Analysis
-
max time kernel
31s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2024 20:05
Static task
static1
Behavioral task
behavioral1
Sample
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe
Resource
win7-20240704-en
Errors
General
-
Target
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe
-
Size
387KB
-
MD5
9b70186ebf99249e099bccad1a7a842c
-
SHA1
490cc8d902bed8f97e210754388c89e98e26d2c0
-
SHA256
14d59d8ef93df2a05c2b7c6c235cfbe497358e4fe662f0673f95141e27074c0f
-
SHA512
e878fef34787fc47132d6a2b77e311ff1495a1fea09f28b888bac77929d42c7d478448ddf732207eea2b3355f93de4076480a7f8818572ef2c455eb83188e3df
-
SSDEEP
12288:xYo7xa4wr/8gE/v6f3Pc7snDakPfkch9ZGYZc769k:xYotEr/8u3c7ERP8MjZK6W
Malware Config
Extracted
cybergate
2.6
vítima
lion-tiger.org.no-ip.info:5252
XDev45SVQ3
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
XRC
-
install_file
XCRUPD.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\XRC\\XCRUPD.exe" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\XRC\\XCRUPD.exe" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{NP0R258Y-2AI4-BJ5D-V0VH-CFL6Y51C8R7I} 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{NP0R258Y-2AI4-BJ5D-V0VH-CFL6Y51C8R7I}\StubPath = "C:\\Windows\\system32\\XRC\\XCRUPD.exe Restart" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
Processes:
XCRUPD.exeXCRUPD.exepid process 1516 XCRUPD.exe 4968 XCRUPD.exe -
Processes:
resource yara_rule behavioral2/memory/2516-10-0x0000000024010000-0x0000000024072000-memory.dmp upx behavioral2/memory/2516-13-0x0000000024080000-0x00000000240E2000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\XRC\\XCRUPD.exe" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\XRC\\XCRUPD.exe" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\XRC\ 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe File created C:\Windows\SysWOW64\XRC\XCRUPD.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\XRC\XCRUPD.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\XRC\XCRUPD.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exeXCRUPD.exedescription pid process target process PID 556 set thread context of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 1516 set thread context of 4968 1516 XCRUPD.exe XCRUPD.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1988 4968 WerFault.exe XCRUPD.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exeXCRUPD.exeXCRUPD.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XCRUPD.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XCRUPD.exe -
Modifies registry class 4 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exeXCRUPD.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key XCRUPD.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" XCRUPD.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exepid process 2072 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 2072 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe Token: SeDebugPrivilege 2072 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exeXCRUPD.exepid process 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 1516 XCRUPD.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exedescription pid process target process PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 556 wrote to memory of 2516 556 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe PID 2516 wrote to memory of 1508 2516 9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:556 -
C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9b70186ebf99249e099bccad1a7a842c_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2072 -
C:\Windows\SysWOW64\XRC\XCRUPD.exe"C:\Windows\system32\XRC\XCRUPD.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1516 -
C:\Windows\SysWOW64\XRC\XCRUPD.exe"C:\Windows\SysWOW64\XRC\XCRUPD.exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4968 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 5806⤵
- Program crash
PID:1988
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4968 -ip 49681⤵PID:1964
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8B
MD5ee19e0863c46e3a56d689048013b4970
SHA184d3f877b518fea59f5e890c9d876cce2e807859
SHA25663cbb2d6ba3894468f13198d7f46253eff32112a75416689b4d6d443a6c0d4f2
SHA512113725aae6cc93ee2126d28c3dbfb44a2a498be0e0ba7019cbae9084cfe21cf940c095ce3d93cc30775163c594524a50227daa38b91f26bdcc770adfad8959a7
-
Filesize
229KB
MD5bf97391c4c49ae2234cd5fb1172c08d4
SHA192c0d70ba728568f761b1e3825cb136b94d41b9b
SHA256345554ba2f5de92e6d2fd28bdaadc1f8bd3aa1e82a59d9988a677cba5b21627c
SHA512c3e1e5b0e269f60abd4859bcc2c7781bf824f90ece33cb5bc6cd4d18597bcb9f8d6a58e902257971001c77bb6e5a583871faff7b461d6163ce8133b160464e46
-
Filesize
8B
MD5e9db8d6422e17544530d34566075f675
SHA18721fd4b793eb85673dc093dd691546dfdea67e7
SHA25640509c0df369854c936048a1685086e35462595fc48cf6b963ff7074bcdb66e7
SHA512374834b57f348bf089940f9875370f94ca255cd485fd73efd6a1c325d896ec5a5e8d368004d98311f275f6adf0ca0e56cd5aea0f9e84623b07ed87e0e2dc81d8
-
Filesize
8B
MD53ab7cafa741e5611f3ec5acc787262a0
SHA16e004429be246be2b24bd27502b96ec069fceb89
SHA2562c54daf1a2cd866860e6155d743aaa6e392696e177e71d01f710acce43fb6faa
SHA512fce215ba149f451049241e896146d33743d9e5a51c66b07ae5f2907e8ee2e072e2365fa96c477f14bfac37216672b931ccd1037f86b99eddcd0259da918966c4
-
Filesize
8B
MD569999522282d673f500c5cdbe85e46b8
SHA119dff293f8b9579e34b2835ef3ba3ec228cc6b52
SHA256a61867b8f3f4b8c8dc6b01c7664c9d784066214ba990779a5b2b5df7d8d1a002
SHA5123338e6b48fd89617de25509f7dca555f7826af68bf813501bb5505cea976de3e2c238a16c278136d63cf4b9ac47ed052638683e5dde4c1db5107c0a4a63a0365
-
Filesize
8B
MD5e24e8f68d1d77f86aeae4a959c29d1c3
SHA1ee8a12d4b8da3241e86a6a0c3173df6d981093ff
SHA256558ae354fab74b8fef1d561dfb9993190b056a79229ec0a7bfd0643a34b9c2dc
SHA51248460812d83c80308cf8be5e4c6badcef125ae67b0ac9bb28150f56dca3f7c8a81cfe84ac548643c0d7771fc3ba1a11559dafa59399864680f1fce6e07c58cc5
-
Filesize
8B
MD50c85e29f88b80f563a6162071c451afd
SHA16b16fdae9e053ac9055c7c17cb182a4c4f9fef3c
SHA2563f6d16d012b759d3796c0d9ea9a7e0ffe9fe6b10271806ba5052b24976963998
SHA512d446ca76505c9b7496fde117fc37df6a94447cc5a7f10d5e09c6c1543859a6a831d20238952e551bbfb483e1f37c002cca709ea7454d5e7ce4e2dab5b096a25f
-
Filesize
8B
MD5d4d5e34abc29d3d16b96d90aaa2a351e
SHA1e9045c35144cb21198c6c69cd6a279cd36cdee19
SHA2566060c598c0fc781199ab249c0ebd671fa6a7962e4f56f4cfc96127533f14c6cc
SHA5124e6423ff971c28092bec0479500433bb356c4b9be63bf5493c2b2611788509fb5d61e7ed4aa846568f35f0ab5bb5290c80ab2223d317591c9e9e0efdd18396b0
-
Filesize
8B
MD56756fa81d73863a32443d98a5795277b
SHA13977180724219bd41ab6afc107e7faad529999c1
SHA2566b6e37cc400c3c9a91c5b173ebe90f8a11b12cbb7b0f1bde9376496f6e18c653
SHA51251ea883b76b3a97e7574262f0604e02cb3b3f37e98473e75067ae91c1e7f67c4c89168d42fe96c823a63b2104cb4ac9c17713edc5fbced91098ff40b0e5396e2
-
Filesize
8B
MD5f404f466a5de7206d5c62693dd6cfbb8
SHA13dda46f55b3df5e179d599a0b612f8408a6c8631
SHA25622ff1236637e0ccb48880e92f8742d3ccfb7c6c506581ae27e78fcb8a3554e79
SHA512d5ede1a3860ba3ea961d75f3edada00824df5e5d8e1d0e2d6bdc31c6e096a5eb4e1e840f52719a8996e6a510cb1e791fd910f4572bfb685aa7d1d044a2fd89ec
-
Filesize
8B
MD5224b01f2ab0747423fbefe7f6d061941
SHA1d74a704d1411ecfc5be5805de1698f497a2c715e
SHA2562633d66a33214054fcef731673914b10b2f8718a50bec1b71c9e7af389d0493d
SHA512b96aa3c03bf570d7c2724239379a0b7afb5bdaae4003f65babd3ac2bd093b658d7d534a928bbaafdf9dcd58ca6e28f18d8119e068104af00198b1414a309110b
-
Filesize
8B
MD5c6d0e6454c7746976646dcb1d2a2243d
SHA16506943506c193897c9c425ad3d1bbacbb4d327b
SHA256ee95352436247693b89d517e0136b7012de8da7b6e24a7e86cb69fcc091acc12
SHA512bef591fb65aa1ce121700028a901e15f2eef3e7ba5782557a9ec57a4e435c1371ca555c8521cea724f4e3b08432bf697f75991ac42515cd934c4800099ff00d6
-
Filesize
8B
MD55aaeb450d12d97262eeed04dc7918660
SHA11cedfc46d5dffd4e10d3099f4edd2a94b6700454
SHA256d64fe0936fe64124d0ac19df2eec1ae87e0fb2cbb493e32f84a4db933c625305
SHA512b99e031ad0439ab2b06557cc0b9255b6100a2016237ce7477a1be1acbf8843c746c5f86f0ce541ed20d1da8e205628eaf3f45a88afcacddc9f46b95b021406f8
-
Filesize
8B
MD5bde897905d6374171e63dd498014b3f1
SHA174fd6d7e3dee6b83cc674ac0631de0c5580f640e
SHA256857a04c463cf03dc3ac503147a2bb4dd1335f78396967909286acdb09a070571
SHA512bd97c9f893239547cb610b766ba2420a4ac19ea5d4333960fec8b68603b8fcc1327a8557aa12c6e2e5152deef01a2b406f59155d5c25dd0d262d04c25f4a3991
-
Filesize
8B
MD55b0f6cc73de8356db665fa8e7b137e51
SHA1bc2ed5127fdeb771e2df05ed6c22a04241a0c213
SHA256d91c5c75d6369e3f417c542a5558926aa3f942f5c588a703ec79dfd8b5c82c0c
SHA5126212ea3495ec15b41ff5067d797f09ebf576feb673551c0a18aa58b8732a0960c6b4243fd969467cc59cf5f3e5fa0e858fee1c0a1dafbe2f407c3b75916e1a21
-
Filesize
8B
MD56c2caa54c446a30379d5d5826b3f4093
SHA144202a40368c4d1edf324af38a6b99139dc6cf64
SHA2567c33f1e39a173a5a834ef0400a46d05692e0160d3ab5dba470675c577a3eca04
SHA5120e909f1f48fb7adbe309ca52dcd61e8b4628893bf8688e50d0b7f5c041b553a417cf30373a650d347763fca2ad728b663d3ba0353d70501ca9b6f24d874918b0
-
Filesize
8B
MD5dbace9c10a9c277f817c394ddcd70308
SHA10538ccf27fa954099c773e94a911c48a211772e2
SHA256f67954a080f26d30382587d928a1d67aaf6d919927262e64654e7479a270a0e3
SHA5126c6def4f2b2b813fcf2930e2077de91ace37b213b3d34c030e08eb54b573c61cffe69a5926e0a205506915275f55b8b0bf53b977332d0688bba7b878e74f347d
-
Filesize
8B
MD56e45171922e573cf4c431af9bb551aa0
SHA1d51724dbe713e925e9577f146cdec225849097a2
SHA256845daea7368d30df9db802a8431a2746ebd123742ac19690a2cc829a746111ad
SHA512bd043602eebe295fb7223ab81914c565dfa84ff3caf75ff60398217eba730e52040b9b1651fa3d22d74554c6450f3e089d8ea77e1dbda9ba7ca0ee6fcacfa870
-
Filesize
8B
MD5c808175dbad3c0dfd69cb6eb22dc3d17
SHA1d17157621fe9271a40034320549ee9a75664b491
SHA256e6424333a575fe49ad572b420557d9a1a97ab0b1e42418abfbd4c283f9dce638
SHA51219c053d8c4575d6972652b20aec349848aff35c9204795f9717ce7c1c179d1392df80d3d7eebe2bac0587f68eab3b3fc89845868a201a58f59038ea2faff8366
-
Filesize
8B
MD597c6bcda520df00f5b16ffda260774b7
SHA1c5998e57658584b9883311563cf82d062684bdda
SHA2568dbc3fc62e10517e0aed3c9e824e6a9736a0177bf8dd5c7b7ccc5df298f3672a
SHA512043e2069b642f8eb6d18d0d712fff2125a046ce96daf403570fea400d21027ac32d84744ba226ceb6e419aa9302b12fd932736d1004acb155d7b643c525c75b0
-
Filesize
8B
MD51eb7bfe7b9d4936ae505a1679244ea21
SHA1a33dff014da89dd3aae4ecaccf305a7d1d7e663c
SHA2568540063ed605f9da020a07f0c848b9d5e9816acbe6a244f6f4fd7e3d45d0bad8
SHA512fa7d0ec8db9d4ed1923d436ad15e15c7cf991d5e85cd0a686b69cdbb81572a00db6e55a9ef0e096c5745a1d33d39c9ac9fafc03d801bc7bf88604e7af5d7594a
-
Filesize
8B
MD54dd321627b9afbd94de68545aab3765f
SHA14c3bcd6e4e519212489068ca7929a137ebb4cdbc
SHA2566610347e9f93a701b42be7b6af1bec24470376969fac1d2334b13ae22fdf9ccd
SHA51256cd34d25cbb9d9074b69b508a0cadf6e702571424ed2af1bc93d1be019c33c34a0a82c54e7eb1c9f92bc1d0ee4bb09362a28c63e13e82511469e6227de81e2c
-
Filesize
15B
MD5e21bd9604efe8ee9b59dc7605b927a2a
SHA13240ecc5ee459214344a1baac5c2a74046491104
SHA25651a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA51242052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493
-
Filesize
387KB
MD59b70186ebf99249e099bccad1a7a842c
SHA1490cc8d902bed8f97e210754388c89e98e26d2c0
SHA25614d59d8ef93df2a05c2b7c6c235cfbe497358e4fe662f0673f95141e27074c0f
SHA512e878fef34787fc47132d6a2b77e311ff1495a1fea09f28b888bac77929d42c7d478448ddf732207eea2b3355f93de4076480a7f8818572ef2c455eb83188e3df