Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 23:36
Behavioral task
behavioral1
Sample
44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe
-
Size
274KB
-
MD5
44bc1069163a24c7436cf35a93bba611
-
SHA1
afe484069c1fbebb0af9bec7d8f70955ecbe8f40
-
SHA256
f57d303321f8d5429e757128e4eaadbf07d0081257ad3e4fa85dede1202a28a9
-
SHA512
2bc1da13760a5c60e18761bb88bb9455d37eed0e3c87e67bc83a4cf2c9af7f0d0f4017f863b06d35c6ec64ec404b010d216c3967fc67f39020664febdb9c66c2
-
SSDEEP
6144:nMIpu9NhNyEYw48acZccSU+U4pN/EHqGs:nbpSbNrjbSUdk/DG
Malware Config
Extracted
cybergate
v1.07.5
remote
anjan123.no-ip.org:85
MD2K4Q7O3P681M
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{IR8FERVU-G56M-MDFN-C505-L33URBR2233E} 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{IR8FERVU-G56M-MDFN-C505-L33URBR2233E}\StubPath = "c:\\directory\\CyberGate\\install\\server.exe Restart" 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{IR8FERVU-G56M-MDFN-C505-L33URBR2233E} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{IR8FERVU-G56M-MDFN-C505-L33URBR2233E}\StubPath = "c:\\directory\\CyberGate\\install\\server.exe" explorer.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
pid Process 2828 server.exe 3200 server.exe -
resource yara_rule behavioral2/memory/2936-0-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/2936-3-0x0000000010410000-0x0000000010475000-memory.dmp upx behavioral2/memory/2936-23-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/2936-65-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/1276-70-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/files/0x0007000000023c74-72.dat upx behavioral2/memory/948-139-0x0000000010560000-0x00000000105C5000-memory.dmp upx behavioral2/memory/2936-156-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/1276-161-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/948-162-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/3200-164-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/948-165-0x0000000010560000-0x00000000105C5000-memory.dmp upx behavioral2/memory/2828-166-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral2/memory/2828-200-0x0000000000400000-0x0000000000458000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
pid pid_target Process procid_target 4992 2828 WerFault.exe 90 4956 3200 WerFault.exe 94 -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 948 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 1276 explorer.exe Token: SeRestorePrivilege 1276 explorer.exe Token: SeBackupPrivilege 948 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Token: SeRestorePrivilege 948 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Token: SeDebugPrivilege 948 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe Token: SeDebugPrivilege 948 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56 PID 2936 wrote to memory of 3524 2936 44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3524
-
C:\Users\Admin\AppData\Local\Temp\44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:4564
-
-
C:\Users\Admin\AppData\Local\Temp\44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\44bc1069163a24c7436cf35a93bba611_JaffaCakes118.exe"3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:948 -
C:\directory\CyberGate\install\server.exe"C:\directory\CyberGate\install\server.exe"4⤵
- Executes dropped EXE
PID:3200 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 5445⤵
- Program crash
PID:4956
-
-
-
-
C:\directory\CyberGate\install\server.exe"C:\directory\CyberGate\install\server.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2828 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 5764⤵
- Program crash
PID:4992
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2828 -ip 28281⤵PID:4848
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3200 -ip 32001⤵PID:1448
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD540d7f6712191fd100466520d831afc92
SHA1bc3c943f51125470c9b5f8ed3315b2089efa35bf
SHA2560bf18d78a203b129345e33ca50445c8cd0f3a9a269bba95737cd363327253bc7
SHA512c1ae703d7768139e7373d214a020311b16c92be183f295e010b586af72453e70acecfc6f089360f29a131f936335c92da0d71cfdc0c45e0854ce29a7eb955afe
-
Filesize
8B
MD5c8285120f086d85ebd567d924077df37
SHA1857f45ea4aceb11d6236a6dcd535c6570a4336f3
SHA2560a8b5121369c011c2c7f628f7bf85f8e82991a8618915990494e83b93e92771d
SHA5127246bfb03e6b88b5066b1f9eecd667857f8a2d695456d94167b85f622e4415b2efdf80b35553f2e8305de5bdc3f522cd95a8a6f813f0014c57ada7e510a5e2f2
-
Filesize
8B
MD52db4f5005edc9a274f3d02c5e1cb8443
SHA1ff01e66ff3be4d69795f0bf922510016cb65ae41
SHA256e1739ec07aacf9cd968ed82ba617b47e4673576a0b74f7440be66c5524ce8bd6
SHA512001e527c068b0ea37279223a48c8dbbf22990ac050ac34e2c39a4d20391d3ae25e478a9369631e1a03f9451f1504eab1e5a45211e244fe5b323e330c3c114368
-
Filesize
8B
MD52c7f4c1c9b34c674f4d09d00d3134358
SHA1d788aa73a27ff55d58efa7d862bd974007bee248
SHA25622f9255fcf08023b9671e87bd4aa3355ce7387de81c111a4581621cc9e4888aa
SHA51208b6fc94d3605b66b47c10a74a348e863f0b0d9ecc8de58285284c27733d351a451ce80235191295e887907fdd6afdb44c142df98f01d19361331b5f99df2a2f
-
Filesize
8B
MD53b14536af657376ac22492573f913aa0
SHA1135dc774bb58822b346247e3ed55d09f202a5ce1
SHA256e6efb9b095aa27ca9f82dd0dd8bb881ff04536d164e97ebbe961a3fc96e3b5f5
SHA5120bc9c2232b1e516ac983516b14f40591e54fc00f56a7b748eeb7fb2c40370b0d4650e325712443c017fd5b8cdc7cc5a2300046b17246f258d98d5b1cc2102dda
-
Filesize
8B
MD5a863cd1cef9e65d234f5e7d639a2f14e
SHA1bb14d22eec9b242f56bf8dae230bff15063235f7
SHA256db57b64a84ebcfaf74402d9cdbcd3366657c9ccdf7823cd018f415ff5728a92f
SHA512c8d7b72aa8e6401ea89e9be48593b618fc2308aec1aa07363454d5db0e41f0ac73002354cf49e9a025d545e8392664350ec2fe950094c056a155fb0f516cc991
-
Filesize
8B
MD5fe8801da3470426fa806f42f064f064e
SHA119af1906b4f7f05fb5ea082f7d509bcef08eb503
SHA256c6b39fcbc6144e65784a9901c0b0621067bdc378a5f75385b63e3b9ea966e0af
SHA5120e30eb1642e3bfdc4e17a58baa3eb2103adad9651afa9c542c7ec2e2e854cd74de01d8305d1de8bb5c5967878a7591715427678b17e222f0ace9326001539263
-
Filesize
8B
MD5660fb43131bddbc1a4022ab49dcb8dc6
SHA126ef959cf8cc7cb343beb86770828f73078cdde5
SHA2565206150d6c38966f173a63913fdbb3d9e24ead8801111acb9987f067c263678c
SHA512da01de7cb946d7d6e1a4ff9f4e74d9eab1c4acb6658cec4eb4232ca2dbaaf2726a5f7916e94dfcd1f97ebf76eb25fd9decc2470f793ab3bc71d7e37ba550686c
-
Filesize
8B
MD5f017a898550bc3d9f49fdfdd7fb5b789
SHA162cd8f8ead11ae44e9116b3b9387a31e1e5d32cc
SHA2563cb5f5aa0dcd4fd0292d9bf0ab3b6ccbf322b2fca59233fc7ed37afaa941a1b8
SHA51239d5983c1d9b965f485b84dde8f41280d2e30f144148dc90b827778069f675ca7bdd17c92cfd2e77107680a9c4b27cd415578fd9dd8ee75218d03a6e736223ae
-
Filesize
8B
MD500678693e04ce9d9b0511229e0bcd58d
SHA1b5559289c7d5ddb13aaeb6179e5996eb102f4cfe
SHA256d4bb9923aae55a81082648202501f23b9e8ed449cba4027ad29d88668234286f
SHA5126c8a3fdcdf74b7336624aa74ad49f53ec9e0a332459eb95d7234470c740c110901eae77b2caf07be84a6a6dc5d86408aa37721793e357d05ac3be85584355d2c
-
Filesize
8B
MD593a2ff7ea510ad7624399ee12e20511a
SHA19712eeeab9324e902dd710ab343fe5ef5fd7c812
SHA2567f1d1066f05b5ec7723ff3adea67f918535654b95b0b9e40be5999ed17439c62
SHA512cab6b3e7ecce0336e9b53714996d649ffbbbd590fcf76f6628612e5531400fe04b6b12425057b0fa81fcf9f08c385a009a8e347d491fd18312f7927aefba3cd5
-
Filesize
8B
MD5592e79029dd60c76f25395b472e5545b
SHA1327025550a383450fc661b1ab9595ae0c4eb22a7
SHA2560156d7d9b410407b99b0ca39dfa9a3c405a4d0c805cb7c464bda72272fdb904e
SHA5122fd7d411f5d5976455b13e32a31250f1169f4b03b34df4928a0c0f63fbaf11530152b032ea70e2873dcdc1bba6f41a6c04a503638f9eb62c29af00bd739dae11
-
Filesize
8B
MD5e720bd38232834fa1b08e2dbc89ddd75
SHA11173905d04693ace0d752ffff95184ec7a93f6fc
SHA2561eb0d951bd0cad3f0d3eda76f48075cfa94de0019d8348dc7d34251210fe9cb3
SHA512a55561607e0764779302c2126f627303dfe81d8b9d351c4e4576e4b1b77e49b05a05875387eea726aa197d7a3d68ddbaf3780786f23c56316184782b3b35d442
-
Filesize
8B
MD5f38982ca5099920f67fc8faa967810c6
SHA1c7040750667a458bf13a2e360ae63eb802a24783
SHA2569daa2c34e73fd03ea461c995210dce8677141ba8bf6278c4d341cabb23c870e2
SHA5124a5141a8bec10e0b72dc3e3c37a8bf4eb862bf1260629a42a02136e8dad21500e56a6b369813249e7fdaefbf2d74fc1264d2c429ca5e36799d37296d8bc805fa
-
Filesize
8B
MD534bfcf09a6bdee6672a1209773e1cd1b
SHA17f38fb560754e5e1c5cbaf4738887a5f6474da16
SHA256c8310bb00cd1fd2701731da1c91a4102a4d139994d1f55362134434655c7eeb0
SHA51257e72ed20298338a826525b98a5fbc330540ad7d54d295e6815858d7ced50576ae9e25363e6843fafce27388106e6a189c8a8f2cc5dcfe0c5765b12128f96ec1
-
Filesize
8B
MD5c5e9b825867c22ac5db168a3e8839726
SHA1e11360fc6d83583b2020a5042635fa79a5760933
SHA25648a17029545fc410c3547cd5f742f45e2dd953bee5ce442cd095f5a28a18e83f
SHA5122ca98bf87201b93521fd9092f6780a2cd668e06bc3c2927f1c33406f979026d92bdcdef55180c586a075ea9251472bf8b0d72900d122b83e78dbd3d6de88c5a4
-
Filesize
8B
MD5be5c8d75cf07638b040b694ce1436f35
SHA122072cf3be1684c8c325eb9e7bd0967b60e92c93
SHA2561007b81f14ffea2bbf312bd476b87746d4a619c222b1be977394424455b603b1
SHA512e2029e3e927ec7153d37380ef91f7c0f75fd083e67e0d00f2e86a199121b7b0cc20ae5fafecdb3dc7c355453499f134f9844ca8948eb3e27412f6cff2f8ba32b
-
Filesize
8B
MD511af4e8c53d9d14255bcc23bab8182db
SHA1bd4709dacfd70f96d8ac47e63b84729fa430b373
SHA256ff4bd730264a436f240c1c4963705b7a1e86dbf54efbdc9aa8f371c3c91fdc33
SHA512c2f19583fc55ffce854d41945aab0ccf0a7dacfbdc5dc3a9d34cc92eeb0b89892d19e9fa25149fdcd28948f1601957ce178e7644c8f64221bbe498e823c5730f
-
Filesize
8B
MD53099bcbc974b119a06d58d57ee83e2f5
SHA16b755f40e3d4e06e3e842f411f82429a25ea7a46
SHA2567a7a5168249c39dff021c2dc655bbd8f6dce3bd998b20f447c19d85808abe7ee
SHA512424e294f81b5e43c78ab4b729a42fb44d762340ab19209763ecdda31b04a80fcadac7e953e04894a292c9900eaf9af5f64b4d6d78adf7c819ef36c26543e0668
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
274KB
MD544bc1069163a24c7436cf35a93bba611
SHA1afe484069c1fbebb0af9bec7d8f70955ecbe8f40
SHA256f57d303321f8d5429e757128e4eaadbf07d0081257ad3e4fa85dede1202a28a9
SHA5122bc1da13760a5c60e18761bb88bb9455d37eed0e3c87e67bc83a4cf2c9af7f0d0f4017f863b06d35c6ec64ec404b010d216c3967fc67f39020664febdb9c66c2