Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
24/07/2024, 04:32
General
-
Target
6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe
-
Size
572KB
-
MD5
6a3f650688c3c9affd9630bf78762cc7
-
SHA1
7dfdac0b1e0f2bca8cea8d17ed6c5a18ab67eb7d
-
SHA256
59bf30b1704eb95f64f8c2aa947fec106e7e024f6608134da93bd004afd7b2fc
-
SHA512
f01d1501b5d27f22c304811ed0cac8b14237288439729be3710fd473518a1d26b254a78d487e632a3f76a94512d4f3fd3ce4fc531f4e0031f0fe6c316eda0bd5
-
SSDEEP
12288:jnUTdzJN8TY5wof108JROFRxePw804LihhX:jnKVN8S1ZJQRob0h
Malware Config
Extracted
cybergate
2.6
mms
buls.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
System
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
SPY_NET_RAT HKCU
-
regkey_hklm
SPY_NET_RAT HKLM
Signatures
-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"2⤵
-
-
C:\Windows\system32\dwm.exe"dwm.exe"2⤵
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p1⤵
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding2⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding2⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}2⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding2⤵
-
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding2⤵
-
-
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.12⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\system32\BackgroundTaskHost.exe"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider2⤵
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS -p1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}2⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s nsi1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s Themes1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager1⤵
-
C:\Windows\system32\sihost.exesihost.exe2⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s SENS1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s netprofm1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵
-
C:\Windows\sysmon.exeC:\Windows\sysmon.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6a3f650688c3c9affd9630bf78762cc7_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System\svchost.exe"C:\Windows\System\svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System\svchost.exeC:\Windows\System\svchost.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 5367⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵
-
C:\Windows\System32\WaaSMedicAgent.exeC:\Windows\System32\WaaSMedicAgent.exe c941aa07946550a82f54def9533ab01e QYgRPfgED0iFYOABXT+A2Q.0.1.0.0.01⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k WerSvcGroup1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2788 -ip 27882⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240KB
MD59fa90d09701bb68c9e8ea956fd9e57ef
SHA1b17f256d8a60aecd8ba6e328f297da1644ef4aee
SHA256c12f1c5ea34973751449a738e11c9c92b2abeee63898679beaca07ab3e0e96df
SHA51214dcfba36561172962ea58df38820e287f3bf6ba082d883a7efcd3d07228bf3001f160f4c649d7d114bf9a99838c70f2eb5c4a631a5c5e47992b0e3ec889c91e
-
Filesize
8B
MD586ea12bf5195261fe970d3ab5c653638
SHA1d390d787dde95b847d91df295001063b8c3781e7
SHA256f5595f672c9f36bbb138117ed7aff30ea130cf221e13200e73490c46bf88bd46
SHA5120ddbef641772094d60c707354e71dc49887f114d686b5fed8f3d5437ba9fba6950a66e766d9d5db1705a42f99ba5f223d04d64b5fb3400512dc18b7ea979e46c
-
Filesize
8B
MD51f680bbd35a01d031e93f1564f0cc4ff
SHA1da41dde604a347cebfe9f01b080efca197f2d33f
SHA256c1ac8e55dce3df1499123628fd68c5653e6e6c6815f04f8676e7c31197fcf302
SHA5127c337ba7891cd57059681c8654d5cd48fff23d19a5c36e0cd44b70d9d47c96bc2b875753d70f9c42803f01a812238848fec46dbc7983a2caf01d3b1ec19bcaca
-
Filesize
8B
MD5a939e192937d71238fb850db73d38dba
SHA17778f33ec5d81c815e781f7b0810ca76f449a7a0
SHA256cfaea1caa47d342278b1c83aea9f327e4781d371e8c4f65b60fcea806d7308ba
SHA5127dbc26d63f8cc50d3003a342be174f5281a3583a820f8feec20f38a210d59a9abde730a97f85087f5d0ee63cfa5a13544a2e4396e35ca8bc7cba13f29ee712c8
-
Filesize
8B
MD5d0143bac2a13b205b87c17437307bd64
SHA15abe904be450010da47273c158c03b961d93bf32
SHA2560a7f0ff487eb5834411a4c72f4fc3ab8b4e2771d8957ddeb53b4d4a416fcf5ab
SHA512d1396b3aafef46b4312c9e0635925a9101785fbd00e014e6d84f60f78e62f1561f1ae5d3085d5dcadb7d4b615cf8db523274582de7029bd195b1b0e3a7b0efad
-
Filesize
8B
MD5daed49ed709e50d4089e7e9acecee0a4
SHA19bc6abe01f71449c9434acafc93d9ffc8b6cc702
SHA256692908ee8f660fab09545d3e8db3c7afd49f986288faf6957d1b4ff22aeb7f90
SHA51216b9fc48307afe05ecf915cc9de36b505880efb83cf0bb578d8ed776feb45246d239bf553dc067fb261f216ee2388461348abdda66a448d966535b7041416f73
-
Filesize
8B
MD50bd0247ef032060d501474eb33bf5bfe
SHA12d50ea341513a872a3bd48e21bf2f5918ff7d92e
SHA256fcf19d7823f4cc8db47c5d1e77f80baa719326253221f9bd23f8344959595dcb
SHA51259230ef063b61b017ee759c49746f4185e2d6d1a4ded541c8317b05eb9945f2ee07cc9000294a9bbe6cf45f051cf4e11bb674fd0bd95fb3154e06c1c83a88157
-
Filesize
8B
MD5be62ebfb1f3e4b82b4ab084c25b39d4f
SHA1f8529a54a43c6042f99944a9d22507185a6a7039
SHA25680ebef503beb4b6baf281a64cfad9e89af0ec2366b5e137d745130bf62aaa0da
SHA512d3d52ed1c16adb1b7c868bd1b92f834b7afcae519c0fd98e7ca534bce604a1336a23468319f446428bfe735912de3c5e607fa2a5514326ea8174425c4c4ffc83
-
Filesize
8B
MD58a321b8169e81baa05ce67a561e31ba2
SHA1cd18275697c38903afd2967c85c4f1ac233b4a3d
SHA256ffd9c064f991cf248b118027b566ab4814b7ad42da70ffc7c08eb1d977c4a685
SHA5122f24685934f9ff269747b7d5028af2339a27330f03c7f7be3f0952948376e2d631c764500b7ff90bbe2adb7a39606ba838a96037ddb28751f4900a466893fa84
-
Filesize
8B
MD5447843a3a1900bac7333dfa58a5caa93
SHA1cc63d77b3fcffb400217cfca275c0e030559d1b5
SHA256aacc2cf61ec02e7de10dae0080cf7502415d3720d0283cac8b42bf04789da720
SHA5124c1e86656878c920101a9d23c1727f8c40b6eda9a73828a58e610f786e1d504e36b50294d22fb6cd77a8f78ffe9133668757701e385d618740238a827c536e8f
-
Filesize
8B
MD52360d1d3996ddb453a848939d5baec1c
SHA108ca2beb05827f699135e98a072e6f1e35d68b9e
SHA256f481d28483654d9b4247fcf23faa26f16e8af634bc23997f6fd6856e54665ab2
SHA512acc759fef37945324100fa3b71b7846502c06fc9ae71ddb71b0ffdacf99bf4db47b8af9f62867a82da374e035ebd144921a2ddf6ed61a4575f84ab556dfdd7bb
-
Filesize
8B
MD53630b5ab08031aea20653fe09e7952b8
SHA1e7b3371f07fbe437ecd95c7c5e1608a72f4c38c3
SHA2567293ab1c44ee6a6c5c1f0e09fce5a7b130babd5d032cd7b94a9694c86cc1857d
SHA512097a4ff982575fef97ce31d650cd1104485cf5cb3cb1e41d1ded10c5154580aacf35c5f7c2af76ea55b92bc716cb679d38dfa74c904b0f016ee00b83607b88b6
-
Filesize
8B
MD5dabb8dccfe1c7800091e6013a788768f
SHA1b5d3286692fefc85d3f0a1f199804a2df2967dba
SHA2560d520dd73224d979a730e6bcebbb8896d74016ef0d09aecb40666714265d6d91
SHA5122cdb712bc7459f992cd50f4391d33507d561b0d125f0cfcb1d505ceaa997784cbde45e2992176750d20a3bf4af21a5ded7cbb08e4888d1ac7272b43b016639c6
-
Filesize
8B
MD5a39b5d7a8739a68d5294151ef24227fd
SHA135250d8b893b43624a09da695c611b0960f7d48d
SHA25644f7f9881ca3926dbd253dc08a0d6bc94a239f401fac5d6222156a8f74a51f91
SHA512b6178a596113492f6460048cf29b908c4f2d744f31c476100d32147f0baf66eacd107d919f2ac8fba0cbd6a4a20ce0e26e569b490c0b9d535f4c2746fa58d8b2
-
Filesize
8B
MD5d0b899fa26340b10a544d8ed761e480b
SHA1231b20f62f75f9b342600eb476cf70dd000be818
SHA2561a946950eb1fb4a04cc8326077103842f2a98b09cb6688cf8cdbd1f4fddb9c75
SHA512aa0d91109a74f34b407438bde3602e6b5aa35f9fdeab75d2fe83d2537c90ed282ce67f9a59b6c88ec9477942d10eeae8498d1d0ab50a13137bd716271a13fd85
-
Filesize
8B
MD5cd8003c7053e09399af2fcbf69dfe79c
SHA19922e87fb0d8ecb6f0c9c02bd3970a133656e03a
SHA256e4ebc1123bf49b00d45b1fb08c3b56850e831de49595a50051f061af7235b3e2
SHA5121c13d5c213f774a1cf55c956aad748fb71110921c1e3aaefa54a123a54e6f5c5df02806a8f3e3b693ee76a3b96a473fc21993ac87ae71dc43cd7f012c1f17608
-
Filesize
8B
MD5e6cb37733dec28bdddadfd66de80ed7f
SHA1abed147f5d3a6f6d810891a892ce90eeb19a5d4b
SHA2568957eeefede30a0668bf2cbca8c4714c4dfadcfe95340845a1837e3aef9e09e8
SHA5127e051a2474b5dfa3b6474a964bc379a68c1cb01ecb4a3f3ee7e8966c8aad1f557d761baeb798b744210979e94f825fed80400899269428aff003c33cb8014dd4
-
Filesize
8B
MD5c0ae4ecec64b4dff8a723945dd7c6cbb
SHA1c326fb7cc215f0b391dfd7b2a108ceaa80746ece
SHA25638c2ff0b446eae26b0b2fc9811c44aa07f23c5091aa4403a4c9a8224d7dc4af3
SHA5124b5f4b7ae396714ed2e706a5d8bfa72da3ff8332a0e9ec9d6b1c3231fd4f70853222511ded2231c2302bfaa4c012dfdd82c70bdcfe38f7809589597e0726d9aa
-
Filesize
8B
MD5b959d6bbe3736c67893a1b883e402fda
SHA14f418a312f818378917c9a3c66c17ddee2881d6b
SHA256f93d29ac29ba904cad028fcfa48ce2498e89a0c10d6acca9b1ad6f086305930e
SHA5128ee4442576ee8765b3b5c7821d16efb82ade72c8bdcbf8e682942ef48b244ab7dcee8cdb89c4d307dfbeb254a079a38a69fe47c888e6a58864c7a612497e4bcc
-
Filesize
15B
MD5e21bd9604efe8ee9b59dc7605b927a2a
SHA13240ecc5ee459214344a1baac5c2a74046491104
SHA25651a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA51242052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493
-
Filesize
572KB
MD56a3f650688c3c9affd9630bf78762cc7
SHA17dfdac0b1e0f2bca8cea8d17ed6c5a18ab67eb7d
SHA25659bf30b1704eb95f64f8c2aa947fec106e7e024f6608134da93bd004afd7b2fc
SHA512f01d1501b5d27f22c304811ed0cac8b14237288439729be3710fd473518a1d26b254a78d487e632a3f76a94512d4f3fd3ce4fc531f4e0031f0fe6c316eda0bd5
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
552KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
8KB
-
Filesize
580KB
-
Filesize
392KB
-
Filesize
392KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
392KB
-
Filesize
392KB