Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 05:10
Static task
static1
Behavioral task
behavioral1
Sample
c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe
-
Size
1.8MB
-
MD5
c00377b6b0d9c85b5ef6aa4f161148bb
-
SHA1
becc018a9c15cca8145be7528fd07bd52d49260a
-
SHA256
f93f1c2aaf4779058b2bf46ab18e7b829b7980f51f896eaf4a67dc7c206ad5f6
-
SHA512
4c487f9eb59d5b7a0db6f676b757b8d4ce16b144b061a748d54f54f5421712d4589fb8c7ce34922736cdb91fd7b6e2dbe3645c8dfa43976be6de53dba2a73878
-
SSDEEP
49152:+CIt+FvkUSkVs13YROIL/+fGQ6F3XSDYxyFWymzkz:pq+FzSkVfHaGQ6tXSbwrkz
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
pid Process 4012 rinst.exe 1948 bpk.exe -
Loads dropped DLL 4 IoCs
pid Process 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 2192 c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bpk = "C:\\Windows\\SysWOW64\\bpk.exe" bpk.exe -
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin" bpk.exe -
Drops file in System32 directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\rinst.exe rinst.exe File opened for modification C:\Windows\SysWOW64\pk.bin bpk.exe File created C:\Windows\SysWOW64\pk.bin rinst.exe File created C:\Windows\SysWOW64\bpk.exe rinst.exe File created C:\Windows\SysWOW64\bpkhk.dll rinst.exe File created C:\Windows\SysWOW64\mc.dat rinst.exe File created C:\Windows\SysWOW64\bpkwb.dll rinst.exe File created C:\Windows\SysWOW64\inst.dat rinst.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bpk.exe -
Modifies registry class 48 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32 bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0 bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A} bpk.exe Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1 bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32 bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32 bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32 bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWow64\\bpkwb.dll" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A} bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" bpk.exe Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings rinst.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0" bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A} bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE bpk.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0 bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\bpkwb.dll" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0" bpk.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}" bpk.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1948 bpk.exe 1948 bpk.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2952 OpenWith.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe 1948 bpk.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2192 wrote to memory of 4012 2192 c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe 92 PID 2192 wrote to memory of 4012 2192 c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe 92 PID 2192 wrote to memory of 4012 2192 c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe 92 PID 4012 wrote to memory of 1948 4012 rinst.exe 97 PID 4012 wrote to memory of 1948 4012 rinst.exe 97 PID 4012 wrote to memory of 1948 4012 rinst.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c00377b6b0d9c85b5ef6aa4f161148bb_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4012 -
C:\Windows\SysWOW64\bpk.exeC:\Windows\system32\bpk.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1948
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4464,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:81⤵PID:2244
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
424KB
MD55ac7c0441c8c0d87b3f8d77be175d0db
SHA1e8b93a012a04cb7e81dbb664ce17485449994014
SHA256456a43ed759f12a354dcad49a8d3d906c438c648ba3d00c719e65709c7764f09
SHA512f94b1434268cba4c99d80d41eccbece84bc28eb8c2973680c8babd6bb7097f96e5bd5190a5d1ea73c613ca3010725f7bcee1dd5b0511827eb196ca8dc9a5cdf9
-
Filesize
24KB
MD523fab0e0b3051cf99ba91c6166dd0e9b
SHA16499395e8c962f28d5e4b153b3860491ff9fea78
SHA2561d3f50ce0b1d4a0ac6ccd72df7fc1686ba4adaf6a01d06134dfe46dee0aa513e
SHA512693c21c798bf5cd62b52b19c6f6ab57cc2c1a4374bf0d06d9e8a1db3bb750803185269ec8b369b4e39835b332edae84ce2680406e91778d65678c0c29d4767ff
-
Filesize
40KB
MD51687a4fc6c2cd78d6c53b8b404d55094
SHA116a4e9b9d2b7dc8d682727d45e290e73617d68f4
SHA256a31be0c1aaf84620dd3525aefd5a72cf4602360249d2b9b3022d275a3bc52d47
SHA5126c4abc31bf9f9025d321394978caf6d1b2b48af0e9a7756664a221619e2e29b965554de0df69026eb06a76ac27edbc20723993c3f867ed6b7932fe3bf99fa885
-
Filesize
996B
MD5ff6aec2f376fbd07e9fc332b58274bca
SHA15bf6258fc084a2065d5d287b50a72abf8a510dd2
SHA25603cf09c23322291d9caab84022ecf21f55230b8c0690b3e6070058bebe9f230b
SHA5121797e7f2ac9a7d0c36a17f4644b8a6c345a9f0963ad4c09830720038fa4a1d21c0f00c1abd4ed3160a20576ffb72bdcb8ab3a24dfbd272f6efb564114683a380
-
Filesize
30B
MD5726259f004ad6c0d0490661cb3b5590a
SHA190622e1d93570bc7c9725435729d351587bf552d
SHA256698906992c310cfb176f09e61610b2bfbc39fcba0e9875fa454788c7ec764c97
SHA512e864a584cb64ecca84eb2ac0e2cbc30ccfaf543866975b05b79d0a435fcc1794707c10621dcb80fa905e5364be63067b36a5052076eaba3be428f4439b91f014
-
Filesize
4KB
MD5d53c7d15098117bf35eb0bbb598cdce2
SHA11521bf1dea4dc6e7b46b1d344d556225f3fe0c6b
SHA256ea78b57a2224352b6adea36c3522f55d4d1fe392b89b0dd39f0b1800aa8233af
SHA5129f7af5affa14249460146466832c118a63819b3e7dedad254d022f702ba019ef5cc1ce05a30667f9cb070eafa51ee19145e134ce0b274f372dfc16650fb90ef8
-
Filesize
7KB
MD5fbe4bab53f74d3049ef4b306d4cd8742
SHA16504b63908997a71a65997fa31eda4ae4de013e7
SHA256446658dd5af649857fff445c600f26cdc1d0c19c86a080f312b89b1890182092
SHA512d458ab806a3ed3d1494a13ad8a75df874a0b227cb4f337996cb82df3c4a26dc9c4fe48a664b53b052a4af123ea8d89911d9d9493870e6b5992d5621a32260c2f
-
Filesize
1.6MB
MD552d505189fc9cbece6b00b36781dff6c
SHA10f439b82c5a2e886b04beec26f58541df0619dd1
SHA2560959ff71b2b2bf12b0379531599d5ba070a923099533a72fc1034cfe59856c95
SHA512c82124cdf30215949896f3eab95d6f7601850f7247c94f00acc12456d7d9b8de39a83098d2125e939302bca25bdf8b2799d415eb440899791cc5ae337c5856b7
-
Filesize
424KB
MD5994ffae187f4e567c6efee378af66ad0
SHA10cc35d07e909b7f6595b9c698fe1a8b9b39c7def
SHA256f0b707b1ab25024ba5a65f68cd4380a66ef0ce9bb880a92e1feee818854fe423
SHA512bd5320327a24fbab8934395d272869bfa97d77a2ee44ac6eec8fa79b3ffbd4a049bf9dfeeb6b8cc946c295a07bd07ddba41d81c76d452d2c5587b4bf92559e0a
-
Filesize
24KB
MD59ac9028338d1b353a7cacb563bb91df7
SHA1a20c5dee8f05c91686324cec2d5b092bafe58339
SHA25693c0e7f41d5d74217189e4cc2d5cdb8f97d8e5eeef0a0dcf4cecd67e3393682c
SHA512ac83c8f7b6fe913487015d8d7a2e430e917d230b6b2907150f6c4a73bf64c3a02320dddc29fea03db5df8ac5620d8a902fe7be80ba1b1bd1e6f5b8b1b016ddfe
-
Filesize
40KB
MD521d4e01f38b5efd64ad6816fa0b44677
SHA15242d2c5b450c773b9fa3ad014a8aba9b7bb206a
SHA2563285df0c25d4b9b6d5ccbe166a3ce3d04f5cb3a0d61c8bf29bf5f953e51b0977
SHA51277dae941676a56664da89c7670d29ed5402032c8040df1cc231986733c78f0dc56c41f7a276ec9ea8336e3fa2bfc68d3121048e9585bf0d8a98917d799f669b8
-
Filesize
30B
MD54428a3048e142e7a72cdcf7ab3b6132e
SHA1749cd5926b84a88f418cdb01fe51a38b92cd3ff9
SHA256b6c25055ee4c3902d93fc477520905282446ad0482fbbcd704de120141ce84d2
SHA5122ff6e482ccb8ca9bfd62ffca9d0b0acfa6e22e6f2f8fc2e2748ea127cc5c3e79c448d207176a249765bcc1b17be9702242a8603cef8829fccb486422f7bfa234
-
Filesize
4KB
MD5ef7d5819d56fb51515614caf7684295a
SHA1f510cee06e60e7feff19e6d7bf0cb843c319a9db
SHA256cbee09a630dd1ad22c2e42ce9220310665769509c77db9d2b9b1a6299aae29c1
SHA5125f19881bc95e8c6dc7e7c9a8ee79e6e31b93c6559f9f43f6a16c161f6851e3311671e10bc792292a89dff3f9183167adb07d2d825a1c89961eace403cbda510d