Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
18/12/2024, 22:25
Static task
static1
Behavioral task
behavioral1
Sample
1710e8e5b9dd61a639428497a44ef3737b022f3ce30fa550a1e9be93ecc31d46.dll
Resource
win7-20241010-en
General
-
Target
1710e8e5b9dd61a639428497a44ef3737b022f3ce30fa550a1e9be93ecc31d46.dll
-
Size
122KB
-
MD5
22c5eeea7aa28d0fbec4ff2b2bd4f6f3
-
SHA1
0e256b75d640fc747010de05bd6c505eac6008b2
-
SHA256
1710e8e5b9dd61a639428497a44ef3737b022f3ce30fa550a1e9be93ecc31d46
-
SHA512
15ae33fa08b06627991208917831dac2aafb9899247fdebd7d64d429c4a895ac36f75fd80ac5fbe5548650477f82fe07cf49e7e3d73172000663bd0b7a69906b
-
SSDEEP
1536:bb5P3k3nxUautQfqko4gQR5sFAVopwg/3zbUIySCzreXnacdAnXVJVmyJts1m7QH:B3ox6tCR3sFAVodvySpKcdAnFag0H
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2528 rundll32Srv.exe 2536 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 1704 rundll32.exe 2528 rundll32Srv.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32Srv.exe rundll32.exe -
resource yara_rule behavioral1/files/0x000900000001202b-5.dat upx behavioral1/memory/2528-10-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2528-13-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2528-12-0x00000000001C0000-0x00000000001CF000-memory.dmp upx behavioral1/memory/2536-23-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2536-21-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\pxA38F.tmp rundll32Srv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2496 1704 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32Srv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0812C6E1-BD8F-11EF-B42B-C23FE47451C3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440722617" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2536 DesktopLayer.exe 2536 DesktopLayer.exe 2536 DesktopLayer.exe 2536 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2812 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2812 iexplore.exe 2812 iexplore.exe 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 27 IoCs
description pid Process procid_target PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 2440 wrote to memory of 1704 2440 rundll32.exe 30 PID 1704 wrote to memory of 2528 1704 rundll32.exe 31 PID 1704 wrote to memory of 2528 1704 rundll32.exe 31 PID 1704 wrote to memory of 2528 1704 rundll32.exe 31 PID 1704 wrote to memory of 2528 1704 rundll32.exe 31 PID 1704 wrote to memory of 2496 1704 rundll32.exe 32 PID 1704 wrote to memory of 2496 1704 rundll32.exe 32 PID 1704 wrote to memory of 2496 1704 rundll32.exe 32 PID 1704 wrote to memory of 2496 1704 rundll32.exe 32 PID 2528 wrote to memory of 2536 2528 rundll32Srv.exe 33 PID 2528 wrote to memory of 2536 2528 rundll32Srv.exe 33 PID 2528 wrote to memory of 2536 2528 rundll32Srv.exe 33 PID 2528 wrote to memory of 2536 2528 rundll32Srv.exe 33 PID 2536 wrote to memory of 2812 2536 DesktopLayer.exe 34 PID 2536 wrote to memory of 2812 2536 DesktopLayer.exe 34 PID 2536 wrote to memory of 2812 2536 DesktopLayer.exe 34 PID 2536 wrote to memory of 2812 2536 DesktopLayer.exe 34 PID 2812 wrote to memory of 2852 2812 iexplore.exe 35 PID 2812 wrote to memory of 2852 2812 iexplore.exe 35 PID 2812 wrote to memory of 2852 2812 iexplore.exe 35 PID 2812 wrote to memory of 2852 2812 iexplore.exe 35
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1710e8e5b9dd61a639428497a44ef3737b022f3ce30fa550a1e9be93ecc31d46.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1710e8e5b9dd61a639428497a44ef3737b022f3ce30fa550a1e9be93ecc31d46.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2852
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 2203⤵
- Program crash
PID:2496
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5286a22093a27d13738bfd77d1262938a
SHA18be57427de101a759b13608e633d5c45877ba8fd
SHA256d49a55693830444f038c662ba181c7f214495a1c75ad2c9df39cad7f16885c85
SHA5124b4ec3a5fdc78d0d7b3635c5cbef4e77fe03e6da6e7c27fcf0002f9106d72e20f9f6f1173030de81b9250797ecf7d2ff48c643e6381c668a83d9a4d50317fa63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534c24e35bdfd24e66ec57e9fcdfeff1a
SHA1bf8eecae2e815d59b5dcada128cf206d46e69e3a
SHA2567ccbbdc84e5c42190266b2f116f3e51220b0f75d7ad054142cc5834bc8f35c73
SHA512f10c01487cd44b95218673623ae724ab4e9e9924cbc097efdaf9168cb81753dae26f01b49f3d1721c319bcd88fe87360f25d3918e330d2b41daef9cf0f645ace
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aeb983e4774b717cf4f50abbba196b4c
SHA158179106eec3a37730a4de65e3b1b4db82447672
SHA256f535c00115ac962bf3904b7a74f96e914ada42bb7cc52e26777fc67126572e8a
SHA5129fa98af4f76bd2aaa3abe971f6a520bdb1d4f1af44f84e2b8ba5a5c27d602dea642101ccae550e4aef5ed98d58a891ac4f42963bf9c5ebf21fcab31f29956a57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae0060265040a804cfb33eb84732bc97
SHA1dc71b18f6fef9e8562c596bf34271dd251305438
SHA25612bf71c000fc0e3dc23d656da327fac1d97ddb5ad8da9274d1656d3f5b7bdb52
SHA5127a13948ad808f1d99fcdb655e3e4c4bfc6479af42c6a1ea4837a1f1a43cda47b02cfd187ff96f56c13febc1a1867f5a0ff236c32f746c19d08370c0375f662d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a18573c1893c53530d46ebe55c4f26f
SHA19fafb8c2c96a01b3992232ec599b6e8a4689378c
SHA2561697d6d2e792cc8af6c9907ad2d922cb751d72300e335896cc3700ded04d0734
SHA5120540e149a28b8caf582681344d28b4b15eaaa0b746d63b0f2bbc1a9e67432316ad6e0bbaad9b86a5d74a7b0b058c89d1cd41f6dcdc9e6dc5c0b308cd6d3138a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55686648220ec526eead3336e49ca21ec
SHA108faab54402cd4eef4cc066e439cb708770742e4
SHA25683053afecc5683b5b57a72aed6a28886c321c77899972cbf96dc787c0959a5dc
SHA512f13728f41d8c90d5e486fb56b2c7198d41f9ed9da2f505ec157729aefeecab9bf3c4ff1c28a5439aeb8e45c589bb721f945a2e8b4a6f1d391521eacc88ebb14f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fac7586a85de63989c0ee3573433df67
SHA1ed057addc1438ccb820b6049859e5b73423730f0
SHA256aa2c7d375444ded53c93d76b44e839630b50b06b24ab78a6648e0bd341c44a66
SHA51222fadb812deaad545865836d155d09b2492d60cf332bbcc2106bb3b6d76ab80205326d5aebfa200e26d0434d51023758c1b4afdc0910099202cd903deda466d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbf4e7272fed2013494539b1e32ca7ee
SHA1253f924e43b7a815cfb1dd27ec89f94bc02b7af3
SHA2561d4af37794f4919f18a8ef66623a603b386bb5f2fb596bf4eb3b3fb1c2612390
SHA512b4188063c4e5b45b85f884d7647361a74b5984a0ba320fe3c56d1c915b29b0afeea5145d3fd855d1bbc2b2634a4b30147196102ceea4c01dc04831095ffd3d7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bba0458b9d473e783d6458921a2ffb4a
SHA13e8841f8228b220e3d7039c06513e6eca00e8913
SHA256dc32010a505e76eeb3c4ed8e39e325ad2b95b03184a332cc895349a92557e7de
SHA5123ef44aba3688b186c10a9b68881bb558addae155111bc3b9380ce716574e0565db0c96be44b8abf127499246a9ddda53de2768c829218e6709d8eca62cf093b7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f82d73abb957fae54d784f8fb851a73
SHA19257b2ab3d9792113e9553f57b7bbc434eec93ed
SHA2566e349726d4b7e0c8c095e184550f81ec99a078433368702e889fbd3d1322e768
SHA512897b6ed8618658cb3128dfbdd8a63ffe487808b743b90ad59ac90d90426d907fc2cd707864de5343d0acd82c57a28308829e8cc70d206a9e03c478a47b16d3ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51bf982379e674a0733c221b2870f9fd3
SHA1ee8953451c930f951dcb56a90392befa6597a44f
SHA256ee66a570451d72d0e6e743644f5d6dd7084cc999cb5716a0e4bdbfb78f32971e
SHA512e6d36a3a85802d20fceef16a0f214a8fa3200f74144dea6c2c7e997397946cce829f57b56ce3e655adf9efe20196a341c70a45902babce0d3255489331c2b809
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50187f846a0a589de613b95adad0f2645
SHA1da4a7cc2e88053d0ee962d362ecc8b3fc875f139
SHA2561de43ba51b22c562927e26fd6609cf432fe8c08482a31d7575f936bbc2876e72
SHA512d9a8d5958e00499ab0a53bbd3b637ce39f877b55bb3f5b3519e83c282e049cd928451e0d4682ed7a1116688ef0e0f8771f8e8360b8b77e3208ba63bdd91b344a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fa35b43853cf13399fb21b8d5297458
SHA12c6cf72aa6914db811024c6a386b089f594f3f8b
SHA256ea4033d0f9451c7e3a7cd4f680ca7f8a3ae1d241f947bf5fc7e208cf325e492f
SHA5121a9301d94aa217480cd75507a23c8f8a486b1d24a8651c2c6cbec2d64c2db11ebdd2173715dc7d18823b39d0b328affd0c09bb4b31cc02ee8c7967acc9937ebf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d65c85020844200b2d0eb14ecb68373
SHA1fd06510783508ec11e6a2dda9e3679cd2b37db1c
SHA256f8d6cf62508405088b79be52003ff321dc10b6cfa49dddf730b28e917590f6b5
SHA512e82699849a6d29473451094b54be0c2c50a34a8d22ee306f367cecec2be807729698bf271c403a561f41edd1846f158ce3d115203a8cd21fcd1e551f767d09f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c8bcd75ddd37f2830ab96ed426faea3
SHA1030fc137ff69aad194a630b5dd0a87a7c1c1965e
SHA2568a5cfcb31c8b5bff1fd305aed3faae1e73c3a25eea2101e8ad68511352bd87ce
SHA51228bc182459534233547c228e85055b861e746a9510de3bc9b10b1ac5eccfabe8095e91a198c57fa8cdd812cfeab035b6213e2254c0951f5f17a7c325c020c078
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd99f435ab37d1c19e644e2f182dbea7
SHA12f0b603778da4b700b41638aaf8de45fed117e46
SHA25626ea69eed60173fe3ae1de5aaee3ae06674d954f00022462a03f3a99260c95ac
SHA512caa3f40396abab8d8287ef99b2092417a29080f2ce5e061de6f187390e19a2bc6f7c9db909272528d6155c287ce8f0592ed38127462aab98944a18c66a987529
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae67321bf4ccbc3eef5f8ed7c4a5a267
SHA1cd8fcd45e2907a7004956a397bfa47d76bc58baa
SHA25659beca50e9be8d630c3e65087aafafd6fd8171123fdfd18f06c95968ea5542f3
SHA512c54cdc129072800afba5a2b0b8d94c0edd5f4edac5b8eab56fa11f66c423c88037cf8d3dd90a245699c56426a0ffd259f10c0c66285efe31bf6b20fb4f136f79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54afa05ea26a81acc4da77b65d21f66bc
SHA1d2b42b2cbcbd3de055dbebb1a8a2606d6ca42206
SHA256ce3aff08954ed20cf4e621414a74a5abbc5ea5a28bd1a64b11bdda854fae708c
SHA512add9c32fbf60a14f61119552990022dcecbfe34457c50055a3bc28617c5d8ba31079f2ccbb1b1ebe2a01cdd44b2b773b2ae843d6b01368d15468b4c9b4eeb0e1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a