Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 21:02
Static task
static1
Behavioral task
behavioral1
Sample
90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe
-
Size
658KB
-
MD5
90a44c50dc408ae462d0132cf7d50491
-
SHA1
846c3f856804f69f9198193c50bdb9ce4111d431
-
SHA256
e67dbdd16d9f36f1536bbc51cf576c8f35556c208bd5adc6c3b7691233fed76d
-
SHA512
38b1804483ff01d55b40d25fbafddc7746136c682516b038f5728e10f4d7bd608b70d775b182107d8ef693e83001f98f6fb6906ca975cf82bd0e3c009a535119
-
SSDEEP
12288:/iSC/HRqEzUjyfTEfrC1LZRelDTBd47GLRMTb3:2AyferC1L8d474mf3
Malware Config
Extracted
cybergate
v1.07.5
cyber
127.0.0.1:999
any1lolpwned.zapto.org:100
W28V77647VOSG6
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
windir
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\windir\\svchost.exe" 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\windir\\svchost.exe" 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{8674NVR5-6052-3YT6-532A-A8P5KD8W0B0P} 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8674NVR5-6052-3YT6-532A-A8P5KD8W0B0P}\StubPath = "C:\\Windows\\system32\\windir\\svchost.exe Restart" 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{8674NVR5-6052-3YT6-532A-A8P5KD8W0B0P} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8674NVR5-6052-3YT6-532A-A8P5KD8W0B0P}\StubPath = "C:\\Windows\\system32\\windir\\svchost.exe" explorer.exe -
Executes dropped EXE 2 IoCs
pid Process 1652 svchost.exe 1568 svchost.exe -
Loads dropped DLL 3 IoCs
pid Process 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 1652 svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\windir\\svchost.exe" 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\windir\\svchost.exe" 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\windir\svchost.exe 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\windir\ 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe File created C:\Windows\SysWOW64\windir\svchost.exe 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\windir\svchost.exe 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2696 set thread context of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 1652 set thread context of 1568 1652 svchost.exe 35 -
resource yara_rule behavioral1/memory/1940-541-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral1/memory/576-876-0x0000000010560000-0x00000000105C5000-memory.dmp upx behavioral1/memory/1940-905-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral1/memory/576-906-0x0000000010560000-0x00000000105C5000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 1940 explorer.exe Token: SeRestorePrivilege 1940 explorer.exe Token: SeBackupPrivilege 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Token: SeRestorePrivilege 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Token: SeDebugPrivilege 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe Token: SeDebugPrivilege 576 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 1652 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2696 wrote to memory of 2532 2696 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 30 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21 PID 2532 wrote to memory of 1212 2532 90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1212
-
C:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2944
-
-
C:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\90a44c50dc408ae462d0132cf7d50491_JaffaCakes118.exe"4⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:576 -
C:\Windows\SysWOW64\windir\svchost.exe"C:\Windows\system32\windir\svchost.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1652 -
C:\Windows\SysWOW64\windir\svchost.exeC:\Windows\SysWOW64\windir\svchost.exe6⤵
- Executes dropped EXE
PID:1568
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD58cfacc870b88c7d017b189df39a8e35e
SHA1ab10cf227832beb884e5edd586c0e266dc22efcc
SHA256c9bd6ec48f54f4e3bab057b13870f85f9bb14bfba1265127f933a70f13579150
SHA512564ef8ad039b2cbfe22835c9abdda289b23bbba14a478665eda2b842391e37efe39a9755e3a82a9c86ef3c884961f9ff84ba2bdd7d20f826b6a4e0a54d7fa03c
-
Filesize
8B
MD5a72419baaae40be49dc498b2aa750178
SHA189b5d47338497e32ff9f413cfd2ea4848632e6f9
SHA256f0a816fc7afa33b2ccab1b270b5e7b78dbbd71a25a8fa9c60aaa516f95b6acc5
SHA512ff387a6968e2b832fbe2d81899fe518bf1683acb0bf38cf6e586ca73d593b9ca70bd5f32296c8379631b3b5a06dc543f706154e5301defd102ddf52273cb2d92
-
Filesize
8B
MD5f8c747f29a63dad534110c2c2a5ef021
SHA1afdcc0539b709423e29993fca427276993a2d6fd
SHA2564686c66a9ef7a439aec72637abd038a1190b55c72f82c841a01b6fd11eb111d6
SHA5125035e2a5178e66e4f9400648870a660bcf05ef03a102e1f6bc92ea681c8cef403d421cc9d670a47e47b2149bf746f283e8e14b33dc0f1e5c540c30dab9e26306
-
Filesize
8B
MD596122d5a5bb762f1c5f6d01703a56ca1
SHA148f2cae37749de11b39ea2d34d771adcd071801d
SHA256541ef8fef24d3cb445b244cb782a642a68e5ca9d5ad914717a3016c2dc98cf00
SHA512f0d3ac013f71d901d670faa32e8d52f107449aa184c0fd1deef91878027fd35269858d4b2f5632eb88de248833a84ca90fb91d0abb16791956f0de64d636ed6d
-
Filesize
8B
MD585e7d557cbc373a11861100d9316c56d
SHA1d3df4c9c08f092cbb88c473f1c1c010265e80757
SHA256362853a0638d1a8a9cdd45f99a37d3e6fdf462e81733a6b4ba4fea38b4ea6e1a
SHA512c1a7520914b193ef6ebb875d5e7eec67584f128f5d37814b5505b6e72dee5faaa498efe626f41ab754306a99f1605c1ef9baa20ff7d2b2fbf8a5a0891f144245
-
Filesize
8B
MD523cedaab965cbd354d12507812f5c58c
SHA1e5155825d32888c13aeb2432b9f5e62e5c9576f3
SHA256e66cfdcefec971098a8243310ab9d5041569423fb50cfc3f515ffbbcb0842583
SHA512c4856c3b0962e3993f23c67758c151204d0e755a4474175094de748212def8a03fc54711094841bc520f1a891f508679a82c651ff515c7ef993fe7e58a9a0655
-
Filesize
8B
MD58bf364880d0c6a44ac1e71c48502f1be
SHA1f1ead03c5dcd416ac22f2eeddb928e380016fb79
SHA256980671df8f24d97062f377443075982937e4da11c0927098576d1b0532f72ded
SHA5127d38e18b51f45864d1a30e3c9479982a2cd376b9bd1b8030ca50579c010a4f873ec7ba12bf2bcba79db3b9499176324ab3fe4695289616519a662127e98aa764
-
Filesize
8B
MD571e827bde76465a1e94480ca416137ef
SHA16a2560e32b61cf78a5c327dc1d5d8be2cd9bf2d2
SHA25626e8186de7d58747421747b30a422591c445dc2a399dbc225742bc69eee7f58a
SHA51277a290b96c40aa4ddf264c190ee931dc62b0adf5d858b0edf066663bdcc25f50cbd922a3975f536d470d888ccfb0e0111207255d3b078d138fe48f2209146b02
-
Filesize
8B
MD58676c7aa35fdbf48d94999b20b605c99
SHA19fda3acd9746e81e3c227dafe8d7a41913d2102f
SHA2566327c277b800ba162e7b2f0a21f5288e13bfd08d5b813924db6aebe39df2999c
SHA51290f7d27497eac69d22784a662bd8d30d8e9c60972c3828a32cdbe7f35aaf80f9641959d84f84b495a27856b9b82287b2f6eb641c7d8ba72b7bf8b6c07d96902a
-
Filesize
8B
MD5f90b24e198132c5918d6dcf4e50948ff
SHA14614cd95cc3413ec4eb4fa4f80d69eed735ba2c0
SHA25690b3a60ec7645c38ed2a7bd3f11450d7916d4a62b2464fa5f4a846794c639425
SHA5121c10f1fa99a80ddf5904b9929c232ba8ff878b90db04bc7dbc2a1574c00b107b9c1d61cc4074b80b926407d30dca7abdf82cf758357245f261a1dc7ce4dfbeb5
-
Filesize
8B
MD54b5ee7fd08b00584cfd0e752e33fea28
SHA174e647bde1598749c5b45390db4c7ac32ab3b873
SHA2567f8ef10e2ffa559e4681eb84f36db87874bae38f77dd5cdbc3f8b91ab55f2535
SHA512aa72d8fec053170688ff4a85990df3532425d154a3b4d4dad2c7b858168ea0190f0832a793eaf9dcee3a351137c56971d5400a8b2d75bce442dbcf8405611ae6
-
Filesize
8B
MD5efd588a54f155352c0ff2d44d70e92c5
SHA105af0ae680d6fe17eb1a109f519695990b6d2dd2
SHA256104b5a9dc786bb1e75400c01585e09e84847995cbe002411558b9475f8f3061f
SHA5120f0d7fa3f7d37de8978b920fff10f1eae6fcad29c86778dd6e24c4b50b9d7b787142de059c61fc9beac08e4bb5bd7e9aaaac07cfaac07aa237dcb80c33e97890
-
Filesize
8B
MD5a8f2d08c7d1a80931b6e2a16871444e0
SHA1f43e47507a51f7a1ffe15fab707b37a151e031b3
SHA256955bfee4f610b78db2cf34f5eb722b911979273ba027b0b5f80101ba34097a8e
SHA512485c6e6cf0c6198cd8583f68292a7b97e031c1b5d69b6afdf7a8db93436d9db66dcf2d507719564d742166aabc4c58f6bbbee827d12245d2411d18a34ace1c45
-
Filesize
8B
MD500fdf4c95454e406a32f0c44f3cf65e8
SHA15469e5f86ccea9b2706ce428e1e883b204212d4d
SHA256db89bd0e771a5747934520305a71e0656eeef8a342d0bf02e3c56bf799a3be16
SHA51201dec591364d1423c64fa5344a8d5eda5a33f6ef9346892dafd3185d3a8abd541726bb962187d7d7e3dafe301400e90705c0aec12a11b23fc268df63cee0cf0f
-
Filesize
8B
MD54b81b48e993c697a8055ffd28783bb13
SHA138b51924380513d00a3cad7570a80323a9ba683c
SHA256018300df0bf9d5e9aec7f576886f2f9a05266943a27a8dbc2d5830d2be1e0b5b
SHA512a3ff862f6994c399b4403f4c34eca7216f0f33a3dc79da50f36ca423d9bc1759f59a27326e71d50b9f495e6448876e399bbcc648a74cfa95f985b3c588fa737d
-
Filesize
8B
MD50e5aa1b7f8a80ffdef3e75a11f819ae1
SHA1d481a04c319b3a4f9710e41b3fc1e4e23f9517f1
SHA256e2743f3f52d71b70d79f1aca2e4c1ea3ee6dee1a1a3bd1f53686642bef716bd8
SHA5120837280c92bbd86480fe3ae01db84a7db97df9d9a1b85ca24ddfa74db1798f0bfef2b90f96ecd7c61541e22b307e40f2dfb3f76d288c4e489ac50338c9e5a491
-
Filesize
8B
MD56923e28bda15a368abc6d0d222933c59
SHA15b5db66b55536d604aedde122e56b85c3e814c46
SHA2562b273c42418bd6a1550c19ccc2bd0a850765bf5f4dd19d500c03d7317f5b6556
SHA512e605b300875c01bafd0bcaf377a2cee210b4ffc46f8c15fbe3e2b3585325401d310faa9d74119dcb1f6015472b24cac5de76107351090e50c28f62967cd75de2
-
Filesize
8B
MD5087cb7bb82619f641eab70e831bb7e17
SHA17bcbe2fc65ee7b6403cd58fad074813ca15d0b35
SHA256323b7745650db171b34137e605df3fd24bd0e604b03bf47632a7015afef4bf9d
SHA51253fde767ecd03cd88590c6b6904a9dd8be74e58ac74906fe8f4a795e22505a0e0b520f2eafdcb1c6f6aa601353896bd339b8d19e9b012aa37a2580dbe5bfa13e
-
Filesize
8B
MD50ecfddca83c8dca3bfc2f51c616c2762
SHA1348774010c850e954c262b77d5198413b4599c74
SHA2566542c54a020fe8d9995d85233754600ac49d02c2e60f5eb4d7908abf5a49b51e
SHA512251966485d3add1a7c266116430600a04c232225c6cd83c6f34d83412ae365acd7f19e3e50933460f7276bd4b6cc2749721d63c6a5b3c41b07607e37f56e5092
-
Filesize
8B
MD55bfe6a036094c322642285c8fa44e2e2
SHA1122d1ce68076275e65c567678a1487718bee886b
SHA256fde1bab7a0a1045d56cf6906b534eb49345a0c61d5ba0791848d0541d0c9e5db
SHA512e53c4fd32692c41f23cf0aff24c954d7a5d8db526e7e0d406433a5b556af5640605a6fe64cd6850394212421032fcb59571461b663465d563c728218cdf1d479
-
Filesize
8B
MD5ef56295d92d45864bfbeb184a02910c0
SHA1e50edd00dc8194ddc7c564276ebe5b3bfbed943a
SHA256307c3d26e5a2ce210aa5e688aa600c15cd9d815791d304d750ac58db487f7f67
SHA512b0424134ee7e02b63bf5f5f9eb187e11035d9d14a80a0817a80320f302851a403203b932cbba63cd057f920892eb1fb1cad0fa1fb9f969eb2415fe477983f1c2
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
658KB
MD590a44c50dc408ae462d0132cf7d50491
SHA1846c3f856804f69f9198193c50bdb9ce4111d431
SHA256e67dbdd16d9f36f1536bbc51cf576c8f35556c208bd5adc6c3b7691233fed76d
SHA51238b1804483ff01d55b40d25fbafddc7746136c682516b038f5728e10f4d7bd608b70d775b182107d8ef693e83001f98f6fb6906ca975cf82bd0e3c009a535119