Analysis
-
max time kernel
38s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 20:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/MivyGitHub/Discord-rat-v2/blob/main/release.rar
Resource
win10v2004-20240426-en
General
-
Target
https://github.com/MivyGitHub/Discord-rat-v2/blob/main/release.rar
Malware Config
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE 2 IoCs
pid Process 5868 builder.exe 6096 Discord rat.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 55 raw.githubusercontent.com 56 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 412 msedge.exe 412 msedge.exe 3052 msedge.exe 3052 msedge.exe 652 identity_helper.exe 652 identity_helper.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5732 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeRestorePrivilege 5732 7zFM.exe Token: 35 5732 7zFM.exe Token: SeSecurityPrivilege 5732 7zFM.exe Token: SeSecurityPrivilege 5732 7zFM.exe Token: SeDebugPrivilege 6096 Discord rat.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 5732 7zFM.exe 5732 7zFM.exe 5732 7zFM.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe 3052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3052 wrote to memory of 3500 3052 msedge.exe 83 PID 3052 wrote to memory of 3500 3052 msedge.exe 83 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 868 3052 msedge.exe 84 PID 3052 wrote to memory of 412 3052 msedge.exe 85 PID 3052 wrote to memory of 412 3052 msedge.exe 85 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86 PID 3052 wrote to memory of 2988 3052 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/MivyGitHub/Discord-rat-v2/blob/main/release.rar1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7df246f8,0x7ffd7df24708,0x7ffd7df247182⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,1029293569925543494,16645041151761134120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:5184
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4292
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4204
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5608
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\release.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5732 -
C:\Users\Admin\AppData\Local\Temp\7zO466C57F7\builder.exe"C:\Users\Admin\AppData\Local\Temp\7zO466C57F7\builder.exe"2⤵
- Executes dropped EXE
PID:5868
-
-
C:\Users\Admin\AppData\Local\Temp\7zO4667DE97\Discord rat.exe"C:\Users\Admin\AppData\Local\Temp\7zO4667DE97\Discord rat.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6096
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD58f54b47b75b7cfca7f9d24cbdfcd079b
SHA19883f8e6f10b081cd82f91a95fe9aec0e895d483
SHA25659124a6baf2d64e6bf1a540d94e58d0ce87d760b5ff071da63086ec88c29a69d
SHA512598f25e15c629a729ee78d8fc35d0b84a7f1ee54fab41356d64f018e2ed24502bf06cbc0d6b1d0faae50e93e6dc2a07a9100afa6fc5243dc147bf64e511f5ecc
-
Filesize
6KB
MD5ecf197ea76b4c073125d7277f472984e
SHA1e68d69a79cdd7e03402c26d09ff53f843f8c241b
SHA2567c2ec250c739405db1d1c681f8340d1234ea72190a4590a81bbbcd29047562ca
SHA51247908eeea3f3245b746de4ec22cf8332f3ee45ea13dfb641c5e1c112abb3df673bc5ea390c5cac4d5d5a9d2e82556872115526013c48a135c29392cd6368a3d7
-
Filesize
6KB
MD589eea6056a16f3c7cdb3f83d230c68d0
SHA149cd8868deb75fd13cf9eaeed9833e31ad8ff116
SHA256ca315cd8faf5d80f610973485a5d880c073236d906faa3545a652fd833b288b8
SHA5128fee10c61c33f2c97cc79d30566ef16b83a235597fe932b5eb281392ea357ae0da41845a6fba00144be32bf50d42c3a811a63c6f8d2f721d06585ed231773217
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD564bd105b5f6765a55394d12df73efce4
SHA147f4c2ab0be98b17653248e1ef4a750e4202438f
SHA2567997ce9f030f33b905a7065e409ec74979b89924709e3a2d08a483406cb55237
SHA5127db3bf4b616c9176fbeecc6696eff9afbe0ed402131b077a981136e0e2161077400aa54f7582071937a76c17aa9be7c77daf840a7300ceba17973e1030356e51
-
Filesize
11KB
MD526121c4d6924a5692506964d7eb261ff
SHA19d842ed52bc76d7eae10d4bce3d83dc07b72e1d1
SHA2566cbad555b3754df2df362e6e00d4c001e79252e7f1c5f5b3463a26dd4c349f80
SHA512e6af67bf63ef1dbc5a985a7c45290118727718256fee3d9b9c2173fbd46fb22efd05fd8966ecfd9f2e404d0d0d2dec4fc89afffa38e8f8ae00b60e3626739ec4
-
Filesize
79KB
MD5d13905e018eb965ded2e28ba0ab257b5
SHA16d7fe69566fddc69b33d698591c9a2c70d834858
SHA2562bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
-
Filesize
10KB
MD54f04f0e1ff050abf6f1696be1e8bb039
SHA1bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA51294713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
-
Filesize
372KB
MD586ded4ef1ad1d859f0754dfe45faa694
SHA1a03f08b39818ee9599311f4e8c1052f6294d7fe0
SHA256a4f18c25395dd65414110cfb3fe7727c1f72735823611da092d4a2b1db64611f
SHA512a73087b759ef0618964a440514177fb869cb993ce7ce9840d991b37967f72032af25a65b5dc7bb6d6bef7dc9c1dbe9c5bc1cd0ec05470600487682ee92fbba48