Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20-08-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe
-
Size
342KB
-
MD5
af4dcbd5da65066c6cceb7fabf9ac820
-
SHA1
0f304f2409127f0ca20a7085e2444fc48e3519c9
-
SHA256
0e6b47a2926a489b1d1e6ca6e1b21c33a71ffba0f93fdace68e012086b290e40
-
SHA512
f4b2b756a03bf39bdef08e81894cef50654342e7a29a53b2e001c41fd908a8de3e70c8f16aa6c20fe9f0c8d5fa438628b9ea3e28082ce586b8b2cf2966c1867a
-
SSDEEP
6144:RJVEe3SzFNd0w5aD/6JzzSJ2pAfznH9kgaRc14TMaPTIc0B6yCOhXHiHuS0o:RJVL34LK2aDyhpALdkgb4TMaP50AyCOr
Malware Config
Extracted
cybergate
v1.07.5
sevenx
sevenx.zapto.org:100
HU5BVJF6FE687K
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
ERROR 1032: incomplete image
-
message_box_title
Error
-
password
seven
-
regkey_hkcu
Windows update
-
regkey_hklm
Adobe Updater
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe" explorer.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{PH4C876M-8UTJ-0SMN-X52J-3U8B480EM0HY} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{PH4C876M-8UTJ-0SMN-X52J-3U8B480EM0HY}\StubPath = "C:\\Windows\\system32\\install\\server.exe Restart" explorer.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{PH4C876M-8UTJ-0SMN-X52J-3U8B480EM0HY} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{PH4C876M-8UTJ-0SMN-X52J-3U8B480EM0HY}\StubPath = "C:\\Windows\\system32\\install\\server.exe" explorer.exe -
Deletes itself 1 IoCs
pid Process 2204 explorer.exe -
Executes dropped EXE 7 IoCs
pid Process 2204 explorer.exe 2792 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2440 explorer.exe 2752 explorer.exe 2132 server.exe -
Loads dropped DLL 9 IoCs
pid Process 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 2204 explorer.exe 2204 explorer.exe 2764 adiadg.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2752 explorer.exe 2752 explorer.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\Users\\Admin\\AppData\\Local\\Temp\\System\\adiadg.exe" adiadg.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe Updater = "C:\\Windows\\system32\\install\\server.exe" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows update = "C:\\Windows\\system32\\install\\server.exe" explorer.exe -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini explorer.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\install\server.exe explorer.exe File opened for modification C:\Windows\SysWOW64\install\server.exe explorer.exe File opened for modification C:\Windows\SysWOW64\install\server.exe explorer.exe File opened for modification C:\Windows\SysWOW64\install\ explorer.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2204 set thread context of 2792 2204 explorer.exe 31 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language adiadg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmiapsvrd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2792 explorer.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe 2764 adiadg.exe 2640 wmiapsvrd.exe 2132 server.exe 2204 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2752 explorer.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeDebugPrivilege 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe Token: SeDebugPrivilege 2204 explorer.exe Token: SeDebugPrivilege 2764 adiadg.exe Token: SeDebugPrivilege 2640 wmiapsvrd.exe Token: SeBackupPrivilege 2440 explorer.exe Token: SeRestorePrivilege 2440 explorer.exe Token: SeBackupPrivilege 2752 explorer.exe Token: SeRestorePrivilege 2752 explorer.exe Token: SeDebugPrivilege 2752 explorer.exe Token: SeDebugPrivilege 2752 explorer.exe Token: SeDebugPrivilege 2132 server.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2792 explorer.exe 2752 explorer.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2752 explorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1952 wrote to memory of 2204 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 30 PID 1952 wrote to memory of 2204 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 30 PID 1952 wrote to memory of 2204 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 30 PID 1952 wrote to memory of 2204 1952 af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe 30 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2792 2204 explorer.exe 31 PID 2204 wrote to memory of 2764 2204 explorer.exe 32 PID 2204 wrote to memory of 2764 2204 explorer.exe 32 PID 2204 wrote to memory of 2764 2204 explorer.exe 32 PID 2204 wrote to memory of 2764 2204 explorer.exe 32 PID 2764 wrote to memory of 2640 2764 adiadg.exe 34 PID 2764 wrote to memory of 2640 2764 adiadg.exe 34 PID 2764 wrote to memory of 2640 2764 adiadg.exe 34 PID 2764 wrote to memory of 2640 2764 adiadg.exe 34 PID 2640 wrote to memory of 2876 2640 wmiapsvrd.exe 35 PID 2640 wrote to memory of 2876 2640 wmiapsvrd.exe 35 PID 2640 wrote to memory of 2876 2640 wmiapsvrd.exe 35 PID 2640 wrote to memory of 2876 2640 wmiapsvrd.exe 35 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21 PID 2792 wrote to memory of 1208 2792 explorer.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1208
-
C:\Users\Admin\AppData\Local\Temp\af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\af4dcbd5da65066c6cceb7fabf9ac820_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"3⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe4⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeexplorer.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2440
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exeexplorer.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2752 -
C:\Windows\SysWOW64\install\server.exe"C:\Windows\system32\install\server.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2132 -
C:\Windows\SysWOW64\install\server.exeC:\Windows\SysWOW64\install\server.exe7⤵PID:2164
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\System\adiadg.exe"C:\Users\Admin\AppData\Local\Temp\System\adiadg.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\System\wmiapsvrd.exe"C:\Users\Admin\AppData\Local\Temp\System\wmiapsvrd.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\System\wmiapsvrd.exeC:\Users\Admin\AppData\Local\Temp\System\wmiapsvrd.exe6⤵PID:2876
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5b6cc20cb75e269639fc0579cba480e22
SHA119187940bc839d3a50e48719dd41e32db6bda8c6
SHA25670d97066378eec1f85b40c9bc63ab30b4557a6969f3d1f8c99c69363872e51a4
SHA5123c5691bd6d1a266edca8159dc9031ec0168033e0a37cc827f65ba68a485eb177dd755e7a06674b98be43385ecc6fda10ae7fa0f5d7e4eb67a8d4328971498cf3
-
Filesize
8B
MD53ab66231414577a43077a567931bd2b8
SHA13de1510418e0146eaa14b4cc92280b3fff089843
SHA256959c7ceb6e5b3c6f8c89cea7111e47d97635679ec1bae703a60635bc625ad0a5
SHA51229f6041a01c86fbb1a3d0fd41966f788097374473861fef714a3304955bfe10978c10b4c0c07d60f39c1d3ed03a6f09f5891b05d2d1f6f6cf22b4b718d7bc2de
-
Filesize
8B
MD5d840e87ae6085c5089d357e5b6cfae9d
SHA1e0bf04e60d2b9fca97755a19b4cd0aeb282b2540
SHA25660d6e7041ddebbfc3c70a7c1ff0d5129d9739a91cfb83bd67ce5844609c8537b
SHA512a2f3d19939331e270503d0cd07a3bacdcb00708f99e4ce6ba2d427a5cf6cd5929a7866975ae25c225b28148bfe1ef1bfe78a35efc5ab812a97ab3e741dd8562a
-
Filesize
8B
MD5a6cdb69ed3892851e500b84834fac7f1
SHA1f5765a5c0938678cfa446aaeb19f5d599987824f
SHA2565c95bc81ae0f693ba98620396a4890214c8c3983d7a64fe392eac2f73550a1c6
SHA51203044f4051ba22c746818560981c354625f4ea2ffc188b69df1d97818f71f604de35c6159d6611d6426834132204960c7f3f689bd7eb4e28953a380a7301dcf1
-
Filesize
8B
MD59df658751dd55be7356f7ed7d6316acd
SHA1b3fbcfdebbbdfed6ef7fccfa5e6e04c49ef848a8
SHA2568256cff828fc05a2750b31f550a0dd3deaa9b9a21852619bbaa9658d47426041
SHA512de26722c9da28f640ca6b3a9b5eefe59c17faeb597d3279e6e8a1d7043d5e1243a2deb74518cfc4b86579708b3ff7dc00339990c8835084c94f83ada48346d1d
-
Filesize
8B
MD5e69087f3fd7d79c98b6b292cb31531ea
SHA1050ca22372ef10229fe38fef71c90c83301bdf31
SHA25665a03377332c980f3d039dc8a9205725507cd41f9b9f52e57e520177aabc8274
SHA512eb2d29e67f12f7112a15bf0b7363216abfc2acffd5024ee1df1a53e2ab7a56d30d55ac769efd71e1f0a0879401e769950270dbb237802640907c031a63a70434
-
Filesize
8B
MD5af71dc922c2a54093d67ccc3dad24552
SHA176097da0838ed202252b5e223da86ebd66218fa0
SHA256a309d6e5e54b1947c5a112ba46d02aa999f69f05aa1cc0af0a8265639b3da87e
SHA512302055c54781befc9aa57126e699adb89263254995b048d2ec003fd5c0632d7cb6601314ddda46f80d7695317d55188f5c4d96314d8d6e92afc711433d780755
-
Filesize
8B
MD51b654e72025244ae3eeb0e5237d4ae41
SHA193de18c563ae46e02df1f6c3485d0593d707ead5
SHA25689633d804004efd3b850e49a5f30ee84b3a53bf7e54bc3b456720170d87e22b9
SHA512ce370884a0bbf512c6127f2bbf2abde78f77c5268879e33abb00246b83a8ffed09a6570d60351aa0c58e75ad794f1fe6c44dc21a9191d0eac9aa338e5b189069
-
Filesize
8B
MD5ffa238b225686954fdc47a384c1bb96d
SHA17e2d2343cdc6a68a3530d5115dfa01f64d432056
SHA256c31c578b827d8aa7617010ccf9b6c96c59ea065802b62880196a85e448c8ef08
SHA51270a26c10cdbdb729bbae954c22542c6badfbbe6db5ac941259e9ae8b4027ba162aa446f1fe1067ed96240f7698a8ab325e7a376d9ce00eb08ee1242b7c251890
-
Filesize
8B
MD515ba3713d85de1f41ceb438953b0ff90
SHA16471858cc1084f09865e98e80c82a68984a5bb38
SHA2566f9fb8795b7f476fc182054e843e3ccc0ed9047ec83aedd31e485da557a1592a
SHA512595e7ffc19b91c1ae9fc60ea425cad56147c54f77135c25b402423fa1157225a97a391e49b38bdab02945b48b0a9d85d08a78ef2be6274f05eda63ff7bacb374
-
Filesize
8B
MD5c1b8451e5a1575e727e66d227afddfc0
SHA15c1470ea5eb9d2e7c1c0213e971595ff801fcb9a
SHA2568e44406bb89eca2cfd350a4ffbf3b8c4072adc54da85da0d3a50fd36c1ed7cac
SHA512603276eb3c7dbcebb330b748e81676a45b38164df593a166cb8e15a6165d2c4931c4f21b16bfdb704655a51989a0b486c1241e50a1ddbe492e021003a130d95b
-
Filesize
8B
MD51a5861beca394c84f8806432be495fd1
SHA19b97a504c9548ed6f2d7d95022636144df2e2c45
SHA256118a71a06ef50349e6ecf4a90c0f516e49de97aa4c0de52e0806c7a0879a511e
SHA512a77ef09009e3f3f6e60a8f1ff89b5015454b2f5d9497039b5a8387196e2126e8825a9cac5a6e6b2bdce27b5be9d4460155e661dcb1d5acad065fbcdd06bcb848
-
Filesize
8B
MD557e3354ffe82c2afd52a5415e8d675de
SHA15893f264145e474ce46b33656c14c876f74eb257
SHA256ffdc34625e2faea7dc12e322d390de69d3bb59286b7c47f464255cb0953404c8
SHA5120d0bed6ff640f37b6209b7e42e6cf7aac18bdffd4c9196be381a98b2ce80b8e2a8d95239684724597421e4912900611af9fbec21b43cfea9d2c48a4d3dae1e92
-
Filesize
8B
MD55f97162c0532e33d612bc926404f97ca
SHA1d4c0e4ccf1d838d10639f87e25b5c9845533db78
SHA2568e785f69c17acdcfc115ffdc627de39b42ab12ef396e341b0c2e4d1adea46770
SHA5129b6c4e43baf0e1d1fd8b7c4a5d80ab9dd6c898e4bdc13cd92e539402e23974daf8dabe15f02a1db2b6581c2b6202161d8207084bc6a2d96e45677879eb639290
-
Filesize
8B
MD58ef6c18858137ef1c116cec05f5c6277
SHA13a25a60bfb558b32b80e9ac8661bf163696c6c84
SHA256687427675895f5b6d1a98c9c1b5a225ccfba10e4afef37eed23d606bf48425d0
SHA512f1ff99aaa989cb53b6a67c653cfb14d87b1f9581dcb6158cbfe7b07c042c0b5f80c25dbb03f908c883f93b9f350a8bbd4472404112da60aeca30b2a72c9ef955
-
Filesize
8B
MD54b9b37a13b608390148088b282fada50
SHA13d20601148c9c4d321419932460ae746307f92ae
SHA256e2e47176e53813b873a9246f7178b64c1e9bcdc5a484e02d31862d510230e8db
SHA512f03e9eb37294f9f8a7ff4fe9d73898285cbd3e70bc19f3bed71c8447eaf5f25d6856e92cbffbaa8970693466447a4723bce977721a03a7adc514b4933b7f9f61
-
Filesize
8B
MD570b2be84d18ffbcf2c4faac9fde326fe
SHA1ec92568cfdbe60dd89c2e6d8d162c943893b0afa
SHA256b49dfe1d5df53b9120f5b3b2b5080ca4cd8f5f2297d754fc0c836d5e2b7e9c8f
SHA512af367a14272b1f624c8201e7c69c36a9099cd2d38b77d918e0bd39d05ae9ceb208e0cc3995df3553303b3cfdc89ec858cfe5d8faf944e1cf7ef84a139ae3d6b3
-
Filesize
8B
MD526516dd8b054c8bd3f6aa807a4852781
SHA1357b566fe147d3903c37dbebc2270f8784f3db23
SHA25660cc1f1de63738f418c385db15d228352f0852419652afb2a36bd7f08b518a16
SHA5121aab24c2ee9fbf5274128ad2c138ea85519b1f4f97ec7105756f4592efeb0486dc8eab2bb02104ed53d4f4b1b0dd5be4dba861b6abe03bd786db80485ab40dbf
-
Filesize
8B
MD5dcb57ae23a0d055e1bfec1b20ede55a6
SHA1e5913356bb1cebdacdd83b12252825e74dd31e16
SHA256aa2718d65f06bf3c048f44b4fc406281f800d536c876475e6c2a49012bc6c604
SHA512574cf4697065f8d8a0d150204ed27eaccd2442916b95613672fe84ec09d665cbf7f9a9beeb55d29bf9edb026c0a9aa0e610135af57a82eaabdb2387f5f0629fc
-
Filesize
8B
MD5f80281c029d3073cc059f3a68e7d978f
SHA1bde125e4fa92fad8fc1a6b8e68f000fdad505887
SHA256ec693e2151ed2722f040fa9f6381c5f8daebbc96bed866820d527165309a1b61
SHA51217d0855418dc3640aa65e65b19ea7a99fc8bca1679a21dd40d52edb2cea33da112a0dc993dc08433e77f9f3b4edff84c00c3aa7ffd5ac6a5f7245d6b2e19e19d
-
Filesize
8B
MD5fa4d4c4430a76abac48c3e0951ee53a8
SHA1863174c6667d5464141a6483d63805cc42270d4b
SHA25622db32f22bf8c6100081f4484cc16d61e8f3e6dad0feee1bfe0136cb88c4b08c
SHA51239782d98b6e4c8d5ec10c37eed99efe99ae39f7a776120cd86daf124599df056218abe827eb8fc67ae09aa5ba657b6ca1dfaccb3c6d461abcf91c20ac9bd1323
-
Filesize
8B
MD50fa2f0261fafe735fbad93f37221a9b7
SHA11f3a0a73d412aef81eb1bba9876f718a50aa26d7
SHA25631a7f31b9851c8bcb721339806aab8ebeca1be738df8eabc17e189b37fc24ba2
SHA512b28d085212a9a63749a87d00df2cc4f0f876a082f1536ec3bf1ad235d33d37baa9aef8d32b0555da5f958dd77a7eeae93c5e948ecd343f642edbe98168ab455f
-
Filesize
84B
MD5317a75e6207150815801a48432c598ea
SHA1a98a091302830fb7fb75d789faab5ae370526405
SHA25602396d0a19de2ae429527c24afa154f25d81a62a5f4996d14052e7df14964c8f
SHA512337bfde9e1a48b3886e5c1f0b44b33430f8bf8639e76eadeaac9449c27b1af675ca4a53cef7cb9122774edf7d826186750309c25a6dee633110d7c0750c7d7fc
-
Filesize
54B
MD5197138eba11836c718f96715f4805802
SHA1abf8a6ecc08efbfa52265a9210273ff077987f68
SHA256fe40ecb66fbd1552d113ccdf5fcaf086233600540ade8409b5a28543c25ba3e5
SHA5123167e695318b22ec1c423c6ba5ab42745dc4bfe0757a6b6c9a76b193136292c480df86d56e01fc406bb902e008c9e0838c7995d7a4e6e09dd8f75b3892e616a6
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
19KB
MD57557176df708545d6e3bcfe8163b9fac
SHA1b0611f219736022ded02c0281a40874568c64ebe
SHA256179b309599d34b6fe68022867e145682eabe751cd0df6930b1ca79e3e48d549e
SHA5120c405f76c0b2795956e87aff4e4ed5d6addea872cf87098ca8ed892da9cf03e27932f1b3765e191c5b87b6970159dd6dc1498ee02533a454fd3b6faf889b5857
-
Filesize
342KB
MD5af4dcbd5da65066c6cceb7fabf9ac820
SHA10f304f2409127f0ca20a7085e2444fc48e3519c9
SHA2560e6b47a2926a489b1d1e6ca6e1b21c33a71ffba0f93fdace68e012086b290e40
SHA512f4b2b756a03bf39bdef08e81894cef50654342e7a29a53b2e001c41fd908a8de3e70c8f16aa6c20fe9f0c8d5fa438628b9ea3e28082ce586b8b2cf2966c1867a