Analysis
-
max time kernel
149s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24-11-2024 14:51
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe
Resource
win7-20241010-en
General
-
Target
2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe
-
Size
912KB
-
MD5
48d37f6fe39397a3f6b29980f1ae5356
-
SHA1
89a40066e12c3a6375fcfc2d477c90cf01a61b98
-
SHA256
51270b0f996545827dfc0d477c11609b7ce11cf02f9549c407cf34e81da69f16
-
SHA512
3cb567aa4acf5115a28ae40ff7fd0bd6b16b5168225a43086546cb32c8dfa776ff54f6fdec8c135bd3776d4726a54a46b14e416177aa48a8e6218d75dc43db43
-
SSDEEP
24576:NVNxZoj8echseDZtwHCw8TXT0A+6ZcFS:9xZoj8eyseDZykT+KcU
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe 2880 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe -
resource yara_rule behavioral1/files/0x0009000000016ace-2.dat upx behavioral1/memory/2880-20-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2880-18-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2536-9-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\pxFD62.tmp 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB6CF421-AA73-11EF-9358-7ACF20914AD0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438621795" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2880 DesktopLayer.exe 2880 DesktopLayer.exe 2880 DesktopLayer.exe 2880 DesktopLayer.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2364 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 2364 iexplore.exe 2364 iexplore.exe 2828 IEXPLORE.EXE 2828 IEXPLORE.EXE 2828 IEXPLORE.EXE 2828 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2536 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 31 PID 2332 wrote to memory of 2536 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 31 PID 2332 wrote to memory of 2536 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 31 PID 2332 wrote to memory of 2536 2332 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe 31 PID 2536 wrote to memory of 2880 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe 32 PID 2536 wrote to memory of 2880 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe 32 PID 2536 wrote to memory of 2880 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe 32 PID 2536 wrote to memory of 2880 2536 2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe 32 PID 2880 wrote to memory of 2364 2880 DesktopLayer.exe 33 PID 2880 wrote to memory of 2364 2880 DesktopLayer.exe 33 PID 2880 wrote to memory of 2364 2880 DesktopLayer.exe 33 PID 2880 wrote to memory of 2364 2880 DesktopLayer.exe 33 PID 2364 wrote to memory of 2828 2364 iexplore.exe 34 PID 2364 wrote to memory of 2828 2364 iexplore.exe 34 PID 2364 wrote to memory of 2828 2364 iexplore.exe 34 PID 2364 wrote to memory of 2828 2364 iexplore.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnit.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exeC:\Users\Admin\AppData\Local\Temp\2024-11-24_48d37f6fe39397a3f6b29980f1ae5356_icedid_ramnitSrv.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2828
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5848e0711af4a04235ce557fa5474edfe
SHA1d5d9ad8b041e0fbae26550b0e731814094768b60
SHA2569ed5779046e72686f849dca1fcd7d5fa2ef4a37d08feb71c89e73354fc6eb9f3
SHA51287588c6038aa850e5ce19d54b93262df45967f2d56bd8b3461ada62fcd99d50f8cbf7a0bef8a7ab077b84766971461aefadf3b6498f5bef974c7f998c83b4d99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5327406a4b2d5d4e2a1350a6e5b5f0ac4
SHA1f33af69268d187e0efc9cc6514e1d04a5766d17d
SHA25681b71a2ca1ac68fa857f2a3a7d814329d2b7126ec07dd9d2363eab8c190d772a
SHA512d4a7e410e0c0f9377ef22f206560502f60b5cadd3e58f073a019169a77265e0e6261fd570b50a7b47191d4805e57c65808d98d7b3f8b226e928723f134449d8d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511db8fc8e575d7a20135a9dc4be2720b
SHA18da6f59247d881749c63d3d60c4b5cf30d4c4502
SHA2562d939fd829475acaaf692709b2e42a0c66c81e5c7d20052d0aeb90af07beab83
SHA5125061f0867f719616417d1fa118b1cbd205ec09004322552cc3c7fd12fa0fdb103c18061397e5219be3706a20596793938c51019a1341cfa5f60f70de2732c6b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54c029541fcb8dabf346687a334abe192
SHA1a246069063ca03505542edd6e26fb62227ff282c
SHA25672062fbfcad469f3c2a256393ef3a8e015c7a0c26bd5f81ac7bcc31cca93bb65
SHA5121eb86e4c97ee5ecda8095a95e57548d28163f560f06e3742946b259f1eb8274d06917078f38925f22329de9d02756f3c7871887ddb523b4a13056fbce64dfe99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1693082e630985a1463decd853d947f
SHA14f18c34562187082920c030468d18ad6809d78dc
SHA256d39d18ee1268b9ead73aff35c6b2460b703a855ccd722bd75584be8d0f792e6f
SHA5129bd2213ca68b13a49ff9a5ac12de194416943f5823f26186bf07e9a3acd61916bf51c71a4e2c2bacb8ad3647dc24e3a4bf9f4cd9eca4de2baff4c80338379cfc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f69a4030cda9ba72591e0dc2138616d2
SHA1dc760fbe9e6d2291bf649e08e619debc78809629
SHA25681cec2a31165e519f00be58e49eef04d42c8acfe007b65256809b831dba4d41d
SHA51221766162d446d9a96c67d9e42f3f90ff78e23234733029db3e688a627e52c7e83888468d45860711a0cafa1a73320751bee30674f8b66bb7984370854cc0528d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e0b4f05efba1ab33ae8b97e283d1d99
SHA1c431aeed75887a61465ceb3c1b1087903079bca4
SHA25626488d8b49dec7e478d910fbfeb415b8325994be1bdf19cb0a3d9455a2b996fb
SHA51248a07ef60244ff8e449f14c4192b41e270a98938bfd84378380406dfe652171fbcf0ea1f911280ed9a79a3cff3859b7c4bdf0c1480d2b9c148088cee176a2ee4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9f6bad15ef542937945f8999b431e6f
SHA1db9233e2f33af5c71729ab5db8dd9fe2753b771f
SHA256ec39340be65bc61f1be7bd014b5dad3a85d593370da5fa99eef1f850e523a6e3
SHA512f02cba7f81ef6a73500b0c14bdba617ffbd645bc248d836663dd9f04715676d007cbdfafd2cbb58a1f4a1a950b5652956c1bdc75587d7f228df72713a405c1a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c40ec44c8fe89e51d02c7055a4aaac2b
SHA15d802465134b4e17bca7567a79adb4d2f7195042
SHA25610b1a1bc2e6659926333e8022a19aa059e457eec83844a35935c28ce12829265
SHA512035c82d1dc857d84467bef12a9a8050f4aec6d1e58511de6deaf7066319a4777dc34fe159a96679118ce6d4df1fd8cd9eb578943a4529365ebde59ddeb9e98b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5557def50f0adc8e1569df5e98398474d
SHA103e96bb620a726d3a3895969252d0b3b7d566ef4
SHA256b5cf2f80576f7bd0088416bf2cbc6867f5301bf6c994a2af7615f222128a583d
SHA5121bac613611cb012d69eac8b8c1724ff03aa321a838f932b4502ed4339b89373a92187c3e7a3624693f7e2dfea86498df8f273fd069500ba4bd36cbd2579f743b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5278411003c0bfcccfcf40f0775d6b9aa
SHA18eac01c625d1a0c0d46d24126d2fbcfcb44a12c0
SHA256ce86c109bbf323d247e2f9b37701c70c5974b2be83f2b1ac431165c19d66b201
SHA512abaf124ee943b7ff01aa4d3e460fb1c193ce497db8b00ee6cd00bb2b25f19ecff821f2502347de1b085c91dc9e60506cbd896d246c7c5ae534089b34d1f498c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5777db0cb62e27aa933da9d83a37654fb
SHA1935b462de7a8fc8b51cc252d44aba257531f66b0
SHA256796c1ab6216fa020b456c4b0bdf3305d8b7cc3b81a401104da592dc152f299cb
SHA51200d61d6cbccef3dd1459cf3f46911474b24393605c45285ead69fbb2339508edfb05580d8e40e056ce1858402cf8320bbf2c071e04cae36f838e441fc3325e6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec40727051196590ef9563ad86441242
SHA189d7b04c6be466331c50b7dc035c8b1705316500
SHA256263fcda4e558c5a3c852510a9b941ec6bd1d79019e1c9143193513ecb9c53189
SHA512431df92ddf186e9c4e793385b06df2b367f489f0c7b91b61df1d5a7994807346bf4bef56d33457c200d968eeacc06f49f9d3a4bb17a058e2b8f34d6bb727c765
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5330e9a7a60dea73356efaa3d1f14dad9
SHA1202789881d32d8dcd7969afcb6b02f6b0f06c88a
SHA256795e14ba8022407a61c124c33f1b13af000178aa97224416c0d37ccad3739833
SHA512f5accd11603a9d49e7357711e2dba635538135bc4929a153fcdd090261a53c6b1a02c319e8ac635e6f700afc2d4a8ee1a9a4964658d0ca6e9e8f0372d48b58c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f82bda10a738b3cf6509d874b882ec02
SHA12aa3b921561ca96b5096af537f1e4ed9b3476c76
SHA256f58d65abf0f2f396104a43d7438d02f48bdc6aeb461b3d367231204490eb831c
SHA51299e8389487df418c8c9374f5b9385c8def791ae88c477090e25a8c0a8f7faa87d7ccc21b7c71a4e11281df3ea00290685ab089bf3a3ffbb715f84ac1c3a3ad59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c03303ea69fdce58276f00f311b2ce8a
SHA11dfa04e524555cdaa0d9f928493062f6c729e483
SHA2562f8847e9ddd93936fc1531553e6c3b840fc771cbfe999274288329f000e7fd20
SHA5122d1475c449b17b1a4beebb4c5d0047d3e7bf56297dfb64f787c28e253c86a82a1b7a3f9828f3f7979f91cb9365e5c1ff88e3a24531bdad57947ae8c09b2ffad3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a