Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01/01/2025, 17:34
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_5e3d39b6dd0875fc1148900bd60a95c0.dll
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_5e3d39b6dd0875fc1148900bd60a95c0.dll
-
Size
112KB
-
MD5
5e3d39b6dd0875fc1148900bd60a95c0
-
SHA1
8694b46127d9c5e85b2ea52918ee9d0b6dc5cc7d
-
SHA256
01e18dc96bdf1fb90ff51a4fa47a8c516232317245773debab5c2571f84385ee
-
SHA512
219deccb9835da2879380ac436a412266bbf2dd175983a34ddc0c44be440480aeae04de00b0efa73f782c5fdc94626cb0f01f5a3f8b3204abad511fb1b1606d1
-
SSDEEP
1536:b9XThB4+agyy5r7X7XvAbT7GCsDxiaHS7DCgTpMsxS+vhOxVCVy4wYAai0w:hX4+agyyd7zCqCGxneDCatIT4o0w
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 1 IoCs
pid Process 1892 rundll32mgr.exe -
Loads dropped DLL 2 IoCs
pid Process 1184 rundll32.exe 1184 rundll32.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
resource yara_rule behavioral1/memory/1892-23-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-21-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-20-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-19-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-17-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-16-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-15-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral1/memory/1892-14-0x0000000000400000-0x000000000041A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32mgr.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98A0E7A1-C866-11EF-9DC4-5A85C185DB3E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441914713" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1892 rundll32mgr.exe 1892 rundll32mgr.exe 1892 rundll32mgr.exe 1892 rundll32mgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1892 rundll32mgr.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1480 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1480 iexplore.exe 1480 iexplore.exe 1428 IEXPLORE.EXE 1428 IEXPLORE.EXE 1428 IEXPLORE.EXE 1428 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1892 rundll32mgr.exe -
Suspicious use of WriteProcessMemory 19 IoCs
description pid Process procid_target PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1964 wrote to memory of 1184 1964 rundll32.exe 30 PID 1184 wrote to memory of 1892 1184 rundll32.exe 31 PID 1184 wrote to memory of 1892 1184 rundll32.exe 31 PID 1184 wrote to memory of 1892 1184 rundll32.exe 31 PID 1184 wrote to memory of 1892 1184 rundll32.exe 31 PID 1892 wrote to memory of 1480 1892 rundll32mgr.exe 32 PID 1892 wrote to memory of 1480 1892 rundll32mgr.exe 32 PID 1892 wrote to memory of 1480 1892 rundll32mgr.exe 32 PID 1892 wrote to memory of 1480 1892 rundll32mgr.exe 32 PID 1480 wrote to memory of 1428 1480 iexplore.exe 33 PID 1480 wrote to memory of 1428 1480 iexplore.exe 33 PID 1480 wrote to memory of 1428 1480 iexplore.exe 33 PID 1480 wrote to memory of 1428 1480 iexplore.exe 33
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e3d39b6dd0875fc1148900bd60a95c0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e3d39b6dd0875fc1148900bd60a95c0.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1480 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1428
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593794c3cc971c531e3a39d7723f83b3e
SHA1420d2c4f4c6d1b2ef99a277db6e20e8ee0524af6
SHA2568630fa8750b2fc10569b08536f24f8c2a0b0a49506107c6807b31381d8f91146
SHA5124a0d4775a0249a26864eb8189494d176aef297b2bd3e1f6fbf4846cca0de66408082c9aac1609bced1205fb433389cbb6b2eddeee25ff2ccc32f5e2e6c61df73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5900e3998d2810ff2d94c2c7601f87b67
SHA19dd93eaff2fa68d46f1e1702e967832018d125d8
SHA25642950cf45c7b470f5d7b0a787a9587932acbde3c414326b44f2d87635b1bc128
SHA5128ff0cabb578fdfe5c0922a66145730ace4912f8d3fb0d557944a51087f42721ab2655dd8f16a96cdb5045ac73d77dc37bddd5b5d3f2b29d92995a095f1e67789
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513c37a0186cdbc0821015e3ee93f79df
SHA1f840e8918ae8456de27abc073f521944b867da43
SHA2569784100a69e888eb56ba33df0f6cc0123f982fe45469b71e1eb1d2c5524f3c34
SHA5127667dd53137aa275e0df767096b8025380b3eb485b1c6b09d5006807ab899ff1a277a848d434a91284c9ab3a6a2cdfb6a09577e54bfc479ba1b6b567b72bba81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58422d47d24e8bf25858de0069e0b345c
SHA1d555f80ed70a3033cc122ca979cbfcef4bc55295
SHA256a62d6dfa899d90c22420f1ad45e9f8b3bb68eb744d49bd28faf5501ff2146006
SHA5127154f3b328cea0628631ba291c154f49d84c02398f5290aff5e96f1eac7101d24cfd40dd201588fecd19fa18a4252562b77dac5c37c180fc929505249d061625
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd24d73e5031e41a39dc6a8fcc936b2e
SHA1cf97965110a8451fd1e3f8db81e6264bb4d9a12d
SHA25697bb40d139eee62deebbd963de77d5b05cdb9cb122378ee66375b0a336f87314
SHA512faa1cdd60db67b6c1be716de509cf5bb4a58c4ee5cb5b03ae4b6807f5ad49e5a413c8ebda80f8e57772be43c5af24b4878ca1db810f2d77e7b344b5fee59739d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511ec9abbfa4133dc328c636cf8f86240
SHA1bbfd88c4dbff4b1dd79b5e20dcebd28d6274db33
SHA256a38027e88e4375707b55c153162d039f928d0ac9c10ab5ea2cbeb819c8efda93
SHA512ca67038b7ed176cd48060d38893c24f58b4417f48f53bbd20e1bfd44bd113f9057b503ef099f0203713494679a9380574cea617a84612e89f9df6e08be64808b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5936a78c6f214e2e2af766b7dc601612c
SHA1b72b637e2fce6e700b559259c78a7e015380868f
SHA256e74b8c47d77e045b0b9b86322c4203ecefbd016c1b976ee675bbbef60e045b42
SHA5123e4337fe060e4a69e32e410fbddebb99484cbe77a1e0e586e430b01c807cac5b2b21c32a246a4d19345858992cdcdc9a493a804925362da77e832e736d1a8e07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5821c39107fab7310db34880774f163b0
SHA1200a4cd680fa8a5c614b6b41962bf76705788b63
SHA256bd3d11ed5525cc72de319d00eb3be7f62b60f7a983a0be28addaf4077d4f5b73
SHA5121d48d207af2d00172d7d96801a150d4add1bce584e17ac4f293914d3a0f7521fb6a6d59a225d66a0be48c43d6c27beb4c2d98f8435b8052ff5d9021e21224a44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD552a55967b47780acbb3f13542a27c2e0
SHA1eaafbcf40af9354123621d5791d729c1f51db600
SHA256cee65eb59ce86fb1ebb30475d9fdc947757e8ef8606a441ff33f1cfb49ac44a8
SHA512d510f77cefc93c3469ecd3399d7d478f2673a0355731513f044ab3a564c694752f0dd69dea00f0941b49544c84270c7b775021ae46a7eb9fddd92d6f421bd12f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b68523cc0f8150ef283e429161965a0e
SHA10e3f9f69ad0e69b4289b3e4788054fda9b60919a
SHA2561def1e884f50dc08ca39e8dc5f93a5c9cd5929c6f36ce0429032cfea30be97b7
SHA5123ed8bec2b0823b69ce96f7138ed29c833271411a0652128ff2c4373fe908c6edb0dd3977ca778078b65406f3fafacc347939b0fb96d887b5bd9b3822b51f5f06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5418995d506c43675ae5809b8eb861606
SHA1b02d0e48b2ec5e77d56f30826bf7cf81139a884f
SHA256cd1a6d9d0cd5746fec9c1e12b5f470d4dfa7f45d8fc4c37fb7bcad535f9cdb4c
SHA512d2a3acfc6fceb16f82dcdfcb6b82c49496bd58ff0e4c88edae67c9000e67b0b8561735a239c500cd742b7b4fefa75d992a6a73d97dc82cd9bdfee5fad3e55ac5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f0dfd626801c2d1c5a87826a5bf43cc
SHA165973b987998bb09b6628e9de86e9250f3f8200e
SHA256cb91f7b221db6cd5a19f08f74fdc0d6cee65aa5e610586c65922de4a31f298cf
SHA512b18fedc5dc9e4bbc2022bbce5a16e422c41a279cc053559e6615291152f77330836e1a5c5c8b73b07e38dcb84db8b83f03d05278d7deac101b8aabdccdb3d7b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de76a97f84ca2448074ff1242245d92f
SHA14ab30e89f5e7212134f9dec19f8c7ad5dc90c853
SHA256d4be87494811b4fe0e4579ab8995512c1a3597ad989d71699ec6380050728a6c
SHA512ed3496c7faf1e36aeb52fd5ac5d46604cd9b045c7b385a4b06073dee787edbff6c48f5c22d3c84c2d7237b6c590d5cb440be9b882a9b99b3a105c9bd36beba8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564f26e5f17f32a0283f4de4e578e3a9c
SHA18b1bc1bb8d4f5e51888a34b8fcba49dd11f3b8a5
SHA256efe3005b3e6e44fd07bca4cd42ae17c7d2f582c29dccb573f881396a5a0487c9
SHA51252afaa88116e4b974a340d414a711ab3d5bf7159272eac409c1fc52feec8411c45bd06e4f297e7132ffaf997f4f63a52ef37f0bdc13e4587c6c6a4dd264be288
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cbd1a7fd4173ab31ff1779e2b9c05b5
SHA13236afe935b8b36dd08996c8bfe9e2bd343c9cca
SHA2561c5c2a9d0be21ee22b16712d8562349d04b3997858b84f4961d9efd879c488c1
SHA512e8732381e253ba2cfee8864e4fdddc0fc879a5ee7168a7e5da5948fa6c3d920d404e0efde46450c463e75a26350510fd5c871e949f3e926b24854ead89e226e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fd77a8aef41f9597c0574d524d74661
SHA19de0f99cfa610407de146363f39cad57cb6ff465
SHA256ff293e237f672e37764ef6cef0d8bf85720304759c406a9362b1c1e2dbb38f90
SHA512d010d5f886fbb700b7ecec75ad61d3da0d1074afccaaafec99f45018d76ae483d8e1d70493f7802eac1773e2f7173ebf182676b66b06836a9a1099e52564150f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531883516a23a0a9c0c9849ee43820d3b
SHA15e77b3c74a65bb2e3278d45295a3af0d52631712
SHA25699d66ecfd977a743dcbd82328656068859d2c735483c99f2d13bf43c698f9bab
SHA5121991b5df70799ad03bd0bbc146562d53b9c24d9641d3dd24ccd58151925b1fc3e57a0e70817b42fe776dd31c2d68936582f298575e2273a454536581ed6923a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c8ee2cc709b14f19b7a97799beef781
SHA1575540aff238b1467b4ecce66ce1f3f460a112dc
SHA2564b5748b9236aa3b21d2bbcab2b78c784dee5715986ffa63f816da7ba8f133442
SHA51297f33a349d006c85c406f16b3821f3a13eb3b10366bb82b7e108da3671a791040250d1e0f5db52fef7c523ff983c43395da41eea26f82ae788ab8d69d0ab4d1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5752d5f7f082c51a19f328fe7958b48f1
SHA1868bb9f80e044c0a801087081aa1f6684e5b6eb2
SHA2569c622e7d2ad4d414b81644e938ffc2c27513570c768eccf549345b787a5fa29d
SHA51288bf30fcdf1b3738802052912a4190484587a28db113a993d25ddc96cab69c13a7d0b5d6d99e0772b1ea29e8cd4fcf6dd49c30efaaef5f90a4a9c136487352f8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
88KB
MD5a61ea5f2325332c52bff5bce3d161336
SHA13a883b8241f5f2efaa76367240db800d78a0209c
SHA256e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b
SHA512fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5