Analysis
-
max time kernel
124s -
max time network
210s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
20-12-2024 03:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://spotcarservice.ru/fdjskf88cvt/yumba/putty.exe
Resource
win10ltsc2021-20241211-en
General
-
Target
http://spotcarservice.ru/fdjskf88cvt/yumba/putty.exe
Malware Config
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Smokeloader family
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 2696 putty.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4780 2696 WerFault.exe 103 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language putty.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI putty.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI putty.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI putty.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133791389481499942" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1796 wrote to memory of 3608 1796 chrome.exe 82 PID 1796 wrote to memory of 3608 1796 chrome.exe 82 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 2024 1796 chrome.exe 83 PID 1796 wrote to memory of 3348 1796 chrome.exe 84 PID 1796 wrote to memory of 3348 1796 chrome.exe 84 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 PID 1796 wrote to memory of 3372 1796 chrome.exe 85 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://spotcarservice.ru/fdjskf88cvt/yumba/putty.exe1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x1fc,0x200,0x224,0x1f8,0x228,0x7ffc8a12cc40,0x7ffc8a12cc4c,0x7ffc8a12cc582⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2052 /prefetch:32⤵PID:3348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2608 /prefetch:82⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5092,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5140,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5376,i,9735739856473530297,15021509533063897986,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5340 /prefetch:82⤵PID:2588
-
-
C:\Users\Admin\Downloads\putty.exe"C:\Users\Admin\Downloads\putty.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
PID:2696 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 3883⤵
- Program crash
PID:4780
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1128
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3688
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2696 -ip 26961⤵PID:3292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD53b464978b57587f31fa7eed509b48054
SHA1eaabb527495b80718b8fc67536bac7f1ba68266b
SHA25692c5e476b6c0f8a18dddd4eaa5874cfe4de79a5e7cd6486f0c697e2a6a4e2feb
SHA51275dbfc848b5a8bb76183b5c4e8d198110680407bba1363ec7694f22bba399679b3ec2228cd1ea054828e21eeff1d711e4d7b6269ec5752842011d1ac8bb67ca3
-
Filesize
240KB
MD53bbac642557b0ab934addbac0594561c
SHA10787a06f1fff51bdfdb129186df44e73d8c7d5de
SHA256bc887fcd6805824ac58a107917c6d083056d688eef39e979da25d16eb388e798
SHA512c91cbc77b3a67f65082f5d8187f237b9de0a6aaf1cbfb7bbd0e3157d2b8815f55a6ed71d6bda88941daed67ad6f0ee9a9e98149f11b053f81a462e17f7145730
-
Filesize
1KB
MD5925b52a3b52dc4b1381b95de0279ca45
SHA16f4cdb317fe4c05031939912932ee5a19a8d6f57
SHA2563e915889d551ec3649738e3780fe60342b850325827d8d0c02ea3ba3a3104daf
SHA5125d951beb33eed793c6dedd25f643a0248097a5c61823d7da6ef1bb1ef2966023953b217fcee9a9ab14194e399b457c63cb50b3b6906a52e69106597280e721d0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5f7edfabc1f211b283e99735346114218
SHA114b9a004b3474083c1e76ab4872ae6ac807e17a9
SHA256b0b8c594ca67f6ef3cbee26b94d26ff3bdefa3b7579c98b7bdf7c551caf5abc1
SHA5121818ea4d6711013b22c6e0cc0480e55829630b061cc9cc4120915920dd71e3e86c3ea54b9fdc524363975689212ce44ec4df143c252abfafb338828be8eaa140
-
Filesize
9KB
MD5e4e341757dcb690eaab9522d36cc37bf
SHA183b686400436564177cf1ff4cfa8b149669a618f
SHA2568a5cdb124ab8124a49f0abc72eeffb2e150d3727d7aa75e836a90114e5f553dc
SHA5127d4766f9ae0b7e5076b5466147371d811a0b36febef0bab6200c0c2a97d5c84d82b9668a612265dff5bed9af5a208038def568f8a633a34fb76229c3e6ff9f1c
-
Filesize
9KB
MD59b256aa61cff43d9f7753cf025550d44
SHA1ac896df6e1164bac939df6366097ec2048008c8f
SHA256c66ece2dd80288f562234319ed87a2a8718814b01bb919f39aba42718783ecfb
SHA51208441822fdf38de3646a59fda518e3b841fc19fdee3352f2952a1e3df84116443e7bf9bd3ffba3db708bd13f13d13e936bd7b590ccb83dafd2079b9ebe6de2ab
-
Filesize
264KB
MD5b2da8f89594d4100c11f5718699e49aa
SHA188f5bfa5b20a4b3c24e31146c9fa9950c4e688c8
SHA256bcd4ea9648130a558833bb293ae635638ce9459fb111fe60b6a44353ba6d8a9b
SHA512087e4e0684a72ecffbec9c1f203b52eefd64d5c0c0625af44aa0741719cb9d0032f5a6835120e63d61647515e7c92dd085c11fc826484ff583837475f4b0d1cb
-
Filesize
118KB
MD595f8a936913d71fb1f67fa51c6161bc5
SHA1f5ff1c07dc45905e1b3afa33af0225c7dbe01c7d
SHA25600d1cedb498231a9448db025a1ef04f7908e4918226b6878cc93de95b6c2a21c
SHA5124ded1ee059faba8cd33de947e9869359e6b6e3876d46aa24e62618867c333df5c4f4314bd3a5635d7078e2e9da12be369c67129e9fbd195c9242305be674289e
-
Filesize
118KB
MD5d2edac1d82c5c0d09bcb293bf458fca1
SHA16e154e0c914af8ed77ed42eb5969d822ff04e8d0
SHA2569f39fa1848c724f7cdd874011bcf082157cedb5624702aac5b9e0fbf54c7214a
SHA512630cd7eb11c483161637fdd410cb7beeec0ebe3af581dc0cec3770855afa8a1b586a91233562e46167440d14a68e8a2320e0236655be1a457bca1c42f27e2120