Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07/12/2024, 19:35
Static task
static1
Behavioral task
behavioral1
Sample
d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe
-
Size
678KB
-
MD5
d345f96bb56293d23f5ae4e148c9a912
-
SHA1
67b12b289a1c95b016080af4e969edc4039a7dc6
-
SHA256
7f081ef130ca8c6efa1ab2d90278eef84754ff7d1b233cd8cc9a9eae2da2c8a7
-
SHA512
7b065da737862d4267aeeaa40dc43b7ef0fa0fcae2281465bbe8fc30b8250139e156de3702021c49104889141318fe8033e6ab05fafbc56a94c5264fa2a7631d
-
SSDEEP
12288:4pEOo6dfbUHUHcC8X8UvbRCf+OpiNpOTEojCP4/XrI5P28Sq+f:zOo+jUu+8KbRhggP4/P8Ef
Malware Config
Extracted
cybergate
2.6
QQQQQQQQQQQQQQQ
qa06.no-ip.org:3460
qqqfqq
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
File exit Nood Foun!!!
-
message_box_title
Lütfen Javanýzý Güncelleyiniz!!!
-
password
azabhantr55
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\install\\svchost.exe" d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\install\\svchost.exe" d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{IP2427AU-EVX2-2AA6-3E75-8BQHTU67770G} d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{IP2427AU-EVX2-2AA6-3E75-8BQHTU67770G}\StubPath = "C:\\Windows\\install\\svchost.exe Restart" d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation svchost.exe -
Executes dropped EXE 4 IoCs
pid Process 4936 svchost.exe 2828 svchost.exe 4904 svchost.exe 4492 svchost.exe -
Loads dropped DLL 1 IoCs
pid Process 1520 svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\install\\svchost.exe" d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\install\\svchost.exe" d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe -
Suspicious use of SetThreadContext 3 IoCs
description pid Process procid_target PID 2728 set thread context of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 4936 set thread context of 2828 4936 svchost.exe 85 PID 4904 set thread context of 4492 4904 svchost.exe 88 -
resource yara_rule behavioral2/memory/2828-105-0x0000000024010000-0x0000000024072000-memory.dmp upx -
Drops file in Windows directory 5 IoCs
description ioc Process File opened for modification C:\Windows\install\svchost.exe svchost.exe File opened for modification C:\Windows\install\svchost.exe svchost.exe File opened for modification C:\Windows\install\svchost.exe svchost.exe File created C:\Windows\install\svchost.exe d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe File opened for modification C:\Windows\install\svchost.exe d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4624 4492 WerFault.exe 88 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
NTFS ADS 13 IoCs
description ioc Process File created C:\Users\Public\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe File opened for modification C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_ svchost.exe File created C:\Users\Public\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe File opened for modification C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe File opened for modification C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe File opened for modification C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_ svchost.exe File opened for modification C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe File opened for modification C:\ProgramData:$SS_DESCRIPTOR_ svchost.exe File created C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe File created C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe File opened for modification C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe File opened for modification C:\ProgramData:$SS_DESCRIPTOR_ svchost.exe File created C:\Users\Public\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF svchost.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1520 svchost.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1520 svchost.exe Token: SeDebugPrivilege 1520 svchost.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 4936 svchost.exe 4904 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 2728 wrote to memory of 4384 2728 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 83 PID 4384 wrote to memory of 4936 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 84 PID 4384 wrote to memory of 4936 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 84 PID 4384 wrote to memory of 4936 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 84 PID 4384 wrote to memory of 3468 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 56 PID 4384 wrote to memory of 3468 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 56 PID 4384 wrote to memory of 3468 4384 d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe 56 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 4936 wrote to memory of 2828 4936 svchost.exe 85 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86 PID 2828 wrote to memory of 1520 2828 svchost.exe 86
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3468
-
C:\Users\Admin\AppData\Local\Temp\d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d345f96bb56293d23f5ae4e148c9a912_JaffaCakes118.exe3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4384 -
C:\Windows\install\svchost.exe"C:\Windows\install\svchost.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Windows\install\svchost.exeC:\Windows\install\svchost.exe5⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2828 -
C:\Windows\install\svchost.exe"C:\Windows\install\svchost.exe"6⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1520 -
C:\Windows\install\svchost.exe"C:\Windows\install\svchost.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:4904 -
C:\Windows\install\svchost.exeC:\Windows\install\svchost.exe8⤵
- Executes dropped EXE
PID:4492 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 5369⤵
- Program crash
PID:4624
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4492 -ip 44921⤵PID:4480
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
971B
MD54fb011915ab8cf8795bda338db529637
SHA15aa3c7dbe22e7f822eb0a3ee02250b520029f32d
SHA2568116c2c81d6a6cf64432bfb9e340b8b11c320d970349383529a43bfcef0d64ed
SHA512fd5e7f2c154b642b0e4045a64646d44ff51635710dd7705e44fcca8cffa8b33db8943a73c196a461620c4fb6e0e5888b4ff4d5b5aa132804f83a83b5171906c3
-
C:\ProgramData\DYA_VNRTQLEGCNCNSVJMW\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV3NJ10508YTGRVYKVB7JAW4KXFSPF7VBCVP4GF
Filesize971B
MD53adf21c4ab9c6705980c3edaba3ffe0e
SHA15e0e17b7709dbeb5c211feb5b11fa8b3994cc2cb
SHA25661ec6aeec78b5c4378ee153008eea3b2753249ca5a0a9338cde593c948f30181
SHA51294e716c27e01d0bf04e277ca739d9beb24f4b0ac618c6b91bdf520cfd7a18db40a4062ba008b0a1bd4c11dccd20457afff24849c59e998647008efda3caeda7b
-
Filesize
971B
MD52ecd8fa316dfcb1aa44a26e8b40b3ed2
SHA13416713748948a46d59f8268ac91be7496aa5b7e
SHA256989b8059c91e81b7194cc25123e600574a1edc338442e4a6b99f478e6bfef86f
SHA5127b9a5c4485437f533b9d8a681d3cab8716bb70937b25f1964313f48384d7d28cdce899cd63bcc1c25c355145cce7d2f408e8ff5da50f4d6cd54ccedeb86c3b4b
-
Filesize
971B
MD5e6d91561ae57349cefcd893f8c05f498
SHA1c61504baf772e895153c2cd8cbd1c75072f7f864
SHA256db44adc0d5bdfc3a4af30a56ad44d322a6436cf180ae0508fb40397be3fb6ec4
SHA5129ec6180b6003ead0163de38933ce386ca10a4593cc858772805e0493e8c31c96e5b876ddbbb4569d076f5cae2b71baf4d562a4731a27f7731c0574c631f8666a
-
Filesize
971B
MD54116c95caf9a64954875842aa4347477
SHA179e6bb67942b5537c358ae20852e489e19fc0876
SHA256c7ffbdc5182fbeb09d146b537e4a4a16836d2e3dbf9f50fe79db02de3cd0b6be
SHA51235af028d84224aa58ed3b17c2a8c47117bde05992672c54fbbfdc284a98b65bc18a5e8ce8a5bd8ed447be96bb42ac5524334566d3338b567bd01a9762fdef2eb
-
Filesize
971B
MD582c88990144458d888b11068a0bdb48d
SHA1eb4ee6be11532be1bc2dda45fc49ff969417262f
SHA256f41e7e9fffc978cc97a3c1f4dcefebed8810badc50e1fc8e02ab585eabf35ae4
SHA512eb6e82af0afdc6f1421155f6a11969db24777202ccaed3cc0b2185fba543ea2fc0b9adee4e49b8046d71500ca6208ceeb8fe8c3f897d38f46aedfbe87f5857a0
-
Filesize
229KB
MD52132bb909e4a3642996b367dfb1b7d26
SHA101700bb18522ee66b2283bf1f318af4906e78997
SHA256fb1b2a477b6131347566a25dc4373c9e7da024936afe8d24190b93a19cc4d611
SHA512d80b597c608d3e9c8556f08412db0e05c3df7f81537591eb8946ac25ebb373f7565277b5f50931dc9913ea28a3852b78e18ab4605179c75374508e4be86b17a4
-
Filesize
8B
MD565133058954c9e44f2498e60b89600bc
SHA12cba0b99ebabb5e1dcaee66a1187a00458a8f5de
SHA2564107cf1a06b2c5ae5600f2c50891bc0012fae021feb9c8d419070144c64c29db
SHA5122d174b8ad680a235ab09c957af353fd4e94c11eff034602e654a6de89d1fcf1940aeb5a9f278a3529f14e6f07b57aad52cd247dfa0aa1ba4fb104c2136159141
-
Filesize
8B
MD5ef41e03b5647c8411c0e460ee6827e44
SHA102b59a0edef6d621dc78bb735736e26cff5b3b6b
SHA25680a8353062c2d04b6038021db034b6d2edbb3a59f8ab6fcb76a70e7c3d5c8ab5
SHA512987dba002d670076e5604c347b6490ed1cb30a3384ff239f501824d16a2db9f021eea6ead945390a502e37e6b0d85a6c7e634d730c2245390fecc185e1cdfee5
-
Filesize
8B
MD5abb8a697a4e3dcc9942b731ef63438e6
SHA16c39e610107b435f4e9daa216bf1deac56711ac8
SHA25619093dcca3104b7ca34472b207634ab2f8c18e0ef00a2038ff078202e03c665b
SHA5127efef3477eff0f3d126c1852d6d9e2560dfe96ac76697ad5c6182fc10bc72e02b77db0f504576a8e09b74e960efc68e89db27af42067b86da6ceb8988c0eb903
-
Filesize
8B
MD5b6d5f5e78b248aff45f11e54f68ab80b
SHA1106767fbed8d99bd118e04679adf78d11d37ee83
SHA256a6ee0440b965c1517e007b8f8f8e6607505b468c0c119ead7107d6157c621541
SHA512549ee4b2941081bc3006e885ca432dc2eb2c2a4512864c0afc9c6a10e921fb308f4e0d62d1355e6119c74a13bd19b668343451b135e5dd63d95831e45d8fb7ea
-
Filesize
8B
MD504087fd14f7c65f0397815527120deb1
SHA1802e519b30ab0f8feb4ee1d2ea923b5dff587c64
SHA256874110166375c2d6afc62d1575995dc4c4e9e3f063481605d49f524e2980862d
SHA512da44d103244e7a222440c0f52099e8703b4dd76a826c484cce105bb302ce1aed8f4f659cbeb72b3a6e912e3461f6ccd262a6baf054b6bd9395239d7587e82ab4
-
Filesize
8B
MD5e6d6a612c88fcd7a2ee1ecb53fddde7f
SHA1e9d2e36ee4fdfd45f1b183dc9b323e21e86e0a80
SHA25621fa547b0167a8666fdfb995533a6148380544126c6f84bfcff761893d1444d9
SHA512552428306f649641396ef2a9e0d56b3922259c107283c70321c44d6e0d22303ff587d740f8e5a18bd0cce276406c4cf793061280e565ad860f608a717dd8e06a
-
Filesize
8B
MD5f4cb9f57ad2e0cc5953dfc49b4268369
SHA1e5627d104560cd383e02f6833dad55f44f3ab34b
SHA256c32c9fba91000fd117de9c331288a1f7d03cb52e9d243e5dffb57809db4916ad
SHA512fbc2b7f8557e2df93039ad91e12234af2fb14f5b6c724f259653fe7c8082dc602d8901b7f7ff331ce6f02d976f715a406eaa3747dfaf29fd28f7844068edea4f
-
Filesize
8B
MD5d5706543b9c0f911b008c0bed4826716
SHA17f64b871c249cbaf3ed69ad2cbf68f872080bc47
SHA256294d8e920f4040aa01870341b621b75a9663afe41f66b5f0cf3f8da6586a38a3
SHA512afb2669b0d7ae9c118bfa60f9f4878d3a2172c2cb1b14e4c5280da29b91021c3f3c3667041daef0c4c56cc44c4057b75d9fe4291b94daa61cc7ae99de359c047
-
Filesize
8B
MD524c99c79aa2ebb8a34c0850f4883b7b8
SHA17e3e713dc5b80e01111f7f5881ef4975ce83edb0
SHA256c1ed11a19e41cb4214328350267c0d54ed36a8624ef642799bab127abe9867fc
SHA5129f0a220585b600278213a72f19123fae0308a0ddd80f5909178203deb52ff584354a03db22d9da3682b33f612ccd4d8d45e0513c14a2f7f180360f2deee7a88a
-
Filesize
8B
MD55c4c4fb9d408d550b22a989cfdf01474
SHA1132f566585e55cc46ae0107735a0e6b4d46e5aad
SHA25654d4c68e3e85267e8b073913a1203d66dba8b6e239a774f9e51c6f4a2a97041b
SHA512e56fb092ba6ed891e65a1f39ff47019bba92f41d1ca52b4a2acb2fe6985d8b9dbaf5abeed57ae703d4686d75460a31a5441b4c83dcfa46dad0a6cacc308ea888
-
Filesize
8B
MD5108701603ce0222db3fd0c116e00e4f3
SHA14279c311fcbc2cfa64e6340425a372835327f470
SHA256b7a0856090f6438ea6f5d62d0a4916107c470604bfd87babb0c0f727e54cae30
SHA5129ee279392b123200da7d066f8e4fc7d333757969bd3600f072cd11cd9082ed7585f2a9153eb628a865f24d52de3703cfc30b2af0f4651f1fcaf40c7ea1477345
-
Filesize
8B
MD5ccf37585e805b276d3cb1bb4c1a1e55a
SHA1c8393d40f8ae181092f855cf4bf9eb29ee6b7705
SHA25672ad75633ed885762e3373a052e661792b102c676833ca1f494419920a623c41
SHA512671c4156eddb3126ccdd71a303b5b845ca0b2168c5f4ab32c78ccd430f5910bc4162329032e47bccb80a043fc9fac3338dd35a19b6c4b0b9705acd992a30f007
-
Filesize
8B
MD55e501fdee9533b26e1587cc8f4e4411f
SHA1bbb28ba1aa28eabcde3d4f3853dcf2bb48f4e1d4
SHA2562ba22da4e10ec43554e09313d74ee59815407fc754fd042d8a2c8ee8a90a7ca8
SHA51273b45b501193145af32736aa92a32bbf2d034e408bdcd695d3f6f9041d1b0a60a4f895ec4a630578c832e7fceb5dda6a23e7c563563cb7009c7150417f411444
-
Filesize
8B
MD5ce14eca9de28aca8338e6cee1b44b4e9
SHA1f2a7ea0e59962f660246d434d17dadcf485093db
SHA256d271c3fc58f4d088b83106b2e42b80b27ab47522f4d04a673752322812ee6fa3
SHA5120d1d29ed8402eea380749d81da2d0932d9dc6e72055ea6c9157938a1e15dbae0ce0b818b53351a0acf9bfd7a8e65970bc9e62094a970913948021f14d3934710
-
Filesize
8B
MD54f9c64f40b271fc3f87c700e828abd29
SHA150b1dc721811dff380f3f3d6d15a0f0c14bfd2d7
SHA256cc77d6ad942d2d04dbbb131e16ec8a852be6cf43b382f60a2503c147c919f2db
SHA512571d8b282fecf56c7ef01d0f5cf7d847bc6f08dd3a841fda1ec7096769b45cf2e0f4bc7cef206e3a27f24a58459dfa7a5ba52de7bf5d5a45ee99dbd0b488bb56
-
Filesize
8B
MD5bc9eda35e4fd68de5b48c5731072beaf
SHA1897415cdcae2bdec5fd87a6d1b15eb0f20f7bdf3
SHA256b2239af22a72502e2782dc6d8f01855168dae0b6fc37450426f516e42b05f34c
SHA512cf0cdaece34d2cd1a0c9d45ac0a856b36391e5317935ab891bd9f8d8930dc8da9d13023d9bd9c700a62120c70cedd3f8e5922c8a142e26d3c791ec7e330962dc
-
Filesize
8B
MD5a7521798715692ec69e5866a9200f80f
SHA1849268ea9a700d801bbbcfbf32407e2d8a4d9a83
SHA256d9980fe39e3bd5d1f9ddf3671a8f33a3ff8561572dffcbe3d51385f0404878e6
SHA512c9d739764c4cdd9cd5babd09105a2c83a010f29d38408848829886ee3d187b31eb48bdc4137fbc410bd1f35a78d29fadd6c70283617b101ff763abecbc4f883f
-
Filesize
8B
MD5ef7c367f8f4fdae5680a0e57c3ab2fa1
SHA1328fcecc01fa4a7962021da72bc30a6e6200ab04
SHA256bdc4cff15203c789523f238618f59080dae51e458d2fad7fdc8e36c1c955102e
SHA512aa6694dbe656c71f34ac66edd350eaf180fdb0033459e41fe81d40909874ec9fdd845a96d70365be9a12913ff33a1e2a30eedcfb8239fcfdb39f15207c20e065
-
Filesize
971B
MD551205a92e13c0bf90a52a838ad397389
SHA1973fe63c2327393911362f191ec22b80d6cd749b
SHA2565280dccd4b01dc3cc7bb9c2e55708d77186d75cef4163b65b1f11c78d88e574c
SHA512f9c5b73d754d36fe68fab0d16af3fe12884e5c68ddedff7a150167cfab5647726d9f0855b6642e523103c7d033d2390077d08c6b10dcd64684f103eb834a5d12
-
Filesize
971B
MD5743d3fbe854813d9a594dec9c55c7ea9
SHA10c1192cffb60a3f340f1c0e86629105f26fa6e90
SHA256f489994b3ecf70f309d249224addb310c2dc9999ea4c24b68c8ccb275123bb2b
SHA512a8e9ca138e34ffecad3992e1388465159d32b916a3238afd083d32e59ab5631a2f7de282d06732cea0deec3162e3547fbecef023ee39968b490900e94960a7b4
-
Filesize
15B
MD5e21bd9604efe8ee9b59dc7605b927a2a
SHA13240ecc5ee459214344a1baac5c2a74046491104
SHA25651a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA51242052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493
-
Filesize
678KB
MD5d345f96bb56293d23f5ae4e148c9a912
SHA167b12b289a1c95b016080af4e969edc4039a7dc6
SHA2567f081ef130ca8c6efa1ab2d90278eef84754ff7d1b233cd8cc9a9eae2da2c8a7
SHA5127b065da737862d4267aeeaa40dc43b7ef0fa0fcae2281465bbe8fc30b8250139e156de3702021c49104889141318fe8033e6ab05fafbc56a94c5264fa2a7631d