Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2024, 05:55
Static task
static1
Behavioral task
behavioral1
Sample
b79592748b232a9a56ffbc5073ca7e34936d3514ae23e54303c5306313171d16.dll
Resource
win7-20240903-en
General
-
Target
b79592748b232a9a56ffbc5073ca7e34936d3514ae23e54303c5306313171d16.dll
-
Size
220KB
-
MD5
ee4be9785927807e79d978973718d718
-
SHA1
12d55fb9ff9a875262b9d2989f9010dfc9f321b4
-
SHA256
b79592748b232a9a56ffbc5073ca7e34936d3514ae23e54303c5306313171d16
-
SHA512
dc36d9dd0c0681758681dd6994decabc953d5a490e0b168d8f1b3cabcb51eb95f3260f36f7cf05abe8fb7e44d096f7f655db750f08ca9796b1362255df0ef004
-
SSDEEP
3072:QgKKuiX63bw5dNjDh8pWVgTlFIYnT1rXk1LGYrM/OkiHfnt:BKZp3KNjVGvRr+LGJ/OkGft
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 4712 rundll32mgr.exe 3916 WaterMark.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
resource yara_rule behavioral2/memory/4712-9-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-10-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-15-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3916-26-0x0000000000400000-0x000000000049A000-memory.dmp upx behavioral2/memory/3916-31-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-14-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-13-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-11-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/4712-8-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3916-40-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3916-39-0x0000000000400000-0x000000000049A000-memory.dmp upx behavioral2/memory/3916-43-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/3916-44-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px9DC6.tmp rundll32mgr.exe File created C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 216 236 WerFault.exe 86 -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WaterMark.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151962" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151962" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3943921460" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151962" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{168AED39-C34E-11EF-AEE2-468C69F2ED48} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{168B1449-C34E-11EF-AEE2-468C69F2ED48} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3941421356" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3943921460" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31151962" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3941421356" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441957537" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe 3916 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3916 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1308 iexplore.exe 2576 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2576 iexplore.exe 2576 iexplore.exe 1308 iexplore.exe 1308 iexplore.exe 3696 IEXPLORE.EXE 3696 IEXPLORE.EXE 4436 IEXPLORE.EXE 4436 IEXPLORE.EXE 3696 IEXPLORE.EXE 3696 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4712 rundll32mgr.exe 3916 WaterMark.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 4468 wrote to memory of 4744 4468 rundll32.exe 83 PID 4468 wrote to memory of 4744 4468 rundll32.exe 83 PID 4468 wrote to memory of 4744 4468 rundll32.exe 83 PID 4744 wrote to memory of 4712 4744 rundll32.exe 84 PID 4744 wrote to memory of 4712 4744 rundll32.exe 84 PID 4744 wrote to memory of 4712 4744 rundll32.exe 84 PID 4712 wrote to memory of 3916 4712 rundll32mgr.exe 85 PID 4712 wrote to memory of 3916 4712 rundll32mgr.exe 85 PID 4712 wrote to memory of 3916 4712 rundll32mgr.exe 85 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 236 3916 WaterMark.exe 86 PID 3916 wrote to memory of 2576 3916 WaterMark.exe 90 PID 3916 wrote to memory of 2576 3916 WaterMark.exe 90 PID 3916 wrote to memory of 1308 3916 WaterMark.exe 91 PID 3916 wrote to memory of 1308 3916 WaterMark.exe 91 PID 2576 wrote to memory of 4436 2576 iexplore.exe 94 PID 2576 wrote to memory of 4436 2576 iexplore.exe 94 PID 2576 wrote to memory of 4436 2576 iexplore.exe 94 PID 1308 wrote to memory of 3696 1308 iexplore.exe 93 PID 1308 wrote to memory of 3696 1308 iexplore.exe 93 PID 1308 wrote to memory of 3696 1308 iexplore.exe 93
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b79592748b232a9a56ffbc5073ca7e34936d3514ae23e54303c5306313171d16.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b79592748b232a9a56ffbc5073ca7e34936d3514ae23e54303c5306313171d16.dll,#12⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4744 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵PID:236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 2046⤵
- Program crash
PID:216
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4436
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3696
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 236 -ip 2361⤵PID:1492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD573d8dd7eaa8896905e31f1960f51ece1
SHA1164e031603e75d95091220c5ff0d695547f6d3ae
SHA2569ff75ab638fe252bd0d04aea3f0ce38270ffc8df5db9399f9ea45aaef196dddc
SHA5124879585482992d7ea3ee02775b74592b06daab32a63dc7700dd4da40c45a524f3bcfc2beff928a85563f09ad0438be5b3e458bc3d0cd08ad146d416fec014a04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD59715d4964a568ea61dc8b7173408b204
SHA148331b8217f45e08d85586d07e58d10cec96212c
SHA2566fc7eed4500da0ae618485d41e64305306fb8adef6c4aed665e0316834d755ab
SHA512d0bc72431f51645b07287334d44166f195b3909a528895f7d1ccc25ab73d63b0048a2d10d2b54b0a4f4c394f4476d3f42a86a18f4e0879d0d789ec65ddd2a12e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD59fe0b2731333f838348fae6cb48af95b
SHA14c03166508e55f23af8b18050cd0807bb2bb6420
SHA256a6639d68277263add626524a681c01b46d68a3147d212fded021310bb77e80e3
SHA512981f79d115d8dfcfa5f2496d039a5f28e9c09057225ff4eed631000691cf3efb7c6998e7669873031ad85e9a7d0f231dedafe7636e051007f5b1ad9a957d5694
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{168AED39-C34E-11EF-AEE2-468C69F2ED48}.dat
Filesize3KB
MD5376ffaa1ffd76a76a97dbf0460dd292b
SHA19d126ec24f324f364b4bf0f50e261a80d1ab3b47
SHA256fd9c48f7cd47fe8782e6066553e9f0c08a8133978a799f4c260f2633b79ab9ab
SHA512cf61d96fdfdb8d0feea1c4c15ac38528f08c932f4c2c05c07d0c48a48eb7ff630b1b3290701d1ed57546622a077750628c1a61406468195ae02a7b988447dcc9
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{168B1449-C34E-11EF-AEE2-468C69F2ED48}.dat
Filesize5KB
MD5c3389e30ca5e3f1bb2807e9702bd9151
SHA11be9a90dc876287b755e4426d691ed18e98a58a2
SHA2564a2038093072c98161a7713e9003e44f71ae0fd9fba7261870b779bc6d932a86
SHA512b1dedf03a09c03c05046d3729920995c51679b0a22bb554ffee97ed99faa58680d02f323b848b3ebb16a0981523a631bc2ad20639416bfa51ca905f972c5c4f1
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
103KB
MD5424873689d318369e458684a7d47bf18
SHA1cc85aecf385fa222d3073d2aa53dcd0b3eb62068
SHA25604a22ca7674eedef61f9dac1dd7ad08460ff0c0d4e71ba34aa2469bebec8029c
SHA51253e67ebd100ade88ce81477eaf54b0592da0feb461c8e63cb46420a82d3d26bac93eb75455fd745d3277a31f9d6841f356267b685fb55fe4236833a0e79bef8f