Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/02/2024, 04:42
Static task
static1
Behavioral task
behavioral1
Sample
94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi
Resource
win10v2004-20231215-en
General
-
Target
94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi
-
Size
1.5MB
-
MD5
9c8696dbb48add540a75737327c537d2
-
SHA1
78b4eb7d363e017eb06e03408d7952bbb843f9a9
-
SHA256
94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a
-
SHA512
6ee26ecedd0386eca113e61086f6623b36ca093d24e41d90cf45412072d94d91dddb39c86ce726c3514da3d0221d3cf03455b00cc5d0987ca63d45c12225cf4a
-
SSDEEP
49152:yErvYpW8zBQSc0ZnSKeZKumZr7Amyq3TGtezO:RYQ0ZncK/AEs
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI3968.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI3A72.tmp msiexec.exe File opened for modification C:\Windows\Installer\f7638fc.ipi msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev1 DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\Installer\f7638fb.msi msiexec.exe File opened for modification C:\Windows\Installer\f7638fb.msi msiexec.exe File created C:\Windows\Installer\f7638fc.ipi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSI3AA3.tmp msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev3 DrvInst.exe -
Executes dropped EXE 1 IoCs
pid Process 1436 MSI3AA3.tmp -
Loads dropped DLL 10 IoCs
pid Process 2084 MsiExec.exe 2084 MsiExec.exe 2084 MsiExec.exe 2084 MsiExec.exe 2084 MsiExec.exe 1292 MsiExec.exe 2024 rundll32.exe 2024 rundll32.exe 2024 rundll32.exe 2024 rundll32.exe -
Modifies data under HKEY_USERS 43 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2528 msiexec.exe 2528 msiexec.exe 2024 rundll32.exe 2024 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3028 msiexec.exe Token: SeIncreaseQuotaPrivilege 3028 msiexec.exe Token: SeRestorePrivilege 2528 msiexec.exe Token: SeTakeOwnershipPrivilege 2528 msiexec.exe Token: SeSecurityPrivilege 2528 msiexec.exe Token: SeCreateTokenPrivilege 3028 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3028 msiexec.exe Token: SeLockMemoryPrivilege 3028 msiexec.exe Token: SeIncreaseQuotaPrivilege 3028 msiexec.exe Token: SeMachineAccountPrivilege 3028 msiexec.exe Token: SeTcbPrivilege 3028 msiexec.exe Token: SeSecurityPrivilege 3028 msiexec.exe Token: SeTakeOwnershipPrivilege 3028 msiexec.exe Token: SeLoadDriverPrivilege 3028 msiexec.exe Token: SeSystemProfilePrivilege 3028 msiexec.exe Token: SeSystemtimePrivilege 3028 msiexec.exe Token: SeProfSingleProcessPrivilege 3028 msiexec.exe Token: SeIncBasePriorityPrivilege 3028 msiexec.exe Token: SeCreatePagefilePrivilege 3028 msiexec.exe Token: SeCreatePermanentPrivilege 3028 msiexec.exe Token: SeBackupPrivilege 3028 msiexec.exe Token: SeRestorePrivilege 3028 msiexec.exe Token: SeShutdownPrivilege 3028 msiexec.exe Token: SeDebugPrivilege 3028 msiexec.exe Token: SeAuditPrivilege 3028 msiexec.exe Token: SeSystemEnvironmentPrivilege 3028 msiexec.exe Token: SeChangeNotifyPrivilege 3028 msiexec.exe Token: SeRemoteShutdownPrivilege 3028 msiexec.exe Token: SeUndockPrivilege 3028 msiexec.exe Token: SeSyncAgentPrivilege 3028 msiexec.exe Token: SeEnableDelegationPrivilege 3028 msiexec.exe Token: SeManageVolumePrivilege 3028 msiexec.exe Token: SeImpersonatePrivilege 3028 msiexec.exe Token: SeCreateGlobalPrivilege 3028 msiexec.exe Token: SeCreateTokenPrivilege 3028 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3028 msiexec.exe Token: SeLockMemoryPrivilege 3028 msiexec.exe Token: SeIncreaseQuotaPrivilege 3028 msiexec.exe Token: SeMachineAccountPrivilege 3028 msiexec.exe Token: SeTcbPrivilege 3028 msiexec.exe Token: SeSecurityPrivilege 3028 msiexec.exe Token: SeTakeOwnershipPrivilege 3028 msiexec.exe Token: SeLoadDriverPrivilege 3028 msiexec.exe Token: SeSystemProfilePrivilege 3028 msiexec.exe Token: SeSystemtimePrivilege 3028 msiexec.exe Token: SeProfSingleProcessPrivilege 3028 msiexec.exe Token: SeIncBasePriorityPrivilege 3028 msiexec.exe Token: SeCreatePagefilePrivilege 3028 msiexec.exe Token: SeCreatePermanentPrivilege 3028 msiexec.exe Token: SeBackupPrivilege 3028 msiexec.exe Token: SeRestorePrivilege 3028 msiexec.exe Token: SeShutdownPrivilege 3028 msiexec.exe Token: SeDebugPrivilege 3028 msiexec.exe Token: SeAuditPrivilege 3028 msiexec.exe Token: SeSystemEnvironmentPrivilege 3028 msiexec.exe Token: SeChangeNotifyPrivilege 3028 msiexec.exe Token: SeRemoteShutdownPrivilege 3028 msiexec.exe Token: SeUndockPrivilege 3028 msiexec.exe Token: SeSyncAgentPrivilege 3028 msiexec.exe Token: SeEnableDelegationPrivilege 3028 msiexec.exe Token: SeManageVolumePrivilege 3028 msiexec.exe Token: SeImpersonatePrivilege 3028 msiexec.exe Token: SeCreateGlobalPrivilege 3028 msiexec.exe Token: SeCreateTokenPrivilege 3028 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3028 msiexec.exe 3028 msiexec.exe -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 2084 2528 msiexec.exe 24 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1292 2528 msiexec.exe 33 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 PID 2528 wrote to memory of 1436 2528 msiexec.exe 34 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\94b8ab735d503884585fdb5a735b3ea3485b6b19c1899939a5b2c0a80616400a.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3028
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 5C9F27F35EB203FC29A58C86C1D00FA7 C2⤵
- Loads dropped DLL
PID:2084
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B16F527471AB4DD03CFC27D4BBDBB6F42⤵
- Loads dropped DLL
PID:1292
-
-
C:\Windows\Installer\MSI3AA3.tmp"C:\Windows\Installer\MSI3AA3.tmp" /DontWait C:/Windows/System32/rundll32.exe C:\Users\Admin\AppData\Local\Putty/setordinal.dll,bhuf2⤵
- Executes dropped EXE
PID:1436
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:2904
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005AC" "0000000000000598"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2328
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Local\Putty/setordinal.dll,bhuf1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54869523c0da9594d811e2a0fb4093afd
SHA1d5a0e98bd31dfa8cdef9f14d0e600d6f2bc39a24
SHA2568a4adc7cf17b4753f5bdced28c2b8163d1f8544d3d6ddf3ea7d1e6ed8fc12c33
SHA51278af52a506959143a4fedc55f77048b197880e587a3668a754f005c359cdb7957f722ce15fe82c2ba84aad8735ca7dc589aa65cf7f7df5c48dff953cc501c4f1
-
Filesize
244KB
MD50a5f66e19cd3735368fa914c5498f1ea
SHA1ceeff5eb9e659315c9c8836ae6c6c779b0bcdb21
SHA2560aeca3798920903e15ace806dfaa8ce8b82a50e18d52ea8fd6e7db0db9733269
SHA512866014b77003e71fe6436fd086921e341309d29887d8be7ee63b2c933d187941f5343b38e598eb68625ea0c00d24341afa3982bda77f57eef929d4707b25095f
-
Filesize
88KB
MD5c6a81ff3e97ec5ef413dbc32d242907b
SHA1f36f32d70b2bfee273432a05df7af31e02bdea47
SHA256dd076122981532d42f8c4c746979c0f19df40bc7dd745aa1f283bf815121c6d6
SHA512a46dd62c2449e42951f0ef51612d37ccb9c15ef92a0cef4e461cdcc1af288a4793aa15c6b970fa3ac7a8236d305c93ded71f992d0e6cf76e05dbbdbda68a7eaa
-
Filesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
Filesize
182KB
MD5803e4e60de0909c55c4b088f3094d837
SHA14c4c65483b2125c5fa52af897ac926e3889a6459
SHA2562997e36354c884fa6f09245a1d8758eeb8ca00d20197969ff7b90664d4ae9b80
SHA5124fd69bf880ae1f400ee88f758bde2d093d996e920b6c3080c84497afccd3c9a5e6421e729d44384b00f61a4343cf72acf3eade9ed85e2caed2d6266333c0404a
-
Filesize
273KB
MD5ad0b98b2709e0bfd99e69503ffeb020d
SHA108707cf7d84981801a4ee2eac3e1076768a3b3da
SHA256f2a146349698d30bfed801955b194c21e0c8d2d007253f8bcc2d6dc0de091bd0
SHA512df5bbd8613fa1d9749c42ef97b16f8dcc392b4198e5d6f83b03625f8cad4ff2c13e2eccb9e852f375bc84ad497e934cac84aa3f61f661e0bcb542e4d1d8105f3
-
Filesize
244KB
MD58441c0f057354de2d61fd3be7e83f1f7
SHA14fb0575e5135cdee84755adca876e1564380f832
SHA2560d3f3c66b8c0c17eb418cbbba723e2bedb144f482a54eec8e46eca6ab65d8d3b
SHA5121bca0e058b596fcf083e498ab08aa8acbe702354d56d815e332fc3f7275e72e0aa0b4e352d1e9f4a962bb45bfaf352c6c8a0f7e68e366d26024be70008855a26
-
Filesize
215KB
MD5d1a17e143babbfcbf69e4669ced7b7d3
SHA1a2b15e979d9ce313ff91b4711380cdbf1640e06f
SHA256c0e3cdcc04148361641d65271e5365ce445febdd078219db3d9ca8c027406814
SHA5129b4faaf13015e16a9be2c37862f013f34cbcfdad89189f2ca00c290d4dce86be404d5773d3b2a07519762c17ded59e859ebf18df2de531205f7d0110a0375277
-
Filesize
262KB
MD5970e0f8d99927b624a8987a3fc2d37b6
SHA140444ff10b205c3c9e20cdd15afafc64e24ac30f
SHA256683387de5501a7d93c259a0088aaeacfdb8bd0341aed35160f1347085d3eee0a
SHA51255f412d2f44b12065a2e16b99e85ff617faf58cad63eacc89ce2d6878b4c493bcb788d4fead96256b32d809866d92911150078bf9c31902667531393ac1953c0
-
Filesize
161KB
MD51e44fd78f8fdcaf04f45c9f1fbebf9e8
SHA119398a629a1e3b52f32a9ddfc13ccac6f336072d
SHA256d3a54554e5692c989a8679fdd3598069650b09c994f531382e4989f92ad70def
SHA51254d469355ac1517da22cb1062234837a211153c13a6d15c1fea7deb33c7066345e9c76642e229b0aaab6739c096688d657b692d6a5566465150da33415b2349c
-
Filesize
51KB
MD572b139afef0a8136f5cd6d0f202c060e
SHA17ad5ccbb65807e606b99b742ae7f54b079d25d3c
SHA2561d801f054e8468cb61b6123c2867b71cefc79545b7f2f0e3f7db0ef4e834b4cf
SHA5122e53d6befe5730bb5050a4e46cb771c0b6489acb0cb5c2e8fc0cc222a4c599824030d44f419e32317320195a50faa30b440bddbfb70fef9eb6bcc6e934facbb8