Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06-02-2024 13:18
Static task
static1
Behavioral task
behavioral1
Sample
document_reader - Copy.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
document_reader - Copy.exe
Resource
win10v2004-20231215-en
General
-
Target
document_reader - Copy.exe
-
Size
3.9MB
-
MD5
0b3862697827944cc338f06ba9105afa
-
SHA1
c4b09f47e7942f487986622e61643c347311436a
-
SHA256
964fa0512b4b0bcc0e5c134ca5338afeb6122fb47df3142d2147d84772027837
-
SHA512
6b1d4ececa6d88166ed538958ecc85731100600468484e4f52e826e0e7a2733dbb1eccaedc7ae66902fbd2cdf7acae2ee70d2cc65c745ed39d8ecf687f599224
-
SSDEEP
49152:xsoCGLD9MP+a3FLiyDxn8P7Sfcaf+eHMms:xsrBVV
Malware Config
Signatures
-
Detect DarkGate stealer 6 IoCs
Processes:
resource yara_rule behavioral1/memory/2116-63-0x0000000003670000-0x0000000004640000-memory.dmp family_darkgate_v6 behavioral1/memory/2116-64-0x0000000004B60000-0x0000000004EBB000-memory.dmp family_darkgate_v6 behavioral1/memory/1584-172-0x0000000000400000-0x0000000000472000-memory.dmp family_darkgate_v6 behavioral1/memory/1584-171-0x0000000000400000-0x0000000000472000-memory.dmp family_darkgate_v6 behavioral1/memory/2116-173-0x0000000004B60000-0x0000000004EBB000-memory.dmp family_darkgate_v6 behavioral1/memory/1584-174-0x0000000000400000-0x0000000000472000-memory.dmp family_darkgate_v6 -
Suspicious use of NtCreateUserProcessOtherParentProcess 7 IoCs
Processes:
Autoit3.exedescription pid process target process PID 2116 created 1164 2116 Autoit3.exe Dwm.exe PID 2116 created 2968 2116 Autoit3.exe chrome.exe PID 2116 created 2968 2116 Autoit3.exe chrome.exe PID 2116 created 1164 2116 Autoit3.exe Dwm.exe PID 2116 created 2968 2116 Autoit3.exe chrome.exe PID 2116 created 1108 2116 Autoit3.exe taskhost.exe PID 2116 created 1164 2116 Autoit3.exe Dwm.exe -
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
Autoit3.exepid process 2116 Autoit3.exe -
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Autoit3.exedescription pid process target process PID 2116 set thread context of 1584 2116 Autoit3.exe WerFault.exe -
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
Processes:
resource yara_rule C:\temp\document.pdf pdf_with_link_action -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
Autoit3.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Autoit3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Autoit3.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
chrome.exeAutoit3.exepid process 2516 chrome.exe 2516 chrome.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe 2116 Autoit3.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Autoit3.exepid process 2116 Autoit3.exe -
Suspicious use of AdjustPrivilegeToken 12 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe Token: SeShutdownPrivilege 2516 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
chrome.exepid process 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe 2516 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
document_reader - Copy.exechrome.exedescription pid process target process PID 2520 wrote to memory of 2516 2520 document_reader - Copy.exe chrome.exe PID 2520 wrote to memory of 2516 2520 document_reader - Copy.exe chrome.exe PID 2520 wrote to memory of 2516 2520 document_reader - Copy.exe chrome.exe PID 2516 wrote to memory of 2968 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2968 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2968 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2632 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2952 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2952 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2952 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe PID 2516 wrote to memory of 2940 2516 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\document_reader - Copy.exe"C:\Users\Admin\AppData\Local\Temp\document_reader - Copy.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "c:\temp\document.pdf"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71d9758,0x7fef71d9768,0x7fef71d97783⤵PID:2968
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe4⤵PID:2668
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe4⤵PID:2676
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe4⤵PID:2612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:83⤵PID:2952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:23⤵PID:2632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:83⤵PID:2940
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:13⤵PID:2944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:13⤵PID:2856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:23⤵PID:2272
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1440 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:13⤵PID:1800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3300 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:13⤵PID:1492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1300,i,9049485556236824123,5857239144607537981,131072 /prefetch:83⤵PID:1128
-
\??\c:\tes2\Autoit3.exec:\tes2\Autoit3.exe c:\tes2\script.au32⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2116
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵PID:1164
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵PID:2636
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵PID:2192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe2⤵PID:1584
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵PID:1108
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵PID:2300
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
233KB
MD5a5cd45fa94f462cc88a1982b07466ae5
SHA1207a5824efab00ba9f0ef7d94efb808c15296ee0
SHA25615cf6ddb64c48e17cfbb6173ef6c362430073cc51a2ea92745af4e6c3ac9de6f
SHA51276a192786a6cf9251f0cccb77aff41ab98a0cf759a74133811f240e9468ef24d278dbfcbc4ab90ffe108903c6c5ee2549fa75f6753f9dc0128c8b62aabdb01d5
-
Filesize
397KB
MD527e8c717e7bfc321f8d641b7e92dfa83
SHA16ca9787e526bf712018f9e73cc8b452c41ef2473
SHA25688677605ba42401eecd5fe442e0aedcedfa1a6c6266cfd6ce4cc462afdf928ae
SHA5123fc118c66576cab643e09e2fc5822d059f89e5e0c6b3d919289099a8796e83bbfd6f7b95694d52cbe6c9b040c703111c62393cf139cadeb593848f6a09400e85
-
Filesize
872KB
MD5c56b5f0201a3b3de53e561fe76912bfd
SHA12a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
SHA512195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
Filesize
583KB
MD5c37514367bf7b08d6cd30f938b33146a
SHA106f277690f2bbe71bdfc77ca227455657bd02c31
SHA2569dd25ba75e415f2e6260de78977091e1ada7b6f0f5cba7c4944673c65fbd7609
SHA5123a009923ff8152720b1e327b0dfd159122d4282f12d7ad540837111226ec3535eb2d550adf065729ea9155f4eb4f46128d0d91bc87a083bcc176f062df2d6b23
-
Filesize
76B
MD54252e248997cb141c0d2b5211d9459f7
SHA1cad24dbb355b37345b85c9e276931ba6b3a7dd1c
SHA256c8fd4ff9ccaca0d223aaf28f8a25b54a241666b5ddd81f0ea16217868d7025d8
SHA51225ddfeca9124262bf7f8963585729cc95ecf17584cb2265d2f71b07f5846c1e5b38f15209a5b2a94cc0a38e83e6f6a2eefc339948e15f01aaf0caf74060ca8e2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e