Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-09-2024 08:22
Static task
static1
Behavioral task
behavioral1
Sample
d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe
-
Size
578KB
-
MD5
d9f3a19b955bdabcd81903883dec4dc3
-
SHA1
2b38c3f09ea23445a4dcc33453a2ce22f5110590
-
SHA256
d9faf6bdd1e24143662056d75b3e13539825fc9e62bf29ade39dd1747f1d4ddf
-
SHA512
0ebdad522b07c3b9038fc229ec0fec5497f7666851dbadfb3188ebd69f91cc34853e14796c9364fa21af4dcc1b7b8aeaabd98e01ee60b5f4714da3c13ec244f6
-
SSDEEP
12288:1+jkkdatIWuI1kfgjdtA5Z0mZjb36T3HKIS2:10kkdaOXgjMzZjbeHK52
Malware Config
Extracted
cybergate
v1.07.5
remote
jdbutler331.no-ip.biz:200
471H1222U62R18
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
appdata
-
install_file
explorer.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
1234456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\appdata\\explorer.exe" d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\appdata\\explorer.exe" d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F56Y487-PN07-XXPF-7O4Q-MFXD03JN7785} d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F56Y487-PN07-XXPF-7O4Q-MFXD03JN7785}\StubPath = "C:\\Windows\\system32\\appdata\\explorer.exe Restart" d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F56Y487-PN07-XXPF-7O4Q-MFXD03JN7785} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F56Y487-PN07-XXPF-7O4Q-MFXD03JN7785}\StubPath = "C:\\Windows\\system32\\appdata\\explorer.exe" explorer.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
pid Process 944 explorer.exe 4368 explorer.exe -
resource yara_rule behavioral2/memory/2444-8-0x0000000010410000-0x0000000010475000-memory.dmp upx behavioral2/memory/2444-11-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/840-74-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/1196-144-0x0000000010560000-0x00000000105C5000-memory.dmp upx behavioral2/memory/840-171-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/1196-173-0x0000000010560000-0x00000000105C5000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\appdata\\explorer.exe" d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\appdata\\explorer.exe" d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\appdata\ d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe File created C:\Windows\SysWOW64\appdata\explorer.exe d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\appdata\explorer.exe d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\appdata\explorer.exe d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 4908 set thread context of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 944 set thread context of 4368 944 explorer.exe 94 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 5048 4368 WerFault.exe 94 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1196 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 840 explorer.exe Token: SeRestorePrivilege 840 explorer.exe Token: SeBackupPrivilege 1196 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Token: SeRestorePrivilege 1196 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Token: SeDebugPrivilege 1196 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe Token: SeDebugPrivilege 1196 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 4908 wrote to memory of 2444 4908 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 83 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56 PID 2444 wrote to memory of 3516 2444 d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3248
-
-
C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d9f3a19b955bdabcd81903883dec4dc3_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1196 -
C:\Windows\SysWOW64\appdata\explorer.exe"C:\Windows\system32\appdata\explorer.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:944 -
C:\Windows\SysWOW64\appdata\explorer.exe"C:\Windows\SysWOW64\appdata\explorer.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4368 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 5727⤵
- Program crash
PID:5048
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4368 -ip 43681⤵PID:1248
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5026df7c729126df7a7b706386ca92eab
SHA1777abedfd66330964f1bba9789fa23f02aa84855
SHA2562edaf62d38f5e7a8022df47bb055a4346e275296426e571c4749ce26157ecf99
SHA51216ccda88a3742995ae03522556303e356a20e14f847e7a05c0350f8856565aa82c812f711c26fd776780f76f3af24fd8ddcd2b2640ad2a4f7a0fde562fd3705e
-
Filesize
8B
MD51bbbcea4debb0463743d34c247bc7002
SHA11b398cf5872ee854741f7f482740b10818197e44
SHA256ade66a66309d38994ce884245704a367b243a1b1070a8768811430892ee890cc
SHA512fe688f6ee090f079aa1b469a2be702c285fcae5815cf26b699b1786af0ab2a9722e0bdd0a0a90027eca8640f5a8c3259eba47cd014ef6e65804192ae89c4abdb
-
Filesize
8B
MD5d9df9ebf4d6475ea0e70658fe622915e
SHA1256e7ceea87e624d90de30d70f8d1900e9d5a421
SHA2562b410773bf49255ebac2df449155d3d2d5e20b8a92c9a5ef6e9dd12ad3b808cc
SHA512a02a5d5c4491dcfc7acb7345123644fc1615f2d18f53863af29a274df0914a7dafe76af0fe48de7ea04cb0f1c4f2f7f3656d4ff714d7915ebe28bd54dbc81d78
-
Filesize
8B
MD551e1bb1dfb59d46e4a4edaf03dd6149e
SHA1fe4975243fdcb13d75e7890b875f5ed017134f86
SHA256363fd11c481d74f3ad7be6a6cff16d29c3f27c8d3fd01f92c2ee979d11d3ee4f
SHA512dd95c655ab2fdb54fc753e94d90401a8266333d78793779ba9b3a7dc7765ecff4f3a7589d9c72f09aeaf2213690708aa0756a3a81c23106821af08c331f74eed
-
Filesize
8B
MD57a95aa81c224ceeb7466dba040dedd41
SHA1e8ccdf28f76734d451e21731e3606aa049a821b9
SHA25669522e503ee2a10d3289169bae3ffc344f851f8a7104cf9dddb7b50e4b98506c
SHA51272fe0140709b8b93623ddfe291090bc672b1d564c2f80928b21deefa4574e9a8b6e7d83aca018ffa1abfef4934b8b531f03702dd9ccbbb3af9b0fb4c40e1195d
-
Filesize
8B
MD51b50442877aefe12960719335d536364
SHA1b924dca4d71521a2cf054be0d2fcf6d11b00bca0
SHA25676f1adfa19c734a97b5c52e203d6eae0c1e6486296667fe870564901be10b34b
SHA5125ba7b156b743ca9b06bffbb09d59896ceee889d35aeed5da213fc229b1c79cced8ba2ac11913dc296ec83e3874241904edb5b886ffb022dc80676b9250e96019
-
Filesize
8B
MD5dd6eeaeeee31a44aa53b60d509ef1907
SHA16ab93e261b5baefdd97fff995f003f6717a3950d
SHA256e1700f29024752f226c9ceeb16dd5e02db9e101fce818274e86aaafbac93a741
SHA512a12b422458a2a4d8ed81910c18c0bb7b6fa6c6f54d71f8cc93bbc88833ff1aa501864c3e82b86b6a0f339004f3599ba05fca18afc6daf10a6e1b04522ded0e59
-
Filesize
8B
MD5e1a6bccc528042de94a680b982410542
SHA19bd8376ed3adfd3cf0d25c9ab4c1dc505703f3b2
SHA256c162654e4051bf0583e4ce650ff3970abf80428155a446dd06347a2a4caad6f1
SHA512f7d27dd528c74c2d5d4895f514c634cb3d836dbe1412ff08789c636d30cd8899f048affac372fd73d09de54c305ac1fd5355912df686504f8b0cac5de802af43
-
Filesize
8B
MD593c6a1f705d60b08022bfb613f442350
SHA13d432315a91339b189c35472d95e356ab4547a9c
SHA2560adc78f21fb7ad51e86099a2c6f95bbf9438c69a59cf4bb22c5685b495c26586
SHA5121f660608bd7b9efffd7cd369d1e5313de63b50912bcf4da0a6076995552a6c55c0d41d86a08fcb9b6ad3bfc2688bdb6b88cae7ea07ce684477fecf20470ddf05
-
Filesize
8B
MD528a2e67ac82482279ecb5da9faf7174f
SHA17d07db567757337bb1e85e83773c5e6ef87e79e6
SHA25682433c549b964cd7c9050bf41805c55e51313eb5a00d8824e3c8fd0d804c2ee4
SHA512ae81682fca5caf8de387a65f8a654510855e52d1eadbf65539f0d09b6731121b8c4d70eeda695f22f7f4cd2fa4316c54448dc0175e5861718361ea8e4ea783ad
-
Filesize
8B
MD50446a3f8893a5cb773a6f754e98c21a6
SHA1cb999321a074df0b8f954c20f6bcc56e8163e0b5
SHA2563ec8332a8928545edf7d1e2592b08a71997292fa3d0099e7c0bdb217a512fa8e
SHA5126af2c92557cf616077f669f8e3dc4443797183accb7c5a824d558259be744db0f365b2faa14d6fd87b026b5667e377e517ad892d38a11feebb65c9c21d426570
-
Filesize
8B
MD5e0195929dd339c5c9e7a1c16901da36f
SHA1c27ec83fc4328058b16bb2839d4eda726097f49d
SHA2568145ccb106a9fd67d93f3c0585b14c7b2d4df8a17b92fd03ef4e177bf12ef362
SHA5126763262f1973030a23fe871b8f46cd6f07ce3ab56071e7767fdb77706137813596ebb2cb63d7d2e4d1977d0016e837c6818b3b0f2ac25cc2dd2fb5d9858dbc55
-
Filesize
8B
MD548a2c03584c35e305e4696eb420b60b2
SHA144f6885bb4db180b11fbf18744d05ac5884e4619
SHA256be39395c8cb7f6eaf8b17a86de323d5ccd043d302d4e66e6e471e33546a77025
SHA512d16883e1c7c1f21484c01f0fc072aaaf21290c0e414650e48eddf227aad777391ef59c3abe5f235209b1b2b19078041f8416e0ff02d147ea8e837b3b4cf29616
-
Filesize
8B
MD5c06c12083492bd7d045de618671b731b
SHA121aee354cb73bb0c4171724406dc1e6a60a5642a
SHA256e414a88836077d3e8b7f66e88e7140c8b4753b91917ffbb3da7767d7628614ef
SHA512c3f35151ecf4a6a18e41f9421ad08fec45ec6c8dfb07983d5639639a3a1fc82a13aaf6be05abac804d09d18377242d8bb35ecd5f50d73943ab21155e9b4a3dc6
-
Filesize
8B
MD5ccce6854f42e358795d917cd43fd2ea4
SHA19c6c2710940216a93143d2c93387c700c4a4e80f
SHA2568ae09285c9263fe0dc47bc5013cfa0e58fad5286707e0de22430f2c6c5679d1e
SHA512817f0dd62997b5d0d50f2b94fed2ebd2e0689068cf22fd5f7786caa9c9234f08a0988111afcef03679bba9768f10f330e4d1794c63abe94af1d602e73849552a
-
Filesize
8B
MD5fd13fd301bc3822c294b7d69d0149e34
SHA15c9ff9d4cb697bd80f7635ab7716839da612c113
SHA256d0e793939766386c093926d1e0e438c28b5501bdd91ae19d955f5a09b47d2f3f
SHA512ff083bec706586149a7d3ab6f52e6397334e1382653ed406d952a637a61f353cd2fb6f77c7d2ef2943a44890d008d345fd31389faac47381e8e6914186ec0eaa
-
Filesize
8B
MD5a896911c5eda631311122850da4c75be
SHA16f5e22e2a6ac009fbdeff1e9c84dece5cb79a848
SHA256f990b01f921b3fd7f856e1509e0655a931b0356e07942005e24d3e2de9c9fa9b
SHA512d8ad07ed5fd8313c3a22d32a03f6f2179abfc4c8ff6672871adfa448453c4fc3842d7d85a71dfe3ea694137ec2d91b04d44a1c3a5e61b5acd67859efe4b3cf76
-
Filesize
8B
MD54358f0dd29eea6e051dead88e0b43965
SHA18010d66b85b5174afb4f2f8648443610f0aa4b1d
SHA2567c7edab335584465eb336a982fab33c8e715b2ff2907f52f403d2872e3ef4036
SHA51226cc705b31d122e83fd94d6a0a646d7627085cb95668a7f37ab558ed2f340267d98e8455ffceb9e3d7bb105389f83b2253959d04326a19c407422106755d072c
-
Filesize
8B
MD519184710f523aabb018012210cb4b9d5
SHA17f53786d7d6cbbeefc17052f83d9ea62daf54f02
SHA2565fa359e3d1ab44a0ccc5af32119afe2cfa2c3833802cba9a6c81de04f67da038
SHA51219fcb1be87380364ee320f1afda752dacfb91d204ad057416417520cdb636bcc4fa31efe02cb7ac836e25e1abc5b5d1391a0fcd018d59eb4811dfc1d26f54d70
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
578KB
MD5d9f3a19b955bdabcd81903883dec4dc3
SHA12b38c3f09ea23445a4dcc33453a2ce22f5110590
SHA256d9faf6bdd1e24143662056d75b3e13539825fc9e62bf29ade39dd1747f1d4ddf
SHA5120ebdad522b07c3b9038fc229ec0fec5497f7666851dbadfb3188ebd69f91cc34853e14796c9364fa21af4dcc1b7b8aeaabd98e01ee60b5f4714da3c13ec244f6