Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://cdn.discordapp.com/attachments/1245703864976408689/1245740624926343228/Gwater2installer.zip?ex=665c7cdd&is=665b2b5d&hm=9d236ab9443dbd63621809c39e224f716b3a99852e657d78a649094abdb94c4c& was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:05
Reported
2024-06-02 01:08
Platform
win10v2004-20240508-en
Max time kernel
101s
Max time network
102s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Gwater2installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\Gwater2installer.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Gwater2installer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1245703864976408689/1245740624926343228/Gwater2installer.zip?ex=665c7cdd&is=665b2b5d&hm=9d236ab9443dbd63621809c39e224f716b3a99852e657d78a649094abdb94c4c&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,3392827847103066397,11869885630972105071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Gwater2installer.exe
"C:\Users\Admin\Desktop\Gwater2installer.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\gwater\Gwater03bModArchive.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_888_RATWIUKEJMQFONFY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 355208d7d7f19e09188eede30eebce6e |
| SHA1 | f195624fa4321b7437d5da64a405facdbf6b5064 |
| SHA256 | 99128e24c3058442c25428ae82deaa2252c092b3aff5f2fdf67cc462097d9ab3 |
| SHA512 | f49abc8dcfff8b4bde2d3414b8de915e20cdf7d9f0e9f59b03cdf93c1996d38582053c2ab2a2d36730fe0de5654996f5c8f8b6cf3673a230a2a383e214ef6cdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\Downloads\Unconfirmed 297010.crdownload
| MD5 | 3381340d722f504d8cb6e0b5f8d44ce8 |
| SHA1 | ab3314e326437306bcc4cb7a5c2fd38012ea3ad6 |
| SHA256 | 64c9e5d704af82d5c50897b64f4f032f7891baffd8842ca540e869bedc0e31ae |
| SHA512 | ef3e6c68b1e84cd6c1fdf12b08f887d1f11198023ff11028aec3fd476614ac610dcc7c00cae55c7f9db0ae62030f7f7599f890706fe05f1ac177fb5a80704a56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7fc8aff183cda29451d02e2deb9bb76 |
| SHA1 | 49570d4934264a2ceb9ac41a77a452061241e4bd |
| SHA256 | 0979da1b9714ebd5f28af9558566a28c7e0510280a0ec10ce0b8366a423f13a4 |
| SHA512 | d409445f14a68d62134a41a15012109dc9867015cdd02d12a971443f2f120378b2d4fd3f91c1247202e3cab742eb9d6d4fcc19f1fad92b12006da2cbef28243a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9bd98402bd82b1f8768ab3621d2eeb32 |
| SHA1 | d58076ff8bdf9b92955ad39a20f012f61f96c7aa |
| SHA256 | 8509f5c8895851d9085a14e45dc5f98d5470998ced20793e2b628c0c952d2bb5 |
| SHA512 | 573cc9d8f2a35a2b713518fac3e2ef8c1aa327e05ef033e44530c20160954b90fc2e8991932f18adcd06dcec741cee54dda1baa3cf3ab979eb4cfbe9bb434d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d70c8dcd4c428d989ea1c0919431702c |
| SHA1 | 2c4f943061d1d00dfb8d646ff84e33bf866952b7 |
| SHA256 | 89aaf0a19fb936b4739217a54a780f35701798a4c12b4a576d225fdfca37e404 |
| SHA512 | da992167d4e6233990cf4c69d987cad2618cc2db5adb76ac8b855765f852749fce4617fb4a0b7d83ebc56c385ba23c579fe76db688b1799488d598174ab533f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d256088534d1e46f47b10e5c9404afc0 |
| SHA1 | b390f5697c42b40c03602cc7f17679c902278f4a |
| SHA256 | 2498379a4c51c09d22e2fe279da58dcac97e445b7ceacc1e8fa9d624d709c5b0 |
| SHA512 | 33e8cd01e9c254a88c26e24a7b45ffdf0985a986cb9e5c97f35a4e026073b0f54533e9e900d96e267866e52d305c72f9d40e3b72c1d09b6bbd7ba9d7b85f6f0f |
memory/5792-103-0x00000000008F0000-0x000000000123A000-memory.dmp
memory/5792-104-0x0000000006190000-0x0000000006734000-memory.dmp
memory/5792-105-0x0000000005BE0000-0x0000000005C72000-memory.dmp
memory/5792-106-0x0000000005C90000-0x0000000005C9A000-memory.dmp
memory/5792-109-0x0000000009BF0000-0x0000000009C02000-memory.dmp
memory/5792-110-0x0000000009BE0000-0x0000000009BEA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 859cf9cd77c9a6bd5b0af56f08fb5128 |
| SHA1 | d62387a78e8a1643ba3117187479da14bce1b65c |
| SHA256 | d16c0bd72e9deb73d2e3a40eb21ac668477363c33e58765884b1663324a4eb05 |
| SHA512 | e60f5d7000507794a20316c7110fbee3f1d9b02efdba877bec150d5d63939eff3aa9fbba758709a8094c65a083b158840563a8e8399b64e16a077d12a1cb8fed |
C:\Users\Admin\Desktop\gwater\Gwater03bModArchive.txt
| MD5 | a6105c0a611b41b08f1209506350279e |
| SHA1 | fb360f9c09ac8c5edb2f18be5de4e80ea4c430d0 |
| SHA256 | 8a798890fe93817163b10b5f7bd2ca4d25d84c52739a645a889c173eee7d9d3d |
| SHA512 | 81e92f5d90684db6638344869c82e784b5270b513811080bdba905820be1b0331be8fb7329e4c7a6f97846c1b211572042a0c5bfc7d487a74cab0221c19685c5 |