Analysis
-
max time kernel
24s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2024 11:48
Static task
static1
Behavioral task
behavioral1
Sample
BootstrapperV1.23.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BootstrapperV1.23.exe
Resource
win10v2004-20241007-en
General
-
Target
BootstrapperV1.23.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation BootstrapperV1.23.exe -
Loads dropped DLL 6 IoCs
pid Process 4232 MsiExec.exe 4232 MsiExec.exe 3552 MsiExec.exe 3552 MsiExec.exe 3552 MsiExec.exe 3552 MsiExec.exe -
Blocklisted process makes network request 2 IoCs
flow pid Process 37 868 msiexec.exe 39 868 msiexec.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\Installer\e57e54f.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIEACF.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} msiexec.exe File opened for modification C:\Windows\Installer\MSIF291.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF522.tmp msiexec.exe File opened for modification C:\Windows\Installer\e57e54f.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSIEA7F.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIEABF.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF561.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI6E.tmp msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 4728 ipconfig.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4244 BootstrapperV1.23.exe 4244 BootstrapperV1.23.exe 868 msiexec.exe 868 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1420 WMIC.exe Token: SeSecurityPrivilege 1420 WMIC.exe Token: SeTakeOwnershipPrivilege 1420 WMIC.exe Token: SeLoadDriverPrivilege 1420 WMIC.exe Token: SeSystemProfilePrivilege 1420 WMIC.exe Token: SeSystemtimePrivilege 1420 WMIC.exe Token: SeProfSingleProcessPrivilege 1420 WMIC.exe Token: SeIncBasePriorityPrivilege 1420 WMIC.exe Token: SeCreatePagefilePrivilege 1420 WMIC.exe Token: SeBackupPrivilege 1420 WMIC.exe Token: SeRestorePrivilege 1420 WMIC.exe Token: SeShutdownPrivilege 1420 WMIC.exe Token: SeDebugPrivilege 1420 WMIC.exe Token: SeSystemEnvironmentPrivilege 1420 WMIC.exe Token: SeRemoteShutdownPrivilege 1420 WMIC.exe Token: SeUndockPrivilege 1420 WMIC.exe Token: SeManageVolumePrivilege 1420 WMIC.exe Token: 33 1420 WMIC.exe Token: 34 1420 WMIC.exe Token: 35 1420 WMIC.exe Token: 36 1420 WMIC.exe Token: SeIncreaseQuotaPrivilege 1420 WMIC.exe Token: SeSecurityPrivilege 1420 WMIC.exe Token: SeTakeOwnershipPrivilege 1420 WMIC.exe Token: SeLoadDriverPrivilege 1420 WMIC.exe Token: SeSystemProfilePrivilege 1420 WMIC.exe Token: SeSystemtimePrivilege 1420 WMIC.exe Token: SeProfSingleProcessPrivilege 1420 WMIC.exe Token: SeIncBasePriorityPrivilege 1420 WMIC.exe Token: SeCreatePagefilePrivilege 1420 WMIC.exe Token: SeBackupPrivilege 1420 WMIC.exe Token: SeRestorePrivilege 1420 WMIC.exe Token: SeShutdownPrivilege 1420 WMIC.exe Token: SeDebugPrivilege 1420 WMIC.exe Token: SeSystemEnvironmentPrivilege 1420 WMIC.exe Token: SeRemoteShutdownPrivilege 1420 WMIC.exe Token: SeUndockPrivilege 1420 WMIC.exe Token: SeManageVolumePrivilege 1420 WMIC.exe Token: 33 1420 WMIC.exe Token: 34 1420 WMIC.exe Token: 35 1420 WMIC.exe Token: 36 1420 WMIC.exe Token: SeDebugPrivilege 4244 BootstrapperV1.23.exe Token: SeShutdownPrivilege 1916 msiexec.exe Token: SeIncreaseQuotaPrivilege 1916 msiexec.exe Token: SeSecurityPrivilege 868 msiexec.exe Token: SeCreateTokenPrivilege 1916 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 1916 msiexec.exe Token: SeLockMemoryPrivilege 1916 msiexec.exe Token: SeIncreaseQuotaPrivilege 1916 msiexec.exe Token: SeMachineAccountPrivilege 1916 msiexec.exe Token: SeTcbPrivilege 1916 msiexec.exe Token: SeSecurityPrivilege 1916 msiexec.exe Token: SeTakeOwnershipPrivilege 1916 msiexec.exe Token: SeLoadDriverPrivilege 1916 msiexec.exe Token: SeSystemProfilePrivilege 1916 msiexec.exe Token: SeSystemtimePrivilege 1916 msiexec.exe Token: SeProfSingleProcessPrivilege 1916 msiexec.exe Token: SeIncBasePriorityPrivilege 1916 msiexec.exe Token: SeCreatePagefilePrivilege 1916 msiexec.exe Token: SeCreatePermanentPrivilege 1916 msiexec.exe Token: SeBackupPrivilege 1916 msiexec.exe Token: SeRestorePrivilege 1916 msiexec.exe Token: SeShutdownPrivilege 1916 msiexec.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 4244 wrote to memory of 348 4244 BootstrapperV1.23.exe 86 PID 4244 wrote to memory of 348 4244 BootstrapperV1.23.exe 86 PID 348 wrote to memory of 4728 348 cmd.exe 88 PID 348 wrote to memory of 4728 348 cmd.exe 88 PID 4244 wrote to memory of 632 4244 BootstrapperV1.23.exe 96 PID 4244 wrote to memory of 632 4244 BootstrapperV1.23.exe 96 PID 632 wrote to memory of 1420 632 cmd.exe 99 PID 632 wrote to memory of 1420 632 cmd.exe 99 PID 4244 wrote to memory of 1916 4244 BootstrapperV1.23.exe 105 PID 4244 wrote to memory of 1916 4244 BootstrapperV1.23.exe 105 PID 868 wrote to memory of 4232 868 msiexec.exe 112 PID 868 wrote to memory of 4232 868 msiexec.exe 112 PID 868 wrote to memory of 3552 868 msiexec.exe 113 PID 868 wrote to memory of 3552 868 msiexec.exe 113 PID 868 wrote to memory of 3552 868 msiexec.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.23.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4244 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:348 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:4728
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")2⤵
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Windows\System32\Wbem\WMIC.exewmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1420
-
-
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1916
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 41C74BCF02B15D4D496C2F94FE471E902⤵
- Loads dropped DLL
PID:4232
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1AF2F7BB80CCFC99DEDFA73EBF6E401D2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3552
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.72.21.2.in-addr.arpaIN PTRResponse217.72.21.2.in-addr.arpaIN PTRa2-21-72-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request138.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Requestgetsolara.devIN AResponsegetsolara.devIN A104.21.93.27getsolara.devIN A172.67.203.125
-
Remote address:104.21.93.27:443RequestGET /asset/discord.json HTTP/1.1
Host: getsolara.dev
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oK0Peff6tOdWuLyFK7CPbxy9cWpFKUEZH21tBW8rP1eLa5%2BZ7ZI381psypn6OPNyk9Wvn3wthE07hWNWO%2FoBKYCuYURUgsnJZAtx5jTGIe8OuNCFvIgf9Yl0iCEIlXoI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8e70ee021e4b7196-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=61137&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2972&recv_bytes=378&delivery_rate=44943&cwnd=251&unsent_bytes=0&cid=1c916cb45187184c&ts=201&x=0"
-
Remote address:104.21.93.27:443RequestGET /api/endpoint.json HTTP/1.1
Host: getsolara.dev
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0, must-revalidate
ETag: W/"1fb39881d9a29ec7570ef2c2a61f7386"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UySae7bhrJGXy%2Fip%2BTrVFKgjCtgpIqkI9iXkz4rCGuSbI5oO%2FLlaQrDjWNVuqBP9Ji%2FujcM6wN2Mr2s0%2B3jvBtJ6C09ULUOKiGUVYpTIUGkAn6S46Jsp19QGanlFj6jv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Strict-Transport-Security: max-age=0
Server: cloudflare
CF-RAY: 8e70ee0f8f017196-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=60962&sent=8&recv=8&lost=0&retrans=0&sent_bytes=4165&recv_bytes=463&delivery_rate=45436&cwnd=253&unsent_bytes=0&cid=1c916cb45187184c&ts=2347&x=0"
-
Remote address:1.1.1.1:53Request27.93.21.104.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Requestclientsettings.roblox.comIN AResponseclientsettings.roblox.comIN CNAMEtitanium.roblox.comtitanium.roblox.comIN CNAMEedge-term4.roblox.comedge-term4.roblox.comIN CNAMEedge-term4-lhr2.roblox.comedge-term4-lhr2.roblox.comIN A128.116.119.4
-
GEThttps://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveBootstrapperV1.23.exeRemote address:128.116.119.4:443RequestGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
Host: clientsettings.roblox.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: application/json; charset=utf-8
date: Sat, 23 Nov 2024 11:48:24 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: c40a8744-2175-a775-d6cf-c784445aa029
x-roblox-region: us-central_rbx
x-roblox-edge: lhr2
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
-
Remote address:1.1.1.1:53Request4.119.116.128.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Requestwww.nodejs.orgIN AResponsewww.nodejs.orgIN A104.20.23.46www.nodejs.orgIN A104.20.22.46
-
Remote address:104.20.23.46:443RequestGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
Host: www.nodejs.org
Connection: Keep-Alive
ResponseHTTP/1.1 307 Temporary Redirect
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=0, must-revalidate
location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-vercel-id: lhr1::mtrnh-1732362506500-787c28e3b1ac
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8e70ee1f9ec0cd6b-LHR
-
Remote address:1.1.1.1:53Requestnodejs.orgIN AResponsenodejs.orgIN A104.20.22.46nodejs.orgIN A104.20.23.46
-
Remote address:104.20.22.46:443RequestGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
Host: nodejs.org
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/x-msi
Content-Length: 31539200
Connection: keep-alive
Cache-Control: public, max-age=3600, s-maxage=14400
ETag: "0e4e9aa41d24221b29b19ba96c1a64d0"
Last-Modified: Wed, 12 Apr 2023 04:13:37 GMT
accept-range: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 8e70ee23bf4694c3-LHR
-
Remote address:1.1.1.1:53Request46.23.20.104.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Request46.22.20.104.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Request23.149.64.172.in-addr.arpaIN PTRResponse
-
Remote address:1.1.1.1:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
905 B 6.4kB 10 13
HTTP Request
GET https://getsolara.dev/asset/discord.jsonHTTP Response
200HTTP Request
GET https://getsolara.dev/api/endpoint.jsonHTTP Response
200 -
-
128.116.119.4:443https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livetls, httpBootstrapperV1.23.exe784 B 6.5kB 8 9
HTTP Request
GET https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/liveHTTP Response
200 -
104.20.23.46:443https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msitls, httpBootstrapperV1.23.exe753 B 6.8kB 8 11
HTTP Request
GET https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiHTTP Response
307 -
104.20.22.46:443https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msitls, httpBootstrapperV1.23.exe2.0MB 39.2MB 26655 28094
HTTP Request
GET https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiHTTP Response
200
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
217.72.21.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
138.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
316 B 4
-
59 B 91 B 1 1
DNS Request
getsolara.dev
DNS Response
104.21.93.27172.67.203.125
-
71 B 133 B 1 1
DNS Request
27.93.21.104.in-addr.arpa
-
71 B 165 B 1 1
DNS Request
clientsettings.roblox.com
DNS Response
128.116.119.4
-
72 B 126 B 1 1
DNS Request
4.119.116.128.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
60 B 92 B 1 1
DNS Request
www.nodejs.org
DNS Response
104.20.23.46104.20.22.46
-
56 B 88 B 1 1
DNS Request
nodejs.org
DNS Response
104.20.22.46104.20.23.46
-
71 B 133 B 1 1
DNS Request
46.23.20.104.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
46.22.20.104.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
23.149.64.172.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30.1MB
MD50e4e9aa41d24221b29b19ba96c1a64d0
SHA1231ade3d5a586c0eb4441c8dbfe9007dc26b2872
SHA2565bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d
SHA512e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913
-
Filesize
122KB
MD59fe9b0ecaea0324ad99036a91db03ebb
SHA1144068c64ec06fc08eadfcca0a014a44b95bb908
SHA256e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9
SHA512906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0
-
Filesize
297KB
MD57a86ce1a899262dd3c1df656bff3fb2c
SHA133dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541
SHA256b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c
SHA512421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec