Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01/01/2025, 15:26
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll
-
Size
137KB
-
MD5
5a515ccdbfb76acf91839684585abf60
-
SHA1
16a18160a614bdc5a7796c99853b127cb362bc2d
-
SHA256
db1420a2ff6a29f63ed3da12087155231cce82b4550e20cd31fb287e44832514
-
SHA512
e83e06ed0d6c1fcf0590d8e595f41d754e2cc44133401efea07683f8f8195121296a896ec68aa30372087f9e2196fc30eca9dd51970f9cbcb5e5ff6e00b1d82b
-
SSDEEP
3072:/NqgwmI488TRAfVhBQ7P+0Us4Q+LQI1H2UJ2mro/Y:svmlAfVhy75ZlIx2Svo/Y
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 2088 rundll32mgr.exe -
Loads dropped DLL 2 IoCs
pid Process 1780 rundll32.exe 1780 rundll32.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
resource yara_rule behavioral1/files/0x00080000000120ff-2.dat upx behavioral1/memory/1780-5-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2088-12-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2088-16-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2088-15-0x0000000000400000-0x000000000045B000-memory.dmp upx behavioral1/memory/2088-19-0x0000000000400000-0x000000000045B000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2060 1780 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C24AC9C1-C854-11EF-8AE4-465533733A50} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C24AA2B1-C854-11EF-8AE4-465533733A50} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441907061" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe 2088 rundll32mgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2088 rundll32mgr.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2692 iexplore.exe 2116 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2692 iexplore.exe 2692 iexplore.exe 2116 iexplore.exe 2116 iexplore.exe 2884 IEXPLORE.EXE 2884 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 31 IoCs
description pid Process procid_target PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1060 wrote to memory of 1780 1060 rundll32.exe 30 PID 1780 wrote to memory of 2088 1780 rundll32.exe 31 PID 1780 wrote to memory of 2088 1780 rundll32.exe 31 PID 1780 wrote to memory of 2088 1780 rundll32.exe 31 PID 1780 wrote to memory of 2088 1780 rundll32.exe 31 PID 1780 wrote to memory of 2060 1780 rundll32.exe 32 PID 1780 wrote to memory of 2060 1780 rundll32.exe 32 PID 1780 wrote to memory of 2060 1780 rundll32.exe 32 PID 1780 wrote to memory of 2060 1780 rundll32.exe 32 PID 2088 wrote to memory of 2692 2088 rundll32mgr.exe 33 PID 2088 wrote to memory of 2692 2088 rundll32mgr.exe 33 PID 2088 wrote to memory of 2692 2088 rundll32mgr.exe 33 PID 2088 wrote to memory of 2692 2088 rundll32mgr.exe 33 PID 2088 wrote to memory of 2116 2088 rundll32mgr.exe 34 PID 2088 wrote to memory of 2116 2088 rundll32mgr.exe 34 PID 2088 wrote to memory of 2116 2088 rundll32mgr.exe 34 PID 2088 wrote to memory of 2116 2088 rundll32mgr.exe 34 PID 2692 wrote to memory of 2884 2692 iexplore.exe 35 PID 2692 wrote to memory of 2884 2692 iexplore.exe 35 PID 2692 wrote to memory of 2884 2692 iexplore.exe 35 PID 2692 wrote to memory of 2884 2692 iexplore.exe 35 PID 2116 wrote to memory of 2620 2116 iexplore.exe 36 PID 2116 wrote to memory of 2620 2116 iexplore.exe 36 PID 2116 wrote to memory of 2620 2116 iexplore.exe 36 PID 2116 wrote to memory of 2620 2116 iexplore.exe 36
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5a515ccdbfb76acf91839684585abf60.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2884
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2620
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 2443⤵
- Program crash
PID:2060
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547cdb9325bed290268a03c160631f2d7
SHA1c7186f1e96f6fea92156019663adbc925590330b
SHA2563b6b67fa2be020e191448b681d5a718be1d39177fd3bfdb23aa861111bb4ba7f
SHA51274e4ea69c2df1f580d242b3b57058e851ba1536bab702dfec385614a28f5d7583d248ae7c948bee83b540b0f6047750914f3a0453e1378fa66dfbce8cb6541df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564b3e3b3109b1370ce9db5b4167d855f
SHA16465a68b80bf2dfcab40d94c61b4f3dcebd67229
SHA256d2d402ca20c2302b3a79bd4394b79dedcabc0cd609a9d7acebbc2ccfecff77ea
SHA512cbdd4e11d39644f504a4bf31c952bd97132631c86fe66522a90c879ce38553bfb6fc6736f80b7eedad04af692bcb932287de3f0cbd90aeef1fcde018f1eb4cd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516f8993a8c77c2498b47c77572a39271
SHA1ae6ebb5c6beaf8b574ccbfd989c4de61ec194218
SHA256c87ed4c74f0237e801232bdbb498f3d4ea7305104dfaec7a0e918fbbcf431f19
SHA512d5944ad3b459bbd6859bfbd42700e9ccc283d0eca630d082f5233ca95ebe974b024110e933dd234de1f520d70acfbd11feddbb5a1eb1bc7970d78fa8666f9fef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9739718439b22cfde9983c9be496422
SHA119cd3bb968b7ecb72b6b22b49b8855c0e5b05f54
SHA256deb36cf966223fcef4bcaf98523e2473ba8463f7481a0bbca58e1f8e48f245cc
SHA51249de9c7f63c24706c907df41ae7d079a73605d3dce939e43175007bc0595058f25011bc9abbf608233e3c28f4eea8e5c1ec6b7641f967e782466f65ad6539922
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9a382ca48668a755421e79ffb72ec5f
SHA178f95963f4d17a4498b0f83223dd8c252b011088
SHA25647659b710e83f6415284b01ae3ed0055267c27c7690a6aeb54ed0d555f0f490e
SHA512e1022db0643486f0ff8aa10f78f12e8ff9027ef493efcd20e258d400163737530ab239d74da6fcfa0cdf9487a11cde78ec90fb5509155fe84c7df1cfad5c09f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5608d57df316349be5c484b15342888b2
SHA1c344af3fab7042454591de410dafcc631027b9d1
SHA25611e0b400568e435589bb84a34f92e2dca8efece252d7df73e07b8e28c79ba803
SHA512945a822257b61b7e4850300c6546e9149b8365ee90dea72f3b7672a976b790e855186f88560d3b97f8973fb6faeb36cc686c6ccc59f5bd29e25f81f0a7b93ef9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598fd706619f295d0982b03baa9f2002a
SHA15e6dfef498526e8f592f7b415b8fd914b480b7bb
SHA256cb609acdb781354715428aea873803a7ac0735c3dc7807493f833a628657344c
SHA512cc07e71affc9cf007fc8d188f325094c18f47aab0971d4f040b24a1f55b08827f4c9c4baff7ef85934e3b21e9bb41fc9e88720f080a85db3c6bfc0776b6bd90c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529d4bd9d510ca2cb4ff90ad944c88055
SHA14f01b50d229430bef03ea2329753f6965045e305
SHA256aef7ef01e5d459b2cbae92b8579e4027b5cc14b2ff67cfb445399db8d9ea3146
SHA512f68318b0ee9c0667314516b54e72cdb9ba6dfb3a122a0eded8f48c94e53c21011641d30d818ce05b254637edb60ba6f7bf30b6751a670b56b6b585fb1874b5f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae90becdcf5620fde823a2dd1132192b
SHA1d1f351f3f0c2d8ad66c8c4fd06b6c5612ecaecfc
SHA256f58f863becd89d586cce253099482bc34c0cf1a115f06c62e7ba819b39a74fca
SHA512507cfee14fa74195cef3c522ead64d19c6e8564097ad941821f30346fb9264f6db535f1d85a0a7cae5ae7bc4eedef3784852e910c1b46cdd7aa5068aef72dbc1
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C24AA2B1-C854-11EF-8AE4-465533733A50}.dat
Filesize5KB
MD598f3078ddae435f1f7e9e84fd112b32e
SHA19fd5f47f932d23271751e6efb92651a28a6465aa
SHA256144a3474ff675becf00f33aa82a53d70a60cea02046a4c1893b18bd1714d7410
SHA512370028af7db866dcbef0523bdfd22d5fee4147404010c05b468d80b97905898a3bfbe086df4cace9ba200a59198a0f2318c95fc7e93ce33e437e8bd76d5c5ea9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
106KB
MD5db92102c142a97620d0f02b3321d235b
SHA184adf0da0cfa131b61a23cf26719b5d0c75702a9
SHA25612dc8f962b54cbf925146db55709c9ad8465e392aede3a5095f74e7ca6ade2a5
SHA51204bbb8ca5e5e63e85da4c4a9de8f46352cb9437005c0cae014da1d61c58916584a284fb7fba21b06f963de440362e150b6f2ef5d69143fd6a187c0712bf28d65