Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-12-2024 02:27
Behavioral task
behavioral1
Sample
c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe
Resource
win7-20240903-en
windows7-x64
12 signatures
150 seconds
General
-
Target
c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe
-
Size
224KB
-
MD5
c39c82b5d90aae3ebe2135bc5855b47d
-
SHA1
a3b297a7c6afd6b4736b42119aa21843a85215fd
-
SHA256
c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada
-
SHA512
2d8cb43d0dbd48dfb1daf784ed1db39d9cce0a1501274abbfca36e2984d28f2d6621ed526615a689b96c36a2473e37ea617fb2d92a95740dd78a24f410405ecc
-
SSDEEP
3072:yCTb5pjMvVC/orl+9TuG7a2LZ0aFwS1ESN3ii:ftCVC/GlmwmZ0SwS1Ey
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 3068 WaterMark.exe -
Loads dropped DLL 2 IoCs
pid Process 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
resource yara_rule behavioral1/memory/2884-0-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/2884-2-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/files/0x0009000000015dc3-4.dat upx behavioral1/memory/3068-12-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/3068-14-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/3068-16-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/3068-41-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/3068-55-0x0000000000400000-0x0000000000442000-memory.dmp upx behavioral1/memory/3068-599-0x0000000000400000-0x0000000000442000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Mail\wabfind.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll svchost.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\klist.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\npt.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavutil.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\px6613.tmp c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\wab32res.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msxactps.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\java.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadco.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\nio.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\dt_socket.dll svchost.exe File opened for modification C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\JNTFiltr.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 36 IoCs
pid Process 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 3068 WaterMark.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe 2420 svchost.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3068 WaterMark.exe Token: SeDebugPrivilege 2420 svchost.exe Token: SeDebugPrivilege 3068 WaterMark.exe Token: SeDebugPrivilege 2624 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2884 wrote to memory of 3068 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe 30 PID 2884 wrote to memory of 3068 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe 30 PID 2884 wrote to memory of 3068 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe 30 PID 2884 wrote to memory of 3068 2884 c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe 30 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2624 3068 WaterMark.exe 31 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 3068 wrote to memory of 2420 3068 WaterMark.exe 32 PID 2420 wrote to memory of 256 2420 svchost.exe 1 PID 2420 wrote to memory of 256 2420 svchost.exe 1 PID 2420 wrote to memory of 256 2420 svchost.exe 1 PID 2420 wrote to memory of 256 2420 svchost.exe 1 PID 2420 wrote to memory of 256 2420 svchost.exe 1 PID 2420 wrote to memory of 332 2420 svchost.exe 2 PID 2420 wrote to memory of 332 2420 svchost.exe 2 PID 2420 wrote to memory of 332 2420 svchost.exe 2 PID 2420 wrote to memory of 332 2420 svchost.exe 2 PID 2420 wrote to memory of 332 2420 svchost.exe 2 PID 2420 wrote to memory of 384 2420 svchost.exe 3 PID 2420 wrote to memory of 384 2420 svchost.exe 3 PID 2420 wrote to memory of 384 2420 svchost.exe 3 PID 2420 wrote to memory of 384 2420 svchost.exe 3 PID 2420 wrote to memory of 384 2420 svchost.exe 3 PID 2420 wrote to memory of 396 2420 svchost.exe 4 PID 2420 wrote to memory of 396 2420 svchost.exe 4 PID 2420 wrote to memory of 396 2420 svchost.exe 4 PID 2420 wrote to memory of 396 2420 svchost.exe 4 PID 2420 wrote to memory of 396 2420 svchost.exe 4 PID 2420 wrote to memory of 432 2420 svchost.exe 5 PID 2420 wrote to memory of 432 2420 svchost.exe 5 PID 2420 wrote to memory of 432 2420 svchost.exe 5 PID 2420 wrote to memory of 432 2420 svchost.exe 5 PID 2420 wrote to memory of 432 2420 svchost.exe 5 PID 2420 wrote to memory of 480 2420 svchost.exe 6 PID 2420 wrote to memory of 480 2420 svchost.exe 6 PID 2420 wrote to memory of 480 2420 svchost.exe 6 PID 2420 wrote to memory of 480 2420 svchost.exe 6 PID 2420 wrote to memory of 480 2420 svchost.exe 6 PID 2420 wrote to memory of 488 2420 svchost.exe 7 PID 2420 wrote to memory of 488 2420 svchost.exe 7 PID 2420 wrote to memory of 488 2420 svchost.exe 7 PID 2420 wrote to memory of 488 2420 svchost.exe 7 PID 2420 wrote to memory of 488 2420 svchost.exe 7 PID 2420 wrote to memory of 496 2420 svchost.exe 8 PID 2420 wrote to memory of 496 2420 svchost.exe 8 PID 2420 wrote to memory of 496 2420 svchost.exe 8 PID 2420 wrote to memory of 496 2420 svchost.exe 8 PID 2420 wrote to memory of 496 2420 svchost.exe 8
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵PID:256
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:332
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:384
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:480
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:604
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:1656
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:848
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:684
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:748
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:820
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1168
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:856
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵PID:1784
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:980
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:272
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:348
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1036
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1116
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1448
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:1068
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:2028
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:488
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:496
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:396
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:432
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1212
-
C:\Users\Admin\AppData\Local\Temp\c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe"C:\Users\Admin\AppData\Local\Temp\c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada.exe"2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2624
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2420
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html
Filesize461KB
MD5efb6e3f96bc2861076f60771f01f2a91
SHA19fb4407a5c0330ca4a5f1e58b34556b00d401e71
SHA25692f71e41353bd0300512358900fafb0d7298370c5fa40a7ebdbff7f010a55455
SHA5124c14ee4c50abf76df7fd2d27f2b23d404fea500d11be9253921476837bb8ed3a760094b5b4260f45cdf7bafdf54856c24a20c75b7e0f6ec3d292d7d1532174de
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html
Filesize457KB
MD50bc3c7cbdba696916edb9249b5943097
SHA11b3dd72727a4bf96fb06de6612f2e753d3b3e665
SHA2569c737297443a8d0b07ac27ec8fe783bd08344f9a9b92d86be006f2a441ff407b
SHA512f5a8d49d248ed588ed79b3de91d1c4fcbc4a9121c63303e32425e9e642409edbb6f9f70b156faae6f051826973dcb27712b1b2fb8c62481f46b981279c771d1a
-
Filesize
224KB
MD5c39c82b5d90aae3ebe2135bc5855b47d
SHA1a3b297a7c6afd6b4736b42119aa21843a85215fd
SHA256c2136daa5869b5e7e10a63c96d3323b2a308445d1129c1a22b3463e4e0fd7ada
SHA5122d8cb43d0dbd48dfb1daf784ed1db39d9cce0a1501274abbfca36e2984d28f2d6621ed526615a689b96c36a2473e37ea617fb2d92a95740dd78a24f410405ecc