Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 19:35
Static task
static1
Behavioral task
behavioral1
Sample
aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll
Resource
win7-20220812-en
windows7-x64
19 signatures
150 seconds
General
-
Target
aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll
-
Size
156KB
-
MD5
be04cb75888afe3e1076f03ea7437d81
-
SHA1
69048dd422408cdb8537f6dbd0cdee6a90f70e93
-
SHA256
aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa
-
SHA512
e31eaf8e958d153e7c2c3ee1f4962a908ac6256fd217a440fb58f1522d09f53b056606aef43f5621be5a34298b7d519069c9ae65e15c98ff27c17df310a98dab
-
SSDEEP
3072:3vY2M8wRBjnPWMowyrR1PFOH4jI/PGYMFMQ1iK9LhBttAXOeIZQoXT3V:TiPWMowyrDC4jI/PGr1i+hBRqo
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,C:\\Users\\Admin\\AppData\\Local\\drlcvytl\\lxdogcdc.exe" svchost.exe -
Modifies firewall policy service 2 TTPs 6 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" svchost.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" svchost.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" svchost.exe -
Modifies security service 2 TTPs 8 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4" svchost.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Start = "4" svchost.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\Start = "4" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Start = "4" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4" svchost.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\Start = "4" svchost.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ddbjiefi.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" svchost.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" svchost.exe -
Executes dropped EXE 3 IoCs
pid Process 804 oJfxHI1K 456 ddbjiefi.exe 2024 ddbjiefi.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lxdogcdc.exe svchost.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lxdogcdc.exe svchost.exe -
Loads dropped DLL 6 IoCs
pid Process 2004 regsvr32.exe 2004 regsvr32.exe 804 oJfxHI1K 804 oJfxHI1K 396 cmd.exe 396 cmd.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" ddbjiefi.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" ddbjiefi.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\LxdOgcdc = "C:\\Users\\Admin\\AppData\\Local\\drlcvytl\\lxdogcdc.exe" svchost.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ddbjiefi.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 18 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6998C883-C3A2-4F14-B622-CE7D7C72BA94} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6998C883-C3A2-4F14-B622-CE7D7C72BA94} regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\FilterData = 020000000000200001000000000000003070693308000000000000000100000000000000000000003074793300000000380000004800000083eb36e44f52ce119f530020af0ba77000000000000000000000000000000000 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\ = "Canopus OHCI DV SD Output" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\InprocServer32 regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\FilterData = 02000000000020000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000006961767300001000800000aa00389b7100000000000000000000000000000000 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\ = "Canopus OHCI MPEG TS Output" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\CLSID = "{6998C883-C3A2-4F14-B622-CE7D7C72BA94}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\CLSID = "{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6998C883-C3A2-4F14-B622-CE7D7C72BA94}\FriendlyName = "Canopus OHCI MPEG TS Output" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0A1AE1D0-1C0C-4106-9CFE-7A6119DC577A}\FriendlyName = "Canopus OHCI DV SD Output" regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 45 IoCs
pid Process 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 2024 ddbjiefi.exe 2024 ddbjiefi.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe 1136 svchost.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 464 Process not Found -
Suspicious use of AdjustPrivilegeToken 12 IoCs
description pid Process Token: SeSecurityPrivilege 804 oJfxHI1K Token: SeDebugPrivilege 804 oJfxHI1K Token: SeSecurityPrivilege 1496 svchost.exe Token: SeSecurityPrivilege 1136 svchost.exe Token: SeDebugPrivilege 1136 svchost.exe Token: SeDebugPrivilege 1136 svchost.exe Token: SeRestorePrivilege 1136 svchost.exe Token: SeBackupPrivilege 1136 svchost.exe Token: SeDebugPrivilege 1136 svchost.exe Token: SeSecurityPrivilege 456 ddbjiefi.exe Token: SeSecurityPrivilege 2024 ddbjiefi.exe Token: SeLoadDriverPrivilege 2024 ddbjiefi.exe -
Suspicious use of WriteProcessMemory 45 IoCs
description pid Process procid_target PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 1640 wrote to memory of 2004 1640 regsvr32.exe 28 PID 2004 wrote to memory of 804 2004 regsvr32.exe 29 PID 2004 wrote to memory of 804 2004 regsvr32.exe 29 PID 2004 wrote to memory of 804 2004 regsvr32.exe 29 PID 2004 wrote to memory of 804 2004 regsvr32.exe 29 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1496 804 oJfxHI1K 30 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 1136 804 oJfxHI1K 31 PID 804 wrote to memory of 456 804 oJfxHI1K 32 PID 804 wrote to memory of 456 804 oJfxHI1K 32 PID 804 wrote to memory of 456 804 oJfxHI1K 32 PID 804 wrote to memory of 456 804 oJfxHI1K 32 PID 456 wrote to memory of 396 456 ddbjiefi.exe 33 PID 456 wrote to memory of 396 456 ddbjiefi.exe 33 PID 456 wrote to memory of 396 456 ddbjiefi.exe 33 PID 456 wrote to memory of 396 456 ddbjiefi.exe 33 PID 396 wrote to memory of 2024 396 cmd.exe 35 PID 396 wrote to memory of 2024 396 cmd.exe 35 PID 396 wrote to memory of 2024 396 cmd.exe 35 PID 396 wrote to memory of 2024 396 cmd.exe 35 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ddbjiefi.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\aba55ba555f43f1fccb63b640c87a347bbca236bf19107dd1f33412cefb03baa.dll2⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\oJfxHI1K"oJfxHI1K"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1496
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Modifies firewall policy service
- Modifies security service
- UAC bypass
- Windows security bypass
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1136
-
-
C:\Users\Admin\AppData\Local\Temp\ddbjiefi.exe"C:\Users\Admin\AppData\Local\Temp\ddbjiefi.exe" elevate4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\ddbjiefi.exe"" admin5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:396 -
C:\Users\Admin\AppData\Local\Temp\ddbjiefi.exe"C:\Users\Admin\AppData\Local\Temp\ddbjiefi.exe" admin6⤵
- Modifies firewall policy service
- Modifies security service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:2024
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869
-
Filesize
99KB
MD52f5964aefc23c144312263bcde6f4c29
SHA17235402d08be134c24289c202b21437cfdee6a44
SHA2569c04fadd4b513f6d221d903e513bc6ce07b9a564db88cbce174db6d9e9a75831
SHA512afe0a089537669cb1de2ab4ed9575665d9837e84cad5acceba5fc22adbc086b51cdadbab8348f940c6908179fc4509d6d0954cba459f9248ae00a9b708803869