxrGQN9qqNR8jTNtpJg1uVXZ
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2840 Tyiotphai.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 5032 chrome.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2500 set thread context of 4564 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 83 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 2 IoCs
pid pid_target Process procid_target 4800 2840 WerFault.exe 82 4604 5032 WerFault.exe 92 -
Checks processor information in registry 2 TTPs 52 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString rundll32.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4564 rundll32.exe 4564 rundll32.exe 1884 chrome.exe 1884 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2840 Tyiotphai.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2840 Tyiotphai.exe 4564 rundll32.exe 5032 chrome.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2840 Tyiotphai.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2840 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 82 PID 2500 wrote to memory of 2840 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 82 PID 2500 wrote to memory of 2840 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 82 PID 2500 wrote to memory of 4564 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 83 PID 2500 wrote to memory of 4564 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 83 PID 2500 wrote to memory of 4564 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 83 PID 2500 wrote to memory of 4564 2500 b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe 83 PID 5032 wrote to memory of 1432 5032 chrome.exe 93 PID 5032 wrote to memory of 1432 5032 chrome.exe 93 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 2636 5032 chrome.exe 96 PID 5032 wrote to memory of 1884 5032 chrome.exe 97 PID 5032 wrote to memory of 1884 5032 chrome.exe 97 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98 PID 5032 wrote to memory of 1272 5032 chrome.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe"C:\Users\Admin\AppData\Local\Temp\b511ecd47d22a84f307091da88c9a31f2c3bb763970b597a272936b4f2a6726c.exe"1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\Tyiotphai.exe"C:\Users\Admin\AppData\Local\Temp\Tyiotphai.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2840 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 4323⤵
- Program crash
PID:4800
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#612⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4564
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2840 -ip 28401⤵PID:2304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-first-run --no-default-browser-check --silent-launch --disable-backgrounding-occluded-windows --disable-background-timer-throttling --ran-launcher --profile-directory="Default"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffcf9054f50,0x7ffcf9054f60,0x7ffcf9054f702⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,1633876369842190224,18265005174194536982,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:22⤵PID:2636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,1633876369842190224,18265005174194536982,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,1633876369842190224,18265005174194536982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:82⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,1633876369842190224,18265005174194536982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3364 /prefetch:82⤵PID:5112
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 5032 -s 35002⤵
- Program crash
PID:4604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1716
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 396 -p 5032 -ip 50321⤵PID:3048
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5dfa7517406bc186cbc7e7e72491f34e2
SHA1e98c6f327a66a9ecd4c0746e8ef19ae53b2bb8b7
SHA2565b6ea9afdebfce6aafda78bbc6f9a9d81494436e4b159122bbc3122355d7a44b
SHA5122644fb9a879e65aaf99fadb3664772b072cd3ced1f4b8a6b89e149b28588bc0e0a6b5d5d72f0decf31b83875ae87a009c298b3cc036a442c725142297dc8ecda
-
Filesize
1.4MB
MD5dfa7517406bc186cbc7e7e72491f34e2
SHA1e98c6f327a66a9ecd4c0746e8ef19ae53b2bb8b7
SHA2565b6ea9afdebfce6aafda78bbc6f9a9d81494436e4b159122bbc3122355d7a44b
SHA5122644fb9a879e65aaf99fadb3664772b072cd3ced1f4b8a6b89e149b28588bc0e0a6b5d5d72f0decf31b83875ae87a009c298b3cc036a442c725142297dc8ecda