Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05/12/2024, 18:05
Static task
static1
Behavioral task
behavioral1
Sample
c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe
-
Size
316KB
-
MD5
c8d4fe17c8e0f6741010b9a72cf21217
-
SHA1
b0aa40025446913d2bf701830e846137f7f9f5e1
-
SHA256
7123d75e78f1bf613547d9ef6f1d15f27d3359b6f03228ef71ed454dc345fd4b
-
SHA512
e2b89b8e747ec465d44510f23c06e150e28ddbeef8561f711b5e8da287cbe3fe75aa3fae1c0002d44eecb67ab4cc53e658c6a0d6f31091b0876fd0a1fa6b683a
-
SSDEEP
6144:9jbeipsJgGnuaLd0EIGPCVfS3WmHR1LstMu5ZFCxiF0tgJc6Bwc:9uPJgGtLD5PCRmHTwtMubFcNae6z
Malware Config
Extracted
cybergate
v1.07.5
fares
127.0.0.1:82
abou-fares.no-ip.org:83
O12C6FC8BD6K13
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe" server.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe" server.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06Y5U1N1-4032-08B4-3IL6-ASW2F48YAC8L}\StubPath = "C:\\Windows\\system32\\install\\server.exe Restart" server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{06Y5U1N1-4032-08B4-3IL6-ASW2F48YAC8L} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06Y5U1N1-4032-08B4-3IL6-ASW2F48YAC8L}\StubPath = "C:\\Windows\\system32\\install\\server.exe" explorer.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{06Y5U1N1-4032-08B4-3IL6-ASW2F48YAC8L} server.exe -
Executes dropped EXE 4 IoCs
pid Process 2952 server.exe 1604 server.exe 1528 server.exe 1632 server.exe -
Loads dropped DLL 11 IoCs
pid Process 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 2952 server.exe 2952 server.exe 1604 server.exe 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 1528 server.exe 1604 server.exe 1604 server.exe 1632 server.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\install\\server.exe" server.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\install\\server.exe" server.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\install\server.exe server.exe File opened for modification C:\Windows\SysWOW64\install\server.exe server.exe File opened for modification C:\Windows\SysWOW64\install\server.exe server.exe File opened for modification C:\Windows\SysWOW64\install\ server.exe -
resource yara_rule behavioral1/memory/2952-13-0x0000000010410000-0x0000000010475000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2952 server.exe 1528 server.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1604 server.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 1624 explorer.exe Token: SeRestorePrivilege 1624 explorer.exe Token: SeBackupPrivilege 1604 server.exe Token: SeRestorePrivilege 1604 server.exe Token: SeDebugPrivilege 1604 server.exe Token: SeDebugPrivilege 1604 server.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2952 server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 1716 wrote to memory of 2952 1716 c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe 31 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21 PID 2952 wrote to memory of 1188 2952 server.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1188
-
C:\Users\Admin\AppData\Local\Temp\c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c8d4fe17c8e0f6741010b9a72cf21217_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1624
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1636
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1604 -
C:\Windows\SysWOW64\install\server.exe"C:\Windows\system32\install\server.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1632
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\server.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1528
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5fb17623d2aa1f471dbf5c47f80f9d0e4
SHA18ffee9639c154db94cb5af2ff4707e10492f029c
SHA256ff447148de491aa170768ef8b7a17d52bf423402cf437b38a96c81930c9a7655
SHA512708230ba67283af0e2b5109c78b246b876af1a312c47df417087d5916d7c48c2a023f1532e5972e9cb34b5d38e3c0ba5d521f33a90d93214217aae946906da6d
-
Filesize
8B
MD5de44af29fb588de2bc832528f9e4783d
SHA1440f7247294a9ededfe548f12ab7bd225e2273eb
SHA256b8a104ebef12aefba3bcf9ae64929bf8ec5b1463370ae9edba7e0e92cadcaeb2
SHA5123a9dda793eb6bfd16d7116f736ba9d555e79513ba4a75956b5fec9d3d6314049fc7a179416c03080952377bf4595f3a0523892323f622e4395adafe4f2d469a7
-
Filesize
8B
MD53534619a053edb851e58b2c07e9a0503
SHA1bef3fd956a0a160aa7b7fc70999a6380ce3ac416
SHA2564e1fc0715376c5874134600d4f20f7cf71c84d83a4bc8c1b6c9d413d00ad75c6
SHA51286bb3be407fa123edd4e78a458d22466f7b7e9875769dac9989de1723909b2017c6a718df383330585ab6ca8cd6c61564d5a145cb200abe80b2b3d7f3d15c573
-
Filesize
8B
MD588deadba11a98ea48297c65d0b92dda0
SHA12cd324be57523d9a45a18d5b214096f9b3fc823f
SHA256575f2929f37c3e92f9c847194bb8b9507f14ee93675384b8b54578c1a16235de
SHA512d61bd4977e8014fb53aecdaf428d9f95a48946611b6d8ae4fdceeb46ba25e3a1bfaf2553065d87d3455a997ecac9baca4781fb049ecfc0f34fa74fa8f914151d
-
Filesize
8B
MD550f6ff7bae859daae2788138a2d92830
SHA142c74677d9d00b0581f34dcc7ea8bab8a905c440
SHA256708ed5386c5d957ade2826ac838a349726af080c1ca859c37213342210e8a262
SHA512f8f9b0361cb13714eb3146228cc7c95b15867d3aeed252d4ce9081fc88dee84c34d6f17182da8aeeae063b28168d5042b0879c27d3bd63fc8abb6182445e23b2
-
Filesize
8B
MD5ba59b24b586b7c8412d0efe28bd05620
SHA1ddc799eca829c725d92dba1d75332ff26042a8b8
SHA2563e02fb80f89ebd1dc25c586e134b733a45644715a53bada973049b08b17a1cf7
SHA512d40268e45526904e57709a348d31f955bf2c141de8804f225612ae75fe8c0aaf8594004984426c1dbda805a19c43c707ca770df401810bca583ab9299d817575
-
Filesize
8B
MD58e3d1def9213111badf268b90e7bd948
SHA1cbf923f4c6e7b4ccf636da8eae4657b4f44be668
SHA256d99bfbf29bf93752b5fbd9179592e0a40500d06e6568e09ffa555212fa98ccf8
SHA512c695d6131aa8d52dd37c8f1ef400c958164dd0e90492e4cae490c5b8467f2c5611a2b1bbc7ed71b093089b4cd8a4507873b37e714004d0ddb053e4a6c4b0e891
-
Filesize
8B
MD54181d7f62619ab00f0f9c623bc7d9dea
SHA1a1762172ca511045b649dc30c5537c034a6df34d
SHA2560e91d3360ab9f62f97d1e025024d40874e6edc0577ac43df87b0430c4b574c44
SHA512ed5adbd515b29035a452a25e79ad4274381e27048fe6c6b08c2dfb0aefebae26f26364fbe987fe0203ba4337f6fe514375cae6735a84e1783c65eee4fa90a1e2
-
Filesize
8B
MD5e06899faa30ee307df813a6e93b2e99f
SHA14c3406e8cad8e7c30c3761f52434bd56ef56b638
SHA256946218c13c7fbf1eeb8468a032fdca0a3a7cc1e0c07133246d069b77420e5138
SHA51226c768f47dbbebdbf6fd37541366788fac439eb25d0168213c1658f25f7e812bb3ed164e91238ecb172cfba2c8f46e45baaca3a8eb932d18b2c21340100af7c2
-
Filesize
8B
MD5c1e2edc33fbfb58d680411a0c8625669
SHA13a8cfa8b496d7c25b36865813caf2c4bde287da4
SHA2566ebedba83db7f69476a20481e732f0441a84ba59868f42a5862d94e75134019b
SHA5124e5ee38c65873276344de618653ba3d0a7fc34f2ca29bcd500af1a105ae402d319c9a0d9f182758df7116184c0f0ec1419c12e19f0c87bad7eadc715c42de1f7
-
Filesize
8B
MD566d14f67a7d07e5936b217444c2a3f7b
SHA10f8fdaae818bac8a6521907003900f570a2a24ad
SHA2561db9472f45e06d01ea3f0b449457d69c43231537062ea8b47e745c741cc6d4fc
SHA51225dde28c1f7804ea4b467f573ec5c5684eaf412fdc4d786580b46a492002c7a72398cddf6807ca40ca3b5057c816401a0178451840599e275481a605c87609b0
-
Filesize
8B
MD505a085f04fd20f7b6e15fb9819df1658
SHA1e89ce34cd5f4bf5529b18455e7bae9ffe77a542e
SHA256f4e104457530e45d1e81f268812970e4a5a26a42c9c2c09ecb58e6335ae15366
SHA51290206ca0aeea2d1b979aa9d3c43a8b8e7e3d64450a968db6bd246dc509d9ebaadaeaebb1e5efe99e6efe3c58918b09c45af1ed70e3cb187d99073c405817590f
-
Filesize
8B
MD5c52c453cfda31dc7bb5be2d0af9a6b12
SHA1bce35580596c2ba3aaf7bbe262fec2bd83bebc8f
SHA256690b2197d949fc8cc062ce93f34de076bc84ec085cdef8a112f8ec73b0cab59f
SHA5124ef25a8af82fb0efabb713d617e5fb16b74f60f18caf318b35949bba65c8ad876387f0af5361c600ca091bc37647a4f884460bb133f6697d5cae7bede52e3cd3
-
Filesize
8B
MD5b32525587884e2658e58b2d147219299
SHA175fe894cf3bd6ca0405e0eb4db4a31e358e12723
SHA256de104b5faa20d9700be75a44b8f1e3a909ca889dc22ff0de2b38469459fb82bd
SHA51211dcee9f10f2e3740fb0f223c89ac8d81b8e75b1d31d9c92bfc2dfcee316d2d1282799748e8a80411735fa2235cf5fb6cf7cfc0732d7638b405c87dc2be9714d
-
Filesize
8B
MD5021db203dcf013ba5d2ca84052c2d5dc
SHA14a2a1423bac4bc107322da51049dfacd97e92c1e
SHA256b421d7baeac13c5a303850d382450eb177314ac3d457b19ae59a22662172a766
SHA512f403c73cfe17b3b1db45398bdad5ed08b6ffd97b7b97b17f4eb13e2ecda5014f102cea3eb571f43062e6af28e6c8112a55c4a4ec0bb215592734e3940813d5b6
-
Filesize
8B
MD51f403746aa23aea74e00445941d532fe
SHA1ac488b7938f5bac20392e46e60a26072176f63ed
SHA256b7782ce414b49959fb273770fa16bc1f4db373ab8c368bca2d174a104b8c49cd
SHA5129b318a936af5dfc9ce937c1e99736f5b6d4a067283a1a9d61d9e9d82b4dd13e87fb165ea1dbc2c1c63bc57a08963cb67010e3e6e5447bc909d44d09e0a9aa0ce
-
Filesize
8B
MD51c2f7aa137a15dd6cfe08a4b7a53db9d
SHA1278982390e27ca174007554642b2f5cf79e365ca
SHA2566bc185ff1ef6e9f1fe3ebf3febaabf6c26e01ff39d5c48fc053d2b2fb41ffe1f
SHA5126818fde15dec7407f37020f9cea0f65789cc0f402d91e41fabf0fd72446bd6b80cfcfaa4428e74cfef6ca7268370995b650786bcff9ed5111fdfde64d3c65403
-
Filesize
8B
MD5126f01ef695a69d3cb0da8e96c84bc26
SHA1fa155255786601e3bfedb0ca47c567ef85e9415f
SHA256618692cdd7cae4acb44320d5c40a1a2532ee0ca19ced5dca56862c37f119e7a5
SHA5127b4166f2e40367ba8ab36d52f5dd4c1e38b205013e999c950e6849b4bd0a54fed966e5e50f30899cbb45eef87df7cbce70cb236376000f85e030f94347d1f03d
-
Filesize
8B
MD557661eee29f4cb4ec570d80f677e21c0
SHA10eb97c7d99b5a793c715cd53326e14c7c2dac913
SHA256a38c844ddb1f5a5275b2c749231bfb55a1082d077b574058580ae8a52c57e3d3
SHA512b281697a87661b3df658cf4b89cea0276135f7e413f113b9b0b1f6179cae62fe02bc6ac622d9c669eadbfb087d17041164a8234ce022a4ae9cf05e54c4101fe5
-
Filesize
8B
MD5924d2550bc21cb1aad2d6dc8b0cd7e87
SHA1354e742a423f6f98e3f59c2041938158b9cbf20b
SHA25662ac080007ba2da6a626aeb3877ec630889e71a8844b15e89644ba13157cffaa
SHA512b5b22bd1aff8ad66200de6bc0160b0c632763f66bacba97f4cf898ae96a20a74eed0b1943522ea9812d1656a5ad5018a43e599f6b8f966ae533ba0441cc75262
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
296KB
MD58bfa79b8632ef2449e9840da3f570812
SHA1cd7ecf6e42284f068fedff4295523b0cd7d7f24b
SHA256522281f97378f53bfed2d9a21ebd968868ce05fbdd7043133a9385daa37d0454
SHA51208dfe679ea9486034d9b03686eb183f5aa720d3a7cd2ee8c23ff3e310f8c33480ab67bf5d520ef545d4b08ecd06a55bbe6036ed5b1d898bd3a80963a1d249dfb