Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2024 10:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584
Resource
win10v2004-20241007-en
General
-
Target
https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 2992 msedge.exe 2992 msedge.exe 1692 identity_helper.exe 1692 identity_helper.exe 3976 msedge.exe 3976 msedge.exe 3976 msedge.exe 3976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe 2992 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2992 wrote to memory of 2908 2992 msedge.exe 83 PID 2992 wrote to memory of 2908 2992 msedge.exe 83 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 828 2992 msedge.exe 84 PID 2992 wrote to memory of 3472 2992 msedge.exe 85 PID 2992 wrote to memory of 3472 2992 msedge.exe 85 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86 PID 2992 wrote to memory of 4532 2992 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=8646410667582287581806113115841⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a0946f8,0x7ffa3a094708,0x7ffa3a0947182⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3976
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3272
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD55d6c590f0fa8bbadbb6938149cccf1a3
SHA113bd0a1925256230d3e8ed7c4f26e399acf07a64
SHA256ffa02a11bf0b697d6ef01f8083336d6aa304534f982b9d79e47ecf15566ed9ca
SHA5122eaae1ee0798d6f26988e75e9094434f6ca40e76b8d922fbad81cc0bc430b47092e5dce669c3f3b3fef43f0cb37233852e0e6302c5a2219a46898b542a0a9236
-
Filesize
825B
MD5f2436f3d88b81835bec0acbea953fe34
SHA180f8a18d53add28587f55bd406f6c402e59a90b3
SHA25641c7d2de9efdf8627df67bc9ee370851d022555c34f22ddbbbb507c4f353172b
SHA512e2501b79da29a308514227d2f09b7e02f71c48fb82246a56f5e3603610c25906802e99992f766515b0d72234722dffc42a1de9d4e128ba58406127384438d0b0
-
Filesize
5KB
MD5f88a19d605c8407504735764b69c442e
SHA1dc0b1e32030e23a0390f9dd509c323d3c4cd7008
SHA2567937622a721ff76a32c6a84efe39662eda68cae294d6ff81b8edc63ef633f21a
SHA5122b270e802208ca2a79514dedea10b58ea21af88d9e4183cc3c412c7c3b9a8a3e85fb7f96e2d876a0d7b2e1e564504e8fab3e79b809a2a9fb64f5ebb8b38975cb
-
Filesize
6KB
MD5e4df4705d60a63f46903de97df9c176f
SHA16b1692d25e990fdeaf4cb03f4be5a5592f8f806d
SHA256cccf73e7e7fda0672ea76f65269b5f933c3cfab8896f2ed50fa78ae4ca7e17b7
SHA5122b36abcd5fe1e2d2aac77ff2a6afddd521f9995fc0a08196d8724a16911907a5a53ea5062b0cceaa86727ad9da2f035d9ab2695e9b06c390b29c0db708b8a99d
-
Filesize
6KB
MD59a0376dbf429730a30d6a56ce195f678
SHA13f18e87bcb6acdaf3d14ac8961bf8b9ce60211ab
SHA256a5c4bbb39ad7fdfb18d1d1921f0572c6f7a98289c907d71d4280f99acf4c1ad6
SHA512e00cd924a8edb682a84e968886403d2d0ddd1e17dd9c0a79d429f663e5075c369b075b33e1abee5b6405ccb5030c87147c2333c086f116f08e3d748a9b7db6dd
-
Filesize
1KB
MD5ab7e26e2d0f7d41c47acedc207755891
SHA1cb0329ae706bf3dc270dec36cd0020a959728f4c
SHA25667a77c7ce946c44ccd41dfce7b1e049131b1a6557cc6da0296fe191f1b5d42a8
SHA512edefe02b55c4a8e7dd9795563ba5c2fc2bfe1aca4399677fc5ac71203e734257b52dd7bf45df49092805ce45296537a98c6006a9e89d675a1d1d7ba9959991c8
-
Filesize
1KB
MD5004404054af0428e8ea95fdda41aa5e8
SHA1645145a084f877008e0016cb36ad7bf51114a6d2
SHA256652d9daa7cc2a42d0a90200243b59d4dae8e178e524cac4966953b411e52af65
SHA512597a06f01f50242ff47f8a9402d10b7bc16a339a13ee7423eb75e2879fae29b7b0b978d13d3f3f2f4fd22564de74615b6528e5d3bea16dd64a103ea260d8c67b
-
Filesize
1KB
MD5a9ddc926753fa045515341890451bd92
SHA115386fb84987d4f5ce7a12da0a4406123f5315bf
SHA25652216c2ba700a244db56f27d334e11332da458ad63836d62ab8bebb559c6b27f
SHA5127d4387cada5e2870e6cf35f73f5a9b32ed411359e2471230f2757411376da2f24229fa4d52a7de6270f639092e94aa13859eb059f056d599c8cb6f51f643bad6
-
Filesize
1KB
MD575ff61b1fed32bbb6427540591e2b0a8
SHA10bb2c3d640c70b31bcfc234c652a5cf20532d154
SHA2563e03b2d6b69e0447df2af5cd0cf33f0b56d2437afbae2ee8ad5ded4fca384e26
SHA512e1c6b9a4a49ad2848e821d52bd2c76908e621dbb772e64fdc451ddf053d48fc0455aaf6885776c377a6e04d21e0d0c8bb809b2d32166f128ce3d6c07c881645e
-
Filesize
1KB
MD55697898c53c149cf4b0202a3434998db
SHA1e0c5ee6e2c53d40725197b4b2db23d51e8c7f196
SHA2565750427c7445d29a86443803d7a9688f21a90f0236e798287bd1dc627ecf48c7
SHA5126a539f51bc4df2da56f4ef470259b4826e5b4a78f0d4d63b886d054af2cb181d62ea305162257c6af39e8936596f4256e8224df5cd279f745f0e1335278e2a3c
-
Filesize
1KB
MD582b4f3cf2a524d631ad08925da746992
SHA1b9fd586f3e98546daa9665cee9721abd5094402e
SHA2566f3d1655967f22d3c186d06e4438802537212b8130556f044893370975e0679f
SHA5120c065acb804cbc1d71e8c32b0ea809a776b9f69bfc91c23ec0439dcc2975d6c8601033c1652a511247611fb31095dfe67fca35a84be1815fda63d7cbfca70d4e
-
Filesize
1KB
MD5d213ffb30fd56ec5e45f6e830366653c
SHA19d87c130d906b5904efbe66c3544cb63df2d95f8
SHA2567df964afeecd6cd750d34293dc911cbdecc5530a77c2462a378cdab9f9e14317
SHA512957840102810335040d06b85a5df6c3293e6ab974838c39b8ba266254460a4ef7836ade20f950c6bfedf0cb83f3f5d5e494cc94a764b17e9b0acbe4650e69d20
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56f4560e177d465fb509de38d460cb0ec
SHA1639fdf17e69a7c2334a8cd9fc10ecac064fa2656
SHA256513ab1838b7544bb9d97e62592212b91558791e5830256f144e06a384cafafb9
SHA5120f5ed2156bcd73436cf30808b2f334bc3959142a52b58c6ef340bcbd66b279bf9ad60f0af1cf7563d2513e58ea36d4726bc7ba7506b996f3805f1a0b12d6f43f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84