Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
21/08/2024, 07:45
Behavioral task
behavioral1
Sample
b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe
-
Size
745KB
-
MD5
b2a3fd975ff33caeb7b7da61bb07dd33
-
SHA1
fe165a43f4e2ec825e3940f1298bcee3dcad84ce
-
SHA256
99a53d714667b30d97e7816afd672afb8ba032f6c525646fbd28bd312b9e3ae9
-
SHA512
6ff3d3df776178f025af5956b2e54700cbc39fe1e26f0f7c06afc8e20444f8f570f916ee9e8f536e37766a90c102051ce1208f3a670c2aadc08dfe7283747c73
-
SSDEEP
12288:s7omZ5IXftbYu8WNPQtN/gwZ4UItlbXfAChRq4z/O9jJ8TGSsiAyDG8A56:s7oIIXfe/qPQXnZ4vtJAUdz/AKSSsV6
Score
7/10
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 1 IoCs
pid Process 2276 PokkiDownloadHelper.exe -
Loads dropped DLL 6 IoCs
pid Process 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 3052 regsvr32.exe -
resource yara_rule behavioral1/memory/696-0-0x0000000000F00000-0x0000000001101000-memory.dmp upx behavioral1/memory/696-19-0x0000000000F00000-0x0000000001101000-memory.dmp upx -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PokkiDownloadHelper.exe -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c}\AppName = "PokkiDownloadHelper.exe" b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Pokki\\Download Helper" b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c}\Policy = "3" b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c} b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c} b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Pokki.PokkiDownloadHelper.1\ = "Pokki Download Helper" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME\Database regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\MiscStatus\1\ = "131473" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME\Database\Content Type\application/x-pokkidownloadhelper\Extension regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\ = "IFBComJavascriptObject" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Pokki.PokkiDownloadHelper.1\CLSID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\ = "PokkiDownloadHelper 1.0 Type Library" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\ProgID\ = "Pokki.PokkiDownloadHelper.1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME\Database\Content Type\application/x-pokkidownloadhelper regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\Programmable regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME\Database\Content Type\application/x-pokkidownloadhelper\ = "Pokki Download Helper" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\FLAGS\ = "0" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\AppID\npPokkiDownloadHelper.dll\AppID = "{B415CD14-B45D-4BCA-B552-B06175C38606}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Pokki.PokkiDownloadHelper\CLSID regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\Version regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME\Database\Content Type\application/x-pokkidownloadhelper\CLSID = "{22848257-6a2d-4d2a-8d56-c886d25b8b58}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Pokki\\Download Helper\\npPokkiDownloadHelper.1.1.1.76.dll" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Pokki\\Download Helper" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\TypeLib regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79} regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\ = "IFBControl" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\MiscStatus regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\TypeLib regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\0 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\ = "IFBComEventSource" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\AppID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\TypeLib regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Pokki.PokkiDownloadHelper\CLSID\ = "{22848257-6a2d-4d2a-8d56-c886d25b8b58}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\AppID = "{B415CD14-B45D-4BCA-B552-B06175C38606}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\Version\ = "1" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\MIME regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Pokki.PokkiDownloadHelper.1 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\ = "Pokki Download Helper" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Pokki\\Download Helper\\npPokkiDownloadHelper.1.1.1.76.dll" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{27660920-180B-4F51-9CCA-62FA0CF9144E}\TypeLib\ = "{39B1EC90-428D-4033-9E32-ED28D02FF588}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\TypeLib regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Wow6432Node\Interface\{17F5597D-5A7D-44A5-8A17-CDC392D57719}\TypeLib\ = "{39B1EC90-428D-4033-9E32-ED28D02FF588}" regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\Interface\{90E789F1-9868-4872-B659-53AC14E5CB79}\TypeLib\ = "{39B1EC90-428D-4033-9E32-ED28D02FF588}" regsvr32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 3052 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 31 PID 696 wrote to memory of 2276 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 32 PID 696 wrote to memory of 2276 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 32 PID 696 wrote to memory of 2276 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 32 PID 696 wrote to memory of 2276 696 b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b2a3fd975ff33caeb7b7da61bb07dd33_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:696 -
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3052
-
-
C:\Users\Admin\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe"C:\Users\Admin\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe" --command install --tag "Pokki_Pokki" --productname "Pokki for Pokki" --uimode "minimal"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2276
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
792KB
MD58316abc2837bf96fa5b3794e05040db9
SHA11fa5356fad024572cd320da53b0475195069f039
SHA2568b9e6dfb6ea91b73fd1c44bb8ef8a4729bcd691591cf382f32463b38a4f4555c
SHA512bdb49d1447afd3679eadf342d9a555563b6f8c2a877094ea2ed59e87b250167507c63798bc5f8aa72d02e830663e1bf8da44705fb41474f00097325b56abf01d
-
Filesize
754KB
MD5802d6581d5cf82e71bf346a52b7515ec
SHA1bbb3bd0f415000f5f60ee80e4b35f7eed78a4486
SHA2563c76d98b8c6c32c7b47796c83b14aa70e90de3408fdddbe0bc083255c5feeab5
SHA512bcf9e16392cfeed4a4dd7f07be1a4855e432ca9dec70fd0999008cc67fe46f8b83b602f6c36ffb44a1e1b56c22e74e4b02ccbd809ddfa9c9ce20085caed5edef