Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-11-2024 16:05
Static task
static1
Behavioral task
behavioral1
Sample
9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe
-
Size
808KB
-
MD5
9c8a51cb4d779dc24989313c6fe6f93f
-
SHA1
5a13e58224c236ae8f9cc388bea00f7857e07314
-
SHA256
b217b5ea2241fd7e935b1338c125dbb065d3aa4fcc8dbea51caf8d21f03ffe9a
-
SHA512
96fa838c89a384ec053bed623a890c8f34af0123c52b3aa4358d55aeeb4fbd9b6dc88f332a2251a18ccf5d7fd73807a2c71f69d80a23f50c3278365d3b483415
-
SSDEEP
12288:IjB29iPCJmRdkR2ys5zUEM+G6Er2GafBWs7K4dDEtWqPHhFFPVW+JiVu+bCI3ZXQ:IsiOVmzBI2LKWq5rPZ6u+bCI3ca4
Malware Config
Extracted
cybergate
v1.07.5
cyber
slmendy.no-ip.biz:82
27C608CYSY7PWF
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" server.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" server.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{O1CKK13E-7660-NSV2-Y1Y2-0357YD1AP17N} server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{O1CKK13E-7660-NSV2-Y1Y2-0357YD1AP17N}\StubPath = "c:\\directory\\CyberGate\\install\\server.exe Restart" server.exe -
Executes dropped EXE 5 IoCs
pid Process 2060 server.exe 2332 WLMUninstaller.exe 2768 server.exe 2888 server.exe 2516 server.exe -
Loads dropped DLL 8 IoCs
pid Process 2332 WLMUninstaller.exe 2332 WLMUninstaller.exe 2332 WLMUninstaller.exe 2060 server.exe 2060 server.exe 2060 server.exe 2768 server.exe 2768 server.exe -
resource yara_rule behavioral1/files/0x000b0000000122ea-5.dat upx behavioral1/memory/2332-17-0x0000000000400000-0x000000000049F000-memory.dmp upx behavioral1/files/0x0008000000016dd0-15.dat upx behavioral1/memory/2060-13-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2060-33-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral1/memory/2060-28-0x0000000010410000-0x0000000010475000-memory.dmp upx behavioral1/memory/2768-52-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2888-370-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2060-369-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2768-389-0x0000000005050000-0x00000000050A8000-memory.dmp upx behavioral1/memory/2516-392-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2332-396-0x0000000000400000-0x000000000049F000-memory.dmp upx behavioral1/memory/2888-400-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2516-402-0x0000000000400000-0x0000000000458000-memory.dmp upx behavioral1/memory/2332-500-0x0000000000400000-0x000000000049F000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WLMUninstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2060 server.exe 2888 server.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2768 server.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeBackupPrivilege 2768 server.exe Token: SeRestorePrivilege 2768 server.exe Token: SeDebugPrivilege 2768 server.exe Token: SeDebugPrivilege 2768 server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 268 wrote to memory of 2060 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 31 PID 268 wrote to memory of 2060 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 31 PID 268 wrote to memory of 2060 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 31 PID 268 wrote to memory of 2060 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 31 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 268 wrote to memory of 2332 268 9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe 32 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33 PID 2060 wrote to memory of 2668 2060 server.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c8a51cb4d779dc24989313c6fe6f93f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:268 -
C:\Users\Admin\AppData\Local\Temp\server.exe"C:\Users\Admin\AppData\Local\Temp\server.exe"2⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2668
-
-
C:\Users\Admin\AppData\Local\Temp\server.exe"C:\Users\Admin\AppData\Local\Temp\server.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2768 -
C:\directory\CyberGate\install\server.exe"C:\directory\CyberGate\install\server.exe"4⤵
- Executes dropped EXE
PID:2516
-
-
-
C:\directory\CyberGate\install\server.exe"C:\directory\CyberGate\install\server.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2888
-
-
-
C:\Users\Admin\AppData\Local\Temp\WLMUninstaller.exe"C:\Users\Admin\AppData\Local\Temp\WLMUninstaller.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD58036fb4553ba25098196cc66f530bda3
SHA1aed57d29093099db4e42766b72190a5d0aca8eeb
SHA2560069f112b5a0c7ef77275e1c965873e993359e47676ef1db053b96c5c346bbdf
SHA51205d610ee1089c77c39d24111fb724e5de7e6733cace00d6ecc2dd6110ee4e0a12e4197179f92b423159f4415352a4855d319674be7e9e9471dede4e3ded526c6
-
Filesize
8B
MD51c30bb12a97ca0191cf1570ed38a6475
SHA1edd4d1bce431d2847723eaf23c139fdca75998a4
SHA256c4cd3d9555d27784ec3815bb47f4e84134b1ec0e064d13dbbc3e6c46e2f79105
SHA5124e39bb98161e7cd6fcac7404c32f07182005b5d2dce3cc8d1169210fa058b8b4667aa6e8942dd2a59581095765456a993d432e736fa24ee360c42f28d30a6985
-
Filesize
8B
MD50d225c68cd3929211686a6b247b597bc
SHA1ad38259fded536242c118db718b4be62b312536c
SHA25635a3be75e972ac80f5d759705843044fbe5bc257a1993339fa67ccd485079bc1
SHA512c95708c495d49cf0c38e92715e6964fe59975f8117a784524899ab22864bc94bd0ae3910ed54a5117e2a46bf3f207e69e8710f248d2a34890ff493514de34552
-
Filesize
8B
MD567de8b393f82783ab52e2aa089b49a02
SHA1268e1d399a4bb97dca01d3caeaa241824a14bc59
SHA256d8180698a61f6c255adc4e84aed9ca3376b2594c65dcd6d5a9a4a9f878d11670
SHA512c88dc37a018ba0948c929d6fae1ee00fe37d2bf3754d993122a4cfcd0161b3b9813dd53a689290359b9115e11baf18be1f7a292d433bbaeedc5e7ac541ddda97
-
Filesize
8B
MD5559f6b9a49b3798b723ccac46751a028
SHA185f2972a30e497be55e949c74c65168616dbab7f
SHA2563a900b817bd5b90f3d485517e938efa667ff6c61afea03e8bbface1844f4636b
SHA512147c4da80f58d6c21add778fd10191643adf8016622215ed85c46efab4efa324b0d371478a585b68562698459d87e2fc76a66c70fce4f04b086a2d9b09088474
-
Filesize
8B
MD54191ac91e3e58003dcdb3bf3234be668
SHA1af99cca328704a1cc9870d3b972ff2e65885a6e3
SHA256950c2c1e504e3944a65baeb786172f89a725dddea1ab80ceeb5eeecdf4edb0a2
SHA5125ecdc3438e0a0241a86e1534c664fdf228abe489368f4764c54cdbb6e02d0f4b291f2b976d8211d30b63592df1038132c6de184fa53dede08fcad597d38b0a06
-
Filesize
8B
MD558680eb2aea34ab682b19d9ae420cfdb
SHA1321fb8893600982bd28ed6d0ae3e0e1c4666c33b
SHA2567deb7b47d76fcc7bdbd8b6c2f52d22a8469f31ab284abe59f82e511cdd28f16f
SHA512ef5f42e4bad18b134355582633f06613434f2b2b785abcd393f575c7ba5924a2478c59c8ae105ae05e2cee85a4d95fcd064cbab4a96c25ae21e8725311d60228
-
Filesize
8B
MD5c56e32a8722bec9b049d7878bf36fc0a
SHA1d10830d523c06146bf817aa0d456b19fd435e1b1
SHA25632f0f5f17352de603ec1db20e231311c880bfcc6eec708ac97b8c70945f5d41d
SHA51276ff851212dbf0f1615c0e6e5d3a17b642db0cb7d368652ae9b033b77ada34c9b05a8b1609d1ccbf088fb345c720f3694613829e162723d6df716bd35d17936e
-
Filesize
8B
MD5fd3345b62bd083a38a22c70960d82227
SHA1bfee1bdcd960a4ce765595423c91dce82c0ff128
SHA2561b55cf216d1cb70dd5228a4d3e985480d998f5ead357879deb53115653dbd555
SHA512ef454944a042f3ef8a82c7c05a626f6f5f1b56bb9fa9c22d42e0ea4a501c8328e737304f297d9cf15b564aa92db15a5a671e6e8285908a11b1d84c80ca7b30bd
-
Filesize
8B
MD5057b19fbe0313974e9e9e05f989c7d5a
SHA1493815a61fa40d01ddcdb30c22d35cd36720d6d4
SHA256d0d247fb801979e92904003992916a67203c91b567af678c4c53f46792d275c8
SHA5126e511a0f4ddf16093c01db7afd93d76ddc70e88c940101666d1e1f8acfedd6b467e406fd8aca6a22994b8c4316da2042436f52bb6779e7333dfcd2d3fb72d68c
-
Filesize
8B
MD54bc397ef89114eea542b917ae4705f8e
SHA1f3d8f5e677c78956ed8634e52d315d8e653ea49d
SHA25606c587ae46e8b63b0421bb030db721c8a93ee4b85ec3b0ad8ad72ad073eca50e
SHA512403cdc0af5dbb902415ddc91c11d655b24e1d5d85299f9aefbeb826a7bb3c74bccfcf04c942d01cf41a25b4f0fb16cff24d1a7c53865e1beb198016473ae5744
-
Filesize
8B
MD5f394ed6152663fe6a7899eadf89231ea
SHA1af067a6f680d5accd0422def09a11595ba51d23f
SHA256305dc23393ebeaf7195d56ff74a5684d6b48fb5dcee1d932e51be1342ecaea35
SHA51281bf5a2560575fd14b36f38cd242ec8a56378024781bc5d6aeaeb71c694d08dad2671a21959af58340d00b6ecde278dd08220e9c2c4f65d7142d306a292b7b63
-
Filesize
8B
MD5cbb705b5c90bf2158e00e93842ce8439
SHA1f632b1b5b672afe4bca242dab80f4dc60ec090ac
SHA256300b967e8f1fa5adb9301ca728aba3368cd302dfbd510ec069715f0001618b4b
SHA512b0b21db2632f9b2bc20457e73811ef540898cd35aae966d12e19834a79bf7d98559e6999be763ed7a5b7c1ddc3aa28f66ccec2d49599948fa9699d52a7606395
-
Filesize
8B
MD593a22fb8ba2c0c34403c0f1f82f1c96d
SHA15dbc4337983e72cd9413ea64d81cd65ef30f38db
SHA256dd9207bf575506ab6a2409cbf3210a24a0bb1d05c82f2d8dc948cbc42a0bd068
SHA512190b80f4330445336b69f4877151b053e3ab953a78edd87a9e4ff93d811cbd9359dcbd028c2dae4d8fcd45ed99de00107eb68e24f2ccd95cec83754975e2eb83
-
Filesize
8B
MD51591eb0454e2b152fa2b1780fdce1b35
SHA1c0ca61d18d0503a5731acd005be3fdd46c140832
SHA256da615d4c9170a4a01c0ad7549abb42a1c0a2b87d6c1b6d605d5553215d5523cd
SHA5126f13154fbe2db7b3eac314b6226dfb00f7bd0529066c1d79d4416dadfd6fe7a6c70af4eab034e9fdae1f0da366a64cb91588fc0239df108cc25bc755d2a0cd2e
-
Filesize
8B
MD5dcc41ede84ea2c314ef5818effadff08
SHA1486006c75a4804581d6490a10e0bee7b5ebd6476
SHA2565c3e83dd91e837b6ee926e5f83906b61f1145030754e6fe03532440b4c9babfb
SHA51295ec1edf9c0187984b842a5882d88665d0a8a6ec263d1410553911e4eb5204eb8ced6495890016dd6f66484241ca687e5df76a23ec59727e6e482804bd81da78
-
Filesize
8B
MD515182f4d8bf2107639aab26d5587186f
SHA15297ca86d14adfb87d2464a78288583c48b766fa
SHA2569329a371a1baa9f4e0edf51b3012c43ca886ededf4501564b40df172fcbeb548
SHA512aae80852a308abbd8ca96038cd37e2b477a51a14f3599fb3ebf4dda9e114442ff241a1f9ea0b4971183f3a276351187c8be3f1e97cf3efbca88b9ab8059f753b
-
Filesize
8B
MD592b586e31cd066892602e8c32c2decd9
SHA11083a3adacd0319301a214d3e8ea46e32e140f7e
SHA25659bd849c58540ae46071b9143a66f4cb6ad1acf414e27ccc90a56937be654d8d
SHA5125b08b342743d98aade7bf7743f3a70c09b83b1597bc9a00769dbb5904bdce38b49d7a8eadcab312ac7d13fa164bdb2c9b513034809e252581e0b6113ff34fa28
-
Filesize
8B
MD57437354ef2c5b1162a436442ddf5d481
SHA1140a1635f007745775f9fe140c6af491aa7abca2
SHA256135952843f0af0c63ee44000b87733e76ebbc323b235f0d2198e6cf0848ca1e2
SHA51212414f65523940226c7b410a5b437b92de8d1231e436bc38539b6d3e098d9baa1d8720c8522f69c0a8a488e412bfd4890bb16068df744c5aadf7897875a31fd5
-
Filesize
8B
MD5a5b0e93c3d1159851c24fc6b2719cae3
SHA1784d8f4f72d439a91b2a887d429513ba080b2185
SHA256179e262d0ba82448bbf86813fb6e18dd5fddbd40b9a2670c328b63b9303c95bd
SHA512f3d7d6d18a7c5df95b6ef516543a5ed7a5a4dfdb7c287015babf999915f7e70e957d180b5c0820529f27592578b8d71715df0cd204f9a5b2174070daa186d0eb
-
Filesize
8B
MD59f68219f51c6322694b14769a7aa46c0
SHA1aceb6102c868568cc15b53bb970db75fa0cebe73
SHA2568d737b0edba706bdda4c69f627a1b6da46d44d9cb6ad39e27e3e93b9a9d81e01
SHA512175be3a7531993f5bdf9f4726c4936bf2f68182201a3f9ca3d4c09aafa65711bbe4c37c081e0dfc6bd8f4bfaf132d2a463e6c5ec27451385018766190b1664dc
-
Filesize
318KB
MD5105e2de7ff993e325b0afbc8bd9085a7
SHA1ee9eb98832870352141c680934ea3caa98dce6a3
SHA2568d01394f944bc4b98cab4623ed4a0beaa2d70bf781c15f1db61c89e1b12bd16c
SHA512eb4042aaa98831ca32738029ecb3885b07255a23f6738cdc32583a1770a4e375c314c133abc7b3946f9e93b4cf747b7c32bc30b962222758000ca881d78772f0
-
Filesize
274KB
MD5b4c2453ec83037d2cb018903469ae3d2
SHA1f7a0d3dc15fdfb932ec252ab68a86e59f32e5f01
SHA256c65bd349584d41d031e0177a9ce6ae77457c5513dbeb281358c3ac5509202bfe
SHA512911264c770ad94468c6e652b4dacdc2c9a040697cf1e5b7a743e6588c834365be53fbc9881cd95ceaebb3290a2527ab60e7837bcfd4a6475f5f59e0c053ac7aa
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314