Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
30a29134064...18.exe
windows7-x64
70a29134064...18.exe
windows10-2004-x64
7$PLUGINSDI...is.dll
windows7-x64
3$PLUGINSDI...is.dll
windows10-2004-x64
3ffRichMedi...ion.js
windows7-x64
3ffRichMedi...ion.js
windows10-2004-x64
3ff/chrome/...203.js
windows7-x64
3ff/chrome/...203.js
windows10-2004-x64
3ff/chrome/...ion.js
windows7-x64
3ff/chrome/...ion.js
windows10-2004-x64
3ie/RichMed...03.dll
windows7-x64
6ie/RichMed...03.dll
windows10-2004-x64
6uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...is.dll
windows7-x64
3$PLUGINSDI...is.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 10:13
Static task
static1
Behavioral task
behavioral1
Sample
0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/aminsis.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/aminsis.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
ffRichMediaViewV1release203chaction.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
ffRichMediaViewV1release203chaction.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
ff/chrome/content/ffRichMediaViewV1release203.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
ff/chrome/content/ffRichMediaViewV1release203.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
ff/chrome/content/ffRichMediaViewV1release203ffaction.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
ff/chrome/content/ffRichMediaViewV1release203ffaction.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ie/RichMediaViewV1release203.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
ie/RichMediaViewV1release203.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
uninstall.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/aminsis.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/aminsis.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe
-
Size
657KB
-
MD5
0a29134064c19d23dc603947eb8e44a7
-
SHA1
a8388c728afba35e4cc231afed9041ba3edde255
-
SHA256
138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85
-
SHA512
59bb28c0c3732ca465c39f05f96abe203364e4d1d2e4c0d5e9bcca37aa2bdbc9d099d07fefdafb8b72654b4c1eae907738690d63bf82da0d3a093055ac3aa929
-
SSDEEP
12288:MBAKKzA/yG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BnSq4IalQTSJ8ePt/t5uO7EU26m:MBAXAqG4GQm4OaHYJ8eP4D5uOHBBH4IH
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 2136 regsvr32.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 3 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{918ae817-f084-43d6-9203-c6570c30a68e}\ = "RichMediaViewV1release203" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{918ae817-f084-43d6-9203-c6570c30a68e}\NoExplorer = "1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{918ae817-f084-43d6-9203-c6570c30a68e} regsvr32.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Windows\System32\GroupPolicy 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe -
Drops file in Program Files directory 22 IoCs
description ioc Process File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\ffRichMediaViewV1release203.js 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons\default 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\uninstall.exe 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\ffRichMediaViewV1release203.js 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\overlay.xul 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ie\RichMediaViewV1release203.dll 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ch\RichMediaViewV1release203.crx 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\install.rdf 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\install.rdf 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\overlay.xul 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons\Thumbs.db 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome.manifest 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\ffRichMediaViewV1release203ffaction.js 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons\Thumbs.db 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons\default\RichMediaViewV1release203_32.png 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons\default\RichMediaViewV1release203_32.png 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File created C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ch\RichMediaViewV1release203.crx 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome.manifest 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\ffRichMediaViewV1release203ffaction.js 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ff\chrome\content\icons 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language gpupdate.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Approved Extensions 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{918ae817-f084-43d6-9203-c6570c30a68e} = 51667a6c4c1d3b1b07f79d88b5a4b908890885170d71e794 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe -
Modifies registry class 36 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\0\win32\ = "C:\\Program Files (x86)\\RichMediaViewV1\\RichMediaViewV1release203\\ie\\RichMediaViewV1release203.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ = "IRichMediaViewV1release203BHO" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib\ = "{64C38998-DC5B-4D8F-A7A8-DD73010C7843}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ = "IRichMediaViewV1release203BHO" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\ = "Rich Media View" 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\Programmable regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib\Version = "1.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib\Version = "1.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e} 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\HELPDIR\ = "C:\\Program Files (x86)\\RichMediaViewV1\\RichMediaViewV1release203\\ie" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1\ = "RichMediaViewV1release203Lib" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\InprocServer32\ = "C:\\Program Files (x86)\\RichMediaViewV1\\RichMediaViewV1release203\\ie\\RichMediaViewV1release203.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\TypeLib\ = "{64c38998-dc5b-4d8f-a7a8-dd73010c7843}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{520E65FF-E951-40E3-9B8E-C4DACD17A54D}\TypeLib\ = "{64C38998-DC5B-4D8F-A7A8-DD73010C7843}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\ = "RichMediaViewV1release203" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{918ae817-f084-43d6-9203-c6570c30a68e}\Version\ = "1.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{64C38998-DC5B-4D8F-A7A8-DD73010C7843}\1.1 regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2136 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 31 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32 PID 2416 wrote to memory of 2768 2416 0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0a29134064c19d23dc603947eb8e44a7_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 "C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release203\ie\RichMediaViewV1release203.dll" /s2⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2136
-
-
C:\Windows\SysWOW64\gpupdate.exe"C:\Windows\System32\gpupdate.exe" /force2⤵
- System Location Discovery: System Language Discovery
PID:2768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
85KB
MD5f4ddc34a9b812597c86d0bcee2da1c81
SHA17ba6c712bb176f566f44874a9218b6852e59cf4b
SHA256baeed16699b3c67d4801c1722017c9d95dace3e7c8ec97898c7f1282c9ec6c3a
SHA512fc22416eed502cd486ceeb607df507a43684647a630fcaf6715e8f9f2a2535538d55c58923335126bb7523d937025f005ae9b11fb4aa7451251329822f10a6d0
-
Filesize
567KB
MD5450753ad96785a240a39deccab3af0d0
SHA121c544064d2ffa6444508268ce258a330d459fc5
SHA2561c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
SHA512c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab