Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 08:41
Static task
static1
Behavioral task
behavioral1
Sample
4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe
-
Size
91KB
-
MD5
4c29fc38a6eee0f6c67258f461f836d0
-
SHA1
b44c07905f8c4c1eae72d1cff537e7109a3d9d4a
-
SHA256
2b9a353e41202823310c0124a1b88dcc6ac43ddb57b4a1e8760a1106fc6040e2
-
SHA512
f11e9f412e1051aa10d1d85de17055be55bd5524627db87e659e2afa28ccac6a8bad8f92e2fdc87bdb7cbf6596f9d25920b4e761c2ea6bfde89a83730e97fc62
-
SSDEEP
1536:zAwEmBZ04faWmtN4nic+6GfyAwEmBZ04faWmtN4nic+6Gm:zGms4Eton0qGms4Eton0m
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe \"C:\\Windows\\system32\\IExplorer.exe\"" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\IExplorer.exe" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Disables RegEdit via registry modification 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Disables use of System Restore points 1 TTPs
-
Executes dropped EXE 7 IoCs
pid Process 1784 xk.exe 4136 IExplorer.exe 64 WINLOGON.EXE 2708 CSRSS.EXE 3812 SERVICES.EXE 3168 LSASS.EXE 60 SMSS.EXE -
Modifies system executable filetype association 2 TTPs 13 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\ = "File Folder" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xk = "C:\\Windows\\xk.exe" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSMSGS = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\WINLOGON.EXE" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ServiceAdmin = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\SERVICES.EXE" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LogonAdmin = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\CSRSS.EXE" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\System Monitoring = "C:\\Users\\Admin\\Local Settings\\Application Data\\WINDOWS\\LSASS.EXE" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Drops file in System32 directory 6 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\shell.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\shell.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\Mig2.scr 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IExplorer.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\IExplorer.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\Mig2.scr 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\xk.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe File opened for modification C:\Windows\xk.exe 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Modifies Control Panel 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\ 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\system32\\Mig~mig.SCR" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\ScreenSaverIsSecure = "0" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Desktop\ScreenSaveTimeOut = "600" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Modifies registry class 15 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\ = "File Folder" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shell\open\command\ = "\"C:\\Windows\\system32\\shell.exe\" \"%1\" %*" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 1784 xk.exe 4136 IExplorer.exe 64 WINLOGON.EXE 2708 CSRSS.EXE 3812 SERVICES.EXE 3168 LSASS.EXE 60 SMSS.EXE -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 856 wrote to memory of 1784 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 82 PID 856 wrote to memory of 1784 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 82 PID 856 wrote to memory of 1784 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 82 PID 856 wrote to memory of 4136 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 83 PID 856 wrote to memory of 4136 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 83 PID 856 wrote to memory of 4136 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 83 PID 856 wrote to memory of 64 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 84 PID 856 wrote to memory of 64 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 84 PID 856 wrote to memory of 64 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 84 PID 856 wrote to memory of 2708 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 85 PID 856 wrote to memory of 2708 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 85 PID 856 wrote to memory of 2708 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 85 PID 856 wrote to memory of 3812 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 87 PID 856 wrote to memory of 3812 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 87 PID 856 wrote to memory of 3812 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 87 PID 856 wrote to memory of 3168 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 88 PID 856 wrote to memory of 3168 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 88 PID 856 wrote to memory of 3168 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 88 PID 856 wrote to memory of 60 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 89 PID 856 wrote to memory of 60 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 89 PID 856 wrote to memory of 60 856 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe 89 -
System policy modification 1 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" 4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4c29fc38a6eee0f6c67258f461f836d0_NeikiAnalytics.exe"1⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Disables RegEdit via registry modification
- Modifies system executable filetype association
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:856 -
C:\Windows\xk.exeC:\Windows\xk.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784
-
-
C:\Windows\SysWOW64\IExplorer.exeC:\Windows\system32\IExplorer.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4136
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:64
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3812
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3168
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:60
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
91KB
MD5d6d756d3aaf5650aa1e27c49c45a0526
SHA18ff746a7e9733ef8be90ff5cda5a96bfb68d61b7
SHA256c20dcf5726b38512fbdde0e07b0ef603d032fc41f5a7f5d211b03c0c89dd2f5e
SHA512c02b7a3fbfce4e601cc6316e37b094b4f39481fbbf1370e67d60f344a2ecc3c27c33c7269770e6f62dc7fb2bb62232fd8f6c407d20376641a0351e340da74b7e
-
Filesize
91KB
MD50a60454a9c7288970ef71739440da4a5
SHA108daaa96b48e9bef6e04b26c080951a2975163da
SHA2568ae68e44af4574ef3351a2d4c250aefd3ef207ec82fb680178ecfc7a3155eb65
SHA5120425441b6aee833ae2d9c459344b1f41891d43b88f1dbc606e3442e2bedc7ce156518ce16e998d125a21645a8a0fa4cff3d7d6105c79d971a28e0d4c914f6162
-
Filesize
91KB
MD53268cc16734961d28fe0cbdf08335dc5
SHA1d725469f6e5095c26e6d9ba86894122c2d911308
SHA256e30d3fba4efd9b21f4f875165164edf0a567f73a34b180a0fb320f97c72d45d7
SHA5124e9124128f4bc03bf93907ca43aa7cfc5c2a25aedcd12b1fbac392e962b65e22442d91d79a2149dff281b845c0551faecf0babf1fc482ad095358628ad3c2a67
-
Filesize
91KB
MD5b1d935b638d58603d4f70cefe4806edb
SHA18e1fe69177c48962ea9a1ea41f75729d0e7e6622
SHA2566df9922111a7f4549bf7403b85d0a743d66115da5997c5b40e025751d655a71d
SHA5128046139db32181cbcbd087045f0ca8eee61f07edec8edf139a5fb0e40374cd94d009d73ed10feddcf877f121b3d5c3084132b00a8594dd3563d2ca00aad81282
-
Filesize
91KB
MD5b02a6b48e2e329ab8c970d17ad6d49e1
SHA1edf7af4f0126264745d09c115a192a2abeed0fd9
SHA256365d6a6c4e0b52e4d8b56222a089173ca354a7a3ddc9d5d8709b55f3ca2715ca
SHA51263d87f663dd7ae9b37d5758850c5d2a02c7a24a051e0f1d18cb840f3ee7b5e709067a54e94f6335a9b122ac0764bf2cc5a388a7a587976a952f5cd96790b7833
-
Filesize
91KB
MD54c29fc38a6eee0f6c67258f461f836d0
SHA1b44c07905f8c4c1eae72d1cff537e7109a3d9d4a
SHA2562b9a353e41202823310c0124a1b88dcc6ac43ddb57b4a1e8760a1106fc6040e2
SHA512f11e9f412e1051aa10d1d85de17055be55bd5524627db87e659e2afa28ccac6a8bad8f92e2fdc87bdb7cbf6596f9d25920b4e761c2ea6bfde89a83730e97fc62
-
Filesize
91KB
MD54d9419af12bb6ad66ca3af4cc4ef2f85
SHA12072abe6490d4f9278768b1a1f2b3116316b5f9d
SHA256cbc10b17232b50670dc9141e82c142841b7b8c4d7c2a91e139e711b019034665
SHA512597759f12f8a2660f3bed3fa3a5b9ea671a93fef4b35130bae8d8c8a43d53c2e39d0c244b91a0da5d1f64b207de8c8661e8d3329775bfa72583d404c30e794b1
-
Filesize
91KB
MD5231d0aa26439cfff49f3b4b70d1c2073
SHA15b08191d4fe6ee36520ded6cd4dea01537dab2b3
SHA256fc82c7446b6c8c2ac7f3de3410610b292a47d77a02eda30d53d4ee86f940cfab
SHA5125751656fae955b22c289ce8ada77a6eb17e006814980b3884749ac05b0bbdd69d884bbb649c7c82e44f900a387b4f08883ab8b8d464b3510f2f54b1f07f4075f