Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 18:58
Static task
static1
Behavioral task
behavioral1
Sample
15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
Resource
win10v2004-20240802-en
General
-
Target
15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
-
Size
393KB
-
MD5
7a9842b20acff3b9d83dc852fb7d0059
-
SHA1
be693e260c110d29f3fe12fde5b8593f177e6b56
-
SHA256
15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd
-
SHA512
24a697195f40dd2eb94035a03915fb4f3c57a94be9210e038f3f8c33dca897aec45ba1c4e21d6588674e82a6163f5046a865ddf25ba84444c98843977c308315
-
SSDEEP
6144:wuJOnDXYQ/BWJjmpgtBZQZKQj8p3jyb7HREd4SZ1tzLbF:cDXYJmSTZwYp32bY4qtDF
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 1396 Logo1_.exe 4884 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\127.0.2651.86\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\eu-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\microsoft.system.package.metadata\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pt-br\_desktop.ini Logo1_.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91656\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe Logo1_.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\da-dk\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rundl132.exe 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe File created C:\Windows\Logo1_.exe 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\vDll.dll Logo1_.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Logo1_.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe 1396 Logo1_.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2236 wrote to memory of 3708 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 90 PID 2236 wrote to memory of 3708 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 90 PID 2236 wrote to memory of 3708 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 90 PID 2236 wrote to memory of 1396 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 91 PID 2236 wrote to memory of 1396 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 91 PID 2236 wrote to memory of 1396 2236 15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe 91 PID 1396 wrote to memory of 616 1396 Logo1_.exe 93 PID 1396 wrote to memory of 616 1396 Logo1_.exe 93 PID 1396 wrote to memory of 616 1396 Logo1_.exe 93 PID 616 wrote to memory of 5112 616 net.exe 95 PID 616 wrote to memory of 5112 616 net.exe 95 PID 616 wrote to memory of 5112 616 net.exe 95 PID 3708 wrote to memory of 4884 3708 cmd.exe 96 PID 3708 wrote to memory of 4884 3708 cmd.exe 96 PID 1396 wrote to memory of 3492 1396 Logo1_.exe 56 PID 1396 wrote to memory of 3492 1396 Logo1_.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3492
-
C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4D9E.bat3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"4⤵
- Executes dropped EXE
PID:4884
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:616 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵
- System Location Discovery: System Language Discovery
PID:5112
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3000,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:81⤵PID:1536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
247KB
MD57c4e197db471f4e98b1fb77cc47dc4dc
SHA1cd3051330ee938e1413608db7e9958dda81e3aa1
SHA256c3f7bf528fd3e2d88642a9b63fd3bdf1e91a6ed8e980e7dffa3c1aca6a5d9dc3
SHA51206736f2550a2844e2ac62d5a79d47b54ae9bbef47f42a93dc335e98507bc4dd99df60429bdcd2e5015e2637f6a4022ec5550d705b9440ebcd8a9a721ea6f8b5d
-
Filesize
573KB
MD55bd678bdc48051e0eb55e95b2c27b67b
SHA1396df65ef6229b910c77e29bfecfcf662c55df61
SHA2567634d299c72215ebb85de431475a493ae24953ba5f0428e5d93352ff3d465e71
SHA51227a4267f726c1e7622724e3ea4f6e909b155172d88a8252f6b7c16cae61b8cf9e4544ec24d4835cfacecb34c6626a8371e3178bd7f02c602f2ad1946c5030179
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize639KB
MD5ad5a7e5eb1a1cdd791957e07c93748ae
SHA16e4f8c5f4d791327e11d0d68ca6f514554af8481
SHA256cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc
SHA512a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe
-
Filesize
722B
MD55069576a00d6e0231c30c914313b8501
SHA14fe006f9de77b2bc8d2ba48880353e20ed899a37
SHA256a021d60659c98322866eeba38ff672450d5e5086f69419144925a96bced75e6c
SHA512ffcd0b878a933069f645c83d235ceb474a0b9d9ccbf1cd16a363f1043d3d4d2cd7fd03873c924112410e765fdbe12875adc16defef523c117a1c90135e05e881
-
C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe.exe
Filesize364KB
MD5213eeb5e8f54231f68e5b26a0fc81bd1
SHA11bc31a42536eacbb57d1cd92ec4b5524a82264d2
SHA256b309045509efc205eb35d6037d64640093fde6c54ec5934e329b447417005a50
SHA512ce35c5f453126c98329df141f821c55692f9252549c76921c231d8170df356cda1689e636758519c0b6898f11b5c836cdb4967d296b99f915e4d1980470a083b
-
Filesize
29KB
MD5ca4a7862478fb4f3b45a9e5d76664163
SHA13af635e45dca388b8575fc87ceb0c0e3607edfd1
SHA256c58b63edba763641f3aade2039f2297ad2a94a56d155de78f562b40afd215e0f
SHA512099fa71c1b45b4e85cf39bc16fb9436efcfeb954ce2a42bd4f3b9c94a30bde50a1d2d376dbebe941f08061f1c506fc6819b499ea52f7abd55de455be3f25322f
-
Filesize
9B
MD5f74f4ac317419affe59fa4d389dd7e7c
SHA1010f494382d5a64298702fe3732c9b96f438c653
SHA25674fafb0f14fb17a8a4963d5f46fc50b3517e7aa13414ac5f42edfdf212a9bb01
SHA512f82fea1632b97d2b6771f43a6941c84d7fbb86f4c4f69e9b4335aa0e166e2670f09d451da61b13cb16994b9294e99b1cfa27f2447579645b3886b7bd014cc00f