Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
01/01/2025, 01:58
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_43198b92a059eb7dae8a5cb62ff178a0.dll
Resource
win7-20241010-en
General
-
Target
JaffaCakes118_43198b92a059eb7dae8a5cb62ff178a0.dll
-
Size
481KB
-
MD5
43198b92a059eb7dae8a5cb62ff178a0
-
SHA1
f5dec61070421f807e006497fe320675a9281b0a
-
SHA256
203d270cd275fdb347981f5f4e8c53e9e8126f1f0b890dcf33204aaa681b23ce
-
SHA512
aa4dae9e89426536566af520ffc2b50306f08143bb2d551732877146123f8af9ce8cfa0b4fd7463a934623fc7b8d30fb46bf223897b57420595f50b7b6556172
-
SSDEEP
12288:/fPQCxgYD8G36od+nzDRpujoEHprlW4nEDqTvTZOOUNvDQ:HPBxZ6VQjOOWN
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2388 rundll32Srv.exe 2588 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 1704 rundll32.exe 2388 rundll32Srv.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32Srv.exe rundll32.exe -
resource yara_rule behavioral1/files/0x000c000000012263-2.dat upx behavioral1/memory/2388-8-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2388-10-0x00000000001C0000-0x00000000001CF000-memory.dmp upx behavioral1/memory/2388-11-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2388-15-0x0000000000430000-0x000000000045E000-memory.dmp upx behavioral1/memory/2588-22-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2588-23-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2588-20-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\pxD4CC.tmp rundll32Srv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe rundll32Srv.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32Srv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2B92BE1-C7E3-11EF-B9ED-7ACF20914AD0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441858599" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2588 DesktopLayer.exe 2588 DesktopLayer.exe 2588 DesktopLayer.exe 2588 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 23 IoCs
description pid Process procid_target PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 2608 wrote to memory of 1704 2608 rundll32.exe 31 PID 1704 wrote to memory of 2388 1704 rundll32.exe 32 PID 1704 wrote to memory of 2388 1704 rundll32.exe 32 PID 1704 wrote to memory of 2388 1704 rundll32.exe 32 PID 1704 wrote to memory of 2388 1704 rundll32.exe 32 PID 2388 wrote to memory of 2588 2388 rundll32Srv.exe 33 PID 2388 wrote to memory of 2588 2388 rundll32Srv.exe 33 PID 2388 wrote to memory of 2588 2388 rundll32Srv.exe 33 PID 2388 wrote to memory of 2588 2388 rundll32Srv.exe 33 PID 2588 wrote to memory of 3020 2588 DesktopLayer.exe 34 PID 2588 wrote to memory of 3020 2588 DesktopLayer.exe 34 PID 2588 wrote to memory of 3020 2588 DesktopLayer.exe 34 PID 2588 wrote to memory of 3020 2588 DesktopLayer.exe 34 PID 3020 wrote to memory of 2932 3020 iexplore.exe 35 PID 3020 wrote to memory of 2932 3020 iexplore.exe 35 PID 3020 wrote to memory of 2932 3020 iexplore.exe 35 PID 3020 wrote to memory of 2932 3020 iexplore.exe 35
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43198b92a059eb7dae8a5cb62ff178a0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43198b92a059eb7dae8a5cb62ff178a0.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2588 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2932
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c98696916cef2f677a1a4bbf7c090977
SHA1ee7c751d91ca777396a9f80996744282f1f5b98f
SHA2564c27c8fb57ecd7236c8c1a28e9bcd3121d0d5d84cf6600619ec58ec72777d33e
SHA51214ca157bc4afa3dd27328fe386af137fa306b60b669fa214467f45c3aef10d52748640e03e27499cbbae24da298dc34c37225d505e6492f6af1bed65d87a3047
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb497890c4356388b29bb1f875c0fce8
SHA12ca1ed74ea157828c078f9923d4dffba15ffc732
SHA25660069da1f6f30cbf5aafcbb9136203e299c3d89804d68c8db18f558a7856db73
SHA5120a5e6f5795633993bcf46f58f2fb0ec1a3bf8912c873ac86d2f672fdb70ec7bf10bdfa317a10a55ce60d309626fb25fc89c66e50e68aa17e3de72b5972298277
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522014a76ae773ca57e993ddc7d4f24f3
SHA1cb575af8b02d0f73cd3469d4208865d1531c8500
SHA25678863ff1e29a5658664ce0bbcea82b5c5dbb0b002f3e938de6b84b800184f1f6
SHA512ff50acee32d37d734af3692c80508d2946aa72585461bdfa2dd7aa154be31e8e52e0680cd00f8503fb189fead16623ffcef9ead7750d17e90380376b7392725a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58d797321c0f3af5500f343ec7ce92012
SHA14701443c0ca7b3dac6da900d26d82f12fc98305c
SHA2562c5b1a951f8e3c94185a5ffb7d0a9764ca35d52273cc69afbdbdbee9b2978c04
SHA5121c60497e33b581564cfe7ad361834956a9ed31e801119be4fce66207ceb5694fe6bf13b8352ba8eb9d3fdfdfc3beb32db4b151c3775ad131e1cc2e6553c0ff90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ed482ae066c5575f19a3f650cff9577
SHA1f386ac580bb09447d5d12a28a9209fa716a3d4a5
SHA256d27b926e782aa784e9ae1df28d2229c6984499c4720e8581bfcbafcd9ed48f99
SHA5128bcb7711d23480ced692e83e0a96d4db81880674c12bb60e29f3d9a1aef2a9378a5d85e5508362859cf7268234934e20547e73b29b46d935e8f1b1fe44a06a1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a6e99cca7a36e3ba3aa333a6edf22bc
SHA1d043525bdada3459d4277edc68a3e79fb3d5cbdb
SHA256d52a09e6329dbcb083a6ce1441855a69933c2aa08d90d49ded4e6b754f9fbbfd
SHA51279b16756f3281fa22aa680ad988d1e20d67d7d977b556241fc8608bb302488aa14d02c70b18c5e81a46281c73468c55b94d50cdf40f890283f0b6b2b64d356f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577d3c38417ccc6af64a23c342e639aec
SHA15b04bf14022e4261a5cd493db4a4173feeca13e3
SHA256887a3195e615477943aa6051d21382bb20839d40f1df1f60d03683b78a374ae0
SHA5122ee95bfbb4315e5314df9c5f3a358a3f00b4157266198263e06ae535614aa508234116d0e15bf9ce466407f8bd1cdda59e6a079d30b1c0f1c22efb3591754245
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514f5934764a375ccd5d6bc83f1382376
SHA15a4f2d2b9e82cc65abcc15a05cac4f9afb5f0d62
SHA2565cf71feac12ae6d797b65731acdeffc1dcde134695caf729303c4c56002b3d76
SHA5127a2497d3708984ebe9db7a95b0910b4a22d57a1eeade71d528e5d0b980e8ce18fd8cd4da4d208c231db51d0118605706d58660fdcde1203fc5adff2d6d17a81c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd0d21700e2c0d4a63cc17f07076fa54
SHA19ca3c4c7e7ebd1824d1092e9456ecb1f92b6ff47
SHA2563fb7057afb73eff5bc93c74e896c6695e21ad7111070b56c5d673b58508c4fac
SHA51216756c5becab3ef939cb3bd44d829618cd33332c4412feadee2b76b8f71437b9c7d9ed257240ab5439541edabda6566f9bba4cd7b8621f1089e115fa68724b26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8507f4983f3b7957edea4fce7368bbd
SHA1c61bd608e4cdd82bf9e5204011b4d4a2ccc5afe0
SHA256294fffbe3a39228759552e32b56860dc15672da150d0462ee47664525626de6b
SHA5124a35e415e7f314b2dc34d6cbfcaedb0ebc146a579061faf097f8c33723612d2f1074bcd945602cad34d4ec768ce1e13b4d94c4abf8f10e780290861b36172a13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ac282a45b47fa1f2c112a39c916e716
SHA1c7e8ca75e2637bc8795cefd743b2638be2b1ec6f
SHA256a94d8573931e861214db138c3b5e2f9c2082fcc0aafef5d4401a2dc3e03f34f3
SHA5127ecea2a9e59937ffeb7ea0649bcadf7aae79df8bc6fe44932db2b2cca061a338683fc0299baa5eb8b50b10c49fb2cdb8f14a225884955816b728beaaa697840e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b41378d9ae4b49107ca3fcd910acce56
SHA1c88f15bd26b6ac76905ba7ed6b82cdd7efa43e16
SHA256e0d7ac3278f376897f7db99dca35097ea0843ff13dbede0e093d763188d2b1a8
SHA5120b9d4dd0d88de489f88ef9b2573ca4b7a118c2fa57a11baaee5fb5c773f5986f8bc32b72cb119b1332f54de0475c712716738b0be357bef98a765b9935821f57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57056f525f6d499d64b0d786e2cf79788
SHA1d5901f229df0229771e82e8fd3cbb805a60bae3a
SHA25681cb4aaa8a63f823670e54a0c728b47007aaea91d92d1b8d8b09e7e7f2adfeeb
SHA5125b17478ee066642a05fd4959a7eabc57bceccb5a3bb1a014febd575afbdf9085a7c828c7b14cd8576435e5e0b25f5f4b2bfc79b80ab61a7ec753875a9eeb34fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD517c19ef5f0352749d685569854c04f28
SHA16d377bb9814880b7eac2b073cd707b94bf9a3de0
SHA256a5b4d2c170dae2d3f79fcb6f4e3cb6107cb57b05f57643a2956c9214dad27603
SHA512ad7203b2c8ef8f0d31b9c5a62b1fbce252dde338f7eb4f16af68ecec07338f9fff11e63ea195d46012f0e08af44693afc4e35279f5040823f3c01ec4fef7f144
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b913bfdab16fe890fd5f67bbe437483b
SHA128d4614104b6947bf83e2c44606bad6ecd226c2c
SHA256f6001ac24b3cfc3b6ac3e68352a84fdedc28046aadb305c0645029d349f5e800
SHA5123fbb3ed5b9227094a15f64b6c94cf2381b25a6818e1dfeb3a4e41f1e238753fe39178bb6f1f06b7dccbdf2c1f9c30b5355b86915f3c58c2a0273d67c50c83ad7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e7ce38942da5f589c4290a9a59d8c03
SHA1f2ab1e3044f2fb71d697ca1eb596e46362862db6
SHA256ea83b08129c6eebdf38093e3eb110eececc9afa5b715201de5fae4a697b0e4d3
SHA51251491ad827da46b9b24d55dffe5ba2721fbaeb053cab3db25fc73a1420117552b47ae4202d1de47fbdc9166451162b7e0717767aa6a7052c9fd81563f8df2be6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c4b82f81b5ecd23d0594fea47d194f4f
SHA10be9ba1b71990fce4ea5eff5d7734cd0a55b8ac2
SHA256de973ddbd65db5abaad1af3272b0c5036220bbce084f3547b6aad28d9769cf3f
SHA5121eec1c2dfddbad995f9477c15bab8bfb53dc1e2401158d10566c039d196ea193b56f0d62ee35f5db19cac9ddb39767cb02868331079dd6c2ddd80593ccac1215
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c213018e5f29c6717c14e7661128beb4
SHA1aa821433fcad4a12f03fe0d4a16e8b7db263ff2a
SHA256466737a01d8be2ea6d215d406e338fca214ae6afddc6067bee9934017b102d1d
SHA512d9a6a5b5a8fe24608504c2d254d266415c777e46af023b9a17a5c046c2e39afd44fbdf9ca0823cdf1f112b3c54f6c9810868b3e193e62d880f9a10f476b85690
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5258417f55e90e469177a298efd7a9344
SHA1e9a38042f20b1de10cbbbab8eed91d3b763a768f
SHA2566884b45e29070c1790ac55d372eb9c879ce421753064a8ccfb4b761354154bcc
SHA512a4602ba3966c6241eaae9da9cf810846ca9e52dbc94da2a6b5ef5c3977a2addc237f8b88296dae28a721018b81f97bd493ccf17fda398d3417c24cec54255c31
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD542bacbdf56184c2fa5fe6770857e2c2d
SHA1521a63ee9ce2f615eda692c382b16fc1b1d57cac
SHA256d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0
SHA5120ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71