Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28/12/2022, 15:58
Static task
static1
Behavioral task
behavioral1
Sample
3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
22 signatures
150 seconds
General
-
Target
3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe
-
Size
223KB
-
MD5
fb61094230a4ed3c7a265e3ed14dbdd0
-
SHA1
7e5527b77081980e174d356766f75c33623c4ee7
-
SHA256
3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900
-
SHA512
ea64d0ac7256ee92e5813eb414fa91c27b33a027c4793e5e1e6927c6e027c587699f1b155e533bec961c24e572a9e96e54f730aef631113d3b563b39343a5767
-
SSDEEP
6144:wMLP4eLTYo4PiPZX0tU3DMMy3LxKdi3tm:b8wYpPiPWZ3toi3tm
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1524-133-0x0000000000460000-0x0000000000469000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request 2 IoCs
flow pid Process 67 3728 rundll32.exe 83 3728 rundll32.exe -
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 3364 FAB0.exe 856 jsvjrut -
Loads dropped DLL 1 IoCs
pid Process 3728 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3728 set thread context of 3584 3728 rundll32.exe 94 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
pid pid_target Process procid_target 764 3364 WerFault.exe 89 -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI jsvjrut Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI jsvjrut Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI jsvjrut -
Checks processor information in registry 2 TTPs 26 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier rundll32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Toolbar Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Process not Found -
Modifies registry class 30 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings rundll32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014000000 Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c0043465346160031000000000000000000100041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004100700070004400610074006100000042000000 Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff Process not Found Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000009c555a87100054656d7000003a0009000400efbe0c55ec989c5561872e0000000000000000000000000000000000000000000000000025a4f800540065006d007000000014000000 Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU rundll32.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell Process not Found Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders Process not Found -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2180 Process not Found -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1524 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe 1524 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found 2180 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2180 Process not Found -
Suspicious behavior: MapViewOfSection 2 IoCs
pid Process 1524 3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe 856 jsvjrut -
Suspicious use of AdjustPrivilegeToken 18 IoCs
description pid Process Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found Token: SeShutdownPrivilege 2180 Process not Found Token: SeCreatePagefilePrivilege 2180 Process not Found -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3584 rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2180 Process not Found 2180 Process not Found -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2180 wrote to memory of 3364 2180 Process not Found 89 PID 2180 wrote to memory of 3364 2180 Process not Found 89 PID 2180 wrote to memory of 3364 2180 Process not Found 89 PID 3364 wrote to memory of 3728 3364 FAB0.exe 91 PID 3364 wrote to memory of 3728 3364 FAB0.exe 91 PID 3364 wrote to memory of 3728 3364 FAB0.exe 91 PID 3728 wrote to memory of 3584 3728 rundll32.exe 94 PID 3728 wrote to memory of 3584 3728 rundll32.exe 94 PID 3728 wrote to memory of 3584 3728 rundll32.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe"C:\Users\Admin\AppData\Local\Temp\3ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1524
-
C:\Users\Admin\AppData\Local\Temp\FAB0.exeC:\Users\Admin\AppData\Local\Temp\FAB0.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Qfyshwqueqdpai.tmp",Dioeeedresq2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3728 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 140053⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:3584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 3562⤵
- Program crash
PID:764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3364 -ip 33641⤵PID:1832
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:824
-
C:\Users\Admin\AppData\Roaming\jsvjrutC:\Users\Admin\AppData\Roaming\jsvjrut1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
PID:856
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1021KB
MD5bbac8c49e50b282cd6ec6ee4800730a6
SHA10c3a643df3441a3bea475d563fcdc2dcaf159068
SHA256a74b73ced4162e7d54aa19d37661b77ef6db4188651e3410f1a73e17d64c4631
SHA512825d55acf30222137a6d8cdcebf1db83582b2629d2483ed78f1bf43ac0aba0f566a7c2d37d573d0dbc5e81154e7d0880c07e34e061931000f7f4f8717172907d
-
Filesize
1021KB
MD5bbac8c49e50b282cd6ec6ee4800730a6
SHA10c3a643df3441a3bea475d563fcdc2dcaf159068
SHA256a74b73ced4162e7d54aa19d37661b77ef6db4188651e3410f1a73e17d64c4631
SHA512825d55acf30222137a6d8cdcebf1db83582b2629d2483ed78f1bf43ac0aba0f566a7c2d37d573d0dbc5e81154e7d0880c07e34e061931000f7f4f8717172907d
-
Filesize
792KB
MD5822d3ead416a1a85cb96e65f65cd5ae2
SHA1af32b69e2835d1cacdadb97ae6dfafccc32d1837
SHA25672bdb3a06dca8458ac9aedf06785b2d7b95a19f8b9f3f8f5be2eb4744e9c5d1d
SHA51248d0d61efd51fd2d8eb04d990b4a5b3ca34c916199d3b0a3b135d2089e028ee37f5145e4705fb75da77eaabbe12f8c4ea55775a41e1b1c68a90ce68b8c2a7260
-
Filesize
792KB
MD5822d3ead416a1a85cb96e65f65cd5ae2
SHA1af32b69e2835d1cacdadb97ae6dfafccc32d1837
SHA25672bdb3a06dca8458ac9aedf06785b2d7b95a19f8b9f3f8f5be2eb4744e9c5d1d
SHA51248d0d61efd51fd2d8eb04d990b4a5b3ca34c916199d3b0a3b135d2089e028ee37f5145e4705fb75da77eaabbe12f8c4ea55775a41e1b1c68a90ce68b8c2a7260
-
Filesize
223KB
MD5fb61094230a4ed3c7a265e3ed14dbdd0
SHA17e5527b77081980e174d356766f75c33623c4ee7
SHA2563ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900
SHA512ea64d0ac7256ee92e5813eb414fa91c27b33a027c4793e5e1e6927c6e027c587699f1b155e533bec961c24e572a9e96e54f730aef631113d3b563b39343a5767
-
Filesize
223KB
MD5fb61094230a4ed3c7a265e3ed14dbdd0
SHA17e5527b77081980e174d356766f75c33623c4ee7
SHA2563ea49e28c63b670e03698915865f7d2f07bb35894517e4742f0da5b2fd3bc900
SHA512ea64d0ac7256ee92e5813eb414fa91c27b33a027c4793e5e1e6927c6e027c587699f1b155e533bec961c24e572a9e96e54f730aef631113d3b563b39343a5767