Resubmissions
17/03/2025, 02:44
250317-c8ad2s1ky5 117/03/2025, 02:34
250317-c2ncbsxwds 1017/03/2025, 02:29
250317-cyyc5axvct 10Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
17/03/2025, 02:29
General
-
Target
http://h3a.in/jdtesc
Score
10/10
Malware Config
Extracted
Family
kutaki
C2
http://91.223.82.87/~ojorobia/laptop/laptop.php
Signatures
-
Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
-
Kutaki family
-
Drops startup file 14 IoCs
-
Executes dropped EXE 7 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 27 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 42 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://h3a.in/jdtesc1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbe68ddcf8,0x7ffbe68ddd04,0x7ffbe68ddd102⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1972,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2060 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1988 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2288,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2516 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3152 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4420 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4544,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4852,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4828 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4716,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4688 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4984,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4696 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5460 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5800,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5908 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5784,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5860,i,11028134492786699313,2151414996525277304,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im glndlzfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im glndlzfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im glndlzfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"C:\Users\Admin\AppData\Local\Temp\Temp1_RTGS.zip\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im glndlzfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\glndlzfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\RTGS\RTGS.cmd"C:\Users\Admin\Downloads\RTGS\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im glndlzfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlydzkfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlydzkfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\RTGS\RTGS.cmd"C:\Users\Admin\Downloads\RTGS\RTGS.cmd"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im wlydzkfk.exe /f2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlydzkfk.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlydzkfk.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414B
MD5b4c1d7b331d799643b1d5758752a459d
SHA1c253d231fe6012c72af4abf80fa59d66aaa19631
SHA2564c67bb12bb4725015f79ad46347c2360de1c409c3b50762e7688a643d50ad594
SHA51256bc6ff9e9e43c25fc7ff7a5b6737772e575138a3c05245506702ea136c9193e1e5d9b3c9b57d1e3755a2980237a0d1a95ee77ebdcb3c0e1582f93fa1b6993c3
-
Filesize
2KB
MD5a6f97f0e05c4a5d5fc43487a866b3f77
SHA1a73261da93eae857821e1fbd0f47d9024134167f
SHA256b9c699f33be9da15140dbc651cc5c48530b5e17906dfc2c0625f0eda559fe6b0
SHA51244e22149a993ba2e4304fde87c41dea0c355f7afabc762222052edeffd84a68b387903026c2948f8535f3d8de18a24807480bfa27cc5e99cfe8723835b6d94ff
-
Filesize
2KB
MD50c7ed35cb2075b3d25b2d6281257f694
SHA1b93f848f857f16c32f33e9e096ee1ec53a1d0949
SHA256e3cb01682f51d75fc45a81f274479635cac056a180023b967cdd4c2bbce00211
SHA512541bac997a87247e5eb1fdb02ef69eeae0bac23ff9ef785645715058a706cc271fea45bf6af20afaa1c177835a470a6938a90b7982f97f712a28564061b090ad
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
10KB
MD5126a5fa907cb10f011ea16bc04513de7
SHA17d703ae62faf08166c8d9633e71e8067fa79f699
SHA256e79998eecb2651830e0eb06a8880489fcc79aa277bc01512aaab9eed45c8d320
SHA5121007ac28b6bd67ff42645c99239bf2d3ec191407a1aee334f301ac42e7f1dff2c0d7dec75acb86ea32cff134451536175bd502ea7ab4f0bb3f0f1da192513e52
-
Filesize
72B
MD538b4bb16a5c25b947334f023fa56e9ab
SHA18e612d40015f3142f2546a17b9bd05eabf0e3730
SHA256d3c894a42ced4675950a3ae23d39f44322f9b731fcf71a2aab04721169d56078
SHA512db23b91f94b26c3c9966f21b46e84724319edfb7dafe4f7aac64c9a89e5dda46c36b803795a7b6016e049472c5dd799ffccfd3ed96bca1fe9903cf3f6701ad6f
-
Filesize
48B
MD55eded3cb44cc6b0b8b24ec35c3d5c655
SHA18385fd831a6f23d47e30e1a484ff189f3657e593
SHA25682b8c108391859f2ffc4ed942603f3b579b369724c8b1e64c9b2774235bcfac2
SHA512c98a97d19ca594974b1899ace86ba5060b384fde146206e891c1e5e32451adfe82e7a1f225f2da8fc48e78f71882e52f5c821514f0fddfcc1cac7807aeee2bcf
-
Filesize
15KB
MD5479bdb9e053135eba15da92973663bc8
SHA104445d497687d5f8af0490206114184230bebcd9
SHA256260e6af3ae7ea680290e6459f4535b9e5e046330c8b7b739730a45b014f5ba47
SHA512399cd2bef7fae6f9534462d0f5a0a254c85ecaa373633ec0aecedf5a0305a1582544961102be698ec97c59d998786b1114b69b199570305d38c944db3370d8d3
-
Filesize
80KB
MD5387d82634d34d3286c6a212f7f3db0ee
SHA14078b92b0940d9ebb896248564655177d4abda39
SHA2569637b8b88a1b1272ca6efcb7b17357bf497c6de8857d4d91be6cc7c9c5f1563e
SHA5123c8c615e507c2cbd93b3d4a8daaa61cd24ca4d7763d0a0499dcce54a94470d1b200a0c3f25fbe68a14eac74a65e95e5ade348915be619f5728c93f5cad06f4ff
-
Filesize
81KB
MD56126187b2a0c782c60bf24f3ae989100
SHA1c62cdde203e0b90b6f8332c906dfd86fc90030eb
SHA25607bd16b2e4f41f08d3eedbcc8ac4374a8f1da67dfb57577093b53407a67beb2f
SHA5123fd82096bd0a5b47f6c86d94f8ece2b39d5c040ba3d923b3c0893dd1b1280e4b134623c9a725b47faabcbe3ff54f5b7781fa6aae26dc79452e9258648a603cff
-
Filesize
81KB
MD5c2c3017c7e79c5b4fd737cc64fa7a5af
SHA1195dcc7d27d86d2acdab291256e50b619c2f05a6
SHA25651dd1ea13f6dd3f59c548bc4d02c2fbb15c51cb1c0e66b6705d41d8f555ebc7d
SHA512530970ef6fd824b0e9c68c851204a3d70d411b3ebfc4016962a90e58aded747002dfac36588255a024acdd79f39571950390a55af88ab84409274c85c4fe5707
-
Filesize
500KB
MD58092b76f06d46ae065e8334fa8f26234
SHA1473dd2cf98b6ace253d83191389cba86d306b94c
SHA256b4c2077be7a4185869fb91d5f651eb30e53f3eb31c35dee36a85101dc9d612ab
SHA5121701121fcb0de54592f9c26431258f18276a9f0597cabc7b09553686c913ef5ab9fd2590f9b2f7e8edb671baaff18cf5a5939eb2caea77481fa80e959bf2d0f9