Analysis
-
max time kernel
39s -
max time network
84s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-06-2023 13:41
Static task
static1
Behavioral task
behavioral1
Sample
Revil.exe
Resource
win7-20230220-en
General
-
Target
Revil.exe
-
Size
119KB
-
MD5
fa8117afd2dbd20513522f2f8e991262
-
SHA1
f7b876edb8fc0c83fd8b665d3c5a1050d4396302
-
SHA256
78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff
-
SHA512
2bab344d136b31cd7c55b7cd0ef1b7718c9952573f3b1478a2efb8211563d7dedacefd4764a7186e15f7de93cc43fa29fc4d2fa61961a14bb12d7bea830e5032
-
SSDEEP
3072:KW5yc3Y4SMQwuOekD96R928AN+/uSxo+HHz/bs/k4OS:K83Y5BAxa92KrxTnz/Y/k4O
Malware Config
Extracted
sodinokibi
$2b$13$wz1reRfdLg.aiStLDqg5JeqqySemSPatWKHdwbpWVrC3ty7Akscg6
49
-
net
false
-
pid
$2b$13$wz1reRfdLg.aiStLDqg5JeqqySemSPatWKHdwbpWVrC3ty7Akscg6
-
prc
vsnapvss
EnterpriseClient
firefox
infopath
cvd
tv_x64.exe
VeeamTransportSvc
steam
encsvc
mydesktopservice
outlook
synctime
ocssd
SAP
cvfwd
bengien
vxmon
bedbh
ocomm
ocautoupds
raw_agent_svc
oracle
disk+work
powerpnt
saposcol
sqbcoreservice
sapstartsrv
beserver
saphostexec
dbeng50
isqlplussvc
CVODS
DellSystemDetect
CVMountd
TeamViewer.exe
dbsnmp
thunderbird
mspub
wordpad
visio
benetns
QBCFMonitorService
TeamViewer_Service.exe
tv_w32.exe
QBIDPService
winword
thebat
VeeamDeploymentSvc
avagent
QBDBMgrN
mydesktopqos
xfssvccon
sql
tbirdconfig
CagService
pvlsvr
avscc
VeeamNFSSvc
onenote
excel
msaccess
agntsvc
-
ransom_oneliner
All of your files are encrypted! Find EDGEWATER-README.txt and follow instuctions
-
ransom_template
---=== Welcome. Again. ===--- [+] What's Happened? [+] Your files have been encrypted and currently unavailable. You can check it. All files in your system have {EXT} extension. By the way, everything is possible to recover (restore) but you should follow our instructions. Otherwise you can NEVER return your data. [+] What are our guarantees? [+] It's just a business and we care only about getting benefits. If we don't meet our obligations, nobody will deal with us. It doesn't hold our interest. So you can check the ability to restore your files. For this purpose you should visit our website where you can decrypt one file for free. That is our guarantee. It doesn't metter for us whether you cooperate with us or not. But if you don't, you'll lose your time and data cause only we have the private key to decrypt your files. In practice - time is much more valuable than money. [+] How to get access to our website? [+] Use TOR browser: 1. Download and install TOR browser from this site: https://torproject.org/ 2. Visit our website: http://4to43yp4mng2gdc3jgnep5bt7lkhqvjqiritbv4x2ebj3qun7wz4y2id.onion When you visit our website, put the following data into the input form: Key: {KEY} !!! DANGER !!! DON'T try to change files by yourself, DON'T use any third party software or antivirus solutions to restore your data - it may entail the private key damage and as a result all your data loss! !!! !!! !!! ONE MORE TIME: It's in your best interests to get your files back. From our side we (the best specialists in this sphere) ready to make everything for restoring but please do not interfere. !!! !!! !!
-
sub
49
-
svc
QBCFMonitorService
thebat
dbeng50
winword
dbsnmp
VeeamTransportSvc
disk+work
TeamViewer_Service.exe
firefox
QBIDPService
steam
onenote
CVMountd
cvd
VeeamDeploymentSvc
VeeamNFSSvc
bedbh
mydesktopqos
avscc
infopath
cvfwd
excel
beserver
powerpnt
mspub
synctime
QBDBMgrN
tv_w32.exe
EnterpriseClient
msaccess
ocssd
mydesktopservice
sqbcoreservice
CVODS
DellSystemDetect
oracle
ocautoupds
wordpad
visio
SAP
bengien
TeamViewer.exe
agntsvc
CagService
avagent
ocomm
outlook
saposcol
xfssvccon
isqlplussvc
pvlsvr
sql
tbirdconfig
vxmon
benetns
tv_x64.exe
encsvc
sapstartsrv
vsnapvss
raw_agent_svc
thunderbird
saphostexec
Signatures
-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1404 chrome.exe 1404 chrome.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe Token: SeShutdownPrivilege 1404 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
Processes:
chrome.exepid process 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
chrome.exepid process 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1404 wrote to memory of 760 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 760 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 760 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1632 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1436 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1436 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 1436 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe PID 1404 wrote to memory of 892 1404 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Revil.exe"C:\Users\Admin\AppData\Local\Temp\Revil.exe"1⤵PID:1716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6169758,0x7fef6169768,0x7fef61697782⤵PID:760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:22⤵PID:1632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:82⤵PID:1436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:82⤵PID:892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:12⤵PID:1756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:12⤵PID:1276
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1128 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:22⤵PID:2232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1472 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:12⤵PID:2312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:82⤵PID:2404
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1264,i,2723105348408933294,15976111033416718896,131072 /prefetch:82⤵PID:2412
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1576
-
C:\Program Files\Microsoft Games\solitaire\solitaire.exe"C:\Program Files\Microsoft Games\solitaire\solitaire.exe"1⤵PID:2624
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4841⤵PID:2696
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:2948
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD58e33fa7c21395ac4899d0c9c0c8afef6
SHA18b8c261beff32e43965189aa19ada2912771e588
SHA256a45bd8b77e2b9b8493c9e45cbace5cb326e1851a6c61d97ee9b792bb15b3f3c0
SHA5121bf596ef81f803c87b46dc1a44e139c37b092b826924fb88d65a241758d36471251e2cdb89bcdca599d3552ba38fa22fcb7282a0573d28018a90a0c4c12d8c6f
-
Filesize
4KB
MD531a53b8f7da5182be90ee3fb5ae4fd34
SHA1c10680cb505cb588ffa455e088f8a830cab4e5ae
SHA256e8eceb951016c7fde85719285dca900e21a5bce81bee16eabc427626330af322
SHA5121f1ff45bc2d1fd84434c875bce99cdb0f2984c7835edeb63049346bb6209c833d5285cca44c73c67e3ab52d48b369de37238444c7a48f76bf9d6227a12a7d156
-
Filesize
4KB
MD537a37a535e3bf14b9d8806b07b7d397c
SHA1c4240633e8b87bdd3e717753e91b64f8c67d7052
SHA256ff9c475431513a3e8e4acda051a6efc887e93882d93d3519e15d11f1e45c3d52
SHA512bf352d9365ab2e5b298dd9157b9e5376fa91068f4511df242a89788bb7f412b083325de38b9d147e5f24343a847e74e18b9810935ebe3115b2c7d5a74ad91597
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
158KB
MD53ebaaecb2149abcd740280f23e72cd05
SHA1983cc94aabbdbb06294c8aa73e3da7b23772403f
SHA256006a96cf60c40628f2564acb03e20271f90427cf6b891953f193b9fc778f4d22
SHA5120fdc8812da771aeb72ee9504a88cd4f5c65beaf0ad6f0753a047875af9c5b5f164952e0cfbb8fbf8540102028e03d9f8733c9c5444ee85200b21de313c9d6c58
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e