Overview
overview
10Static
static
10067f997e6f...40.exe
windows7-x64
100c0c9a19db...c1.exe
windows7-x64
101a8f35d0f2...b9.exe
windows7-x64
2354403f00...3b.exe
windows7-x64
240ac12f9c...0b.exe
windows7-x64
10276727bfac...36.exe
windows7-x64
10280a75ca5c...8e.exe
windows7-x64
2e8af1ad4b...51.exe
windows7-x64
1032c51906c1...ec.exe
windows7-x64
3e84def5ee...96.exe
windows7-x64
403b8f1ce9...40.exe
windows7-x64
4731758b5f...25.exe
windows7-x64
94c21b335ba...49.exe
windows7-x64
104c99ac9f69...35.exe
windows7-x64
4fbbd67a32...a7.exe
windows7-x64
10622e2834e5...95.exe
windows7-x64
106734e7474c...fd.exe
windows7-x64
67a00565a4...5d.exe
windows7-x64
6e228df5e4...62.exe
windows7-x64
7b93299c45...03.exe
windows7-x64
7c2a9bae3b...c1.exe
windows7-x64
107d9c97a133...b5.exe
windows7-x64
1083b294975e...74.exe
windows7-x64
9b0cfabed9...8e.exe
windows7-x64
10aa63528bf7...cd.exe
windows7-x64
b54d6dc708...7d.exe
windows7-x64
10b6b2c1f4bb...00.exe
windows7-x64
10ba43b2eb48...fb.exe
windows7-x64
cc43fc18d6...e8.exe
windows7-x64
10d50b23e12c...af.exe
windows7-x64
10ebb17d81ff...0f.exe
windows7-x64
ec09cfa4a7...da.exe
windows7-x64
10Resubmissions
16-03-2024 17:17
240316-vtswysfd2y 1016-03-2024 15:31
240316-syg9xafg39 1015-03-2024 08:15
240315-j5rmgsbg5z 10Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-03-2024 08:15
Behavioral task
behavioral1
Sample
067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral3
Sample
1a8f35d0f2b1a11a5b30e6f05ee5c9e93542fc2f559f8e66cf67f2a1b6ccbeb9.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
2354403f00f096f700e5616ed1a5ccd40fe53a1bb35a5e93e429f5f24fa4483b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral5
Sample
240ac12f9c13ef1fdfbc77e16978f0423a41a3cc1c3dcb8786ba8e7672811f0b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
276727bfacdeba0ba864fd6ccecab5fd0f244576dc503d7cf148a4deb90fc136.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral7
Sample
280a75ca5ca5dc8e106f6f6e2005fe3e23b6c35e296d5639b00b5b6daba8c38e.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral8
Sample
2e8af1ad4bb1e9f1bfdd3a04bf28363bbcdb3653e6aa4864f61b09c050378d51.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral9
Sample
32c51906c182c8c92afbc93cbe674d1b24d855f5f4f0c4c82d076691cce4c7ec.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
3e84def5eeae88ab28d21de08581e68e46fd9a94b5fee35d609d6f73a92a9e96.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral11
Sample
403b8f1ce98aeb6f4a7cfc23693c5a9799e0239806a4850b4eaad58ab7bedb40.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral13
Sample
4c21b335baf9907cfaec588f25354b804b3d59f3882d923fbaf0d929b933ef49.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
4c99ac9f69cf03b60583b12f94fe442da74178f53030bd2b7703b1d53da6a135.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral15
Sample
4fbbd67a32384a485efb0efb9e958a9f7b7a879d3945b16ccf80a8580bd935a7.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
622e2834e51caa303d120c7503d8fcce671226a0342d7be0f8cf546b44cee195.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral17
Sample
6734e7474c81f5b7b0c006a17b79f59e3281f45f03910ddeeae2ea05291655fd.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
67a00565a4c5fc9f08543cb10bfa3858801f87a558e21ad36d514c9bedb10e5d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral19
Sample
6e228df5e458ddcd6a9b5284418b6101cb988315d3910f1b422d511135acd462.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
7b93299c4559e89716a9b37f4a43c1b084c610ad1d9d8e462a1383320e299503.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral21
Sample
7c2a9bae3bbdc9e38516754d76a192d6a3ce37849c06a8a8d3b06fb7f75916c1.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
7d9c97a133997396b0625a5d2b762fb8b333f5152d4dd893c7a463cc41372ab5.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral23
Sample
83b294975e094024bdeb90f5cdeb9832304cf6879a27eee5cfe08650e5731674.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
9b0cfabed9fbf6b05c74e5a31eb500fea0691c84fa736dd25e8e5013a35f038e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral25
Sample
aa63528bf720d3f9b31e91945a576afa4c609a09c07b3bbfc29351d760a71ccd.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
b54d6dc708eade0818fcf91e59c7dbe37267abbe43a1672fb5f1c126e021ad7d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral27
Sample
b6b2c1f4bbe4259e0279a0c3db98a69db12ab6ae0b549085c714f1497f3c8300.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
ba43b2eb4865f24c9e04bdd6cd885202267e831ef797df32eb602dd91ff36ffb.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral29
Sample
cc43fc18d6d1dc662ad747652cd961152ee13dbf2cea9bf75564f3e2e8ffd2e8.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral31
Sample
ebb17d81ffb02c01b4f49c7267246f243272ca2aecda68a44e89a33f74a47a0f.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda.exe
Resource
win7-20240221-en
windows7-x64
General
-
Target
067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe
-
Size
24KB
-
MD5
3aea97ef58d132d994d6160ae232c6e7
-
SHA1
de2146322b6a533ccf5ace0f1edcb6cf92d34179
-
SHA256
067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540
-
SHA512
a48d3ab7b7e35d1f24f1319831ffdc1c2dc9f4ededa0007684ff2515edf39e727915eafc124fa752082b0e1534ddf37a2ed12be18d9aadc72391b57cf5b6f9c4
-
SSDEEP
384:Y3Mg/bqo2CUTermpEdwdcJAr91Ci7IJvOe2:mqo2Yrmpfd0Ar9xame2
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 3 IoCs
resource yara_rule behavioral1/memory/2884-0-0x0000000000FC0000-0x0000000000FCC000-memory.dmp family_chaos behavioral1/files/0x000b000000012267-5.dat family_chaos behavioral1/memory/2092-7-0x0000000000BB0000-0x0000000000BBC000-memory.dmp family_chaos -
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
pid Process 2232 bcdedit.exe 2236 bcdedit.exe -
Renames multiple (191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
pid Process 2136 wbadmin.exe -
Drops startup file 3 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini svchost.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt svchost.exe -
Executes dropped EXE 1 IoCs
pid Process 2092 svchost.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 34 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini svchost.exe File opened for modification C:\Users\Public\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini svchost.exe File opened for modification C:\Users\Public\Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Music\desktop.ini svchost.exe File opened for modification C:\Users\Public\Desktop\desktop.ini svchost.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3787592910-3720486031-2929222812-1000\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Searches\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini svchost.exe File opened for modification C:\Users\Public\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini svchost.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini svchost.exe File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Public\Music\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini svchost.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 1076 vssadmin.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 1668 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2092 svchost.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe 2092 svchost.exe 2092 svchost.exe 2092 svchost.exe 2092 svchost.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
description pid Process Token: SeDebugPrivilege 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe Token: SeDebugPrivilege 2092 svchost.exe Token: SeBackupPrivilege 1084 vssvc.exe Token: SeRestorePrivilege 1084 vssvc.exe Token: SeAuditPrivilege 1084 vssvc.exe Token: SeIncreaseQuotaPrivilege 1336 WMIC.exe Token: SeSecurityPrivilege 1336 WMIC.exe Token: SeTakeOwnershipPrivilege 1336 WMIC.exe Token: SeLoadDriverPrivilege 1336 WMIC.exe Token: SeSystemProfilePrivilege 1336 WMIC.exe Token: SeSystemtimePrivilege 1336 WMIC.exe Token: SeProfSingleProcessPrivilege 1336 WMIC.exe Token: SeIncBasePriorityPrivilege 1336 WMIC.exe Token: SeCreatePagefilePrivilege 1336 WMIC.exe Token: SeBackupPrivilege 1336 WMIC.exe Token: SeRestorePrivilege 1336 WMIC.exe Token: SeShutdownPrivilege 1336 WMIC.exe Token: SeDebugPrivilege 1336 WMIC.exe Token: SeSystemEnvironmentPrivilege 1336 WMIC.exe Token: SeRemoteShutdownPrivilege 1336 WMIC.exe Token: SeUndockPrivilege 1336 WMIC.exe Token: SeManageVolumePrivilege 1336 WMIC.exe Token: 33 1336 WMIC.exe Token: 34 1336 WMIC.exe Token: 35 1336 WMIC.exe Token: SeIncreaseQuotaPrivilege 1336 WMIC.exe Token: SeSecurityPrivilege 1336 WMIC.exe Token: SeTakeOwnershipPrivilege 1336 WMIC.exe Token: SeLoadDriverPrivilege 1336 WMIC.exe Token: SeSystemProfilePrivilege 1336 WMIC.exe Token: SeSystemtimePrivilege 1336 WMIC.exe Token: SeProfSingleProcessPrivilege 1336 WMIC.exe Token: SeIncBasePriorityPrivilege 1336 WMIC.exe Token: SeCreatePagefilePrivilege 1336 WMIC.exe Token: SeBackupPrivilege 1336 WMIC.exe Token: SeRestorePrivilege 1336 WMIC.exe Token: SeShutdownPrivilege 1336 WMIC.exe Token: SeDebugPrivilege 1336 WMIC.exe Token: SeSystemEnvironmentPrivilege 1336 WMIC.exe Token: SeRemoteShutdownPrivilege 1336 WMIC.exe Token: SeUndockPrivilege 1336 WMIC.exe Token: SeManageVolumePrivilege 1336 WMIC.exe Token: 33 1336 WMIC.exe Token: 34 1336 WMIC.exe Token: 35 1336 WMIC.exe Token: SeBackupPrivilege 2864 wbengine.exe Token: SeRestorePrivilege 2864 wbengine.exe Token: SeSecurityPrivilege 2864 wbengine.exe -
Suspicious use of WriteProcessMemory 30 IoCs
description pid Process procid_target PID 2884 wrote to memory of 2092 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe 28 PID 2884 wrote to memory of 2092 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe 28 PID 2884 wrote to memory of 2092 2884 067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe 28 PID 2092 wrote to memory of 2740 2092 svchost.exe 31 PID 2092 wrote to memory of 2740 2092 svchost.exe 31 PID 2092 wrote to memory of 2740 2092 svchost.exe 31 PID 2740 wrote to memory of 1076 2740 cmd.exe 33 PID 2740 wrote to memory of 1076 2740 cmd.exe 33 PID 2740 wrote to memory of 1076 2740 cmd.exe 33 PID 2740 wrote to memory of 1336 2740 cmd.exe 36 PID 2740 wrote to memory of 1336 2740 cmd.exe 36 PID 2740 wrote to memory of 1336 2740 cmd.exe 36 PID 2092 wrote to memory of 2916 2092 svchost.exe 38 PID 2092 wrote to memory of 2916 2092 svchost.exe 38 PID 2092 wrote to memory of 2916 2092 svchost.exe 38 PID 2916 wrote to memory of 2232 2916 cmd.exe 40 PID 2916 wrote to memory of 2232 2916 cmd.exe 40 PID 2916 wrote to memory of 2232 2916 cmd.exe 40 PID 2916 wrote to memory of 2236 2916 cmd.exe 41 PID 2916 wrote to memory of 2236 2916 cmd.exe 41 PID 2916 wrote to memory of 2236 2916 cmd.exe 41 PID 2092 wrote to memory of 1468 2092 svchost.exe 42 PID 2092 wrote to memory of 1468 2092 svchost.exe 42 PID 2092 wrote to memory of 1468 2092 svchost.exe 42 PID 1468 wrote to memory of 2136 1468 cmd.exe 44 PID 1468 wrote to memory of 2136 1468 cmd.exe 44 PID 1468 wrote to memory of 2136 1468 cmd.exe 44 PID 2092 wrote to memory of 1668 2092 svchost.exe 48 PID 2092 wrote to memory of 1668 2092 svchost.exe 48 PID 2092 wrote to memory of 1668 2092 svchost.exe 48 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe"C:\Users\Admin\AppData\Local\Temp\067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete3⤵
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
PID:1076
-
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1336
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no3⤵
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\system32\bcdedit.exebcdedit /set {default} bootstatuspolicy ignoreallfailures4⤵
- Modifies boot configuration data using bcdedit
PID:2232
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} recoveryenabled no4⤵
- Modifies boot configuration data using bcdedit
PID:2236
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet3⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\system32\wbadmin.exewbadmin delete catalog -quiet4⤵
- Deletes backup catalog
PID:2136
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt3⤵
- Opens file in notepad (likely ransom note)
PID:1668
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1084
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2864
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵PID:620
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD53aea97ef58d132d994d6160ae232c6e7
SHA1de2146322b6a533ccf5ace0f1edcb6cf92d34179
SHA256067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540
SHA512a48d3ab7b7e35d1f24f1319831ffdc1c2dc9f4ededa0007684ff2515edf39e727915eafc124fa752082b0e1534ddf37a2ed12be18d9aadc72391b57cf5b6f9c4
-
Filesize
1KB
MD58b7c16186eda725a280ae9f7e7ea9b43
SHA1a7bd3384999e829ccc4c828fc4511d6ef0228670
SHA256f59448977db86356cffdf951cef0b2273f83641db68a8bd1f6170f8fb07ac44b
SHA51277a985b454dde88b1c30ad61b0eb672edec45aa1e84310c9a9e06db4bd31b95b36b34fb5fb2560f07a3d4dcb06e932c969b51652770d719378dc15b448f43136