Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 19:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.modrinth.com/data/P7dR8mSH/versions/kAQqRNrK/fabric-api-0.97.8%2B1.20.6.jar
Resource
win10v2004-20240419-en
General
-
Target
https://cdn.modrinth.com/data/P7dR8mSH/versions/kAQqRNrK/fabric-api-0.97.8%2B1.20.6.jar
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 5312 icacls.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4608 msedge.exe 4608 msedge.exe 1228 msedge.exe 1228 msedge.exe 4256 identity_helper.exe 4256 identity_helper.exe 1860 msedge.exe 1860 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe 1228 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1228 wrote to memory of 316 1228 msedge.exe 84 PID 1228 wrote to memory of 316 1228 msedge.exe 84 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 712 1228 msedge.exe 85 PID 1228 wrote to memory of 4608 1228 msedge.exe 86 PID 1228 wrote to memory of 4608 1228 msedge.exe 86 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87 PID 1228 wrote to memory of 4948 1228 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.modrinth.com/data/P7dR8mSH/versions/kAQqRNrK/fabric-api-0.97.8%2B1.20.6.jar1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb38b46f8,0x7ffcb38b4708,0x7ffcb38b47182⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4604 /prefetch:82⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\fabric-api-0.97.8+1.20.6.jar"2⤵PID:5148
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:5312
-
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\fabric-api-0.97.8+1.20.6.jar"2⤵PID:5376
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\fabric-api-0.97.8+1.20.6.jar"2⤵PID:5484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3466254983596894504,10271228870696384157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵PID:6032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3576
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5644
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\fabric-api-0.97.8+1.20.6.jar"1⤵PID:5712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5ef235d96800376802ecf0a2f01fd24f1
SHA13ba8fe2795289cb0494c50c5781c75b1f6d0597e
SHA256d81cb80512c797f4138952d1d6f9902f2bc6a963ebeb3d9ecfff560cf4dfb0ee
SHA512bd139ca76f33a0a33b60e9083744e86d83b3eba94b3b7ab89ec0799dd9a98bf3f7b1c6c50059b0cb9bb13d3a43bf4c528b66b0bfb2a3ed91780e522078c8118f
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
184B
MD5c13a3d6ecac933c80ab71e564db8e618
SHA1d4ef0ea06613419f87d093910169e1ab3a6ddac5
SHA2568a83ecbc88c0fc79b5275080239d284802b9c70d69c1cd2a519c231e5e3f3cb8
SHA5122e60df5855b0906bbf6e3555501175a2ce7cc97d4ba264b0fe36db2b4e090cf95e7138b68280b37d9f2d3abb9bcdc4d662221f3341b0eceaf5d44e3786fcf185
-
Filesize
6KB
MD5701c96f399e6d87b315651f1af72e12e
SHA1c133a57ad87ab0c678609599eff4467f8d14ce50
SHA25671cd0cdd098444fb017a922bbdcc8c5cf84343d446634a6e791bd708f7de2bf2
SHA512d406546a5471ba4ed3258e6f51843ad77d41ba95fa01eb3ffe0dc0e521c8d3da78432905f8750ac04ec8e70589c88902a0568ad549f9ebf4bf36414d46b213cb
-
Filesize
5KB
MD576305278d8194329f2b5dcacb883bb94
SHA13d7d05049634ad9d4e84f73d413c6bc60e962a1f
SHA2561415db4be3c32048a8b45204a895af251a471833477822baf1402ab5d69011e1
SHA512c36ff8e53de77a8620a2aea1e407197116f71f59a4d42edf7a1c7ab8ce72e3dbeb8afbc897cda15b1e893ca54417aacd9996aed74c91ae1f0ea988d8c7b08750
-
Filesize
6KB
MD5c512039173f6215dd481a981e1ec6b55
SHA172632055cd0b551299e2dc8235f9e45d9b7d5029
SHA2565619746cf241e8af83d329a858aa5fcbe52bc224f69cf1e023c438dd25c09a68
SHA512ae0d9d6a5dee06dbce23bb3ceae5946e91277c0c9127ed036b9e1f66e6233120189b449965d41de9ed905fba10ad65c4a99a9e0c035c8c00c659c5829a9fa03d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cfcd451a7cf569ef394ae5d1333b8749
SHA170c268ecf421e3edbc90db09801371e32bb70ce5
SHA25654d71bae544792f2353dd0e733be0097b7c31428bdee53988b69d0537b8c266f
SHA5125866d790bef4ede87092210342a6c52883b471792362ce9781c7b052030d532413c6403cd6461651f6d05aabd6f08fdc20ba9c9133ad0a1635f86bc1c869c9e7
-
Filesize
11KB
MD5ecbef9032a78ed409ee627ff9466205b
SHA18d7f32c9bca800b79dfa8a9add75e07b85960a78
SHA25660a70edf2cbf10a9a7969ea3e6e536b2bf64a3ae6bb3cfa54583d20e1bbd6f44
SHA51267a32ab45ae89eec7bd3beb10a6cfef0262b7ee9fdd8640334d0b7e2347b99fa9c2149dbf771cb37319b674a7f8c1639063a419cb04bc8df59987104bf080d16
-
Filesize
11KB
MD5a5a911baeeaff6ccb6753c70adc7ae76
SHA1797a4c7c8570b58e158ec5d0e9aae589081e3a76
SHA256c4076574e677474c5b30628e99bccee79f34bf19de69d656a83a81d3c65b9d2b
SHA512e5af5fd4227821b5d31a61d8fe20f56aab7de7b25a59a295c7ccda447ed82992cdc1fd0e957ead5f7b021503b029bcce1b3b08901a4908489ea3aad9a72b156a
-
Filesize
2.1MB
MD5a7d78c0329fd085d57e3a4d033387a1d
SHA16d7a34b8448259688e0833c02be3e28763acec65
SHA256ee3d6cc49f74deeea308a42130a896b3876131d1df187bf8077bf724351de720
SHA51241f19b2a7271c776b84c22e841c20acf12c5260b4a197a97f8afb84f04b408317a9488646d795ec613a6c98f2655339c2bba426007a1d38b42bc32c15ca6c642