Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2024 06:44
Static task
static1
Behavioral task
behavioral1
Sample
99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe
-
Size
4.9MB
-
MD5
99d934cc3c3f80ae473810a3e29c98ce
-
SHA1
611b3329057ff14d959ecc2aa6c9fd5c762448d3
-
SHA256
0dd183e40195e0b11462fbed00f627076277d0e0ec8ca7fb26db50f509ac3d6e
-
SHA512
b63fbad632f16e6282fef17866417654340f05149215b3ff598bbe676555c5f0b199199af81b10332b5a5526c2f11ec194ac6f346977e4374e7906833f346ac9
-
SSDEEP
98304:GezJvfL0j5gVpAfQkGX4bK2qYqokcIV3HeW053DI5b+HCydSKFx5I+JgDCr:GwvD0jkpE04ozNnHe/5zCbACyd95Lf
Malware Config
Extracted
cybergate
v1.05.1
Cyber
piccracker.zapto.org:82
Q6IR538OYASS0H
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
PIC
-
install_file
PIC.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
trigger123
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Crypted.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Crypted.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1} Crypted.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1}\StubPath = "C:\\Windows\\system32\\PIC\\PIC.exe Restart" Crypted.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3J511274-8X31-6421-6N86-M2DJKDJRP5G1}\StubPath = "C:\\Windows\\system32\\PIC\\PIC.exe" explorer.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation Localhost (2).exe Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation Crypted.exe -
Executes dropped EXE 5 IoCs
pid Process 2932 Localhost (2).exe 2904 localhost.exe 1612 Crypted.exe 3856 Crypted.exe 1276 PIC.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\PIC\\PIC.exe" Crypted.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\PIC.exe Crypted.exe File opened for modification C:\Windows\SysWOW64\PIC\ Crypted.exe -
resource yara_rule behavioral2/files/0x0008000000023c9f-37.dat upx behavioral2/memory/1612-41-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral2/memory/1612-46-0x0000000010410000-0x0000000010471000-memory.dmp upx behavioral2/memory/1612-50-0x0000000010480000-0x00000000104E1000-memory.dmp upx behavioral2/memory/1612-107-0x0000000010480000-0x00000000104E1000-memory.dmp upx behavioral2/memory/3856-145-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral2/memory/1612-183-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral2/memory/1276-202-0x0000000000400000-0x0000000000455000-memory.dmp upx behavioral2/memory/1276-204-0x0000000000400000-0x0000000000455000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3208 1276 WerFault.exe 94 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language localhost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crypted.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Crypted.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PIC.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ Crypted.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1612 Crypted.exe 1612 Crypted.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3856 Crypted.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3856 Crypted.exe Token: SeDebugPrivilege 3856 Crypted.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1612 Crypted.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1648 wrote to memory of 2932 1648 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 83 PID 1648 wrote to memory of 2932 1648 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 83 PID 1648 wrote to memory of 2904 1648 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 84 PID 1648 wrote to memory of 2904 1648 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 84 PID 1648 wrote to memory of 2904 1648 99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe 84 PID 2932 wrote to memory of 1612 2932 Localhost (2).exe 87 PID 2932 wrote to memory of 1612 2932 Localhost (2).exe 87 PID 2932 wrote to memory of 1612 2932 Localhost (2).exe 87 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56 PID 1612 wrote to memory of 3468 1612 Crypted.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\99d934cc3c3f80ae473810a3e29c98ce_JaffaCakes118.exe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Users\Admin\AppData\Local\Temp\Localhost (2).exe"C:\Users\Admin\AppData\Local\Temp\Localhost (2).exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\Crypted.exe"C:\Users\Admin\AppData\Local\Temp\Crypted.exe"4⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
PID:1584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2184
-
-
C:\Users\Admin\AppData\Local\Temp\Crypted.exe"C:\Users\Admin\AppData\Local\Temp\Crypted.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3856 -
C:\Windows\SysWOW64\PIC\PIC.exe"C:\Windows\system32\PIC\PIC.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1276 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 5647⤵
- Program crash
PID:3208
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\localhost.exe"C:\Users\Admin\AppData\Local\Temp\localhost.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1276 -ip 12761⤵PID:2728
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
267KB
MD5bf0577c17a68234736f67d5db295b130
SHA15e25e119d884ddb8585187c82a9c6550bc85f3f5
SHA2564d62b9e65bca737e052b6610be21cef8c65016ff7f7b74f799c8dac98daa1c1a
SHA512cf806bf21d0e084040f6ee9ad9fa18cdb58e8970fb7f4eb32815d254b770d238034d5f28ee440449293163d89cd2ac448be545e5479fbb1c9cdc3ec8eeb29321
-
Filesize
896KB
MD599015dec9d9edc8a9869b565c4d2cc48
SHA12991d0aeb91d062e9637651a99f09035f45accf1
SHA256af8ca5db504855a72c81b95e15d5c7128cc7d56ee68ba8ce537524ae0464f9f0
SHA51279ba1f08e39c0d50968528195be341623f7b73bbb5a40652775d26ec8323ec4ff190a2667c38621543a92496f2427944dc1d7181b4e795eba474ce1ddb3653da
-
Filesize
222KB
MD531b0de3f40858bb30215436ea035ae19
SHA10a125c6c988468bf685e14aac3cd5246c934fd6c
SHA2568e85ea076c3ce5f31ff11a40be4327899e9b90c944f90d4c67e8f2b06bc83024
SHA5127cc58edb51a0c8c2434d3c9c13c00e292de9e5b7d5c2349a5a2bd98b5ee2de41793a7811944456e697421bf589df5cfe8c48ac6e10ba3e21239e05382c466a45
-
Filesize
8B
MD5442985aab1436bff4930b1053bbfda2c
SHA1bb20b49b90f5329a532dd29c24e8d46470643746
SHA256f496d5048b02300ff1abe9dbc4b1354bf2f7c9591807c2b8c42e57f7bf9d2ae8
SHA512cf5705a4b15955e0e11905f71f7e653218fd621422582a9b05301497c4b36a8e9585dd408f517f8899fb56c5f7b4de2f39e33b6136af090ec59288c3f647cd06
-
Filesize
8B
MD5a88b56be4f86a9ec1e9f47e0d91dee45
SHA19b40b73b68153746d815f9c1093456fa806c1ab1
SHA2561bce2e025d7f0bcdae108bbdb2af264d7df38c7ddcafbfbcad01a876dcaa7b49
SHA5121b197032d632821e69808d49e2b2094b24aabcf024da14f3b62934f9f42bfa060495b0bcd5ab791383c8d310429f608f538255087ea8a5f1bf1d64bab8528363
-
Filesize
8B
MD5e3af9a62bdf118d9a89d7aa93d14bf50
SHA16761260a9ad7b51768f95f83b74171a71d28532b
SHA25656be8ea33a2f1e03ecf27782226cd821c0cacb3f8db6399d5ac5b055c3ccbe38
SHA51287ae9da5735d6f6bfdc2d7cb8105aa85f674c1a9d1bab4fa68d2a32b7c6dbc41515a0196b7c3ac113fb69d5a715e16b1842a37b361f3d2e8a4ec970c1af7cd80
-
Filesize
8B
MD5deca2c2eafff708ce181f4dec8d0cf2f
SHA10a3e94c6d83ec6ee8693c5cf8d454475817e5cd5
SHA25646f0cd9a7318328e4b49ef1e247f39352aedc8a2158140cc9bfe2eb8c9b52aed
SHA5122dd77890ac676a7589702b2d74f23222e6b556d65d14454ab10c42bb834089cd8ffd4bfd71ad5b02db1c66d02a1d8d5bda505391675aff18a8bc4aeeebb84b82
-
Filesize
8B
MD551b4ce557407c17466f6043b101acc37
SHA148692d135b8c50a96264b26cff758074186482c8
SHA256198ca96ad20225a2c7bb3f42c7f2d95249a2420724aaac4b7607f6b469c06b82
SHA5123f500ad487938f2efd136bf73c54fda0bce65b17b1dfce5900111e077f68f8ab8d56230326349bb8ae21e4ece16536d373757c4be10d4b23c312cf58ec7cfc1a
-
Filesize
8B
MD54fe354ccd6a8be0e5e69b5fe019d878b
SHA1f8bfeb37d66fa7ddebb176d9d54c6bc11c52490e
SHA256944d75d0787584a3af861d1134fde71c94497f1abb9649540e8f27c78ba21dbf
SHA51213d3997a83b8e5a8bf5e30aea08dc4f037a27680a9cc54c5cf9d1f2e1dc411c826835646912c4f39080193d42537d86bb96baa42e33f082f46b5965757bb4fd1
-
Filesize
8B
MD59d77e64c1e0b11d055a63140104856ca
SHA17cfb3cb18f07d4923a3d1856a43bb874117db6e4
SHA256599b5605e8fa563e45802c6be0209ca8357605b3a7eb3d051ac070941fd43dc2
SHA5129e0e3c4f9d4ef13b395c1bb07573a0bccd30a299cd90264f3607c500248fcb83f1ff9906edd9c85f957831fa58aa0206fe8dc6aaaab09ac056bf9ebeb4d069fc
-
Filesize
8B
MD5f75e725baa8b96f5940fcac0667fb6eb
SHA15069baec5d49805fde95c947bdbfa79c880f42dd
SHA2560d4d39180da139793bc0fe4b407581cb198f7bd621894b8aa86ddf40aaceab0b
SHA51220e86211e95660ee135337d18fac71c8f814e5b4139e19a7a310930156c365a196def82e32220c8902b38896515dadd330dcc242fa2077699efb954cc7c7a87e
-
Filesize
8B
MD5ba7caaf51812b6f1b6e4ab07a2bfddef
SHA1aefa8a5aa9a026b2d7c3624991d0a72055aa0c89
SHA2569fb42ff19a3d93d84654d84e76e690f7d89dd4170659c09d66729b8902d2b251
SHA512cf93c9a457fd138fb7799d4679d482696fbf2e8573ed0cbccc8c42c60c676c0568d2d1feb1855c3e88adc43f3a8fce1a059d304406342c7072a6ef4f95b52322
-
Filesize
8B
MD54f2008dff43b371743e56a323a5a24fe
SHA1313c485eaacfa5dc58f8be30222b0f9e77673efb
SHA25661c92e8869535a0e7552efa5c4c7897b5d582e12df6972e7c3881751034b22f8
SHA5126b524aeb883a9ec78ca71c775f9c50732c7234abd02ab46449b6666b18e95cbda4dea53555b2bea8e525badf59c4c03ff2518ee1054a0c98033764c5cbecc4c0
-
Filesize
8B
MD57da7e5009ae61d9f4ff1bb5eed051abb
SHA1c23700470adab32d2600f1764726f64be490aed6
SHA256500414418e9f23647c81cfc92908392f4f7de4fc9d85b33e8f6f2b01b4c7fddc
SHA51283a9cb138dc53cbfd4c518c4001bff325b1db152b2f57fea4dea2b06627da30b9176dc763f87d9c8669acc1a3f47e10b91c5dcdf71c8267e50e8488c8170c800
-
Filesize
8B
MD502bff359f49f03bea727c6eff77040de
SHA14cb17913e9b45c62fb310ccfc034b207f2101dc2
SHA25619d64560183e62700efd519aa68205c266094695b21d87d729346d4f183c3120
SHA512162ee283920db5c19969bdaf68f813cebfe707e16892f0a97ebe9862403a4020c12cf4ad470e1ea1081f4ef561a5435ae0af7903877ad26757427d73453fe424
-
Filesize
8B
MD58c0f364ab85d65048156b1106bc86e56
SHA12dc95e0cb143ca0f9defa11e50674b3052af03ff
SHA256fe91ff6225a3b888fec3c7393b267d44e6a22cc52b99cd4c70657090cb557ecb
SHA512187701ed12f24c680cf5c2c2f5277a8bd89ced2a4fde455b7141caac869373e17c64e6f1050dcd297b98c53b10a8a3e2437b8673f45e6f194dd7761944f21020
-
Filesize
8B
MD5dc0a7f38b3698a5d76c2c0497e45e630
SHA154958110cbb88b67ee5106ad767e7ee35bff4e7d
SHA256d5c251742714807a6843df7711baa977e14c1062221234b8fbeb377111ca198e
SHA512b79bd2f7592284f353fe56359055a2d8012ee15943a6b85ad5680d277514f55b72f5a073a36601e62a24811f08f9e53ca3e915e751cf298295226c14b3f639fa
-
Filesize
8B
MD553e1b40551be7343a9455213524d46fd
SHA1a5c57306db25fd0823205310ba9c32c15ef94014
SHA25605cd09a56ea5612618ce305e6c090a109558dc0c319b45fb07e05c60d85f6807
SHA512c65af46568e852c0915dce48a686235d793635c3603b4d2bdce663569611d47b5a6f8e6a2e87601f436564ff2d20aa05e59ff3734924409b774584b152280308
-
Filesize
8B
MD5af33f2ac4b574cc2c6adf570d4274396
SHA12885586fd6b4f17249451cb59b20313ae7b481b5
SHA2562c9a782dc83b6a323ef9349851bb5fcdff07baa438e62dc9f4f94aaa70c72e9c
SHA5123e29eabfb872306f946981bd827ea226c7fded5ab704c09a9491a27f57deb4bb65dde5ffbbc8a84cc942e9b8bb7bd5ea942f7c616d4b1778cd0e4dae0e16acf0
-
Filesize
8B
MD5ffd8c862a47fbb8f3a130c44f0779878
SHA17a17d7aef611ae747e5b5286cefc38aecbb15f64
SHA256a7f846dcd1e1edf32e213af17d141998f2b8ebace034579000585f62e73fcdf6
SHA512f3c9ef09cbe759b6173b3a8641969ce8eee2f687b9c00eb936eebc748bae2cebb280d82918f85db009ee255fef99e919897662463f038bf2912b51941cdfc38a
-
Filesize
8B
MD5e42f30bd77d5d07e9d1d1939661e6333
SHA18343c36d22d7d2dada69e4f9f4d753c91f1b9e71
SHA256c09d2175e6d593987c1e5904dd194423cd2ad61e358ccdeb28de670a26d8c10d
SHA512284e0677219e70aa7b53a1a27ee239c13f797f5957b76f6a7f8568de41a43e1f2f899539c189fdc3ab3865db73721c9c495089f2c7f41f4928fa23225531b321
-
Filesize
9.5MB
MD56e6165f2a71731527a6bd575b6a9bfcb
SHA13aa2ee4c6ac27ecf17fb0fa00be4787c62204f25
SHA25682c03eed7fdff77b936e0f0c8d38aec9f419d95c44c8a473fe658ae8e5f3e9b3
SHA512592d951ffb7a23845ecc816ff84965f83ce7d0898ddddbcc8a07254a526ec8f4648edb56ddd13f9dd4fee1a815ae980e7452bd8f2fb18fa0de8930c10d05eb26
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314