Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 11:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VirusShare_4affa384ff6ab351df42fc3a02716670.exe
Resource
win7-20240508-en
windows7-x64
18 signatures
150 seconds
Behavioral task
behavioral2
Sample
VirusShare_4affa384ff6ab351df42fc3a02716670.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
17 signatures
150 seconds
General
-
Target
VirusShare_4affa384ff6ab351df42fc3a02716670.exe
-
Size
364KB
-
MD5
4affa384ff6ab351df42fc3a02716670
-
SHA1
7bebae1ad50fd27c3df625dc3995256f7d8bb8c2
-
SHA256
4f1e783f68071d95e0b07e1f8b80ed49d0d94a089ae96016b197f846350cfe66
-
SHA512
802616cac860ed2facd74387475e45ecd5a9e00fb106db801cd0168659fcecb9bb0ca6afb4cfeeca592d24d20c07add685e9a65c3178c839d37850a324906070
-
SSDEEP
6144:rHDYm7R++Qhm/FxsB+lIB+0ODLawCi308Ki7B4iTK24D1sr:rHr2mwB+g03S5idVK24Zsr
Malware Config
Extracted
Path
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\+REcovER+aujdl+.txt
Ransom Note
{}_~_~+
-$.-_+$|~~_||
=|_$.**+-~|
$+|=*.-=|
!!! IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-4096.
More information about the RSA algorythm can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
1. http://88fga.ketteaero.com/6868E592FC8C7B1F
2. http://2bdfb.spinakrosa.at/6868E592FC8C7B1F
3. http://uj5nj.onanwhit.com/6868E592FC8C7B1F
If all of the addresses are not available, follow these steps:
1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: k7tlx3ghr3m4n2tu.onion/6868E592FC8C7B1F
4. Follow the instructions on the site.
!!! Your personal identification ID: 6868E592FC8C7B1F !!!
)(*=~_$~+$==-$*~=$$
__$-=-+*
URLs
http://88fga.ketteaero.com/6868E592FC8C7B1F
http://2bdfb.spinakrosa.at/6868E592FC8C7B1F
http://uj5nj.onanwhit.com/6868E592FC8C7B1F
http://k7tlx3ghr3m4n2tu.onion/6868E592FC8C7B1F
Signatures
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself 1 IoCs
pid Process 2636 cmd.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\+REcovER+aujdl+.txt xfchlj.exe -
Executes dropped EXE 2 IoCs
pid Process 2772 xfchlj.exe 620 xfchlj.exe -
Loads dropped DLL 2 IoCs
pid Process 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\vssvyadwl = "C:\\Windows\\SYSTEM32\\CMD.EXE /C START \"\" \"C:\\Users\\Admin\\Documents\\xfchlj.exe\"" xfchlj.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 1368 set thread context of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 2772 set thread context of 620 2772 xfchlj.exe 34 -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt xfchlj.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Java\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hu\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js xfchlj.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\visualization\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows NT\Accessories\de-DE\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png xfchlj.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png xfchlj.exe File opened for modification C:\Program Files\Java\jre7\bin\plugin2\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css xfchlj.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\fr-FR\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Java\jre7\bin\dtplugin\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\reader\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css xfchlj.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt xfchlj.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Journal\fr-FR\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg xfchlj.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\fr-FR\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png xfchlj.exe File opened for modification C:\Program Files\Microsoft Games\More Games\fr-FR\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\+REcovER+aujdl+.txt xfchlj.exe File opened for modification C:\Program Files\Windows NT\TableTextService\en-US\+REcovER+aujdl+.png xfchlj.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\+REcovER+aujdl+.txt xfchlj.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Interacts with shadow copies 2 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 1556 vssadmin.exe 788 vssadmin.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Axronics xfchlj.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe 620 xfchlj.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 620 xfchlj.exe Token: SeBackupPrivilege 1900 vssvc.exe Token: SeRestorePrivilege 1900 vssvc.exe Token: SeAuditPrivilege 1900 vssvc.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1448 DllHost.exe -
Suspicious use of WriteProcessMemory 46 IoCs
description pid Process procid_target PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 1368 wrote to memory of 2720 1368 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 28 PID 2720 wrote to memory of 2772 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 29 PID 2720 wrote to memory of 2772 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 29 PID 2720 wrote to memory of 2772 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 29 PID 2720 wrote to memory of 2772 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 29 PID 2720 wrote to memory of 2636 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 30 PID 2720 wrote to memory of 2636 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 30 PID 2720 wrote to memory of 2636 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 30 PID 2720 wrote to memory of 2636 2720 VirusShare_4affa384ff6ab351df42fc3a02716670.exe 30 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 2772 wrote to memory of 620 2772 xfchlj.exe 34 PID 620 wrote to memory of 1556 620 xfchlj.exe 35 PID 620 wrote to memory of 1556 620 xfchlj.exe 35 PID 620 wrote to memory of 1556 620 xfchlj.exe 35 PID 620 wrote to memory of 1556 620 xfchlj.exe 35 PID 620 wrote to memory of 2288 620 xfchlj.exe 43 PID 620 wrote to memory of 2288 620 xfchlj.exe 43 PID 620 wrote to memory of 2288 620 xfchlj.exe 43 PID 620 wrote to memory of 2288 620 xfchlj.exe 43 PID 620 wrote to memory of 788 620 xfchlj.exe 44 PID 620 wrote to memory of 788 620 xfchlj.exe 44 PID 620 wrote to memory of 788 620 xfchlj.exe 44 PID 620 wrote to memory of 788 620 xfchlj.exe 44 PID 620 wrote to memory of 2292 620 xfchlj.exe 48 PID 620 wrote to memory of 2292 620 xfchlj.exe 48 PID 620 wrote to memory of 2292 620 xfchlj.exe 48 PID 620 wrote to memory of 2292 620 xfchlj.exe 48 -
System policy modification 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System xfchlj.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" xfchlj.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusShare_4affa384ff6ab351df42fc3a02716670.exe"C:\Users\Admin\AppData\Local\Temp\VirusShare_4affa384ff6ab351df42fc3a02716670.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\VirusShare_4affa384ff6ab351df42fc3a02716670.exe"C:\Users\Admin\AppData\Local\Temp\VirusShare_4affa384ff6ab351df42fc3a02716670.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Users\Admin\Documents\xfchlj.exeC:\Users\Admin\Documents\xfchlj.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Users\Admin\Documents\xfchlj.exeC:\Users\Admin\Documents\xfchlj.exe4⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:620 -
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /All /Quiet5⤵
- Interacts with shadow copies
PID:1556
-
-
C:\Windows\SysWOW64\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\+REcovER+aujdl+.txt5⤵PID:2288
-
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /All /Quiet5⤵
- Interacts with shadow copies
PID:788
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\DOCUME~1\xfchlj.exe >> NUL5⤵PID:2292
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\VIRUSS~1.EXE >> NUL3⤵
- Deletes itself
PID:2636
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1900
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
PID:1448
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD569833ef3a5b4d1a89b93c238cddae402
SHA11be9bd27719551aa9368b69ebae5b59131d80b2e
SHA2561c1fc2df1edaf568c70a29d7f72070d06da26436b72b64655806d025ef3c8c86
SHA512bcbe06b6c8a9366a8a0067688713165a8b8d5afb5330394b594966c9aebd4abd525ba7efc631243a91f1aeedb5edbc1d76c49edad85d106e2f6f91c670592398
-
Filesize
1KB
MD5e610ec85c840bbda40b477092cdcfa26
SHA16123aaa93906e042b12df064c35dbc515940d44e
SHA2561716707913519aa76013d98c39126aab4624aa5b2d03b098ffc73f08dec7aefb
SHA512af8921822b68dbb9e250ea5ca1ddb0b2cb97b3b3a72ce06fb6cc006bac675e992eb944b5f086e6ed50724770cc5e774626622a4401bff0d4c5a34bfe124920dd
-
Filesize
364KB
MD54affa384ff6ab351df42fc3a02716670
SHA17bebae1ad50fd27c3df625dc3995256f7d8bb8c2
SHA2564f1e783f68071d95e0b07e1f8b80ed49d0d94a089ae96016b197f846350cfe66
SHA512802616cac860ed2facd74387475e45ecd5a9e00fb106db801cd0168659fcecb9bb0ca6afb4cfeeca592d24d20c07add685e9a65c3178c839d37850a324906070
