1b47098f9be36f976fe2cc3cb4380f2630bca36ced0e0eb1aa1b82f45f7f634f

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
Size

16.9MB
MD5

fa46be7de1266de82f9ce2453cb43142
SHA1

41402c4db36b729cb68b17305f6d20377e2c69a3
SHA256

1b47098f9be36f976fe2cc3cb4380f2630bca36ced0e0eb1aa1b82f45f7f634f
SHA512

53490d90fdb18f8f204ecb271e61c34f13111196659f272a73de738f8240a919b55c5688ad6a06bf9970d27dee47d3bb201d755cdf2945b6a9b6bd1c46124167
SSDEEP

393216:LO0QCEDmlh2psL2ciIrHWi5tN3ZWyWJTCpy1cQ:mCEDUQps4ILdtN35Jpy1B

Score

8^/10

evasion

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	reg.exe

Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000\Control Panel\International\Geo\Nation	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

Loads dropped DLL 25 IoCs

Processes:

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

pid	process
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

Processes:

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-776854024-226333264-2052258302-1000_Classes\Local Settings	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

1728 reg.exe
4368 reg.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 1256 fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

pid	process
1728	reg.exe
4368	reg.exe

description	pid	process
Token: SeDebugPrivilege	1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exefa46be7de1266de82f9ce2453cb43142_JaffaCakes118.execmd.exe

description	pid	process	target process
PID 1172 wrote to memory of 1256	1172	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
PID 1172 wrote to memory of 1256	1172	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
PID 1256 wrote to memory of 1104	1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe	cmd.exe
PID 1256 wrote to memory of 1104	1256	fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe	cmd.exe
PID 1104 wrote to memory of 1728	1104	cmd.exe	reg.exe
PID 1104 wrote to memory of 1728	1104	cmd.exe	reg.exe
PID 1104 wrote to memory of 4368	1104	cmd.exe	reg.exe
PID 1104 wrote to memory of 4368	1104	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1172

C:\Users\Admin\AppData\Local\Temp\fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa46be7de1266de82f9ce2453cb43142_JaffaCakes118.exe"
2⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1256

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\ProgramData\regedit.bat"
3⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
4⤵
- Modifies registry key
PID:1728

C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
4⤵
- Disables RegEdit via registry modification
- Modifies registry key
PID:4368

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\regedit.bat
Filesize
226B

MD5
25c6732e894e408350e8506cd958a1e8

SHA1
80760b5000f810c3f7668f8f6a4a6dfdae519afe

SHA256
15003fa7305091cb56a31aec7983aaaa9aa8c8933cf8087807957a326b310a5d

SHA512
5b664cb14a644e0b5e63ae5e36afb0ca3d859a571dd73968550fa7f761e25ced7bfbc0ce0b5ab2104b6f0555b06d1e4a118cc5cb127ca8f1af0d7d38773c84df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\MSVCP140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\PIL\_imaging.cp39-win_amd64.pyd
Filesize
3.0MB

MD5
7bdda60c9136dfcef785132a0c77b193

SHA1
f6bcd152d638cf54767203edb238eef2993b98bd

SHA256
bec23da5408f0fff9fe31c0ba49f6cd305ab6e242c270305c904295e54e88266

SHA512
b2e3df1aefdf271e494c91a9fa19bf0dbf8696fe30e524827659198080467dc5dc5d4a2394f27cefd8bb9923ece8757ccedaae3b5f836d4175690f128032098d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\VCRUNTIME140.dll
Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_bz2.pyd
Filesize
84KB

MD5
a991152fd5b8f2a0eb6c34582adf7111

SHA1
3589342abea22438e28aa0a0a86e2e96e08421a1

SHA256
7301fc2447e7e6d599472d2c52116fbe318a9ff9259b8a85981c419bfd20e3ef

SHA512
f039ac9473201d27882c0c11e5628a10bdbe5b4c9b78ead246fd53f09d25e74c984e9891fccbc27c63edc8846d5e70f765ca7b77847a45416675d2e7c04964fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_ctypes.pyd
Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_decimal.pyd
Filesize
264KB

MD5
3cce2ca89817962aea5b6a98891eea1c

SHA1
831ce9370688b3131f9e75a4784d5443dc1b5b09

SHA256
0809de4a8dee3b6cf6ddc40a10c52d53867ee47bf5a6769d16027f2ab766b5cf

SHA512
3b683f9a10002fccd6c09925bc3ae369da3e90c8cded9533ccfb62831aeaf13227c5ddab57f3f1edacb66eed16a7dc20f633089f7e2a85e3e41f154cb199a527

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_hashlib.pyd
Filesize
64KB

MD5
88e2bf0a590791891fb5125ffcf5a318

SHA1
39f96abbabf3fdd46844ba5190d2043fb8388696

SHA256
e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

SHA512
7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_lzma.pyd
Filesize
159KB

MD5
cdd13b537dad6a910cb9cbb932770dc9

SHA1
b37706590d5b6f18c042119d616df6ff8ce3ad46

SHA256
638cd8c336f90629a6260e67827833143939497d542838846f4fc94b2475bb3e

SHA512
c375fb6914cda3ae7829d016d3084f3b5b9f78f200a62f076ec1646576f87694eec7fa6f1c99cbe30824f2fe6e2d61ecdeb50061383b12143cd2678004703199

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_queue.pyd
Filesize
28KB

MD5
f19d9a56df14aea465e7ead84751ea5f

SHA1
f170ccbeb8fb4a1e0fe56f9a7c20ae4c1a48e4a9

SHA256
17ccd37dfba38bba706189d12ed28ca32c7330cc60db7bf203bf7198287073e4

SHA512
2b69a11026bf4fe3792082d57eaf3b24713e7bd44dfd61ccaa6e5adb6771e49b6c81c1b542fbb159c9055db9739b9c4473a856914c72683a2a4cf658d6d7a469

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_socket.pyd
Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_sqlite3.pyd
Filesize
87KB

MD5
46d80e7c337787fa37c7b413b70c6c44

SHA1
7e714ddf236dc80b54200e7bd4b92573ffdc66e5

SHA256
638c284d9e4bf328971086e90a4c61483323fa4b2cae6100e4a22e4cdff65e2a

SHA512
b6dec4be48574c8b6928af00a94debfae20a18d61f7220c7e759432b9f4933b7cae787416e1f520547a35f2661fd8d770f627b337e8274a3aeaa4ac5fee338fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\_ssl.pyd
Filesize
151KB

MD5
cf7886b3ac590d2ea1a6efe4ee47dc20

SHA1
8157a0c614360162588f698a2b0a4efe321ea427

SHA256
3d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c

SHA512
b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\base_library.zip
Filesize
763KB

MD5
c6b38adf85add9f9a7ea0b67eea508b4

SHA1
23a398ffdae6047d9777919f7b6200dd2a132887

SHA256
77479f65578cf9710981255a3ad5495d45f8367b2f43c2f0680fce0fed0e90fb

SHA512
d6abc793a7b6cc6138b50305a8c1cad10fa1628ca01a2284d82222db9bd1569959b05bdf4581d433ff227438131e43eec98bf265e746b17e76b1c9e9e21d447d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\certifi\cacert.pem
Filesize
253KB

MD5
3dcd08b803fbb28231e18b5d1eef4258

SHA1
b81ea40b943cd8a0c341f3a13e5bc05090b5a72a

SHA256
de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e

SHA512
9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\libcrypto-1_1.dll
Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\libssl-1_1.dll
Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\psutil\_psutil_windows.cp39-win_amd64.pyd
Filesize
74KB

MD5
789827bcbae298d8d3223f33228b26af

SHA1
29de4ad19963292504414196dd3e353084a0e864

SHA256
f79f6732ea5a3675312ef4b9506bed8e15aa2d9c722d30d0c96274675aa9dc68

SHA512
e4d53c2a31b046862accc33ca1fb3327df10fa92e79556d16ca5dccc132bb0812df9454196554c848644c312c58faa07558382a58b53cf8889e61684cfe14885

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\python39.dll
Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\pythoncom39.dll
Filesize
543KB

MD5
26ebff360b70ca5de0a81fccbae0b02c

SHA1
2415d8c46eb188648225f55a26bd19a9fb225749

SHA256
4077005b6ae8272d82892d183cbc972780e3aa80f848c447626761a6c244d3a3

SHA512
09645c61421f245df7a2f62683bc90b5e3d51607b5dd9b1e7af9d54d93bccad132d6ff8aa4ba7d083da443f2b6220302178f9a120fecce661876cbab6d90a3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\pywintypes39.dll
Filesize
139KB

MD5
d658ffb571a541e9e21a6b859a67e112

SHA1
d9e7f54eb92ce32ff4d02fedd5c9b738dabbfbdb

SHA256
0cc26e2acaa1933647f885b47ac6da6625be7a4cd93fae220fb172906ff22091

SHA512
0040b19841d2d19ab5506cefc3186813cc92f57144b7b3f0bfec45638eebc053ddb8a40f2843cafe5d0ae5c6dc7f5db646a6441d34e02d749eb9563edbe5c7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\select.pyd
Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\sqlite3.dll
Filesize
1.5MB

MD5
7b523ec0e5eaf72ba72a8601d82fb97d

SHA1
6ea37960e7b915deaffb42f942271627cc4e06e6

SHA256
3c206503837ce6c4a9fbec94678eba80114ee6506aa94b93c5dccc5911c48a73

SHA512
b48a5627afedffb0ad913b728b5cfa0f64ccede395b99504892846b41b7aac4dced46d9b1f5230d95b0e48784db522d300071e6bbb912f77893ae2eceb020712

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\unicodedata.pyd
Filesize
1.1MB

MD5
cd12c15c6eef60d9ea058cd4092e5d1b

SHA1
57a7c0b0468f0be8e824561b45f86e0aa0db28dd

SHA256
e3ab6e5749a64e04ee8547f71748303ba159dd68dfc402cb69356f35e645badd

SHA512
514e76174f977cc73300bc40ff170007a444e743a39947d5e2f76e60b2a149c16d57b42b6a82a7fea8dd4e9addb3e876d8ab50ea1898ee896c1907667277cf00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\win32api.pyd
Filesize
131KB

MD5
8ccfec535f312418015bcd067fe32208

SHA1
79aa4bc6d681972afadfa4b2bae230ce06570a56

SHA256
9157829433f0bd8a12b1a1cf2fb90301e20ecf43802eb0ac85525ebcc53d0e30

SHA512
698b3a57338ffa47e2afecf9e8f8f709061e5cb56d82d8e10e48c6d4c8d26d2e0a21f2dcedc599a1b605ee2026dc2af7bd79d9f8b035c5c6fd9bd9fc817673b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\win32crypt.pyd
Filesize
124KB

MD5
69fa92932743edb9cdc05077fae6ebde

SHA1
87103a91d8810bf6ad243189650ca9d81a4c8cf7

SHA256
43fd57f9631dfa2a25588b30dc904422c91cf3a960aa45cfadbdce11150b0d44

SHA512
28b37a9ee7e93a8ab3f18db1cef5eb8759a7a0eece4c9bbd061e83fd777f638bf784195d5e9dca0d2f643a1a8ce27b95b48dc1e71d725419ae253fbfa169e095

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11722\win32gui.pyd
Filesize
223KB

MD5
6b671bc3676e868789caca8671f4f963

SHA1
0f464c7dcca0f3d6590286a9c240ea369e155e8c

SHA256
23074dc90395366a8e9653d1b7ee32f61ed8b4c95bbafed2a25d6f2e17a550ce

SHA512
69b42d227d53f789126c5e61d4d3140b3f7b3d8ba13116f266dd01da4e5f9b0bbe942973c98c85edac390cde4f7b9b3be349ef4401ff93fe2979bf5f3d237ee5

Download Submit