Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-11-2024 06:44
Static task
static1
Behavioral task
behavioral1
Sample
99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe
-
Size
4.9MB
-
MD5
99d934cc3c3f80ae473810a3e29c98ce
-
SHA1
611b3329057ff14d959ecc2aa6c9fd5c762448d3
-
SHA256
0dd183e40195e0b11462fbed00f627076277d0e0ec8ca7fb26db50f509ac3d6e
-
SHA512
b63fbad632f16e6282fef17866417654340f05149215b3ff598bbe676555c5f0b199199af81b10332b5a5526c2f11ec194ac6f346977e4374e7906833f346ac9
-
SSDEEP
98304:GezJvfL0j5gVpAfQkGX4bK2qYqokcIV3HeW053DI5b+HCydSKFx5I+JgDCr:GwvD0jkpE04ozNnHe/5zCbACyd95Lf
Malware Config
Extracted
cybergate
v1.05.1
Cyber
piccracker.zapto.org:82
Q6IR538OYASS0H
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
PIC
-
install_file
PIC.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
trigger123
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Crypted.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Crypted.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1}\StubPath = "C:\\Windows\\system32\\PIC\\PIC.exe Restart" Crypted.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1}\StubPath = "C:\\Windows\\system32\\PIC\\PIC.exe" explorer.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1} Crypted.exe -
Executes dropped EXE 5 IoCs
pid Process 2712 Localhost (2).exe 2812 localhost.exe 2900 Crypted.exe 832 Crypted.exe 2572 PIC.exe -
Loads dropped DLL 14 IoCs
pid Process 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 2900 Crypted.exe 2900 Crypted.exe 2900 Crypted.exe 2900 Crypted.exe 832 Crypted.exe 832 Crypted.exe 832 Crypted.exe 832 Crypted.exe 832 Crypted.exe 2572 PIC.exe 2572 PIC.exe 2572 PIC.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\ Crypted.exe -
resource yara_rule behavioral1/files/0x0007000000016d4a-20.dat upx behavioral1/memory/2900-23-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/2900-32-0x0000000010410000-0x0000000010471000-memory.dmp upx behavioral1/memory/832-650-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/2900-962-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/832-984-0x0000000005EB0000-0x0000000005F05000-memory.dmp upx behavioral1/memory/2572-985-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/2572-993-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/832-994-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral1/memory/832-996-0x0000000005EB0000-0x0000000005F05000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crypted.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crypted.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PIC.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2900 Crypted.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 832 Crypted.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 832 Crypted.exe Token: SeDebugPrivilege 832 Crypted.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2900 Crypted.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2712 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 30 PID 2936 wrote to memory of 2712 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 30 PID 2936 wrote to memory of 2712 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 30 PID 2936 wrote to memory of 2712 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 30 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2936 wrote to memory of 2812 2936 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 31 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2712 wrote to memory of 2900 2712 Localhost (2).exe 32 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21 PID 2900 wrote to memory of 1232 2900 Crypted.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Users\Admin\AppData\Local\Temp\Localhost (2).exe"C:\Users\Admin\AppData\Local\Temp\Localhost (2).exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Users\Admin\AppData\Local\Temp\Crypted.exe"C:\Users\Admin\AppData\Local\Temp\Crypted.exe"4⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
PID:1760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1572
-
-
C:\Users\Admin\AppData\Local\Temp\Crypted.exe"C:\Users\Admin\AppData\Local\Temp\Crypted.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:832 -
C:\Windows\SysWOW64\PIC\PIC.exe"C:\Windows\system32\PIC\PIC.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2572
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\localhost.exe"C:\Users\Admin\AppData\Local\Temp\localhost.exe"3⤵
- Executes dropped EXE
PID:2812
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
267KB
MD5bf0577c17a68234736f67d5db295b130
SHA15e25e119d884ddb8585187c82a9c6550bc85f3f5
SHA2564d62b9e65bca737e052b6610be21cef8c65016ff7f7b74f799c8dac98daa1c1a
SHA512cf806bf21d0e084040f6ee9ad9fa18cdb58e8970fb7f4eb32815d254b770d238034d5f28ee440449293163d89cd2ac448be545e5479fbb1c9cdc3ec8eeb29321
-
Filesize
222KB
MD531b0de3f40858bb30215436ea035ae19
SHA10a125c6c988468bf685e14aac3cd5246c934fd6c
SHA2568e85ea076c3ce5f31ff11a40be4327899e9b90c944f90d4c67e8f2b06bc83024
SHA5127cc58edb51a0c8c2434d3c9c13c00e292de9e5b7d5c2349a5a2bd98b5ee2de41793a7811944456e697421bf589df5cfe8c48ac6e10ba3e21239e05382c466a45
-
Filesize
8B
MD509f5a521f156a82d592d7308ddfeb4e4
SHA136273f0ee77ee8d96e8bb254af4e2466d232bb2f
SHA256e11662b34a27e88df795f3d8804da1cd9005af6e732232fbb160ec08c2bb8d58
SHA51201c623bb7f33550ee5545e6ea5a63325edd81f3d44c211a99935bdb08b3b7caccb9b5dcf9766ac3d76d3834e9d23ea660c60243965dc9ba1d3ecd6afe177131f
-
Filesize
8B
MD573f7d9356809f8dc0c5d58036f7c4ab1
SHA128df5558174d553d75124eef260cc004604ce535
SHA256f7477b38d239d024b1b0a45820fc6aa641344332e31fe076b700610b24b6d829
SHA512811090d968b53376ab593f5ce121dd36a15ddc95a093aa6481ed8b4ade97cd13e66141dbf6117165bd626f0ea1b66d4b17d0da9e4cb07357f254b9e9178b184e
-
Filesize
8B
MD543fdd7d6cf5aa215764af63d4640d01a
SHA11181f6e98db09864d5d784fb013bbb5ec189581b
SHA2564f19fd141e3ca643b1715be290bdf2f0605e278c3f4ca1146e3a18be4a8850ed
SHA5125376f9b73c52be4c8429ab839f75d8cfd6a0bb78f4c470d7a9d80b2b024f70920d5c655d3f7d42e51f77e8fbd93d869b4a093030c4bd055139214471bbf2dfe2
-
Filesize
8B
MD511d3d20590dff1beacdfee139aa0488a
SHA160b0e6601d03061595d3e01ef156b5bd15178d7b
SHA2567ffce3f2bc257773555f5ccaa87d123ea43301420cd8077edcccb7eaec11fbcd
SHA512feb5c7d76ff65fb7ecbaab47948ea68c0534807a6914c854a2a893ddd1e087789c89c863b7d0af2087920d1f3e7a582e5adf0d3ab997b7fceeb28ac06d34e830
-
Filesize
8B
MD5de7616a706fdc8d49d1069c639efdb76
SHA18005a0b0e4ae0958703b56f6975e22db45743a85
SHA256759916127e94ae7f5cf83b34893eb9032ff85377eaa4d820832e15fc95bf3dc3
SHA51283ddd03ccb94153fa6e676b0b775303ce0df72992ec8a816ff09bed62b36b6fe2fdda2a20d141f613cc8f43181359edb80a948cb80c098d8dfa02ab0c8dbaddc
-
Filesize
8B
MD55283c684ea242ff3375aada12e112eb1
SHA1c6333d2ca6563edb066f69569580b4f8b2a2701a
SHA256c539521e7ffa6c933c045f4773d18dc6159b60ebfe0e8d36408519a48b8b3169
SHA5129f5aa31e48d098887b75ed9d4703e52c27c30bbd945569df4cbeb1af7a73a6bd61044eb4264502883ae41706970dfcd8c93d954e3306ad5744ac512d845ac6e8
-
Filesize
8B
MD57ef8d7817232f7d09812e68363b380c3
SHA17668299198d9cbbd029b756f34cf228710a94088
SHA2564c46608714c8994dd4d20113c97985be3ae156453c66cc3e89fd7d73b046fa5b
SHA5122d85b5a3bb6539f80111a2df74f0640b1fde376239cbd72ee0b5cff61164cda56e6080c57ea4eba57e5c968511fda0fb67f4fc589971d2162fef89a452bf6044
-
Filesize
8B
MD5442985aab1436bff4930b1053bbfda2c
SHA1bb20b49b90f5329a532dd29c24e8d46470643746
SHA256f496d5048b02300ff1abe9dbc4b1354bf2f7c9591807c2b8c42e57f7bf9d2ae8
SHA512cf5705a4b15955e0e11905f71f7e653218fd621422582a9b05301497c4b36a8e9585dd408f517f8899fb56c5f7b4de2f39e33b6136af090ec59288c3f647cd06
-
Filesize
8B
MD5deca2c2eafff708ce181f4dec8d0cf2f
SHA10a3e94c6d83ec6ee8693c5cf8d454475817e5cd5
SHA25646f0cd9a7318328e4b49ef1e247f39352aedc8a2158140cc9bfe2eb8c9b52aed
SHA5122dd77890ac676a7589702b2d74f23222e6b556d65d14454ab10c42bb834089cd8ffd4bfd71ad5b02db1c66d02a1d8d5bda505391675aff18a8bc4aeeebb84b82
-
Filesize
8B
MD59d77e64c1e0b11d055a63140104856ca
SHA17cfb3cb18f07d4923a3d1856a43bb874117db6e4
SHA256599b5605e8fa563e45802c6be0209ca8357605b3a7eb3d051ac070941fd43dc2
SHA5129e0e3c4f9d4ef13b395c1bb07573a0bccd30a299cd90264f3607c500248fcb83f1ff9906edd9c85f957831fa58aa0206fe8dc6aaaab09ac056bf9ebeb4d069fc
-
Filesize
8B
MD5ba7caaf51812b6f1b6e4ab07a2bfddef
SHA1aefa8a5aa9a026b2d7c3624991d0a72055aa0c89
SHA2569fb42ff19a3d93d84654d84e76e690f7d89dd4170659c09d66729b8902d2b251
SHA512cf93c9a457fd138fb7799d4679d482696fbf2e8573ed0cbccc8c42c60c676c0568d2d1feb1855c3e88adc43f3a8fce1a059d304406342c7072a6ef4f95b52322
-
Filesize
8B
MD57da7e5009ae61d9f4ff1bb5eed051abb
SHA1c23700470adab32d2600f1764726f64be490aed6
SHA256500414418e9f23647c81cfc92908392f4f7de4fc9d85b33e8f6f2b01b4c7fddc
SHA51283a9cb138dc53cbfd4c518c4001bff325b1db152b2f57fea4dea2b06627da30b9176dc763f87d9c8669acc1a3f47e10b91c5dcdf71c8267e50e8488c8170c800
-
Filesize
8B
MD58c0f364ab85d65048156b1106bc86e56
SHA12dc95e0cb143ca0f9defa11e50674b3052af03ff
SHA256fe91ff6225a3b888fec3c7393b267d44e6a22cc52b99cd4c70657090cb557ecb
SHA512187701ed12f24c680cf5c2c2f5277a8bd89ced2a4fde455b7141caac869373e17c64e6f1050dcd297b98c53b10a8a3e2437b8673f45e6f194dd7761944f21020
-
Filesize
8B
MD5dc0a7f38b3698a5d76c2c0497e45e630
SHA154958110cbb88b67ee5106ad767e7ee35bff4e7d
SHA256d5c251742714807a6843df7711baa977e14c1062221234b8fbeb377111ca198e
SHA512b79bd2f7592284f353fe56359055a2d8012ee15943a6b85ad5680d277514f55b72f5a073a36601e62a24811f08f9e53ca3e915e751cf298295226c14b3f639fa
-
Filesize
8B
MD553e1b40551be7343a9455213524d46fd
SHA1a5c57306db25fd0823205310ba9c32c15ef94014
SHA25605cd09a56ea5612618ce305e6c090a109558dc0c319b45fb07e05c60d85f6807
SHA512c65af46568e852c0915dce48a686235d793635c3603b4d2bdce663569611d47b5a6f8e6a2e87601f436564ff2d20aa05e59ff3734924409b774584b152280308
-
Filesize
8B
MD5af33f2ac4b574cc2c6adf570d4274396
SHA12885586fd6b4f17249451cb59b20313ae7b481b5
SHA2562c9a782dc83b6a323ef9349851bb5fcdff07baa438e62dc9f4f94aaa70c72e9c
SHA5123e29eabfb872306f946981bd827ea226c7fded5ab704c09a9491a27f57deb4bb65dde5ffbbc8a84cc942e9b8bb7bd5ea942f7c616d4b1778cd0e4dae0e16acf0
-
Filesize
8B
MD5ffd8c862a47fbb8f3a130c44f0779878
SHA17a17d7aef611ae747e5b5286cefc38aecbb15f64
SHA256a7f846dcd1e1edf32e213af17d141998f2b8ebace034579000585f62e73fcdf6
SHA512f3c9ef09cbe759b6173b3a8641969ce8eee2f687b9c00eb936eebc748bae2cebb280d82918f85db009ee255fef99e919897662463f038bf2912b51941cdfc38a
-
Filesize
8B
MD5e42f30bd77d5d07e9d1d1939661e6333
SHA18343c36d22d7d2dada69e4f9f4d753c91f1b9e71
SHA256c09d2175e6d593987c1e5904dd194423cd2ad61e358ccdeb28de670a26d8c10d
SHA512284e0677219e70aa7b53a1a27ee239c13f797f5957b76f6a7f8568de41a43e1f2f899539c189fdc3ab3865db73721c9c495089f2c7f41f4928fa23225531b321
-
Filesize
8B
MD5e3af9a62bdf118d9a89d7aa93d14bf50
SHA16761260a9ad7b51768f95f83b74171a71d28532b
SHA25656be8ea33a2f1e03ecf27782226cd821c0cacb3f8db6399d5ac5b055c3ccbe38
SHA51287ae9da5735d6f6bfdc2d7cb8105aa85f674c1a9d1bab4fa68d2a32b7c6dbc41515a0196b7c3ac113fb69d5a715e16b1842a37b361f3d2e8a4ec970c1af7cd80
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
896KB
MD599015dec9d9edc8a9869b565c4d2cc48
SHA12991d0aeb91d062e9637651a99f09035f45accf1
SHA256af8ca5db504855a72c81b95e15d5c7128cc7d56ee68ba8ce537524ae0464f9f0
SHA51279ba1f08e39c0d50968528195be341623f7b73bbb5a40652775d26ec8323ec4ff190a2667c38621543a92496f2427944dc1d7181b4e795eba474ce1ddb3653da
-
Filesize
9.5MB
MD56e6165f2a71731527a6bd575b6a9bfcb
SHA13aa2ee4c6ac27ecf17fb0fa00be4787c62204f25
SHA25682c03eed7fdff77b936e0f0c8d38aec9f419d95c44c8a473fe658ae8e5f3e9b3
SHA512592d951ffb7a23845ecc816ff84965f83ce7d0898ddddbcc8a07254a526ec8f4648edb56ddd13f9dd4fee1a815ae980e7452bd8f2fb18fa0de8930c10d05eb26