Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 22:08
Static task
static1
Behavioral task
behavioral1
Sample
1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe
-
Size
131KB
-
MD5
1d1cd634b25c84b1a74a50e4bc3769d0
-
SHA1
93736e996840d358011fa89ed7d946a4d772b121
-
SHA256
55b85639624459549a2488e4c0c98626c24b034e9f89c2ad5b52ba7c68b5ee7e
-
SHA512
becb8ee354b18aff83236009bb61f18cd9235303ef901b26e51944fd166a56b476ef4137c0b6926fc8bf4bc69d7a29d2ff8bed0519ee2a4c3ec87dc978f49108
-
SSDEEP
3072:TEboFVlGAvwsgbpvYfMTc72L10fPsout6nn:QBzsgbpvnTcyOPsoS6nn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1660 svchost.exe -
Executes dropped EXE 1 IoCs
pid Process 4728 KVEIF.jpg -
Loads dropped DLL 4 IoCs
pid Process 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 1660 svchost.exe 4728 KVEIF.jpg 1616 svchost.exe -
resource yara_rule behavioral2/memory/2016-2-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-7-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-13-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-19-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-27-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-31-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-33-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-32-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-30-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-25-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-23-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-21-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-17-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-15-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-11-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-9-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-5-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/2016-3-0x00000000008D0000-0x0000000000925000-memory.dmp upx behavioral2/memory/1660-115-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-131-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-129-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-127-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-123-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-121-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-119-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-117-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-113-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-111-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-109-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-125-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-107-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-105-0x00000000028A0000-0x00000000028F5000-memory.dmp upx behavioral2/memory/1660-104-0x00000000028A0000-0x00000000028F5000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\kernel64.dll 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\kernel64.dll 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2016 set thread context of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 4728 set thread context of 1616 4728 KVEIF.jpg 89 -
Drops file in Program Files directory 23 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIF.jpg 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIF.jpg 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\1D11D1B123.IMD svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\1D11D1B123.IMD svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFs5.ini KVEIF.jpg File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFs5.ini svchost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFss1.ini 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFmain.ini 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFmain.ini 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\FKC.WYA 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIF.jpg svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\FKC.WYA KVEIF.jpg File opened for modification C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg svchost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\ok.txt 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFs1.ini svchost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\$$.tmp svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\FKC.WYA svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\FKC.WYA svchost.exe File created C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\1D11D1B123.IMD KVEIF.jpg File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIFs5.ini svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1B\KVEIF.jpg svchost.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\web\606C646364636479.tmp 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe File opened for modification C:\Windows\web\606C646364636479.tmp 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 1660 svchost.exe 4728 KVEIF.jpg 4728 KVEIF.jpg 4728 KVEIF.jpg 4728 KVEIF.jpg 4728 KVEIF.jpg 4728 KVEIF.jpg -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1660 svchost.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe Token: SeDebugPrivilege 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe Token: SeDebugPrivilege 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe Token: SeDebugPrivilege 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe Token: SeDebugPrivilege 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 4728 KVEIF.jpg Token: SeDebugPrivilege 4728 KVEIF.jpg Token: SeDebugPrivilege 4728 KVEIF.jpg Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1660 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe Token: SeDebugPrivilege 1616 svchost.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2016 wrote to memory of 2920 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 84 PID 2016 wrote to memory of 2920 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 84 PID 2016 wrote to memory of 2920 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 84 PID 2016 wrote to memory of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 2016 wrote to memory of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 2016 wrote to memory of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 2016 wrote to memory of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 2016 wrote to memory of 1660 2016 1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe 86 PID 3316 wrote to memory of 4728 3316 cmd.exe 88 PID 3316 wrote to memory of 4728 3316 cmd.exe 88 PID 3316 wrote to memory of 4728 3316 cmd.exe 88 PID 4728 wrote to memory of 1616 4728 KVEIF.jpg 89 PID 4728 wrote to memory of 1616 4728 KVEIF.jpg 89 PID 4728 wrote to memory of 1616 4728 KVEIF.jpg 89 PID 4728 wrote to memory of 1616 4728 KVEIF.jpg 89 PID 4728 wrote to memory of 1616 4728 KVEIF.jpg 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d1cd634b25c84b1a74a50e4bc3769d0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\svchost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530435D474A422F565840 02⤵PID:2920
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\svchost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530435D474A422F565840 02⤵
- Deletes itself
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1660
-
-
C:\Windows\system32\cmd.execmd.exe /c call "C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530435D474A422F5658401⤵
- Suspicious use of WriteProcessMemory
PID:3316 -
C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg"C:\Program Files\Common Files\Microsoft\1D11D1B\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530435D474A422F5658402⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\svchost.exe -sys 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530435D474A422F565840 03⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1616
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD520b11923d7c83eaa725121821b76435c
SHA1bd7145bd52425ee178f8bf96295bffdcd9110e24
SHA256d75ba91e658670f66c335e0a0ba3d58061287a33b5962a507b2aac95e1266796
SHA51239c1cd34fb5a43edf77199c14506f06df3426ef8f33e996ccc3d9c993e321cf3fd52f83e56bcd38829e363721857e9c9de17c7b5bda3d3350bfd5a095c936e7f
-
Filesize
131KB
MD5493b581f993a2d3eb0cbdb5246187ba3
SHA130edb0aadb51439cd34c2c6c97763ec54d8c100b
SHA256f19bd75595d93cd85f31945b63e96af6121caf8f83a983c107a54f93e0e3dbce
SHA5128fb35f808128b621ae6fbad9a50f2d7d89a7223595c712c98ade251f1f6434671c92b151ae5bc083aa789f609fe4442b027a72f058b6d7bf7b977b37f18e473e
-
Filesize
22B
MD5a4ef93de80711124d4b7e080ccf42edb
SHA1f4530f5e6d362781fa6dfa4982d25f3ad15dbf99
SHA2569a09d2a2b23760cbc02ab362728b30783f943d90beebbdbd03c4e8b288492d24
SHA512707c5a1a84a1cd490e3e0109c30b32724a69d27021653265bbd838065458e1eea20b470f145612f9ea5486711c47a59dcb515f9625829e63689a89af75901fa2
-
Filesize
87B
MD5210b2e0534748b2d3eb039c0cbfe6085
SHA1a4207dad717b078bee96a374368918cad614fc53
SHA256060da3d03be3dbf45836c359a4923057311c9b0b76fa0b433e9d9b5d3cb8b1ca
SHA512fe2ea1f203d58fbf7eec9acc6f7dcb662b3263674d81076fcbb88e95c909f4597d0884ec47c849e21e9fbb700c52e3f9256da9500c9d6b5543b3af681b6ddd7c
-
Filesize
131KB
MD50ee4ee15bcaa8e465691e4004f1744c5
SHA197f15f79e7f5523e8265fddd6e61a3442a6bd3d5
SHA2566f303f761ec33fe4b69c3db7570ac0701685427506fdaa8223df9bfd5c797ff8
SHA512225a7edf20650cdfa3517ac6051d38d50d219d2a214380820d24d9a5042803d7ae6f5e472d86e76e9870af5291d411926ff85f40355e7db90c9943e7994f58d4
-
Filesize
795B
MD5ef02f73a8b0f99eb942c12dd73a32be0
SHA12b5ca20fe32b31fd6b129968f93b3afe7ce6c657
SHA25629d56872d6ef7a47ccdaa8f794c3ccbc067199fafb4c85529c07d4171708313c
SHA5125331102a9eb364a097d233f564a1ad675352a135aaffc7795189b12d4a2332ddb0e77255d94c6c3b3dccbe13625a84a7e581484c5fac523b07395bc2efa7511f
-
Filesize
1KB
MD5059cc39dd7faa4fbf3a57fbc232b63d2
SHA1ad2c25f4f3e9bac4faeba1013c6a66b2c8ee8cb0
SHA256053806dd7769edb7b6c8973a5be23bff6351f9bff1a0a1a5fd37e53029a05952
SHA512c055c370c932286233308c0bb10c3d0569b49c6c1cdf6f01c681919bc3d1bf63a0004e65384afd5ec59f6ee249942da00afe6de21459801821ab6df4ba44d452
-
Filesize
625KB
MD5eccf28d7e5ccec24119b88edd160f8f4
SHA198509587a3d37a20b56b50fd57f823a1691a034c
SHA256820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6
SHA512c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670
-
Filesize
108KB
MD5f697e0c5c1d34f00d1700d6d549d4811
SHA1f50a99377a7419185fc269bb4d12954ca42b8589
SHA2561eacebb614305a9806113545be7b23cf14ce7e761ccf634510a7f1c0cfb6cd16
SHA512d5f35672f208ebbe306beeb55dadde96aa330780e2ea84b45d3fa6af41369e357412d82978df74038f2d27dff4d06905fd0b4d852b0beef1bcfdd6a0849bc202