Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 01:29
Static task
static1
Behavioral task
behavioral1
Sample
ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe
-
Size
436KB
-
MD5
ad5fb6ea2263e306d3071477d228658a
-
SHA1
133b7b5794197288fc3357a538d7696d9649f0e9
-
SHA256
70131898358ac17e331b273a7af5fe80ae21679e88c0c44169b1adadb0ea5376
-
SHA512
7c71caacb48ee4c0919f547adf5b3d76b5b59a71315fde6afd3079d2c018a7a80308f2ed2dd0a0637c1e370da49dd373446bfec27d4bcd240633fd27b5040f98
-
SSDEEP
12288:ualVlT+xA+U2Lj6yrCltturh/fXp8na3F4:JDlKi2iYCtturtXi1
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\scvhost.exe\"" scvhost.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} scvhost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scvhost.exe" scvhost.exe -
Executes dropped EXE 1 IoCs
pid Process 412 scvhost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTFMON = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scvhost.exe" scvhost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Runservices\CTFMON = "C:\\Users\\Admin\\AppData\\Local\\Temp\\scvhost.exe" scvhost.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language scvhost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ielowutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000682ef1adb6c1b741b9a6296375b8eefb00000000020000000000106600000001000020000000dc15ed5f049c0b789073c7fc458b795bd731049be8f8f0a76346c2b6a1cf5723000000000e800000000200002000000091678b1010a1614e8446e2b69b9d5260ed54b7fb0640eeb85d5cf4fa374b6a5620000000ff0f9290f3bbdf2b19b431c66686238a2a3ce15ba1305e9add6efd187bfdfed240000000c2ede62aeafbb2800eb4df3645b0a1794d3ec62cf112f7a3de42f5c681541963954815a7f49b32b8f66f6c4b2812ad9c53c2c2d38a04d24d5768f84376f066a1 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430882323" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1832230757" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wardom.org\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1830824204" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{98AF99BD-5E93-11EF-BFD9-EE255DF7DB21} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126176" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1830824204" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31126176" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126176" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wardom.org IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31126176" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wardom.org\Total = "32" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307be05ea0f2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\DOMStorage\wardom.org IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.wardom.org IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.wardom.org\ = "32" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1832386558" IEXPLORE.EXE -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1584 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1584 iexplore.exe 1584 iexplore.exe 3472 IEXPLORE.EXE 3472 IEXPLORE.EXE 3472 IEXPLORE.EXE 3472 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2184 wrote to memory of 1132 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 84 PID 2184 wrote to memory of 1132 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 84 PID 2184 wrote to memory of 1132 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 84 PID 2184 wrote to memory of 412 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 86 PID 2184 wrote to memory of 412 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 86 PID 2184 wrote to memory of 412 2184 ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe 86 PID 1584 wrote to memory of 3472 1584 iexplore.exe 91 PID 1584 wrote to memory of 3472 1584 iexplore.exe 91 PID 1584 wrote to memory of 3472 1584 iexplore.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\SysWOW64\cmd.execmd /c copy "C:\Users\Admin\AppData\Local\Temp\ad5fb6ea2263e306d3071477d228658a_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\scvhost.exe"2⤵
- System Location Discovery: System Language Discovery
PID:1132
-
-
C:\Users\Admin\AppData\Local\Temp\scvhost.exeC:\Users\Admin\AppData\Local\Temp\scvhost.exe2⤵
- Modifies WinLogon for persistence
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:412
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵
- System Location Discovery: System Language Discovery
PID:3920
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3472
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD593f15508cd4b36df3a93b731aa089d42
SHA142777a71786f2a4ae36f9a79b3ed046d4d0a5382
SHA256302bc8a564bc6b000aa867b0cc7d53b6026137cc50b8dd951a8406b5ea588a26
SHA5123d46d8a5fa284510f8ea3060f22f08b67e36d126cf4a203fb8e98fa8b0f6372b82187804760033c414cd6132ae340f68b7a94d57088739f3f303d6d9f51ee6d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5a010c82cc3ab3829d11e9faf083ad38b
SHA10b578d358c181ace2da5daf075274ef0f4f6b5a5
SHA256dee232c1b871f2ae98f949e6feb25091c109d1b61d1cac2df316d80647826f2d
SHA512f30da50081cd87e7c9bb854c744df5af6bca7796f2c38b3c561b8da5e26d30df00a8f3c279da1f25613b6174a83553293cd5884f4286406b92881fa3336837a2
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
1KB
MD57ef01901e0d237721dee885877137b8c
SHA1a375c386476f3ba9f25089ad152eed9bc51e852c
SHA25658ba32ac233df709ef7097de8ce1855d658af04102d79a0cfe359433b19d2910
SHA512193af254ec18bd2e49177d0b26436f7a69546c941027d7565033b5f21879b14587654c7279c461484f9255fd0b8e32e070fba5455992ed52fe4bd158e6e3c89b
-
Filesize
1KB
MD56a65fd444457822051f1038ed91a9949
SHA1eb246b35e2773973bc394783d4a1a90cbb5f36da
SHA256ee11c9a837debac46f01cd80292865b505fcb9f2f5553cb7977bcfedad52a161
SHA512c03ccf08031b96febbe29765005e2006b84dd13f76d845553078f7dadc92aaa692507de305eeadbb8d58af53445d6d581911039175021bf4d1119894fe83751b
-
Filesize
240KB
MD5d8e14023b11ab348bcd6148a50b7ae85
SHA1f7778124c39814a93df08e74d11f855cb27d09b0
SHA256a7dbdfa852bb23eaa74c5846f999cd83365720fd9cb15b50874f1848bcffb55f
SHA5122d341118ac88c5a953932be07e67f97fd7358fedad2fef1475c9042bc67d5a5621dfd86cf3aea8958e90686c3e5a835c057a076b923594594e0dfc763bac071c
-
Filesize
219KB
MD5dd012cb958a95fc77ced4ecbb7c87040
SHA1122375da09a85d0834f86ddb7652d39c74b57942
SHA256c169747d50a5e329c43ed19744c7c68592d564faf8d676ba340b9ccc35f8ce2c
SHA51290580c6befe1b043cb2e02ddf361d2bf71e2c7c409858d0f413a1b46edc5489cea4b147b1166bd6e15d9eaff2efc5873bc8769498236e014d4f9c26ff9a8e18a
-
Filesize
179KB
MD5265b724844b97d7427fc4a44c9c2e43d
SHA1ce3b1d7a991dbb98e642a23b2acf754785817434
SHA25685528db3d0ca496bc7075693ecdfd1bbbd85fe342f946b9eab219cb56c7ad205
SHA512f5b0421f75b3a7965cf477dab93805ddaadd0af4e1d6e4098b203906840235537bdd7cc923cef606ea880cf791e0d77ab051177c16b1fe5b94d00e511f5c423d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
35KB
MD5b5af8efecbad3bca820a36e59dde6817
SHA159995d077486017c84d475206eba1d5e909800b1
SHA256a6b293451a19dfb0f68649e5ceabac93b2d4155e64fe7f3e3af21a19984e2368
SHA512aac377f6094dc0411b8ef94a08174d12cbb25f6d6279e10ffb325d5215c40d7b61617186a03db7084d827e7310dc38e2bd8d67cf591e6fb0a46f8191d715de7b
-
Filesize
436KB
MD5ad5fb6ea2263e306d3071477d228658a
SHA1133b7b5794197288fc3357a538d7696d9649f0e9
SHA25670131898358ac17e331b273a7af5fe80ae21679e88c0c44169b1adadb0ea5376
SHA5127c71caacb48ee4c0919f547adf5b3d76b5b59a71315fde6afd3079d2c018a7a80308f2ed2dd0a0637c1e370da49dd373446bfec27d4bcd240633fd27b5040f98