Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 10:56
Static task
static1
Behavioral task
behavioral1
Sample
221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe
-
Size
400KB
-
MD5
221e346418983460f083918f7ae5c8b1
-
SHA1
8374f92bdea380cece6ca3c8757b550afde10985
-
SHA256
fffed4b522cd8effd6914c90b628fdf705862c0954705bd1ad3bc20413de2de5
-
SHA512
d212a3ae8c9cbc2bcf4dcead64187884530b683aa2f6887d9481ef82d747f3077056f5f0ebc255305e03f58c9fc6fc83d8f93fce27dfe8c0145974d3fe12bd0e
-
SSDEEP
12288:dIUfb4u+831O2HSu8XFXvYRl9FmTJybvsBNZ:dILuSn09FmTKvsfZ
Malware Config
Extracted
cybergate
2.6
Master
kasur.no-ip.info:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
ftp_password
123456
-
ftp_port
21
-
ftp_server
ftp.t35.com
-
ftp_username
khan14.t35.com
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\install\\server.exe" 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\install\\server.exe" 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{VK06AHV0-2MIQ-360Y-RXED-QB3DR020WLI4}\StubPath = "C:\\Windows\\install\\server.exe Restart" 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{VK06AHV0-2MIQ-360Y-RXED-QB3DR020WLI4} 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Executes dropped EXE 3 IoCs
pid Process 1972 server.exe 912 server.exe 928 server.exe -
resource yara_rule behavioral2/memory/3024-8-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/3024-10-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/3024-11-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/3024-12-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/3024-15-0x0000000024010000-0x0000000024072000-memory.dmp upx behavioral2/memory/3024-16-0x0000000024010000-0x0000000024072000-memory.dmp upx behavioral2/memory/3024-19-0x0000000024080000-0x00000000240E2000-memory.dmp upx behavioral2/memory/3024-84-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/928-117-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/928-123-0x0000000000400000-0x0000000000457000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\install\\server.exe" 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\install\\server.exe" 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe File opened for modification \??\PhysicalDrive0 server.exe -
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 4408 set thread context of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 3048 set thread context of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 1972 set thread context of 912 1972 server.exe 95 PID 912 set thread context of 928 912 server.exe 96 -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\install\server.exe 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe File opened for modification C:\Windows\install\server.exe 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 928 server.exe 928 server.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4312 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4312 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe Token: SeDebugPrivilege 4312 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 1972 server.exe 912 server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 4408 wrote to memory of 3048 4408 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 88 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3048 wrote to memory of 3024 3048 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 89 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90 PID 3024 wrote to memory of 4484 3024 221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4408 -
C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4484
-
-
C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\221e346418983460f083918f7ae5c8b1_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4312 -
C:\Windows\install\server.exe"C:\Windows\install\server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1972 -
C:\Windows\install\server.exe"C:\Windows\install\server.exe"6⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:912 -
C:\Windows\install\server.exe"C:\Windows\install\server.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:928
-
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4372,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:81⤵PID:2424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
229KB
MD5f3885c07bb0fca089e7a38c6df0e7776
SHA10d351c5f036b763dd1ee94110a9ca9639c7a9d3d
SHA256f9c223a62d727ab28458f1eda6454577f2f38cc48be6e9ab4fb7d4a47d36b3b3
SHA51237e8c84db2065e20d8a4f5a49e2def160ba8ccddde6982efc0ffb4f8b932715bc4fd64315390a0a2145adcf2db9f9d058abf84573eec925444f464c7df873ce5
-
Filesize
8B
MD5d49a39318e24bc685cdfbac4ee53cf20
SHA19e967cd55602e2f05b4a8bd7db3a10d626d7923d
SHA256300d998afc6558928d343275b9dde9ba13054626213acc821a18544ae8b181d2
SHA5123754756b255f66bfd3a78d8efae232efa02371c8960c7a8197b3f4275b574e55b9106b61cf892987a72f80f693803bc57fd8ae687115f543ac644dc6810b27af
-
Filesize
8B
MD5d9a3f24f624a69db44cc7fedb100a301
SHA16bb3efa8d63c8002b8862d8c85093c49275ecba8
SHA256575dec53e32ec346efc40f78a4a4b4d861427d4794d18f50e1890f2d895c6c0b
SHA512c7562ab973c5f6e6457b82c9329d1462d82b1eff9e88b8e243acfe628dd949eab47fce4aa0c7848481756f948def5241408ae250158a42d1cac63bf643ebde21
-
Filesize
8B
MD5a28bf5281aa07e18065c61527aeee590
SHA1ab5f758c2d54c3ab1e659a1c5dbf810894567ff5
SHA25617c21aa52bfa189c09489fcd1f6944001fc65829db8237e91b2deeba03a9a04a
SHA512eedb817912c1fa53260a3be2e6dac995e612974dcc5db5f4db6be031b2c7bd2066fc925b5927a0384948678ade6a8e4d173c4f42683a1d4035a572c891e74f5f
-
Filesize
8B
MD5ccd6e50083221d08c7514e0d05ba10cd
SHA142ffd0572d05001476f2827d8a06e1541bd0a634
SHA256d8f5c6d36f04f293f3b56eec5181e4b188e972a239c9941134d04ce6be8dac8f
SHA5121b7d2368dca70f33db52c4c08fc8f2d634089e7c8800256f1477e881b52eabfe0b1154ec233a400c8a9e0dfe867f8f65175dc30fdb8758d71b8afd1bbbd4613d
-
Filesize
8B
MD5e440919eed160ffdfeeafb6e6001e074
SHA112c5d8bbba38b84eb6331d7ef0d12a399acc2a89
SHA2565c43c26f0587a228146d5689803453718d2b47b4f6cd432683a4393ec2d0ee49
SHA512517db05066f73423a33799f420c28c8857219cb4396d1dc6855f2378c726cc431ba6a5fbdb317b578ca709a820914ca6b97e4a0190b3c944a9955f71a88b7269
-
Filesize
8B
MD56c505a18e1bffc7efe1274f0e6d51e84
SHA1939dfdff7356fef9c244fb0c88cffbcc1a352e61
SHA2566fd46cf1b46a5d04ffee480ab1eafaabc0ca6813a730dfbb9368206505656e49
SHA5125f893eb1f40050199408a6731387f06100ba8166fc265bbb15c55d7187a7c9a0335bcd613c7bc9b090f6b69bfbafe3419d8a0ccffa9af0da11d32b1574889378
-
Filesize
8B
MD598cb8a77527d82841d4b485278dffcd2
SHA1088cde87e094721c03592682400091bc7c491739
SHA25669133dd19cc5921b82c7b8f74f16e65f4877b7cfcbe3e87bc90685d27faa5cbe
SHA512301aa6715ebf2f61dbb41f471fa5fdc9bedf84d0c91f96ef7dc085711bb032c3b92f8e11b80024649af688530e886dc431a46a16936c72ce56f77585cec24770
-
Filesize
8B
MD5c03df24760e3fabd9e1aa48988c8fdbd
SHA1e37302c6e0f3dee26b76aa61cf9b71c63041e702
SHA2563e2178d21dcb6a1a90296b0369fc5baa3096ea4b543a9d4bfbe17e16c5bb2606
SHA5123281d5b0e2f6650725dd3159ad0354343e6bfb222f73870ed86f201005b6417077d7ef2148616029a6ed8841914462043ca364c52712956b5da36bd44ba5b38b
-
Filesize
8B
MD56e6735136138bceec2f3ee7d16af9a57
SHA11f924c838f788fe9788c7218c036aadfa0fc16f4
SHA256f437aded1052908ffb08d1e93a98427b91c330e9313f7e52e2a72dec4b04cb82
SHA512f24839c0fe25efddc5488d3c100f14800d5ea63946b8e0aa8fb84b251d3c82b54dc1812aef521683a40f8ab8d5cc0327e40e385c15a5b2ae77a0d9c1ad1ef43c
-
Filesize
8B
MD58d2448f3983a5e845a527fbfee1d8183
SHA1d00d84dc894b103bc574121c4d30c0a93a1ab48b
SHA2567956acd25ef901c50554f47c65fbbddfc7a6b6836f7a1a138aef1a593089dea9
SHA512225f9225aa5ffe49966a29a76c06dfaa85bb998adc2930b5af379001c380fd7d98fd4ba6b059380ead41baf2e26338c74dd5c5a166b3dff5bb6089748a638ee7
-
Filesize
8B
MD56e458969da40d42d4e51ab190f6de7e3
SHA1120d333f07d881ecba40120bcac373d041698566
SHA2562c8d8339502f70eed942aef51f37c2c3fa10bc2239f8c763e99bc0c370eb0883
SHA512ef9b02ee8c3ce77537e58ef96fd456e9e702b0e3ae56c64937f5c28a6657fc039038a6d3f996c70392a881b5663c6ef533f6d28919aa5931d5cfbc99ae28ed70
-
Filesize
8B
MD510613439a100b3b4f96a46f439f5e069
SHA17032404d3e9e0f2201494fbab2e0d7657cb8912a
SHA2561fef0880b22c00a02c869c25113884c55e2c22e5d33c65d44abacba7e118c72c
SHA5126c76479282ae942c403f3b9c34f03ad19c5006d02eead1c44a7a501e9154343202bd4ab415ae5fa61fed38e77ce7385ff5e6fcfb9bef994da46655c49c4158b9
-
Filesize
8B
MD5a178f68a05a5810f659e8ed1471b8508
SHA140ba948bf9f7665fd5baeb5f2a993ae412247f4b
SHA25682923e3d5f7eab01a970cc2a3f6ba53f5bf65fb1a2ce8670d3f4e06dacddba36
SHA5125affe441d6805f68368c72df8b6b89d7f0b63902a4b6f6efaa2f97ee34a18224cc0276ae0cf7c0d5759cfe4ff643c14fd9ec73abebf962ca503db4394af7499f
-
Filesize
8B
MD54c4f7358101587ed8906ebfdf7d76357
SHA1574ab48f1adec445761d99f4ffe6fa7f8cec4030
SHA256d233cc45f414df7023d8da5f35fe036938fe6f6e85acb4805aecff95dfe9899d
SHA51299518a29a53ea820b24c3f2fd52bbeb6a8911be92e5fdfc4a86c5018a71fb864bb90de73bdacb3ac1c2d57e04ae553ddb231feaf1e9f9951c8a745f7d987280c
-
Filesize
8B
MD59b14edfebdf92cd6064b7569b7512ff8
SHA1153662bb8e8607aa7fd7701382e7363485325871
SHA2561448ac13ad786ebdece1e2258c4caa038c25a5e8db49e955fed58c0b022dc1b5
SHA512e68cdb21a7283e242f2eb342f56776fad946355408b1b5f4a9330cee859eba03b9dc48b15bfb895c243104141c676ec864b55613a642de28433614cb0a3b5b4c
-
Filesize
8B
MD5fbb6fae1df1d3855a29ea997ca79f3c2
SHA1d774b34bc52d9c59d6e2895966dde1119125f14b
SHA256076d9ccfca73845e10a0a238cffb607b0b5de99f56b37d08d678a3831c8e1d28
SHA512778cdeeb318d786f1ad803043deab5915152640855dda6b517f03ccfeb924695c74af4428e13b54d13594fefe909a6e9f674f50978b556e82e089002f894ee4f
-
Filesize
8B
MD52fd1dadf910cb4a2164fde593b0a9f70
SHA15e222c0e540d2604ab14e1c0f180911bcff799c1
SHA256ec7e44eb659639aec777ab332e20a145032c43be517f4b0b7ddf0d7ab02b0df7
SHA512ff7c9c208268ab5470576ef4905ad596f5b9ac9e57c427628f76f8315794f56aebef55f9f1ee048c3aa51f417352d794a707856acf0b70e3739032b759a3b6fe
-
Filesize
8B
MD5ded5f41f1f5befcdce394885aa43c56f
SHA1b26e9bde71b2a09d9757888d25e543d0305cb57a
SHA2568f511f4cd171c083309ded625b5c39508b37a0718b8a472aec0d225446dc0bb8
SHA512ec43fcd8de765abe3f082a11820ff7727396e04015ff7a4e8c6b442964ad311513e6db0e87130a63c1a54ad09e46b7738a259a01cc731ca4c167c36dca570f30
-
Filesize
15B
MD5e21bd9604efe8ee9b59dc7605b927a2a
SHA13240ecc5ee459214344a1baac5c2a74046491104
SHA25651a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA51242052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493
-
Filesize
400KB
MD5221e346418983460f083918f7ae5c8b1
SHA18374f92bdea380cece6ca3c8757b550afde10985
SHA256fffed4b522cd8effd6914c90b628fdf705862c0954705bd1ad3bc20413de2de5
SHA512d212a3ae8c9cbc2bcf4dcead64187884530b683aa2f6887d9481ef82d747f3077056f5f0ebc255305e03f58c9fc6fc83d8f93fce27dfe8c0145974d3fe12bd0e