Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03-07-2024 13:46
Behavioral task
behavioral1
Sample
228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe
Resource
win7-20240419-en
General
-
Target
228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe
-
Size
289KB
-
MD5
228ff578421a90d61ff535a25bd4b693
-
SHA1
a6abbbee693b7f99d5d2078933caaac3598cd737
-
SHA256
eec70276c9833cdd6c37eac5829317254a1faa5306ed229a77de7df75bfb9385
-
SHA512
f6b40ae991cc8f75e045481dc5ed9a9bb27fd69302e6eff56a76e4918155bb6e47fa26949eb741537c1f070ee9649c78e6bd6299da9e4bfbc114ecae6fb411dc
-
SSDEEP
6144:mOpslFlq9hdBCkWYxuukP1pjSKSNVkq/MVJbU:mwslwTBd47GLRMTbU
Malware Config
Extracted
cybergate
v1.07.5
Hacker123
arzarithomas.no-ip.org:81
8M34RGUAXF56FK
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windir
-
install_file
server123.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
It's good.
-
message_box_title
Good
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\Windir\\server123.exe" 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\Windir\\server123.exe" 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{13K01P85-GMJ1-C83B-Y38W-4R2S5UA411Q7} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{13K01P85-GMJ1-C83B-Y38W-4R2S5UA411Q7}\StubPath = "C:\\Windows\\system32\\Windir\\server123.exe" explorer.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{13K01P85-GMJ1-C83B-Y38W-4R2S5UA411Q7} 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{13K01P85-GMJ1-C83B-Y38W-4R2S5UA411Q7}\StubPath = "C:\\Windows\\system32\\Windir\\server123.exe Restart" 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 604 server123.exe -
Loads dropped DLL 2 IoCs
pid Process 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2976-533-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral1/memory/2976-1501-0x0000000010480000-0x00000000104E5000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\Windir\\server123.exe" 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\Windir\\server123.exe" 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\Windir\server123.exe 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Windir\server123.exe 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Windir\server123.exe 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Windir\ 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 2976 explorer.exe Token: SeRestorePrivilege 2976 explorer.exe Token: SeBackupPrivilege 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Token: SeRestorePrivilege 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Token: SeDebugPrivilege 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe Token: SeDebugPrivilege 844 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21 PID 2052 wrote to memory of 1212 2052 228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1212
-
C:\Users\Admin\AppData\Local\Temp\228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Suspicious use of AdjustPrivilegeToken
PID:2976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2800
-
-
C:\Users\Admin\AppData\Local\Temp\228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\228ff578421a90d61ff535a25bd4b693_JaffaCakes118.exe"3⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:844 -
C:\Windows\SysWOW64\Windir\server123.exe"C:\Windows\system32\Windir\server123.exe"4⤵
- Executes dropped EXE
PID:604
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5c46c2967f052dc7bd609e5a06bcf42ed
SHA14284fe16e6324914035831ff769f4403afeecece
SHA256e94dbfbeec90d809ef8ebcdabaf7b7ed22b86f6ece4a3ad8614226521530b716
SHA51258ddcb7b70271e890dd8abd590249ee6e90b7cec943255ec5a63cbc1add197b9de92bb85428df6ef6833aeb581658f9d44604289364bbea7ffa96f5cf0cd1498
-
Filesize
8B
MD55600cf57c7e5e7c608fe0299ab1cda87
SHA13a55148f6f4a6755f05f9413fac68db6f61a6678
SHA256dc9a85363d4280a7e045f1983d5af435107192dbe14884a5e796904eca5125c9
SHA51211f7e08f08ec9f24ade35cede146a1666ea6af29f6dbc3a3c294ae9c4fea395eabfe19e3549c76e4c82e69c212cec76ede846220ed9f5b9ede140a7b77d8892f
-
Filesize
8B
MD5ac54ac00533cf81b3e962f57de59f356
SHA174510a8a816574249786008f916c26c7fb4aca00
SHA25606c45cc0c407037b42152873042cbc660e9fa39428d0b256052ce5a3ac2d9b3e
SHA51236b507e36526d76982f25a1ede42ad6b85c6dc969d4d47227a5d5d40d8a41aeee77bff33191b3f07f2cc4481eab0f4717fbdb3220f1c4f9f26c0db2d1b2295e4
-
Filesize
8B
MD5dc8ea4b384ef7ed04039b893c968ce7f
SHA15078f6bc50a0d05b23bf5dfdc3f1a7a00d51ae14
SHA256ec7f91ceee3c76b88934c45389cfaa359643cbf889b96a56a83c086f873d4e1c
SHA512ca3039544648410e67f2b918f7095fce19b2ec9fa236d39bf9d18ed4a48d3cb39561d4884096071b2782ce9b28e033ac13b2133471d8958d11522d6e5739c51b
-
Filesize
8B
MD5ddce233d545d67f8d45331edf3880f6e
SHA1a6e624f65631b93f996ebb5a02272761955d0893
SHA256dfdb550ddb117a49487c77749ccecd8bcea76985b08001bb2c26923eda71ffd5
SHA51219df630b8dbd0ca874f93e55de987e7a300d3f4530c11797588600a0a185f6729b84726d8ba1ab90d6fbf20658ba9c624c1e1318b8970c66f74b2e292f7eef92
-
Filesize
8B
MD5e3512358b16659b5e3ec555c1dee5561
SHA17c36713b703028d6c08d24928d4b96b0cfc42c2e
SHA2562a42e136861abbc880614f36a6488b076c1c9d793ca16e921b565650affddc98
SHA5127301ac5b9b1f9bcfb532707acbce32edaf992751823f91edd1f3417fc1dbacf058c079ccb6d849001e3f9d81bd61671f7787127875813c1a0474c8da9c92a4ea
-
Filesize
8B
MD59f66a2093e1a5b74ad8c95db65f2a2f7
SHA1500976f2c83ebdfcd2e4cff46713a94d601ac824
SHA2563c58eba667a86d1da0a74a773bab6f3c9b797afd9c3286dfa72914a5ba4054ec
SHA512070c69357f904259a719526993c63780b9edae8df76f091f6c514dfaf09aaeff5ad21471f43f8eb34a88193ff5780dba4035f50df7426a66e3f7b73a887b2fbb
-
Filesize
8B
MD5a433b651b13937cf6b9ea46ae9899049
SHA14695ab2e3ffb1a9dc021148bffc51698da6e263e
SHA256b0eedb6816137320bd1c97d310c95709b7e5b63998106f0279e46ebc5acc6a13
SHA512096375f30fce7d9c06fef74ae7e2751a41f2f39caf2321294eb13b51737ef5877d901f2e2b5c407db853b3bc95bf9acfd5e96adab2b2db58939b74173fd8aace
-
Filesize
8B
MD54c2d07557136953d06b6c8faa0262ed0
SHA1b774644445a04e2e5cba8c0c87bc76300c9745c7
SHA25684950bc6d8704775a5e444d636f26e2f42a632556a953312b6901abc312c780a
SHA51232c86803801ecac942a79c623f3668ad0e7bce26a4d0256cdc71beac551b92d713291b8fffbaa7962d779509106f2c44a5f37324870b37da3e4ae40e27cb8a76
-
Filesize
8B
MD5583cb2bdeef69de4f30c35b1c5ca978c
SHA17b82fce2ecfa0ad80cfab2dcdc7c4c9b496cf2d5
SHA256bc08e97af70cc32c99b8908cf9f637be9440f7ad67acf97ecbea185e903aa943
SHA512aeb5c18d586a14e71ebb6675f912196496cec0c9e96deaaa09a0028e91196f9c00e165cc5624cfed8c39f61015c95341632f927dfc1b04c5ec3799f7bdee1197
-
Filesize
8B
MD508544f12b1897c4947e8eb075c4a38cc
SHA10ef9f884e03dca881d189b1f3e107f013a95db0c
SHA256467fe4c097997bdb252eda048a52fea01f33d825f7f78fa54ef9a1537d86a87e
SHA512b751c0bb9efe1817c474583419a14078375862d4fe853ed4476c60a09ee3c42ce65dd0ff67f56e79b005015ea3b546dad3515fc3cb4ec2bf0da81bcf1b5f6bdd
-
Filesize
8B
MD50a84d4a4b0ecc69b30f3d2443ff3d8f8
SHA101f8eceadf7ccf2f965e4208ab57902fb78ecbd8
SHA2569eb1acd86d9d2eeb21fa8e59fcc044906af6102a92c3bb7a71a6c9b0200c196d
SHA5126665eae4bfe188321fc1b9d7ce8bc12de54d25a76b0e44bf90151d55d8f4fb13eae9cda11b97b2eefcd6dce0f0e31d52e0de496770826f66b411493f9d0b4724
-
Filesize
8B
MD5df3fa896bd77da5782795483f1ec7474
SHA1d23e8cd865e243bf69e6516bb5eb60c8c20d40f7
SHA25629bfe4f8d52ca8e6021af424f86a3fe256ae8b2640af8ffabe51c433254c7c5c
SHA512766e1e80c34aa0a1ca335348d1e870b92efc2fff5cb9d9ce8e5736d7b5c625d8bdcea3e5be937d4d1fa71bb2690d418aace5b1033f4a932fe008460ae7750f4a
-
Filesize
8B
MD5049bcc17f5c70939246a556d389a132a
SHA12e4ab46f1640d2a19e9d98505c5e1a86de2b170c
SHA256f2d4fc8485874215939dd1eb4b4b84e398f5c925d867232c76be4086abeecdfb
SHA5120c89e6e3e6ab0db1f7cff1988af80d7a0f16fea39e38a85aa13b1595a5904af21c865554feaad3fa7e761739d35c89e55798c6c4e276efaac6beb69991fab42f
-
Filesize
8B
MD5399a66fd12ff3f141a41050d363faa89
SHA184c082f116949efa65f56d23af632e1c7415b2e3
SHA25626b1f555123edb8e43c2003f5f77b35a61e4927a88907abbbc25dd5601326a5f
SHA512894f594cc50d1592104e76da3f46a8f6913a5d1d027f093163b8e256a811d4b98392bdde2655f996198229533b8592d6ee9af9dfbca4fbff7e6c03578e006fc2
-
Filesize
8B
MD5bcde6f177654f2dea0bafab402ab5ad4
SHA1d44c37e8c026b3fc4711a895f59d4a622329eb25
SHA2565d54cd29e97f5dfaf6b8083c8bac525789edeb2ddf359c22bd5324c592aef25e
SHA512f8511749ecd8cd24f1528f93093152a7afd73c23d33fe67a45527691399b5e60f21ded920acc930bdee1efbd0c502cf579d5ead6669fe266304028cccce256d5
-
Filesize
8B
MD56d186520573bd969cf0b657c95e40411
SHA1178287cec1a0e83d7680318f99d781c5a00032b9
SHA25678b65c5158cc3b39b8e23d440b31f7ca93f668ae6e30d4ca9b864ae3a226f165
SHA5129f3648d958da406da59814496bbb512c5bbfa424b7d9488aac62bdfad7e3a37e9a6de28d74f40590fc1e926c8b52dfbbc6450463dbb0622bd176fa97f74a81e1
-
Filesize
8B
MD5a55c5e83822800a956672b2b5f831b38
SHA191648091003f16cc5e1d4cf549842c43bd79f077
SHA25650ab7a11ab93e7fd02cd6c102684a0553b6ff9b06efcbe382afae6197929ced6
SHA5126b46f0d2c5a1f4df6f302cf3e62dab0cf0a4305a777917a97ad65110e38c5569681bc6ab28920a50fd1a388a23a5973c4f34400c993f45a27ad4a48d84bfc964
-
Filesize
8B
MD5594aefbe23e53ec660c553d50a5c4dfd
SHA1dcde5482f0cbc86003638f3a51009bdeb86331dc
SHA256beefde9e68126afe1fa7808dc014a0b9f7a61eade510e48dec3619072dc62720
SHA51299d06ef5bd2f24ccc0c568ff18388ab6db514a88deb75916d1c62e18db725fffa70d25b2d6e6265ecbd814e60596462da865e379a8be62ba3bc0a28db0acda15
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
289KB
MD5228ff578421a90d61ff535a25bd4b693
SHA1a6abbbee693b7f99d5d2078933caaac3598cd737
SHA256eec70276c9833cdd6c37eac5829317254a1faa5306ed229a77de7df75bfb9385
SHA512f6b40ae991cc8f75e045481dc5ed9a9bb27fd69302e6eff56a76e4918155bb6e47fa26949eb741537c1f070ee9649c78e6bd6299da9e4bfbc114ecae6fb411dc