Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 10:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
baf8f498549a0c7fe9887400e7b44e5c.exe
Resource
win7-20240215-en
windows7-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
baf8f498549a0c7fe9887400e7b44e5c.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
baf8f498549a0c7fe9887400e7b44e5c.exe
-
Size
201KB
-
MD5
baf8f498549a0c7fe9887400e7b44e5c
-
SHA1
3ee9890309714072e8a22633a8b7ac3e6cec1720
-
SHA256
d4c1c18012d84abc332a82ada956555289e86494d3a4b99febd7ee6a497afc75
-
SHA512
cd77add984851010083e1d45d4e571cba8cc4e0ad9a63bb95d2e5737da6440ee1124328c5aceb669b339b22f30397ba043576825cbdf09d8be966be5cbf413d3
-
SSDEEP
3072:xlbVxDAcCV0GYUdNvH6gomuVqdh+D5ib3UkXXHoamErz8/Xhg7Jkm5R:XV+0GYU7vH0/VQqEr8a9
Score
10/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\enablelua = "0" svshost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\consentpromptbehavioradmin = "0" svshost.exe -
Executes dropped EXE 2 IoCs
pid Process 2664 svshost.exe 2736 svshost.exe -
Loads dropped DLL 1 IoCs
pid Process 2900 baf8f498549a0c7fe9887400e7b44e5c.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\winlogon = "C:\\windows\\SysWOW64\\svshost.exe" svshost.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\enablelua = "0" svshost.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\windows\SysWOW64\svshost.exe baf8f498549a0c7fe9887400e7b44e5c.exe File opened for modification C:\windows\SysWOW64\svshost.exe attrib.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 1600 set thread context of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 2664 set thread context of 2736 2664 svshost.exe 33 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main svshost.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.guncelborsahaberleri.com/ara/" svshost.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\msinet.ocx, 1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS\ = "2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\msinet.ocx" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control, version 6.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\ = "Internet Control URL Property Page Object" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\ = "Microsoft Internet Transfer Control 6.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\msinet.ocx" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32\ = "C:\\msinet.ocx" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR regsvr32.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1600 baf8f498549a0c7fe9887400e7b44e5c.exe Token: SeDebugPrivilege 2664 svshost.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 2736 svshost.exe 2736 svshost.exe 2736 svshost.exe -
Suspicious use of WriteProcessMemory 40 IoCs
description pid Process procid_target PID 1600 wrote to memory of 2504 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 28 PID 1600 wrote to memory of 2504 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 28 PID 1600 wrote to memory of 2504 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 28 PID 1600 wrote to memory of 2504 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 28 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 1600 wrote to memory of 2900 1600 baf8f498549a0c7fe9887400e7b44e5c.exe 29 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2772 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 30 PID 2900 wrote to memory of 2664 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 31 PID 2900 wrote to memory of 2664 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 31 PID 2900 wrote to memory of 2664 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 31 PID 2900 wrote to memory of 2664 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 31 PID 2664 wrote to memory of 2728 2664 svshost.exe 32 PID 2664 wrote to memory of 2728 2664 svshost.exe 32 PID 2664 wrote to memory of 2728 2664 svshost.exe 32 PID 2664 wrote to memory of 2728 2664 svshost.exe 32 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2664 wrote to memory of 2736 2664 svshost.exe 33 PID 2900 wrote to memory of 2424 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 34 PID 2900 wrote to memory of 2424 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 34 PID 2900 wrote to memory of 2424 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 34 PID 2900 wrote to memory of 2424 2900 baf8f498549a0c7fe9887400e7b44e5c.exe 34 -
System policy modification 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system svshost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\enablelua = "0" svshost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\consentpromptbehavioradmin = "0" svshost.exe -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2424 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\baf8f498549a0c7fe9887400e7b44e5c.exe"C:\Users\Admin\AppData\Local\Temp\baf8f498549a0c7fe9887400e7b44e5c.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Users\Admin\AppData\Local\Temp\baf8f498549a0c7fe9887400e7b44e5c.exebaf8f498549a0c7fe9887400e7b44e5c.exe2⤵PID:2504
-
-
C:\Users\Admin\AppData\Local\Temp\baf8f498549a0c7fe9887400e7b44e5c.exebaf8f498549a0c7fe9887400e7b44e5c.exe2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\msinet.ocx3⤵
- Modifies registry class
PID:2772
-
-
C:\windows\SysWOW64\svshost.exeC:\windows\system32\svshost.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\windows\SysWOW64\svshost.exesvshost.exe4⤵PID:2728
-
-
C:\windows\SysWOW64\svshost.exesvshost.exe4⤵
- UAC bypass
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:2736
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s C:\windows\system32\svshost.exe3⤵
- Drops file in System32 directory
- Views/modifies file attributes
PID:2424
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD57bec181a21753498b6bd001c42a42722
SHA13249f233657dc66632c0539c47895bfcee5770cc
SHA25673da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc
-
Filesize
49KB
MD573ad74827f32e4d57204b617930b8dbc
SHA1894270abdf29c079715846f48b5d7fc5ce599be0
SHA2562ac4ec5fe940b2b7b7c1449c7855e1265e5fa7f52cd072f237489e1421759342
SHA512275ec540d378940178d0cc288b5e6c3219dfe67a35a41cff763e1ff099fe6685d503c13c3d54e8489c3e61b44f3c42f6d21a0a6f69454ace83e2b4ea9117b840