Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-09-2024 19:55
General
-
Target
OGFnPatcher.exe
-
Size
177.3MB
-
MD5
82db6baf5501b11cf7582d68cb173689
-
SHA1
ff40fcae2ecfb00eb3f1a36521afbdc93db1e6e6
-
SHA256
17f48d532943a1160b9c171e183599d28b3a03b4943df8d1b5f8af2aaed142fc
-
SHA512
9d47fc31fec0379b7ec6461401e5cda54f7b64d6ff0a30136e5ad58bb94446cfa6f1e511380eb5bf99f59174e56fdc7a7cd06cf7cf46898c672bf37c36ec4d82
-
SSDEEP
1572864:s+vbimZ3RqPfrrW/GDt+wy2tXgJdtEaxMz6lMp1rJ/Gk/QeF/anRq9A4CGdhVnau:sA5kyGScXQT
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection. 2 IoCs
-
Enumerates processes with tasklist 1 TTPs 3 IoCs
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Collects information from the system 1 TTPs 1 IoCs
Uses WMIC.exe to find detailed system information.
-
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"1⤵
- Checks computer location settings
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get size | more +1"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic logicaldisk get size3⤵
- Collects information from the system
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\more.commore +13⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic OS get caption, osarchitecture3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\more.commore +13⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get name3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\more.commore +13⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic PATH Win32_VideoController get name3⤵
- Detects videocard installed
-
-
C:\Windows\system32\more.commore +13⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2152,i,10226140335035891551,7248677691816825586,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
-
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --field-trial-handle=2712,i,10226140335035891551,7248677691816825586,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:32⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=2296 get ExecutablePath"2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic process where processid=2296 get ExecutablePath3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v System32Kernal /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe -silent" /f"2⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v System32Kernal /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe -silent" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,27,201,56,127,79,121,27,69,175,124,126,87,89,19,7,241,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,94,118,215,86,104,36,190,210,191,158,213,118,69,65,171,77,134,208,103,139,123,215,32,203,243,251,121,135,219,58,98,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,217,107,72,193,90,9,71,240,156,102,155,85,167,17,230,124,188,26,17,11,83,181,231,73,17,24,66,153,246,3,30,213,48,0,0,0,15,49,109,31,45,121,15,98,19,6,96,233,179,52,141,22,48,238,204,202,154,156,95,146,132,221,232,177,191,178,133,7,62,137,116,50,1,225,8,21,127,52,216,165,130,3,213,65,64,0,0,0,0,162,28,187,117,113,235,27,148,77,112,253,157,81,53,20,64,111,73,197,84,131,170,187,105,129,6,90,31,5,83,187,142,34,81,198,165,62,205,34,247,140,67,78,230,75,221,57,211,121,140,116,127,134,133,186,114,166,150,59,86,213,217,158), $null, 'CurrentUser')"2⤵
- An obfuscated cmd.exe command-line is typically used to evade detection.
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,27,201,56,127,79,121,27,69,175,124,126,87,89,19,7,241,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,94,118,215,86,104,36,190,210,191,158,213,118,69,65,171,77,134,208,103,139,123,215,32,203,243,251,121,135,219,58,98,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,217,107,72,193,90,9,71,240,156,102,155,85,167,17,230,124,188,26,17,11,83,181,231,73,17,24,66,153,246,3,30,213,48,0,0,0,15,49,109,31,45,121,15,98,19,6,96,233,179,52,141,22,48,238,204,202,154,156,95,146,132,221,232,177,191,178,133,7,62,137,116,50,1,225,8,21,127,52,216,165,130,3,213,65,64,0,0,0,0,162,28,187,117,113,235,27,148,77,112,253,157,81,53,20,64,111,73,197,84,131,170,187,105,129,6,90,31,5,83,187,142,34,81,198,165,62,205,34,247,140,67,78,230,75,221,57,211,121,140,116,127,134,133,186,114,166,150,59,86,213,217,158), $null, 'CurrentUser')3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,27,201,56,127,79,121,27,69,175,124,126,87,89,19,7,241,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,0,121,162,92,254,76,172,230,174,98,220,161,66,174,166,47,68,200,13,123,128,152,149,208,91,195,234,47,255,249,175,0,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,198,23,48,245,211,211,228,234,160,218,22,107,134,175,243,65,105,168,182,29,205,235,76,179,178,192,87,255,168,160,6,154,48,0,0,0,211,70,245,94,52,97,38,12,76,52,209,104,240,43,55,96,112,117,226,94,35,26,42,105,44,26,156,248,58,145,131,96,94,67,203,96,14,245,233,144,23,209,209,14,202,112,51,222,64,0,0,0,68,74,159,117,33,69,56,22,210,23,222,252,199,47,128,62,9,191,159,208,97,231,84,22,70,123,16,192,250,122,23,221,132,161,232,25,62,228,100,1,64,199,113,18,19,130,239,242,160,166,49,2,166,90,122,197,119,180,219,215,197,185,125,13), $null, 'CurrentUser')"2⤵
- An obfuscated cmd.exe command-line is typically used to evade detection.
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,27,201,56,127,79,121,27,69,175,124,126,87,89,19,7,241,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,0,121,162,92,254,76,172,230,174,98,220,161,66,174,166,47,68,200,13,123,128,152,149,208,91,195,234,47,255,249,175,0,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,198,23,48,245,211,211,228,234,160,218,22,107,134,175,243,65,105,168,182,29,205,235,76,179,178,192,87,255,168,160,6,154,48,0,0,0,211,70,245,94,52,97,38,12,76,52,209,104,240,43,55,96,112,117,226,94,35,26,42,105,44,26,156,248,58,145,131,96,94,67,203,96,14,245,233,144,23,209,209,14,202,112,51,222,64,0,0,0,68,74,159,117,33,69,56,22,210,23,222,252,199,47,128,62,9,191,159,208,97,231,84,22,70,123,16,192,250,122,23,221,132,161,232,25,62,228,100,1,64,199,113,18,19,130,239,242,160,166,49,2,166,90,122,197,119,180,219,215,197,185,125,13), $null, 'CurrentUser')3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1904,i,10226140335035891551,7248677691816825586,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19B
MD5c4efd9a7b61ebf43b608440be5e33369
SHA1926418256c277f1b11b575ec6e92ce6a844612f7
SHA256ed4280859199da5a8f25c0c6d533d0873460ac63368c14a69bbd863ea4bfb30f
SHA5129ea97363868d61d3d51bd3804d638b71ba8dc65260800b3a54051b4725cf08e9d9880a12422a549d94a339c7267e858a7ff5ca9428d64051657134b5c6c20745
-
Filesize
494KB
MD52bae010819c56f2fde2a24da5d0e64b1
SHA1bb0021ad1188212e3563f53d6818fc3dbb800d76
SHA256e9b2839f31e7fa93abaea81e4fee8a8121fc3b036a65dc8739e890c4f339af8c
SHA5127948e9dea6ae88c0e26f64d39ca8f205619daff6246c795d305c144c4df86eae7e97bdb21dccd9a1ccfc841fd7e1ab9e9376d2e266c3b6e58c75b4b79c4aa152
-
Filesize
699KB
MD58f475e8100c9480ab07aceb4ba86fd60
SHA1a4515670a1ebc773ea92aef69c238933c35d8344
SHA256b67f1d31135e70056f6d099f9c327821cafa7498131f8eaffef6857c09b58937
SHA512e4223ddc627b04f592ad05c180572bf4c10f41dd5ba24ad69e9d767eb26401cca3ed31790f7ae475501192d9751aca89dd769b6195b072ad5307b78edd9fb7dd
-
Filesize
5.1MB
MD5f48aab9abfdc346bd29dbe0d5d7aff22
SHA186e42064a7c2a6bf1279c77d3729a2bf3616adfe
SHA256fc8ad5c77b7b15046c758299e231fbd77109dfc09a59d027b956fd2048602dc2
SHA51276a9bb81d8bb821e23e688bbf710e45b1aff42811434c527cbe0be2a1f9877052f4d2fe9954ba732f290c88da3743feab69ba8f5626bed2250d2af4f6f27b5ae
-
Filesize
2.2MB
MD5916bc050546b93a5afa29edcbbf5f356
SHA1f22b6349ee11b6260d401e08a45813ba41ba83ef
SHA256689b2456456d5f490eca7bf224c77f1c016a7587ee5a081a036c7c84f49fd809
SHA5129e0f70b026583b875a5ddcca181b3a5945b3cfcdeb56f5c0624f8ebdf4aac95be4c18dfe71f69730a718e8eeafa0c132ae7d7b1ea0a29a65274639e7034445ee
-
Filesize
740KB
MD547b32546f40aa6f80a546e8508d767df
SHA114deda2131e18aedf238af9f9afefddee329467e
SHA2564392c5234d83c8cab4f425a0d27d3332ea395ec0009abc2ba9962c7692a16440
SHA512580af76c66b41501da87575f2d1d2b98b304708aac4786da9e056c6326153ffbca4bbd1c7376d2afcac0193a8a0329311c655d632e5798f091f4603cf853b145
-
Filesize
13KB
MD5335a92d43397fdd574baa89a2c7c89ce
SHA12bb01da1d7be185828c4984d2d342cb094cfe311
SHA256227933b5303b0acd7418b424da0a7c61f99446af6b9faa3916a1f16dfa5b697d
SHA5129cf1d7affcc8a6a1399ab23cdefe70774fbfb9ead55f3a64ab2d8d621aebe83f6836e1771645f14794c7c04e87871ca97f31eeaa1c1f8e1a2db5186c35b8216e
-
Filesize
16KB
MD5ce53ee5994522aa204ee55bef2b0fe71
SHA1009d2f0a11844236855bc6bdec7f8d7fa1bf3e27
SHA256e559f5fe82db3181c3c954d02e036c4a04e536e4a2dd848ad1864f1f72dbc667
SHA512875b2a829002c50d21ca511a2b15f9bc16e594eef5a7c34e619ff85396cb49781327865f0ae454de27d5fb7fdcb08fb16b0fcdcbb31c70c8471bf53a4c7df395
-
Filesize
549KB
MD5551379568ac62b5b4eb0ee0b0ee10a35
SHA1bbe18d4f2f01dc2e4680c4123e34207437bae7b8
SHA2567794934e08e57d2cb2c68f60deb24d76ab94561b92db24464ba7f27e1a8f5358
SHA512f3f51d165c088e320295d1775211b05200fe5fde22f0cac97eb112cf05feaf6155df90c2b5b3350d170fcd80e77e625cc95f8e186cffc5bb8ec88df78b3fdcfd
-
Filesize
895KB
MD543883406a72f3b07146e21be43d95e1f
SHA1a65de21bd3bd08f4853cb456a8b455d56450ad4b
SHA25661254eaf774a8a3b3549fadd125e2107e32f9e426dd3e1747cb11511b451149c
SHA5123bdf0325222369d546a9f1d92bb78a2f96c86e110de411baa39736743de6020ffb4aebf9d2350900d193c3972c7a6ed718db4fd531e90d8d6766202944bfa0e3
-
Filesize
2KB
MD56cf293cb4d80be23433eecf74ddb5503
SHA124fe4752df102c2ef492954d6b046cb5512ad408
SHA256b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA5120f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00
-
Filesize
64B
MD53ca1082427d7b2cd417d7c0b7fd95e4e
SHA1b0482ff5b58ffff4f5242d77330b064190f269d3
SHA25631f15dc6986680b158468bf0b4a1c00982b07b2889f360befd8a466113940d8f
SHA512bbcfd8ea1e815524fda500b187483539be4a8865939f24c6e713f0a3bd90b69b4367c36aa2b09886b2006b685f81f0a77eec23ab58b7e2fb75304b412deb6ca3
-
Filesize
64B
MD5446dd1cf97eaba21cf14d03aebc79f27
SHA136e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7
-
Filesize
1KB
MD58e26941f21dac5843c6d170e536afccb
SHA126b9ebd7bf3ed13bc51874ba06151850a0dac7db
SHA256316f6ce22306f3018f9f57435ea75092633097182646f7e4ca23e2e2aa1393c0
SHA5129148227032d98d49baf0d81a7435ba3adc653d7790245140acc50c38de00839d26a661b92f6754b15bab54fe81fbcf9003692fd7bef09027f11ef703a5879e62
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
136KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
320KB