Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3breakaway_...1).exe
windows7-x64
9breakaway_...1).exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3BaDeskband.dll
windows7-x64
3BaDeskband.dll
windows10-2004-x64
3BaDeskband2_32.dll
windows7-x64
3BaDeskband2_32.dll
windows10-2004-x64
3BaDeskband2_64.dll
windows7-x64
7BaDeskband2_64.dll
windows10-2004-x64
7breakaway.exe
windows7-x64
9breakaway.exe
windows10-2004-x64
9endpoint_volume.dll
windows7-x64
3endpoint_volume.dll
windows10-2004-x64
3uninstall_...ay.exe
windows7-x64
7uninstall_...ay.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3Analysis
-
max time kernel
31s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 01:38
Static task
static1
Behavioral task
behavioral1
Sample
breakaway_setup_1.44.00 (1).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
breakaway_setup_1.44.00 (1).exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
BaDeskband.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
BaDeskband.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
BaDeskband2_32.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
BaDeskband2_32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
BaDeskband2_64.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
BaDeskband2_64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
breakaway.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
breakaway.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
endpoint_volume.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
endpoint_volume.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
uninstall_breakaway.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
uninstall_breakaway.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
General
-
Target
breakaway_setup_1.44.00 (1).exe
-
Size
4.4MB
-
MD5
11925cf38de9313e87a3980a53ac0be6
-
SHA1
a9d2e27a4b789fbef8b23e740753b6eb85e65516
-
SHA256
8efb44d31cb52a7087fd2b76b8650cab8a39616106189fa732f44ea676c6035a
-
SHA512
67bee82ab48cb75d49679060180225ce1c18530a942089b4e9d531849bc087b08bab2a13c9bd1eae758543f82bb1bcadb16981e35b34c6f817a389d1147abab6
-
SSDEEP
98304:GB1HdkWyGx7qLQx+MAVkuntmGfBgLvr8uN6mjlUtA13WkRdfewG1ha4H:GBrkWUo+MAVkunlEvxllR1bRpGhH
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ breakaway.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion breakaway.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion breakaway.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 1 IoCs
pid Process 2596 breakaway.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Wine breakaway.exe -
Loads dropped DLL 9 IoCs
pid Process 1352 breakaway_setup_1.44.00 (1).exe 1352 breakaway_setup_1.44.00 (1).exe 1352 breakaway_setup_1.44.00 (1).exe 1352 breakaway_setup_1.44.00 (1).exe 2260 regsvr32.exe 2740 regsvr32.exe 1352 breakaway_setup_1.44.00 (1).exe 1352 breakaway_setup_1.44.00 (1).exe 2596 breakaway.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Breakaway = "\"C:\\Program Files (x86)\\Breakaway\\breakaway.exe\" force" breakaway_setup_1.44.00 (1).exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA breakaway.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 breakaway.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2596 breakaway.exe -
Drops file in Program Files directory 5 IoCs
description ioc Process File created C:\Program Files (x86)\Breakaway\BaDeskband2_64.dll breakaway_setup_1.44.00 (1).exe File created C:\Program Files (x86)\Breakaway\endpoint_volume.dll breakaway_setup_1.44.00 (1).exe File created C:\Program Files (x86)\Breakaway\pipeline_icon.ico breakaway_setup_1.44.00 (1).exe File created C:\Program Files (x86)\Breakaway\breakaway.exe breakaway_setup_1.44.00 (1).exe File created C:\Program Files (x86)\Breakaway\uninstall_breakaway.exe breakaway_setup_1.44.00 (1).exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\install03762.log breakaway.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language breakaway_setup_1.44.00 (1).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language breakaway.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{395B7671-6D1C-11EF-AAF2-E67A421F41DB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Modifies registry class 17 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\InprocServer32\ = "C:\\Program Files (x86)\\Breakaway\\badeskband2_64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B132FE14-1628-EFF8-44DA-7BA2C67D} breakaway.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B132FE14-1628-EFF8-44DA-7BA2C67D}\ProdID = c36e5e7c0e4f90bfdeae1d82c60f26217d8f7ae6 breakaway.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{505DD401-DD61-F8A9-76CF-193F4086} breakaway.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4694A4D-785E-8835-3232-E4D51982}\ProdID = 66c1a334ec8f976120a79f9518908766862a146e breakaway.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15} regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{505DD401-DD61-F8A9-76CF-193F4086}\ProdID = ac799d7c8ec099a0c8c701aab81f486b32a14325 breakaway.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\Implemented Categories\{00021492-0000-0000-C000-000000000046} regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBDA85CA-9A87-925A-9213-EA37B69F}\ProdID = 8a3cec4dccbc4d3f9ede9c61b66fd5d05e31daa7 breakaway.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4694A4D-785E-8835-3232-E4D51982}\ProdID = 74bc9be2c86f1621de485f5dd66f674f4c8c92f0 breakaway.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\ = "Breakaway" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBDA85CA-9A87-925A-9213-EA37B69F} breakaway.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4694A4D-785E-8835-3232-E4D51982} breakaway.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{505DD401-DD61-F8A9-76CF-193F4086}\ProdID = d27e5d850c70d85d2069e0691870c85aceef9316 breakaway.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4621432F-171A-4B7E-8AA2-E560810DAB15}\Implemented Categories regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2596 breakaway.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2596 breakaway.exe 2596 breakaway.exe 1696 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1696 iexplore.exe 1696 iexplore.exe 2660 IEXPLORE.EXE 2660 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 1352 wrote to memory of 2260 1352 breakaway_setup_1.44.00 (1).exe 30 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2260 wrote to memory of 2740 2260 regsvr32.exe 31 PID 2596 wrote to memory of 1696 2596 breakaway.exe 34 PID 2596 wrote to memory of 1696 2596 breakaway.exe 34 PID 2596 wrote to memory of 1696 2596 breakaway.exe 34 PID 2596 wrote to memory of 1696 2596 breakaway.exe 34 PID 1696 wrote to memory of 2660 1696 iexplore.exe 36 PID 1696 wrote to memory of 2660 1696 iexplore.exe 36 PID 1696 wrote to memory of 2660 1696 iexplore.exe 36 PID 1696 wrote to memory of 2660 1696 iexplore.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\breakaway_setup_1.44.00 (1).exe"C:\Users\Admin\AppData\Local\Temp\breakaway_setup_1.44.00 (1).exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1352 -
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Breakaway\badeskband2_64.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Windows\system32\regsvr32.exe/s "C:\Program Files (x86)\Breakaway\badeskband2_64.dll"3⤵
- Loads dropped DLL
- Modifies registry class
PID:2740
-
-
-
C:\Program Files (x86)\Breakaway\breakaway.exe"C:\Program Files (x86)\Breakaway\breakaway.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.claessonedwards.com/download/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2660
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD505a8856111f44dc232911ebf06963037
SHA132bc0ae743c6b05beae7a58bdf2c8abe2d91cba8
SHA256e9bd6f43cc6779b328887d250cf3f67b56375d633f53fd38b549b11156074549
SHA5124c3d01c355ccaba32aced45a8bc3ee115a7875bafd2a8fd03cccebf637c7438c5ecce25b1500252532a0512b9fdfe94ec5c3ab98cf4995d1063d281347365e42
-
Filesize
107KB
MD56e4cdc51778d23fdf00fc7e924044721
SHA16337874b23f06596c0aec2e7ae229f524bb37f9a
SHA2563ff0389a6153ec10077404435ecaa9bd9b77c4e2eccb60b44eb2a4a4b173d8fa
SHA51284e26df4f7f8305fd99823af31b7e464cc19d86ed8f712a1461f6cd7cf4d9c1400cca6626707073795f8f70d5cc5cc1b8b4c11b30bc0e020a5f93accecc92a1f
-
Filesize
51KB
MD5307075f9904572d515813fdfc88c10eb
SHA10b88ce4b791bc1cf80dce6d7e0601233d9046de1
SHA2564da390a13cabfbd3f94537a021a4b21f69f089d44d4e496af6d6090a046cc52c
SHA5127de16df50e66d22b169c9300ebf6cf70a0a4cd0b4a8bc82ea70111b55d89c7eb9e7e46191c4b918db7cf0574b3218e99d286b55c14ef0e6e455b5d7ff0a7c28d
-
Filesize
5.9MB
MD51b90da8b29716405565d08d8fdd116a9
SHA1e211b215f4d2dd03a8047241bb2fd689baca5c61
SHA2561a8ed7a0e13fb993a71d03574b3a54ecc8488c626baa4783de541373bf4e0fae
SHA512374284ba521de59cf3ca7bd9aba4bd08f395a8465e56c97d323e712e8dfed0090dac339a85ccf1c93eadec52e69de919626c67d33eff1d6c2e6de285e8dd82ab
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
14KB
MD5b7d7324f2128531c9777d837516b65a6
SHA1e15e44fc7c907329e1cd3985e8666b4332f4fa48
SHA256530dc2b26366fc86072487438317a5723a10ff8b38522f9e813df19146a31033
SHA512829fc241cd377de094faf80bb38828c3d877170ca4a3fd85810bc911d2ce38941f8067ef681c21d8bbc04be8a99a3d32b3aec51ae7b32d3a89e5a9d9597ed8d5
-
Filesize
9KB
MD5c10e04dd4ad4277d5adc951bb331c777
SHA1b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
SHA256e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
SHA512853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e