Analysis
-
max time kernel
70s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
17-11-2024 07:58
Static task
static1
Behavioral task
behavioral1
Sample
a094b87a3207cbdd7a73635ef59abc1dcb7e2dad66b007b53fa11d1b213ca849.dll
Resource
win7-20241010-en
General
-
Target
a094b87a3207cbdd7a73635ef59abc1dcb7e2dad66b007b53fa11d1b213ca849.dll
-
Size
953KB
-
MD5
cf40c0b5a4271d742692ecfcf85ba7a1
-
SHA1
5b006ed58a8038868260aa1628cff879d67c8650
-
SHA256
a094b87a3207cbdd7a73635ef59abc1dcb7e2dad66b007b53fa11d1b213ca849
-
SHA512
9e51e5aacdfcf38af5ee60eb788a003504c3512c1d50525ceaff42bccdf05ed16467713fd6677af89e7023cb98ab9d6889e58820262746b8c7f95196a4a41c44
-
SSDEEP
12288:NPGmZJkU4SU1zuGCR3xouiQXf5UFDg5dsf+U2lz9PDd03gQ:NPGmZmgU1zuZR3tis5UtRf+pvd03gQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
Processes:
rundll32Srv.exeDesktopLayer.exepid Process 1516 rundll32Srv.exe 2448 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
Processes:
rundll32.exerundll32Srv.exepid Process 2380 rundll32.exe 1516 rundll32Srv.exe -
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc Process File created C:\Windows\SysWOW64\rundll32Srv.exe rundll32.exe -
Processes:
resource yara_rule behavioral1/files/0x000a00000001225c-3.dat upx behavioral1/memory/1516-8-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1516-11-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2448-21-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2448-19-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2448-23-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2448-25-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
Processes:
rundll32Srv.exedescription ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px32D3.tmp rundll32Srv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
DesktopLayer.exeIEXPLORE.EXErundll32.exerundll32Srv.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32Srv.exe -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5E5E431-A4B9-11EF-A7E1-668826FBEB66} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437992169" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
DesktopLayer.exepid Process 2448 DesktopLayer.exe 2448 DesktopLayer.exe 2448 DesktopLayer.exe 2448 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid Process 2932 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid Process 2932 iexplore.exe 2932 iexplore.exe 2572 IEXPLORE.EXE 2572 IEXPLORE.EXE 2572 IEXPLORE.EXE 2572 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 23 IoCs
Processes:
rundll32.exerundll32.exerundll32Srv.exeDesktopLayer.exeiexplore.exedescription pid Process procid_target PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 840 wrote to memory of 2380 840 rundll32.exe 29 PID 2380 wrote to memory of 1516 2380 rundll32.exe 30 PID 2380 wrote to memory of 1516 2380 rundll32.exe 30 PID 2380 wrote to memory of 1516 2380 rundll32.exe 30 PID 2380 wrote to memory of 1516 2380 rundll32.exe 30 PID 1516 wrote to memory of 2448 1516 rundll32Srv.exe 31 PID 1516 wrote to memory of 2448 1516 rundll32Srv.exe 31 PID 1516 wrote to memory of 2448 1516 rundll32Srv.exe 31 PID 1516 wrote to memory of 2448 1516 rundll32Srv.exe 31 PID 2448 wrote to memory of 2932 2448 DesktopLayer.exe 32 PID 2448 wrote to memory of 2932 2448 DesktopLayer.exe 32 PID 2448 wrote to memory of 2932 2448 DesktopLayer.exe 32 PID 2448 wrote to memory of 2932 2448 DesktopLayer.exe 32 PID 2932 wrote to memory of 2572 2932 iexplore.exe 33 PID 2932 wrote to memory of 2572 2932 iexplore.exe 33 PID 2932 wrote to memory of 2572 2932 iexplore.exe 33 PID 2932 wrote to memory of 2572 2932 iexplore.exe 33
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a094b87a3207cbdd7a73635ef59abc1dcb7e2dad66b007b53fa11d1b213ca849.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a094b87a3207cbdd7a73635ef59abc1dcb7e2dad66b007b53fa11d1b213ca849.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2572
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5397bba7f35dfb705e57557d6fbda7f9d
SHA1a2fdd13c6a14db85a60c1493bfa0782212f1c087
SHA256b393d25ec0385af17638ae25b0b3e6463c867c3be019f3a3f5e5e3c02e09061f
SHA51217787fd687973213c05fa413a6d64d92a9ff08aa358891898a09abc147a18f7e1b29bec1db86b5495adf72b0e5ae201bf4caef350051876bcc94f4496b4df8c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578ca6b38dfd16dce31dfa086f37349af
SHA1e67ce21b4a1bf60ba00fde431b2a2b1affb80a00
SHA256fb2988086895734ee4026ce013ce696ee1014a27a1dac08c897b9102fb84c38c
SHA512d621d5696e50d48c411680b69e082bda7a95d6e354686a6286e9b677f90076c8328b37aa135b542301246e754c958d84efefd8004f5da9dcbd43e4db7460483a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50be66c5dd0cc0a5b96928f08955ee6d2
SHA16acb4aec9b442a7df3f6a1ecc839dc92d4305ec6
SHA256a89ce094527bf7fc44fef12578d86f61faf0ea89a0cbcf43bc80ffbc8a75866d
SHA512e79a3a423fec3ee05bf7e02f377bbd912aa69b9aa53a6022fd5dd40228d331420c139315f9a7d19ab222ae448d7c09c95ca76e067a2fd6e8e45267e61e61d5e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54285c988675846409fa68f5b4fbf1f41
SHA18d32c36a0a1d9b33ee1c3b8b0fb560fa1e803a0b
SHA2568bee240e1adf0dc5cd1e72f184ebb70c36086f1f13aae992a3378f934ef36a2e
SHA51223ca4319785130e88f69317d9ba65ca24fa75742ccae70087e394edd0ae5bd638c8994202f6a0149a56fe5705472bc601ba128ebf9d6f4f2a0b24329ab51021e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56afa3ee5d46d7c8038726ae269a61a84
SHA1caa7051598af62a7b6ff5f25397b039ee9f11f61
SHA256ef31e076cae47947b3716772ae143c159c58b1033765efee895c6cee998356f2
SHA512f77be6910b33ab291fa7e7f62b5b776946257a34c99f6c665fc7d2b60a2cce551c853e3b9dbf25e8bad3220722885329d6c5b9ae7b2673b7e7244134e601c0e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e97c1183bb1851e0e74006681bad29f8
SHA1f1324cd7124b00c0ae69ab017bf7e8484d5f67f1
SHA256db0223ee11ac2495ff217744f09fad2faf545f1c404fcd34ef3935f1d5233913
SHA512e7287e8847bfbe4f89bf1082a0ab2743c33469a67bd06f2d27d155ae873b3e3c2f8fa697655b411338feefb92105f3b9e33f04f27381e7a2cadd9c3a07b22558
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50295621126b0d3315cf8cb45826768d8
SHA1242df8ea2c6bb8f98dd8a21ca3408db2f48ab186
SHA2563733464f089184985411b2eb2f96aae4679283bc5888ba0ba10086b22812d42c
SHA51292570475e74fd510a2d076832ec9e0c5e2bea3bb4e451f72221aba76657ba3e17efb377a48798c4cb3f16502659199f1adb3833dfdf6f4cc6505c4f5f34e3879
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a58664eea6b7bbf327205f0e5c8a3c92
SHA10945912a8a1960b052db117d3d5a43c933167b84
SHA25688a4489d2c5334beac891655612f86cb6ad2d32fd119f09f3758d796738df091
SHA5126d3aecfe81f61e4e7d6848ffc3db13f8ddf79ed3e998ff1d2d1a7432c39dbfe3109c32e25dcffb5aa2003428632db66bb8777363de3a1bb673a5ab64ebb650db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1334abc3750422c96f1e99dac674bc5
SHA1ab0956fc1f512863368838c58bf957d8bc464969
SHA2562a7cc7abf005729b7010872c2324e3260ca1c3197bec50cedabbbb7ff2e83c16
SHA51244f85b4125920ef75b6f923da6c4353766ad7948a609735681fe5f907b41a3cc12d566c6ea7df1b9aab45ce99e67a9d2bd546f99afb399c63fa3f8a2db0a16c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0ace424c971a89a324d06939768edc1
SHA192fba3ac71fd2d39b9e307580741094a888de574
SHA2564dae1c6e1461e3668b49a463705e021df6b0576d970fe2770378b654dd134b4c
SHA512ab3c8c21c12aab18dfaa075953229ad49d2413a198805aa2eb24aa981f34c9b41283cd04175b366db81c68b607d661ed96caf985b0d5e5709d630bdf6151a6e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5baa289a518c44fbd63d29709dfd977df
SHA1aa31791ac13f659eb9f6b96a9617428deda5052b
SHA25697ef252decf3544acc9d957fe02ef977f1ddcb27645f64951047c638fd180567
SHA512224a8d3e2bbbe4de29b0ea850c47994cd5df99332f4365a657a3f6fed6e28eeb78a79acf66629afea06ff1d5fb2d82e3a07718d606c7dc1729132540d4a0fbea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a9f992a5485d53dc1217fa7dd614134
SHA103d09715437b7d8e5cd1bb5e99e618ee0bbbcdb9
SHA256e9d7b659170fd609a2c7f3a57f19ae49255015fe8b8e9ec318cbdc835b9d0445
SHA51227a9c2b0ec4a16117566f1002fb8afa4b5e0a21bedf62e25516bcb5ff91657b8b315bf47ee53b1a078d99fee420f806eebe79d0d58535411b9f2498068062014
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53aec4cae078cc3444807fb905e008893
SHA110936deaef8d24d53d6b96331e63ed7d7d4e99d7
SHA256b765bea998c9cd46801188dcd77d35f5f82233d9f650470751b3b9e0d58c1c5c
SHA512f7241db77376cb6ca4fb029cd4ea13f58856f08a7b2f6aada9d7afe6a66d5c15e27eea74e7ef0d455e49fc649fcbbd9922c56327cfbd453b09e965ff98536906
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f462817b854009da13979228c392e088
SHA1648e463e78f6e7c84e8aae9a34b586d2ba207edb
SHA256966e85009b51bf2b3ac28c249d9f12bda6ad86ea6f855a6d07206d61f38e59e1
SHA51226cbced6004832b19fccc81be6c0a4ac2f4a46f8dd0f55c7b6b7d9cec989149ff81fb25e4136308de4586039624631601c9bee3c06d452eac8658c9a5fe7aca3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab63a43e94f4516b296e7156b7b026ab
SHA1c37e8b5741ffc36f5e52bb89bdb73dd34127233e
SHA256b1735b8f541b2808049321241de218457670f79c815c02a8e49e304c155e8698
SHA5125977e118ea1404d6ead17e7a2e92346324c2105b816286cb8d5493e65d08571aa27758d5ba29dd188364cb0bea54e3801212a744e025e5bd83bcaedc6ab82476
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531f7ee8722f34b3c21c765bb327d07b3
SHA127c26d723562a7c747b3e3d5fd86d4ea742136f7
SHA256084d3c03e7bff6a91a055c541588bffb65eaee7d8c90494a9d44b722a901f066
SHA512a07b9231fc1e80a793b0c39a76e0b11e78241c7320cb7172846a008ae2ab438650398427924fc2f0122b671d22ce87583ecfd81938c84150af00378d77b1f5ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4e4c8e6a1179b6fdae4b0f090c57b82
SHA13fed122b7bfad39787f5ee58a1860e360fb16bd3
SHA25611725c3a871c143b775634120372e6d26c56ddb9f510519ee25cf287f62a149e
SHA5124f4a092597d3ba8810a9690800c85851499fc7144f12c80eb2b54708fd3658053cf76c32381a48d35465a531c68a490a676213f0d8a107f3c952b5ae33116bc3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59405306e1d096dbefcf176168aaade47
SHA11ac1d01f913a1119d34f6e393d8d99088633a50d
SHA256788c4d6dd0979e6022a349cd250433613d8e313aa5503fe524465d871327cfef
SHA5124d7571f5a7907dcf898fccd531a91f254ab7b6df95dd5640f437cd4a1bb5c3646bd248f08c5d551727d2ab6d644fecdb8b0ff956ef7f0ffb7cd8946fd2e8e800
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a