Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 10:39
Static task
static1
Behavioral task
behavioral1
Sample
d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe
Resource
win7-20220901-en
General
-
Target
d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe
-
Size
1.8MB
-
MD5
292031cd65baadc1a13266a7df89b1ec
-
SHA1
fce9dfc52342f35defeb06bbe98162853f960b0f
-
SHA256
d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468
-
SHA512
8d6fc748c15a5f570165f9474c86eed65cedf88cf67be2c7e46a4b346373479e4ee910ae3605f5dc925bd97449c56298ee1b7add441855aa7cc47426085ca62a
-
SSDEEP
49152:za4KYhgQk5BCiUwUsPcZO7KPgnoOkAu+d:zpGLDtUwU9F2kAu+d
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x0007000000015c07-72.dat acprotect -
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\System32\drivers\asfilterdrv.sys d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe -
Executes dropped EXE 3 IoCs
pid Process 1872 nfregdrv.exe 1176 ActSys.exe 1604 ActSys.exe -
resource yara_rule behavioral1/files/0x0007000000015c07-72.dat upx -
Deletes itself 1 IoCs
pid Process 1656 explorer.exe -
Loads dropped DLL 13 IoCs
pid Process 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1872 nfregdrv.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 1176 ActSys.exe 1176 ActSys.exe 1604 ActSys.exe 1604 ActSys.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat ActSys.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1376 set thread context of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 -
Drops file in Program Files directory 9 IoCs
description ioc Process File created C:\Program Files (x86)\ActSys\libeay32.dll d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\asfilterdrv.sys d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\nfregdrv.exe d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File opened for modification C:\Program Files (x86)\ActSys\asfilterdrv.sys d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\remove_ActSys.exe d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\ActSys.exe d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\nfapi.dll d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\ssleay32.dll d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe File created C:\Program Files (x86)\ActSys\ProtocolFilters.dll d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies data under HKEY_USERS 24 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A}\42-3c-f2-12-d9-4c ActSys.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ActSys.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A}\WpadDecisionReason = "1" ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\42-3c-f2-12-d9-4c ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\42-3c-f2-12-d9-4c\WpadDecisionReason = "1" ActSys.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ActSys.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix ActSys.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ActSys.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A}\WpadDecisionTime = 90f2b1a0f202d901 ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A}\WpadDecision = "0" ActSys.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\42-3c-f2-12-d9-4c\WpadDecisionTime = 90f2b1a0f202d901 ActSys.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" ActSys.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A} ActSys.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{427E4C09-48E7-457C-B98B-AAD8DF71B24A}\WpadNetworkName = "Network 2" ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\42-3c-f2-12-d9-4c\WpadDecision = "0" ActSys.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ActSys.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" ActSys.exe -
Runs net.exe
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe -
Suspicious use of WriteProcessMemory 29 IoCs
description pid Process procid_target PID 1376 wrote to memory of 1872 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 26 PID 1376 wrote to memory of 1872 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 26 PID 1376 wrote to memory of 1872 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 26 PID 1376 wrote to memory of 1872 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 26 PID 1376 wrote to memory of 812 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 27 PID 1376 wrote to memory of 812 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 27 PID 1376 wrote to memory of 812 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 27 PID 1376 wrote to memory of 812 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 27 PID 1376 wrote to memory of 1176 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 29 PID 1376 wrote to memory of 1176 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 29 PID 1376 wrote to memory of 1176 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 29 PID 1376 wrote to memory of 1176 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 29 PID 1376 wrote to memory of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 PID 1376 wrote to memory of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 PID 1376 wrote to memory of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 PID 1376 wrote to memory of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 PID 1376 wrote to memory of 1656 1376 d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe 30 PID 1176 wrote to memory of 1340 1176 ActSys.exe 31 PID 1176 wrote to memory of 1340 1176 ActSys.exe 31 PID 1176 wrote to memory of 1340 1176 ActSys.exe 31 PID 1176 wrote to memory of 1340 1176 ActSys.exe 31 PID 1340 wrote to memory of 1324 1340 cmd.exe 33 PID 1340 wrote to memory of 1324 1340 cmd.exe 33 PID 1340 wrote to memory of 1324 1340 cmd.exe 33 PID 1340 wrote to memory of 1324 1340 cmd.exe 33 PID 1324 wrote to memory of 1680 1324 net.exe 34 PID 1324 wrote to memory of 1680 1324 net.exe 34 PID 1324 wrote to memory of 1680 1324 net.exe 34 PID 1324 wrote to memory of 1680 1324 net.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe"C:\Users\Admin\AppData\Local\Temp\d290b6901cc6d8785826f432645cf2d175033558157abf4a1ceb2f3f0952a468.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Program Files (x86)\ActSys\nfregdrv.exenfregdrv.exe C:\Windows\system32\drivers\asfilterdrv.sys2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1872
-
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ActSys\SSL\import.bat2⤵PID:812
-
-
C:\Program Files (x86)\ActSys\ActSys.exe"C:\Program Files (x86)\ActSys\ActSys.exe" /install /SILENT2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Windows\SysWOW64\cmd.execmd.exe /c net start ActSys3⤵
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Windows\SysWOW64\net.exenet start ActSys4⤵
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start ActSys5⤵PID:1680
-
-
-
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\system32\explorer.exe2⤵
- Deletes itself
PID:1656
-
-
C:\Program Files (x86)\ActSys\ActSys.exe"C:\Program Files (x86)\ActSys\ActSys.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1604
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
438KB
MD50b7eaad130071112fcd82d028987144e
SHA1ba92033ce61e79e1ec63370b6ef20b387cce90bd
SHA256b85bc329495af2aa886cd87a4ed8e0ce89b2400b870d8c2e802d42b4be908f44
SHA51269274e4d4a9305b2843da13366771d17e7d8b0f98d7ab2cbd43605dbcbf8c1827d2eaf70f2ab363becd601d5e79004898b01bad4dbee16c2c6bb23adc3bcd41c
-
Filesize
438KB
MD50b7eaad130071112fcd82d028987144e
SHA1ba92033ce61e79e1ec63370b6ef20b387cce90bd
SHA256b85bc329495af2aa886cd87a4ed8e0ce89b2400b870d8c2e802d42b4be908f44
SHA51269274e4d4a9305b2843da13366771d17e7d8b0f98d7ab2cbd43605dbcbf8c1827d2eaf70f2ab363becd601d5e79004898b01bad4dbee16c2c6bb23adc3bcd41c
-
Filesize
1.2MB
MD550c806e582580511a38980168445a60f
SHA133429a7fc93c4245023c2b4c2b1c0b1a89cdc538
SHA256e4e4763c4d039e7ecaf26f1e1be824127586603c452c61175d69b5dbf75ebc44
SHA512481b0d16702685b0a5f13d2154a5c4a0d7418bcf783ca3b6a674688aed2124981730abc729b6a37a4744552045ed49f1b3a0f8f66c9e9221f5d3cf82e98d5db9
-
Filesize
116KB
MD5d8305b5c2810e2e135f87bb32d62810e
SHA1e78991c4d920b61f068c27071253ab5e825572bc
SHA256a035dde03f95ad199a74e141089ea94d24abb42f56a9cc14c86c76c6ce6932ec
SHA512c01145ec54a3e2010d777625b65660f4d88a6488de171a97fdfe29b7da15c45aaa88b49a54046d42d199d5685560670ef2ccc6df3c915fda77a02796069123ab
-
Filesize
48KB
MD501b5780505301ada6dc102fb77b2298c
SHA1328c3931a54af2d7adb88ba4c4c18ce1af8d5a72
SHA256aad2d85472448abe8250cf3180c3d0373540f46e8a8e76d8ef2f78db62be0812
SHA512bc5bd91c46f452a76ae0595287622256e8c79e90158171bedf6b68d4439dfefceb06948bd49deb0aeb1344ce89a312bb87b01e2daf3880729fff642951c33947
-
Filesize
66B
MD50b1777825d2b22502042da74398ea2ae
SHA1e1f96e5ff8dfade89e5517711e9e9aa4b90a305f
SHA256e1a81e904b5ebeabf2a4f791d29299b2d681f56c164f71c8d29de44c4c4ab492
SHA512e8473d28bc61d33d8afe43c8f2cb547d6a4e8d55d2f37858e3c118432fb7da97511709acf9466a1a2f828050bbed259021982603c9b2fcfb91fae60d89853f3d
-
Filesize
438KB
MD50b7eaad130071112fcd82d028987144e
SHA1ba92033ce61e79e1ec63370b6ef20b387cce90bd
SHA256b85bc329495af2aa886cd87a4ed8e0ce89b2400b870d8c2e802d42b4be908f44
SHA51269274e4d4a9305b2843da13366771d17e7d8b0f98d7ab2cbd43605dbcbf8c1827d2eaf70f2ab363becd601d5e79004898b01bad4dbee16c2c6bb23adc3bcd41c
-
Filesize
438KB
MD50b7eaad130071112fcd82d028987144e
SHA1ba92033ce61e79e1ec63370b6ef20b387cce90bd
SHA256b85bc329495af2aa886cd87a4ed8e0ce89b2400b870d8c2e802d42b4be908f44
SHA51269274e4d4a9305b2843da13366771d17e7d8b0f98d7ab2cbd43605dbcbf8c1827d2eaf70f2ab363becd601d5e79004898b01bad4dbee16c2c6bb23adc3bcd41c
-
Filesize
1.2MB
MD550c806e582580511a38980168445a60f
SHA133429a7fc93c4245023c2b4c2b1c0b1a89cdc538
SHA256e4e4763c4d039e7ecaf26f1e1be824127586603c452c61175d69b5dbf75ebc44
SHA512481b0d16702685b0a5f13d2154a5c4a0d7418bcf783ca3b6a674688aed2124981730abc729b6a37a4744552045ed49f1b3a0f8f66c9e9221f5d3cf82e98d5db9
-
Filesize
1.2MB
MD550c806e582580511a38980168445a60f
SHA133429a7fc93c4245023c2b4c2b1c0b1a89cdc538
SHA256e4e4763c4d039e7ecaf26f1e1be824127586603c452c61175d69b5dbf75ebc44
SHA512481b0d16702685b0a5f13d2154a5c4a0d7418bcf783ca3b6a674688aed2124981730abc729b6a37a4744552045ed49f1b3a0f8f66c9e9221f5d3cf82e98d5db9
-
Filesize
116KB
MD5d8305b5c2810e2e135f87bb32d62810e
SHA1e78991c4d920b61f068c27071253ab5e825572bc
SHA256a035dde03f95ad199a74e141089ea94d24abb42f56a9cc14c86c76c6ce6932ec
SHA512c01145ec54a3e2010d777625b65660f4d88a6488de171a97fdfe29b7da15c45aaa88b49a54046d42d199d5685560670ef2ccc6df3c915fda77a02796069123ab
-
Filesize
116KB
MD5d8305b5c2810e2e135f87bb32d62810e
SHA1e78991c4d920b61f068c27071253ab5e825572bc
SHA256a035dde03f95ad199a74e141089ea94d24abb42f56a9cc14c86c76c6ce6932ec
SHA512c01145ec54a3e2010d777625b65660f4d88a6488de171a97fdfe29b7da15c45aaa88b49a54046d42d199d5685560670ef2ccc6df3c915fda77a02796069123ab
-
Filesize
116KB
MD5d8305b5c2810e2e135f87bb32d62810e
SHA1e78991c4d920b61f068c27071253ab5e825572bc
SHA256a035dde03f95ad199a74e141089ea94d24abb42f56a9cc14c86c76c6ce6932ec
SHA512c01145ec54a3e2010d777625b65660f4d88a6488de171a97fdfe29b7da15c45aaa88b49a54046d42d199d5685560670ef2ccc6df3c915fda77a02796069123ab
-
Filesize
48KB
MD501b5780505301ada6dc102fb77b2298c
SHA1328c3931a54af2d7adb88ba4c4c18ce1af8d5a72
SHA256aad2d85472448abe8250cf3180c3d0373540f46e8a8e76d8ef2f78db62be0812
SHA512bc5bd91c46f452a76ae0595287622256e8c79e90158171bedf6b68d4439dfefceb06948bd49deb0aeb1344ce89a312bb87b01e2daf3880729fff642951c33947
-
Filesize
48KB
MD501b5780505301ada6dc102fb77b2298c
SHA1328c3931a54af2d7adb88ba4c4c18ce1af8d5a72
SHA256aad2d85472448abe8250cf3180c3d0373540f46e8a8e76d8ef2f78db62be0812
SHA512bc5bd91c46f452a76ae0595287622256e8c79e90158171bedf6b68d4439dfefceb06948bd49deb0aeb1344ce89a312bb87b01e2daf3880729fff642951c33947
-
Filesize
5KB
MD5e5786e8703d651bc8bd4bfecf46d3844
SHA1fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
SHA256d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
SHA512d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
-
Filesize
61KB
MD5d63975ce28f801f236c4aca5af726961
SHA13d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9
SHA256e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43
SHA5128357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
6KB
MD5acc2b699edfea5bf5aae45aba3a41e96
SHA1d2accf4d494e43ceb2cff69abe4dd17147d29cc2
SHA256168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
SHA512e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe