Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/06/2024, 21:19
Static task
static1
Behavioral task
behavioral1
Sample
116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe
-
Size
1.3MB
-
MD5
b7d5b22aaeab5b419389db0647ba4f60
-
SHA1
f8aca4756c7cb1d843dd734ac5582e8540dab8e6
-
SHA256
116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226
-
SHA512
dc8b9112ae37b65d7371bde6d5a6e0aa2ddacdffb227c5ad3051e03cb40a586ee8699ddb3ce437c96804826d8ce32280455935be9731afb5a5d0c33332860b24
-
SSDEEP
6144:gDCwfqDCwfyDDCwfADCwfyDDCwfqDCwfyDDCwfazhDCwfazrDCwfqDCG:g7q7yD7A7yD7q7yD7azh7azr7qb
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" hosts.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" avscan.exe Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" hosts.exe -
Adds policy Run key to start application 2 TTPs 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SCFGBRBT = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SCFGBRBT = "W_X_C.bat" WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run WScript.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SCFGBRBT = "W_X_C.bat" WScript.exe -
Executes dropped EXE 6 IoCs
pid Process 2616 avscan.exe 2896 avscan.exe 2608 hosts.exe 2644 hosts.exe 2592 avscan.exe 1692 hosts.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc REG.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend REG.exe -
Loads dropped DLL 5 IoCs
pid Process 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 2616 avscan.exe 2608 hosts.exe 2608 hosts.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" avscan.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" hosts.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe" 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe -
Drops file in Windows directory 5 IoCs
description ioc Process File created C:\windows\W_X_C.vbs 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe File created \??\c:\windows\W_X_C.bat 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe File opened for modification C:\Windows\hosts.exe 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe File opened for modification C:\Windows\hosts.exe avscan.exe File opened for modification C:\Windows\hosts.exe hosts.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 9 IoCs
pid Process 2452 REG.exe 1596 REG.exe 1964 REG.exe 1208 REG.exe 2144 REG.exe 1732 REG.exe 2248 REG.exe 2072 REG.exe 2028 REG.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2616 avscan.exe 2608 hosts.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 2616 avscan.exe 2896 avscan.exe 2608 hosts.exe 2644 hosts.exe 2592 avscan.exe 1692 hosts.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2248 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 28 PID 2244 wrote to memory of 2248 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 28 PID 2244 wrote to memory of 2248 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 28 PID 2244 wrote to memory of 2248 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 28 PID 2244 wrote to memory of 2616 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 30 PID 2244 wrote to memory of 2616 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 30 PID 2244 wrote to memory of 2616 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 30 PID 2244 wrote to memory of 2616 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 30 PID 2616 wrote to memory of 2896 2616 avscan.exe 31 PID 2616 wrote to memory of 2896 2616 avscan.exe 31 PID 2616 wrote to memory of 2896 2616 avscan.exe 31 PID 2616 wrote to memory of 2896 2616 avscan.exe 31 PID 2616 wrote to memory of 2632 2616 avscan.exe 32 PID 2616 wrote to memory of 2632 2616 avscan.exe 32 PID 2616 wrote to memory of 2632 2616 avscan.exe 32 PID 2616 wrote to memory of 2632 2616 avscan.exe 32 PID 2244 wrote to memory of 2080 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 34 PID 2244 wrote to memory of 2080 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 34 PID 2244 wrote to memory of 2080 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 34 PID 2244 wrote to memory of 2080 2244 116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe 34 PID 2080 wrote to memory of 2608 2080 cmd.exe 36 PID 2080 wrote to memory of 2608 2080 cmd.exe 36 PID 2080 wrote to memory of 2608 2080 cmd.exe 36 PID 2080 wrote to memory of 2608 2080 cmd.exe 36 PID 2632 wrote to memory of 2644 2632 cmd.exe 37 PID 2632 wrote to memory of 2644 2632 cmd.exe 37 PID 2632 wrote to memory of 2644 2632 cmd.exe 37 PID 2632 wrote to memory of 2644 2632 cmd.exe 37 PID 2608 wrote to memory of 2592 2608 hosts.exe 38 PID 2608 wrote to memory of 2592 2608 hosts.exe 38 PID 2608 wrote to memory of 2592 2608 hosts.exe 38 PID 2608 wrote to memory of 2592 2608 hosts.exe 38 PID 2608 wrote to memory of 1416 2608 hosts.exe 40 PID 2608 wrote to memory of 1416 2608 hosts.exe 40 PID 2608 wrote to memory of 1416 2608 hosts.exe 40 PID 2608 wrote to memory of 1416 2608 hosts.exe 40 PID 2080 wrote to memory of 2800 2080 cmd.exe 39 PID 2080 wrote to memory of 2800 2080 cmd.exe 39 PID 2080 wrote to memory of 2800 2080 cmd.exe 39 PID 2080 wrote to memory of 2800 2080 cmd.exe 39 PID 2632 wrote to memory of 2832 2632 cmd.exe 41 PID 2632 wrote to memory of 2832 2632 cmd.exe 41 PID 2632 wrote to memory of 2832 2632 cmd.exe 41 PID 2632 wrote to memory of 2832 2632 cmd.exe 41 PID 1416 wrote to memory of 1692 1416 cmd.exe 43 PID 1416 wrote to memory of 1692 1416 cmd.exe 43 PID 1416 wrote to memory of 1692 1416 cmd.exe 43 PID 1416 wrote to memory of 1692 1416 cmd.exe 43 PID 1416 wrote to memory of 2004 1416 cmd.exe 44 PID 1416 wrote to memory of 2004 1416 cmd.exe 44 PID 1416 wrote to memory of 2004 1416 cmd.exe 44 PID 1416 wrote to memory of 2004 1416 cmd.exe 44 PID 2616 wrote to memory of 2072 2616 avscan.exe 45 PID 2616 wrote to memory of 2072 2616 avscan.exe 45 PID 2616 wrote to memory of 2072 2616 avscan.exe 45 PID 2616 wrote to memory of 2072 2616 avscan.exe 45 PID 2608 wrote to memory of 2452 2608 hosts.exe 47 PID 2608 wrote to memory of 2452 2608 hosts.exe 47 PID 2608 wrote to memory of 2452 2608 hosts.exe 47 PID 2608 wrote to memory of 2452 2608 hosts.exe 47 PID 2616 wrote to memory of 2028 2616 avscan.exe 51 PID 2616 wrote to memory of 2028 2616 avscan.exe 51 PID 2616 wrote to memory of 2028 2616 avscan.exe 51 PID 2616 wrote to memory of 2028 2616 avscan.exe 51
Processes
-
C:\Users\Admin\AppData\Local\Temp\116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\116188f9ee4c70a7992b4945e85e7b1fb9bf1708b0128aacdc0d533cb0ffc226_NeikiAnalytics.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f2⤵
- Impair Defenses: Safe Mode Boot
- Modifies registry key
PID:2248
-
-
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat3⤵
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\windows\hosts.exeC:\windows\hosts.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"4⤵
- Adds policy Run key to start application
PID:2832
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
PID:2072
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
PID:2028
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
PID:1964
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
PID:2144
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat2⤵
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\windows\hosts.exeC:\windows\hosts.exe3⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Users\Admin\AppData\Local\Temp\avscan.exeC:\Users\Admin\AppData\Local\Temp\avscan.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\W_X_C.bat4⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\windows\hosts.exeC:\windows\hosts.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"5⤵
- Adds policy Run key to start application
PID:2004
-
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- Modifies registry key
PID:2452
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- Modifies registry key
PID:1596
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- Modifies registry key
PID:1208
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f4⤵
- Modifies registry key
PID:1732
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"3⤵
- Adds policy Run key to start application
PID:2800
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD57671d3e8940305e96cad2c4ea9b61f0f
SHA1cbeae54174b41e35a6e711c4b014479d63f7e9ba
SHA256ae830846ce6cbdb6d68cb4432eccaa0db2893a582606d87948d43b329aacd89b
SHA51250c1789ef28ab5da5c5603fbd1d627a4fa4a7eaa070b1f9cab3a6ecbd4ee0dedbba493f0c4d9127022549d3205bb649dec5928eae5cb581102b35ec96b328126
-
Filesize
3.9MB
MD55f217d2815b075362da4483c942d8df3
SHA1fdacd36faab4b43c48fe84d33bf772b4d28fa9c7
SHA256ad615e54b6440a8679eb13cf88db7e370ce34c9ac6132570f5eee3a19823f825
SHA5126b75eff2dd2df4facb0eac84bd0d119097e905592ce155b6975a10be86ed00da38f211c4dd69d4c856611048e260d182f4ae4e1dc98d525b6cc9c6d2df7304b7
-
Filesize
5.2MB
MD5c7ab8442761528dd4dcbbbf0d6f59823
SHA1f8c0e4599851b84f8ec9df677800f5609d811142
SHA256a9d46091c4bc8c39e34484536986eb1549d69fd94ff0f9bb955f3fe160ee75bc
SHA512674570c79e8b48e24c1f991ba341abd06b47c32d76485a8678cf230afdf32fb10d5c877ccb196ee7dc295e0f9d0f9c47049a74a1c974b65f40265b8108d9fe26
-
Filesize
6.5MB
MD5c42e232bd1cb2c4ff51bb58216c9e4e9
SHA16da52b20873453d936e44ecc544f5485b5be25d9
SHA256699a1538b408cf204b0a504fc63dcfabb6e6a5b78e954b84b640b8d9f566baff
SHA5127d59c15a455826ee7a96eb1fbd1136a9f9f69f57942a891943a3f250a3458f1df0726cc24d1eb57a1c3be974383c4eb9c32c334844d0fd891bdf50df7003cf61
-
Filesize
7.8MB
MD5a8b9850e60f66350788f7d42ac73fdee
SHA1d354e630a6324e8385c690c3735b5d3fd3bdd550
SHA256ea7387ec25fe8318f5aa8126d32615bc093ea0060fca6ded042106f98853809d
SHA5121c2547e8da376765afcc5d8d6332c3e4c7121e58fd72b8829890358a38627b0c01dfc43a70231c18e3040dc78dbd71ff8e81e1551b9dca27138795a07a006232
-
Filesize
9.1MB
MD509f00f2ac97d9a188c478b0b1dfd6094
SHA16956914cbdfe4ad56306af08d063fba6be211fad
SHA256b1b455ab79700039721a023fbe5ca631fcf582410c3de5aa48bce2d548d33ec8
SHA512c8ddc3ca94ece619505277e18be4711b650250cd0a708990dd3f5728553305adf005afafbae9971457713529422b9c5a8fc4874a2adbf0f58e3f1bbbffa2b9d3
-
Filesize
10.4MB
MD599a6007dbc6b6fc316b971f271d70011
SHA14a1dac7174b603e3c2e7b6f31a0eb449eaef0207
SHA256799024d27756a17905aef7303336c58850b95f868c3de92abe0d7653951ae65e
SHA51226d5f3b00f8618585c364a99fc95012c394cd981931994c05cb0fa44e344910f44c4bbdff1f4c30c9c41dda72c09de582248a439d6fe5a6ad188313f47514083
-
Filesize
195B
MD5213eeee0bf55b5002060609a41f54dda
SHA1e4dcd3878c2ac69345e22c405dfe1035b6817dcd
SHA25684e5623c8426cf9f7501e1fb0f83c4c3b1d55b56ea0502ef304fb711c84d42f2
SHA5125ce9e9e476998b84805d76f45fcc1422f777061f7338c01b4f4cae71c0d0265b6fa55dfffe2eb5c37bc796b9ae6455bcb6a992e43add400bbb75f5056e311c44
-
Filesize
1.3MB
MD5293394ad07858dfaf781659d8c4f14be
SHA146d4a2a7108b1ce1bb91bb34d3e9fe2668dc116b
SHA256ca5e52ba2cb916e2a72972c912293813cec277ed134eb6d1fdbd9512fcffce34
SHA5127a9bea0e9e45ee7a7aca0c0e01bfcd40d5c074484c77741e1975910ff5ca9fd8a72364546979aac310e6c4a67a8fb73e5ca3a174d949cacf9f7b05001fc7b221
-
Filesize
336B
MD54db9f8b6175722b62ececeeeba1ce307
SHA13b3ba8414706e72a6fa19e884a97b87609e11e47
SHA256d2150b9e5a4ce55e140f0ca91c4e300715d42095c8fddf58c77037cdd2cfaf78
SHA5121d6dc274cf7a3dd704f840e6a5ad57ab4c4e35d5f09489aeff520bb797e1c825bac53fc335156fe41e767a46520d031855fe42fe7b175409ebe5e9e986fb9b8b
-
Filesize
1.3MB
MD54b3e2636686e61a13fec3d0316334dae
SHA197a8ccc15223f35ce6f60f9d365076795f6bcdab
SHA25618b5b07188152b7e7149cbf105334a64b08071aa620184395d5b119ef2a2cd09
SHA5129fde206dc34971ca76b076a0afbbe58b349fc74ad4bae1512025590229988d64c8281e9876435148e379c0221200dd72c021c02151d96bd7efc522087c0b967c