Overview
overview
9Static
static
3GK6X Setup 8.0.1.exe
windows7-x64
9GK6X Setup 8.0.1.exe
windows10-2004-x64
9$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3GK6+.exe
windows7-x64
9GK6+.exe
windows10-2004-x64
9LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3Analysis
-
max time kernel
53s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-11-2024 12:41
Static task
static1
Behavioral task
behavioral1
Sample
GK6X Setup 8.0.1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
GK6X Setup 8.0.1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
GK6+.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
GK6+.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
LICENSES.chromium.html
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
LICENSES.chromium.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
ffmpeg.dll
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win7-20240708-en
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
vk_swiftshader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
vulkan-1.dll
Resource
win7-20240729-en
Behavioral task
behavioral27
Sample
vulkan-1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20241010-en
General
-
Target
GK6+.exe
-
Size
150.3MB
-
MD5
f9707dda2abbbe30443fcb9e9ff1063b
-
SHA1
a83e3078414d5f4bf9eb4efff7a36949e35e18ff
-
SHA256
28b669610bd9217d14b514e94536410be9e378a242ce30cbf6af5355363f21ea
-
SHA512
f53877d0ba97cbb0c7cbd2f4b1eca50f56fd8a205bc324fc1e39af0ac15c5db7ab124ab9a4a24368d070544e440ea3d2b3dd82392c3c009c869c1bdbbdb26c3e
-
SSDEEP
1572864:yGo+wPe6A6NdJjatZDbKOy32BtIlJyvWvYvCc8nVjoSkpMs1CyCvvdwsrDKE1O2a:rx6A6GKsvW/NZv0/
Malware Config
Signatures
-
Renames multiple (148) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
GK6+.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.GK6+ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GK6+.exe -- --openAsHidden" GK6+.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
GK6+.exeGK6+.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation GK6+.exe Key value queried \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation GK6+.exe -
Loads dropped DLL 3 IoCs
Processes:
GK6+.exepid Process 1320 GK6+.exe 1320 GK6+.exe 1320 GK6+.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
GK6+.exedescription pid Process Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe Token: SeShutdownPrivilege 1320 GK6+.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
GK6+.exepid Process 1320 GK6+.exe 1320 GK6+.exe 1320 GK6+.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
GK6+.exepid Process 1320 GK6+.exe 1320 GK6+.exe 1320 GK6+.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
GK6+.exedescription pid Process procid_target PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 1096 1320 GK6+.exe 31 PID 1320 wrote to memory of 2656 1320 GK6+.exe 32 PID 1320 wrote to memory of 2656 1320 GK6+.exe 32 PID 1320 wrote to memory of 2656 1320 GK6+.exe 32 PID 1320 wrote to memory of 2212 1320 GK6+.exe 33 PID 1320 wrote to memory of 2212 1320 GK6+.exe 33 PID 1320 wrote to memory of 2212 1320 GK6+.exe 33 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34 PID 1320 wrote to memory of 3016 1320 GK6+.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\GK6+.exe"C:\Users\Admin\AppData\Local\Temp\GK6+.exe"1⤵
- Adds Run key to start application
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Users\Admin\AppData\Local\Temp\GK6+.exe"C:\Users\Admin\AppData\Local\Temp\GK6+.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\GK6+" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1200,i,6889482307485250689,5379078882338232117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:1096
-
-
C:\Users\Admin\AppData\Local\Temp\GK6+.exe"C:\Users\Admin\AppData\Local\Temp\GK6+.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\GK6+" --mojo-platform-channel-handle=1392 --field-trial-handle=1200,i,6889482307485250689,5379078882338232117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:2656
-
-
C:\Users\Admin\AppData\Local\Temp\GK6+.exe"C:\Users\Admin\AppData\Local\Temp\GK6+.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\GK6+" --app-user-model-id=electron.app.GK6+ --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1664 --field-trial-handle=1200,i,6889482307485250689,5379078882338232117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:2212
-
-
C:\Users\Admin\AppData\Local\Temp\GK6+.exe"C:\Users\Admin\AppData\Local\Temp\GK6+.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\GK6+" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1356 --field-trial-handle=1200,i,6889482307485250689,5379078882338232117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:3016
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
5KB
MD50064bbed7c94b48d3c8c1f674a6b3f13
SHA1a74eeba4ca628616c09832bd1ec6fbf3b4d5d79e
SHA256dba6a061c3a19b57276ff324ca4ec2d26e7490327b4ef43523d57e289365d23f
SHA5129cc208164cd001546643f46f207a22a5a1f7183e577e50be397172a5a2279176e378d4bbe37a974a39833de5409d7d0e5514f45156c4f8349587376d2a2ed968
-
Filesize
4KB
MD54655072364a587d2c46a7ca791fb40f9
SHA1a5bccf702b157557cf28657e409c424478f3d793
SHA25633bb18e2adcadc43d929ae919ab6a3b039954119252106060091782b7387b32e
SHA512d4791bc8eb1b165e23783f3b9286edf15ba090de6d98106b84fd13cce7a38ac642fbd19958aa2c453534c71fcd1e1071ecb7b9ef8c5dd5fa9e530aac598b7df6
-
Filesize
3KB
MD54de207e72f3031c43425572897710d2d
SHA10bab9d47916f2c8cd2920eb2c7d38cb4066235de
SHA256d0dddfd360f4d640debba94ac0f9cc7a6de7301736953b1c40f835566bf12275
SHA512555c0e250891400e869312b92f618bb2753998c350f2412b76982a6458fe9666dc86d6e58d28186c189fb33411701f94e3d9f3777e5e2992e455eddf35eba9f5
-
C:\Users\Admin\AppData\Roaming\GK6XPlus-CMS\Account\0\Macro\11859524-DC42-4fd5-8A56-A0FFC66F965D.cms
Filesize225B
MD5a008f27c7cb9cc98d1faa83e45aa6715
SHA1cb5ea0316b3e782e2f143a16c80d672b761afcf6
SHA256f14284bcf77e7f6ffa050023527b9f61afc92ea786ea87bb61eb958bbdb9bee7
SHA51264857d844aaf23dd6698f46698305a85cef5ddd4d059b1abeb5afebf2ec275f12ce8ef388195df284c5e750c829050b372bc30ba869c309b6939e7835d035d4e
-
C:\Users\Admin\AppData\Roaming\GK6XPlus-CMS\Account\0\Macro\ABE5C7EE-8C52-43b7-91B0-334322E19F5B.cms
Filesize263B
MD558a90b5e6fd8f22f140dfb8dce257e82
SHA1a9966b0f80a6db0153dd011930245e0a2dbc9f41
SHA2568eab484067790790f71bf211b4445cea31e19116b9baf7dae810baa258f24286
SHA5128cd7a0684cafde09f3166b61ca3139d55dbde6ec6cd6b6544294fe83b1ef9b0c2368613d4b94e91197d1867d8344c17fcdb04266ea47821dfe005affb75d672b
-
Filesize
254KB
MD583c6e16078808b94dff5686aecf119e7
SHA1c0e4e7c859f3d4a052a9338a9052aabc1114c457
SHA256f1a0786629d4b767fda448e1501eb44254aada2d2a4beab5bb9f231c19f9ac02
SHA512213deafacaebb78a7fb9139ff98d93a8fde569cb6abdc3e2926384ca97d069702b2fe0d5606626634b5ffa940dfe5a6c5bf01febb250e9559474bcdd42929867
-
Filesize
164KB
MD5e02b8dd62465b60e0e3d21c229bfe0fb
SHA14d39a70380063d41ce75e0f29cc8a5e18758b98f
SHA256a7484ce78716fd576685c9ad3573243915c87c604e6476e7e22c83e6c3635686
SHA512242386e4432b798728ab521c885a5ee2ffdf202f312a271bc6081bdd2c5869b86408cb43620c7ce123513c1f694d2aa018dff4cccb49222e20091fb4b5af9222
-
Filesize
1.1MB
MD549ca10dae58cf5a1a0222f83f6df4002
SHA12ef8603914516b24d7128c50827def28da97ccc4
SHA256a6e6d835cafa1fc93f4b6ef3595a4c2b8e54fb7c1ee416ed8e379ff5846e048e
SHA512815d5b7c5001988d48d059b80df5e6c5ed6c43c89934c31f27bc6e51cc8d6239620161ddfcd0307ed58c1c823e5bed4344a089eaa8b326595a9efe3c484ca9aa