Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
07/12/2023, 20:35
Behavioral task
behavioral1
Sample
3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe
Resource
win7-20231025-en
General
-
Target
3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe
-
Size
545KB
-
MD5
53d5101bf73ad81743a6b8e94deee77f
-
SHA1
0e997ff5b72fec6ba747aac8405e6d85ad625050
-
SHA256
3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c
-
SHA512
9b819d023c928ccb6802f38bb46c1734fd4f7f2188f962cc38bfa3f1641655c1121d7a51edfd9e9724079b5c848e40929d67fb819bf2a8978b37614ec4305b10
-
SSDEEP
6144:vhjxrU2+7kO+4LT9FD/QOuVkJpFYcEOkCybEaQRXr9HNdvOaAC6:vvr+M4H9FrGVkwOkx2LIat6
Malware Config
Signatures
-
Drops file in Drivers directory 9 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\D1CltxeOyoGr.sys Explorer.EXE File opened for modification C:\Windows\system32\drivers\jHRoeAFgqYE.rbo Explorer.EXE File opened for modification C:\Windows\system32\drivers\cs8qTQoOxQSb.sys Explorer.EXE File opened for modification C:\Windows\system32\drivers\DUINA904MnE.sys Explorer.EXE File opened for modification C:\Windows\system32\drivers\KKeU9IESqFy.ser Explorer.EXE File created C:\Windows\System32\drivers\hfvaUtE.sys Explorer.EXE File opened for modification C:\Windows\system32\drivers\hlDyMnuCjVq.jvt Explorer.EXE File opened for modification C:\Windows\system32\drivers\Cl0CvJZp9u6v.ipi Explorer.EXE File opened for modification C:\Windows\system32\drivers\fYXxilOc1zJlLd.sys Explorer.EXE -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Control Panel\International\Geo\Nation 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe -
resource yara_rule behavioral2/memory/3760-0-0x0000000000CE0000-0x0000000000D6F000-memory.dmp upx behavioral2/memory/3760-17-0x0000000000CE0000-0x0000000000D6F000-memory.dmp upx behavioral2/memory/3760-55-0x0000000000CE0000-0x0000000000D6F000-memory.dmp upx -
Unexpected DNS network traffic destination 6 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 223.5.5.5 Destination IP 114.114.114.114 Destination IP 114.114.114.114 -
resource yara_rule behavioral2/files/0x000c000000023238-85.dat vmprotect behavioral2/files/0x000700000002323e-114.dat vmprotect behavioral2/files/0x0015000000023113-142.dat vmprotect behavioral2/files/0x0023000000023113-170.dat vmprotect -
Drops file in System32 directory 9 IoCs
description ioc Process File opened for modification C:\Windows\system32\wfRL5FwoGaHI.sys Explorer.EXE File opened for modification C:\Windows\system32\5Ubk0dgeBM4yca.sys Explorer.EXE File opened for modification C:\Windows\system32\hK3M2hODYcpEd.sys Explorer.EXE File opened for modification C:\Windows\system32\pBKj4GOZ5ytc.sys Explorer.EXE File opened for modification C:\Windows\system32\I4OrQnf0D421.zmi Explorer.EXE File opened for modification C:\Windows\system32\XFjykBF86wgB.bws Explorer.EXE File opened for modification C:\Windows\system32\nczHPBaF7s.xna Explorer.EXE File opened for modification C:\Windows\system32\1Ih8uylF6j.tmp Explorer.EXE File created C:\Windows\system32\ \Windows\System32\nXrO1knf.sys Explorer.EXE -
Drops file in Program Files directory 26 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Defender\lib\646abf1e.js Explorer.EXE File opened for modification C:\Program Files\NSyb6HvrmI.vma Explorer.EXE File opened for modification C:\Program Files (x86)\4gfHBrm6akG.sys Explorer.EXE File opened for modification C:\Program Files\Windows Defender\manifest.json Explorer.EXE File opened for modification C:\Program Files\Windows Defender\396191c8.js Explorer.EXE File opened for modification C:\Program Files\GTx2PoiY0ARvqP.sys Explorer.EXE File opened for modification C:\Program Files (x86)\cNhlSRZIKNAP.sys Explorer.EXE File opened for modification C:\Program Files\MSBuild\manifest.json Explorer.EXE File opened for modification C:\Program Files (x86)\OHe64hHS3P1s.zbe Explorer.EXE File opened for modification C:\Program Files (x86)\nqvNB24hD7Zm.hdh Explorer.EXE File opened for modification C:\Program Files\YMBlU0Om7i.uwg Explorer.EXE File opened for modification C:\Program Files (x86)\GHA1yTsNIAMDc.sys Explorer.EXE File opened for modification C:\Program Files\MSBuild\lib\646b3b03.js Explorer.EXE File opened for modification C:\Program Files (x86)\CGy7V865uC4.sys Explorer.EXE File opened for modification C:\Program Files (x86)\0qLRK7y485MI8.iyi Explorer.EXE File opened for modification C:\Program Files (x86)\noUpG2oY1Ydjp3.umm Explorer.EXE File opened for modification C:\Program Files\Windows Defender\47b9f63a.html Explorer.EXE File opened for modification C:\Program Files\MSBuild\3961d894.js Explorer.EXE File opened for modification C:\Program Files\MSBuild\5612c4de.js Explorer.EXE File opened for modification C:\Program Files\Windows Defender\56125aac.js Explorer.EXE File opened for modification C:\Program Files\Mbb3Xqae5AFVl4.sys Explorer.EXE File opened for modification C:\Program Files\MSZ7Kj98gXYj.cwv Explorer.EXE File opened for modification C:\Program Files\hJcxcuJ0R3vz.jlj Explorer.EXE File opened for modification C:\Program Files\a6m9w6guNHVGK.sys Explorer.EXE File opened for modification C:\Program Files\Sv6MZ4eRGkUb.sys Explorer.EXE File opened for modification C:\Program Files\MSBuild\47ba4eb9.html Explorer.EXE -
Drops file in Windows directory 10 IoCs
description ioc Process File created C:\Windows\rS6uloi3.sys Explorer.EXE File opened for modification C:\Windows\mE07feRYtg.sys Explorer.EXE File opened for modification C:\Windows\AiDlWo8jM7.sys Explorer.EXE File opened for modification C:\Windows\o80UeuxzQleSN.niq Explorer.EXE File opened for modification C:\Windows\0rjtIRLymI.sys Explorer.EXE File opened for modification C:\Windows\jIOpezU3b2e.sys Explorer.EXE File opened for modification C:\Windows\err_3760.log 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe File opened for modification C:\Windows\3JgQeWDmjpNtR.evl Explorer.EXE File opened for modification C:\Windows\MsTIRRfNK9a3.pyc Explorer.EXE File opened for modification C:\Windows\LNMDTZ3Tcl.nka Explorer.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 Explorer.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 Explorer.EXE Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName Explorer.EXE -
Delays execution with timeout.exe 1 IoCs
pid Process 2496 timeout.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 3276 Explorer.EXE 3276 Explorer.EXE 1016 dwm.exe 1016 dwm.exe 1016 dwm.exe 1016 dwm.exe 1016 dwm.exe 1016 dwm.exe 3276 Explorer.EXE 3276 Explorer.EXE 3276 Explorer.EXE 1016 dwm.exe 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 3276 Explorer.EXE 1016 dwm.exe 1016 dwm.exe -
Suspicious behavior: LoadsDriver 59 IoCs
pid Process 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found 648 Process not Found -
Suspicious use of AdjustPrivilegeToken 21 IoCs
description pid Process Token: SeDebugPrivilege 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe Token: SeTcbPrivilege 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe Token: SeDebugPrivilege 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe Token: SeDebugPrivilege 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeIncBasePriorityPrivilege 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe Token: SeShutdownPrivilege 3276 Explorer.EXE Token: SeCreatePagefilePrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeBackupPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 1016 dwm.exe Token: SeBackupPrivilege 1016 dwm.exe Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeDebugPrivilege 3276 Explorer.EXE Token: SeBackupPrivilege 3276 Explorer.EXE Token: SeShutdownPrivilege 1016 dwm.exe Token: SeCreatePagefilePrivilege 1016 dwm.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3276 Explorer.EXE -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 3760 wrote to memory of 3276 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 54 PID 3760 wrote to memory of 3276 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 54 PID 3760 wrote to memory of 3276 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 54 PID 3760 wrote to memory of 3276 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 54 PID 3760 wrote to memory of 3276 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 54 PID 3760 wrote to memory of 576 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 5 PID 3760 wrote to memory of 576 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 5 PID 3760 wrote to memory of 576 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 5 PID 3760 wrote to memory of 576 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 5 PID 3760 wrote to memory of 576 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 5 PID 3760 wrote to memory of 4748 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 104 PID 3760 wrote to memory of 4748 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 104 PID 3760 wrote to memory of 4748 3760 3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe 104 PID 4748 wrote to memory of 2496 4748 cmd.exe 106 PID 4748 wrote to memory of 2496 4748 cmd.exe 106 PID 4748 wrote to memory of 2496 4748 cmd.exe 106 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9 PID 3276 wrote to memory of 1016 3276 Explorer.EXE 9
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:576
-
C:\Windows\system32\dwm.exe"dwm.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1016
-
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3276 -
C:\Users\Admin\AppData\Local\Temp\3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe"C:\Users\Admin\AppData\Local\Temp\3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe"2⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3760 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\3d567d93342f92d66717c8b1dbce6412e27ebd1da7c2b014b611e258ece8b37c.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:4748 -
C:\Windows\SysWOW64\timeout.exetimeout /t 14⤵
- Delays execution with timeout.exe
PID:2496
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A
Filesize2KB
MD59ba47a279b7950e198b6076171704bd8
SHA12d40167fb1cffc590d18f00b6ae5a22a7ba2bcab
SHA2561d855e013b588989a67757730de9fef0ae45fba49359eeeb9ca7ce03089f75c6
SHA512d048eb90cc64e568aa36c857a19ab9d4ebbb829716ec397d91fe92ab7cf0e5addbb2928cabfdec043ed46db02b2705a079668184474c08f5e7e57d58122d83c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize1KB
MD5b3e886f0a26b67c1234b30c755341758
SHA18a881fb559672e95834def740fc5ba017879b0db
SHA256808b71ea8048ef6e5014fbd1dedbd496516bf963107c8dff13a53d807c60686f
SHA51266f612ae244a65d623617290f58bd01b8db16fcb98d9b60dca78adc7b2371bfff0ad03dbb244def434e8f243efcef37337a39a30871c64dcd1f6db6e57f50524
-
Filesize
599B
MD53fefedd2d651734aab0aff2f8161db56
SHA1eda0d013d0db080e6477965234bf4db2aceb215e
SHA2564a2a561a396876d9ef6387f7f5394313a82d06945aae92d672a39b3db8cc5f01
SHA5120ac825bf61b063f64e93eb4638ebeb63457309068e8a8ac27ea15b79c0ae7968ec1db6df757d74d9350abfd262d2a834ab54ee47f8d04dbb6451f7133072a56e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A
Filesize484B
MD5935a9e5d0ec698c565519d6a572d9601
SHA1cf53a7aac2159cd12cc946f8c8c8f698a32a5d0d
SHA2565aa2798065cc6b8558acee4889ed1dee7f6204116860480c8c6ab2c34c70a80a
SHA5121c6db16d154594cf743b99b3fe052070f9c869dd8ee2ff981d33e6cf66e856051bfd4f794e89f76eaceb01e6c86c97fc77729787134bf9f5581c928a057e0b8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize482B
MD51f60ee8de4ef7ef144eacb0bdf14df68
SHA1d964f46d850f3e5ae3cbff0e0361665d03c84ff5
SHA256e3ab52ee388317c0affcbe4a640c7b4c9df85ef3a8d62fcbb92ad54b9a5d45ac
SHA5123c24c4cad705ff49a0af9cc1a89327d16b0cd3f90386e575f0f71e78427aebbbccaf23a976926259fb1182ce4bee4ab13e2c7111c0d6cecfc492d551fa044e35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DED9969D7ED2C6E555C5C9254A43EDE4
Filesize504B
MD577c8cf33c3cf0a216298f3266fc3e856
SHA1f044d555ebdbe99e06d6f7b0d451e9e883e744c0
SHA2561c23554232be622460cb06b2c8c9db61b6b7a0ca83fbef8b69b8d957683888b4
SHA512e34f3fca60c8bf7b77003f73ac02365e12247e113d567b812014d70277365cca75e1bc8e05ec63df97cdb735323f8e8a56cefb051ead603d22a49cbccb4f976d
-
Filesize
415KB
MD564bc1983743c584a9ad09dacf12792e5
SHA10f14098f523d21f11129c4df09451413ddff6d61
SHA256057ec356f1577fe86b706e5aeb74e3bdd6fe04d22586fecf69b866f8f72db7f5
SHA5129ab4ddb64bd97dd1a7ee15613a258edf1d2eba880a0896a91487c47a32c9bd1118cde18211053a5b081216d123d5f901b454a525cbba01d8067c31babd8c8c3c
-
Filesize
447KB
MD5dd627bbb8edb4a1072167c8b5fd6e0b5
SHA130a624eb46d35d4370000ad4b0339ec8f21bb454
SHA256b795e8339a35e09a5f807b17c6c56c0d6286915775f4bfe6f2ed765ed4222e93
SHA5123578fe4c9ca6915580c7517f37017ee35b3b05b1061ee88a59e4feb95702963c52405435424f35a79ee26d2d1574ca274d40d3e624b437a812ec0fc6b377b2a4
-
Filesize
415KB
MD5fdbf841adb1f78adca43b1aa3f303d30
SHA17a8cee7fffffcc369688d5c48daaa75eddb68156
SHA256992857e7e9f2ae2458bee53c0156c632303ad5266aeacb95da30c25700f54a76
SHA512ebbfaef01abc6b5ddb6f14ad0c2c3c1f4288e461d1901898cdaca3cb9a5691a96bd99fe1cbe9f42d84a00cb97852b490e395688c1d65db2cc0337277ff47ec84
-
Filesize
447KB
MD5d15f5f23df8036bd5089ce8d151b0e0d
SHA14066ff4d92ae189d92fcdfb8c11a82cc9db56bb2
SHA256f2c40dde6f40beaa3c283b66791ff27e6f06d66c8dd6eff5262f51e02ee26520
SHA512feaec8a00346b0a74c530859785e1b280da5833bf3113083bf4664ebee85b14ceca648499f36d266d329d602349f9ad0fc21a10e605377b3a2c24b456f3a9bd9