Overview
overview
7Static
static
3Era Setup 1.0.78.exe
windows11-21h2-x64
7$PLUGINSDI...er.dll
windows11-21h2-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3Era.exe
windows11-21h2-x64
7resources/...ry-cli
windows11-21h2-x64
1resources/...per.js
windows11-21h2-x64
3resources/...dex.js
windows11-21h2-x64
3resources/...ger.js
windows11-21h2-x64
3resources/...dex.js
windows11-21h2-x64
3resources/...oys.js
windows11-21h2-x64
3resources/...aps.js
windows11-21h2-x64
3resources/...ker.sh
windows11-21h2-x64
3resources/...ion.sh
windows11-21h2-x64
3resources/...all.js
windows11-21h2-x64
3resources/...nft.js
windows11-21h2-x64
3resources/...wheels
windows11-21h2-x64
1resources/...li.exe
windows11-21h2-x64
1resources/elevate.exe
windows11-21h2-x64
3vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ss.dll
windows11-21h2-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3$R0/Uninstall Era.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ss.dll
windows11-21h2-x64
3Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
20/08/2024, 21:07
Static task
static1
Behavioral task
behavioral1
Sample
Era Setup 1.0.78.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Era.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/helper.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/logger.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/deploys.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/uploadSourcemaps.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/bump-version.sh
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/install.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/test-vercel-nft.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/wheels
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
resources/elevate.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
vk_swiftshader.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
vulkan-1.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
$R0/Uninstall Era.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
Era.exe
-
Size
154.5MB
-
MD5
1ea4db2ce0cfa5e8bec66927e7bbaaf0
-
SHA1
6d08a80213a405de125a3e50e1bef3b5237c4686
-
SHA256
ca81a8b9c3ba18a97adc203f8543528e42964f7ea42a49093a8c62616360c901
-
SHA512
e6e47775fd7f8614d446d230c3cdee3763d93537d08fbc6f743e29a60791bfc536b367d4823066a00d1765a7c96a17e30097cb51a3f74a81afad98b5cb0a2c6b
-
SSDEEP
1572864:GCquurbtqKajQe7vqrTU4PrCsdCXrBngPE1cG7VOWe2IkBmUgq3Fd6iU3x6VCdbm:cDAgZi
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 3492 Era.exe 3492 Era.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Era.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Era.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Era.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Era.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Era.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Era.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Era.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\shell\open Era.exe Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Era.exe\" \"%1\"" Era.exe Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era Era.exe Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\URL Protocol Era.exe Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\ = "URL:era" Era.exe Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\shell\open\command Era.exe Key created \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\era\shell Era.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3492 Era.exe 3492 Era.exe 3372 Era.exe 3372 Era.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe Token: SeShutdownPrivilege 3492 Era.exe Token: SeCreatePagefilePrivilege 3492 Era.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3492 wrote to memory of 3788 3492 Era.exe 82 PID 3492 wrote to memory of 3788 3492 Era.exe 82 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3960 3492 Era.exe 84 PID 3492 wrote to memory of 3284 3492 Era.exe 85 PID 3492 wrote to memory of 3284 3492 Era.exe 85 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86 PID 3492 wrote to memory of 840 3492 Era.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\Era.exe"C:\Users\Admin\AppData\Local\Temp\Era.exe"1⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3492 -
C:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exeC:\Users\Admin\AppData\Local\Temp\binaries\FortniteLauncher.exe2⤵PID:3788
-
-
C:\Users\Admin\AppData\Local\Temp\Era.exe"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1708,i,9855969183007008649,17624057039859798509,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:3960
-
-
C:\Users\Admin\AppData\Local\Temp\Era.exe"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --mojo-platform-channel-handle=1880 --field-trial-handle=1708,i,9855969183007008649,17624057039859798509,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:3284
-
-
C:\Users\Admin\AppData\Local\Temp\Era.exe"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --app-user-model-id="Project Era" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2340 --field-trial-handle=1708,i,9855969183007008649,17624057039859798509,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵PID:840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed""2⤵PID:768
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64" /v "Installed"3⤵PID:1432
-
-
-
C:\Users\Admin\AppData\Local\Temp\Era.exe"C:\Users\Admin\AppData\Local\Temp\Era.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Era" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 --field-trial-handle=1708,i,9855969183007008649,17624057039859798509,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3372
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.6MB
MD502362efe76c5bb57c31a2420df3e0933
SHA1f3f2eee27c69183e42bc3c622eec11e6fe20a2e4
SHA256ac7aa0a2562c9913434769f8d0828543f4665f7b9fc9119addcefb0f21c0e5fb
SHA5127ea962d3345e5208f52152bc5798e1c7d1123a489bfede58ed04923d7f9b055342c771f92659c4fef70b9392bb605df0ec8032d3cb7db617ed6ffbb633b1fc76
-
Filesize
248KB
MD522309388d08fe973b02e072573f68a00
SHA1d0f245d4c1d75035c1fab0332493a26dc14b2298
SHA256e6cf751ef1d79ce050ba6b744452bb85d50639cde6a1bfed8860408458623042
SHA512725bbba95dd5c71e8a83fe1e0bd85215f0a339e804fbad3faa6f4edaac0af7cbfc4b095e389750b8829ba1a74b14366ce4352e5ad4bc4802b0c3c50085dedee5
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84