Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
d507cad068e6e54d1f370bd4b7250790N.exe
Resource
win7-20240704-en
General
-
Target
d507cad068e6e54d1f370bd4b7250790N.exe
-
Size
131KB
-
MD5
d507cad068e6e54d1f370bd4b7250790
-
SHA1
d0d6bd0fd5d57d8904a41ab8df0cec96477763e5
-
SHA256
dc3213c2436387f00401ce0a283229b63c3d9a58f4c12f75af6fe2e9079cf602
-
SHA512
3eb2eb29ecfd9ab4912e7231950f36d2580d0473da785cc99ccb4ba3458b0349f52311cb2334e367954213b694ddce16ab6e6b47f077b171e2fa8763f7b3dbea
-
SSDEEP
3072:1EboFVlGAvwsgbpvYfMTc72L10fPsout6nn:qBzsgbpvnTcyOPsoS6nn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4828 fontdrvhost.exe -
Executes dropped EXE 1 IoCs
pid Process 2932 KVEIF.jpg -
Loads dropped DLL 4 IoCs
pid Process 3732 d507cad068e6e54d1f370bd4b7250790N.exe 4828 fontdrvhost.exe 2932 KVEIF.jpg 3252 svchost.exe -
resource yara_rule behavioral2/memory/3732-2-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-3-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-13-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-11-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-9-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-7-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-5-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-23-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-21-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-25-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-33-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-32-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-29-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-31-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-19-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-17-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-15-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/3732-27-0x00000000021B0000-0x0000000002205000-memory.dmp upx behavioral2/memory/4828-106-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-114-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-130-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-128-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-124-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-120-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-118-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-117-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-112-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-110-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-108-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-126-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-122-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-104-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx behavioral2/memory/4828-103-0x0000000000F90000-0x0000000000FE5000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\kernel64.dll d507cad068e6e54d1f370bd4b7250790N.exe File created C:\Windows\SysWOW64\kernel64.dll d507cad068e6e54d1f370bd4b7250790N.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 3732 set thread context of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 2932 set thread context of 3252 2932 KVEIF.jpg 90 -
Drops file in Program Files directory 23 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\1D11C1C123.IMD KVEIF.jpg File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFs5.ini svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFs5.ini KVEIF.jpg File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFmain.ini d507cad068e6e54d1f370bd4b7250790N.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\FKC.WYA fontdrvhost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\FKC.WYA KVEIF.jpg File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\FKC.WYA svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIF.jpg d507cad068e6e54d1f370bd4b7250790N.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIF.jpg d507cad068e6e54d1f370bd4b7250790N.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFmain.ini d507cad068e6e54d1f370bd4b7250790N.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\FKC.WYA d507cad068e6e54d1f370bd4b7250790N.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIF.jpg fontdrvhost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\1D11C1C123.IMD fontdrvhost.exe File created C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg fontdrvhost.exe File opened for modification C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg fontdrvhost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\ok.txt d507cad068e6e54d1f370bd4b7250790N.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIF.jpg svchost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFs1.ini fontdrvhost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\1D11C1C123.IMD fontdrvhost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\$$.tmp fontdrvhost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFs5.ini fontdrvhost.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11C1C\KVEIFss1.ini d507cad068e6e54d1f370bd4b7250790N.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\web\606C646364636479.tmp d507cad068e6e54d1f370bd4b7250790N.exe File opened for modification C:\Windows\web\606C646364636479.tmp d507cad068e6e54d1f370bd4b7250790N.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d507cad068e6e54d1f370bd4b7250790N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fontdrvhost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language KVEIF.jpg Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 3732 d507cad068e6e54d1f370bd4b7250790N.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 4828 fontdrvhost.exe 2932 KVEIF.jpg 2932 KVEIF.jpg 2932 KVEIF.jpg 2932 KVEIF.jpg 2932 KVEIF.jpg 2932 KVEIF.jpg -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4828 fontdrvhost.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3732 d507cad068e6e54d1f370bd4b7250790N.exe Token: SeDebugPrivilege 3732 d507cad068e6e54d1f370bd4b7250790N.exe Token: SeDebugPrivilege 3732 d507cad068e6e54d1f370bd4b7250790N.exe Token: SeDebugPrivilege 3732 d507cad068e6e54d1f370bd4b7250790N.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 2932 KVEIF.jpg Token: SeDebugPrivilege 2932 KVEIF.jpg Token: SeDebugPrivilege 2932 KVEIF.jpg Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 3252 svchost.exe Token: SeDebugPrivilege 4828 fontdrvhost.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 3732 wrote to memory of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 3732 wrote to memory of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 3732 wrote to memory of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 3732 wrote to memory of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 3732 wrote to memory of 4828 3732 d507cad068e6e54d1f370bd4b7250790N.exe 85 PID 1396 wrote to memory of 2932 1396 cmd.exe 89 PID 1396 wrote to memory of 2932 1396 cmd.exe 89 PID 1396 wrote to memory of 2932 1396 cmd.exe 89 PID 2932 wrote to memory of 3252 2932 KVEIF.jpg 90 PID 2932 wrote to memory of 3252 2932 KVEIF.jpg 90 PID 2932 wrote to memory of 3252 2932 KVEIF.jpg 90 PID 2932 wrote to memory of 3252 2932 KVEIF.jpg 90 PID 2932 wrote to memory of 3252 2932 KVEIF.jpg 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\d507cad068e6e54d1f370bd4b7250790N.exe"C:\Users\Admin\AppData\Local\Temp\d507cad068e6e54d1f370bd4b7250790N.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3732 -
C:\Windows\SysWOW64\fontdrvhost.exeC:\Windows\System32\fontdrvhost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304230425D474A422F565840 02⤵
- Deletes itself
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4828
-
-
C:\Windows\system32\cmd.execmd.exe /c call "C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304230425D474A422F5658401⤵
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg"C:\Program Files\Common Files\Microsoft\1D11C1C\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304230425D474A422F5658402⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\svchost.exe -sys 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304230425D474A422F565840 03⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3252
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD597ac91b69f497b594807ee46e0a4c65c
SHA1f001ce3c6b47133704963b12c57d114a85c85fb2
SHA2569ee97c22c6c18804b1f907878c8f54e73636e2b19e10c4fdfae74f094ba81f6e
SHA512d3bcf6636d1ebfac799958341f18000216213bca3df62c396906381ddc74cc99a1cdcd5cf3e8256f15caef4fd497769ec55c93f4e695740bc79026618e3503a7
-
Filesize
131KB
MD5b3f1956e9386e3528ee269ada668bd25
SHA12a92d4a3d97348e5521f55c53a7272959ced254d
SHA25657cfa12856e2522f8f236d3cdc4b01f1737aaa094a75c6be7fabbbafbac97bc4
SHA5127acc4e5d4c801842628dfb92cceb13beeb7617d0d3c074273e03e57bb04383c5a928831954f660f61fa0aece37a25fa735d1cfd4f6dc45f7d48d1d3a101aa6ff
-
Filesize
22B
MD5a4ef93de80711124d4b7e080ccf42edb
SHA1f4530f5e6d362781fa6dfa4982d25f3ad15dbf99
SHA2569a09d2a2b23760cbc02ab362728b30783f943d90beebbdbd03c4e8b288492d24
SHA512707c5a1a84a1cd490e3e0109c30b32724a69d27021653265bbd838065458e1eea20b470f145612f9ea5486711c47a59dcb515f9625829e63689a89af75901fa2
-
Filesize
73B
MD56e370b704d0aeb2cf2dcda265a7426a3
SHA13acb04c2fdd1e72a0caead98254821beb589f611
SHA256cedb72721cf45d8f6d29fe1e1d4d2fe4d3f74055cac5ca4baca5b349fb1f0abc
SHA51263b388f6670e39f473a4a0ea4d1ff6224cf457c17046f21fb9ad7fecfabc9041a95ccd7f2d6a9c4b624b9c2c3143ed3a6b0314a7b37f0c7c2e2cd72821cd242d
-
Filesize
131KB
MD5642ab11c5756d767a950fd7284505d14
SHA1b44f2aa6d3c848eb15d8eaf00407fd075a6c4881
SHA2560cf45f35a7082a724ae63ba1584413a3ea263fe9bf5283fab979d8b738241ca7
SHA5120cdc358307a68eeae628bb8cde06cbddb7a0b8395f30775685eaa39a435ac65d0f267fb0ba53453465d9a25749753ad16dad1758a41887f3d1bca809716a7fe8
-
Filesize
1KB
MD5df31245b9bc853346d87db1e042a6fed
SHA1d4977d24602a0033a610e0cd0c1c3960f087d390
SHA256a121152b7189a5115fad7f9957e05da3f444419e6b9b071bff3598f8b49f9be8
SHA5121be01a88159705f0c1bbb961f779591cac6d42e774457ef8e2fe4807062b96787d29aeb88888b5a195d36347a051bc81c72a21c5ff93daffa017d117771216c0
-
Filesize
1KB
MD510d10350698d7863fb14fa087f060d86
SHA18a77b00c873cdbbe8e4379ded3a041fdce82365f
SHA256c2e9c93d8071b1e36dff6d6311e41e431bc4c7cfa1b24eb6fca16b76ceabd3a1
SHA512ac900dfa1b3cb65a4a17ffb2169c4f99a8277d492fa9d1b986a2a40d547a1e2fbc0c2bac098bbbe30252ba3352cdb61f8fe005c1b9605c2c66a303e843c32f86
-
Filesize
625KB
MD5eccf28d7e5ccec24119b88edd160f8f4
SHA198509587a3d37a20b56b50fd57f823a1691a034c
SHA256820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6
SHA512c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670
-
Filesize
108KB
MD5f697e0c5c1d34f00d1700d6d549d4811
SHA1f50a99377a7419185fc269bb4d12954ca42b8589
SHA2561eacebb614305a9806113545be7b23cf14ce7e761ccf634510a7f1c0cfb6cd16
SHA512d5f35672f208ebbe306beeb55dadde96aa330780e2ea84b45d3fa6af41369e357412d82978df74038f2d27dff4d06905fd0b4d852b0beef1bcfdd6a0849bc202