Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/12/2024, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe
-
Size
404KB
-
MD5
e53942dfcdafc1c23237836a35aa94f5
-
SHA1
40f7a660800e98eeaf627467a2ad1f1470ba5a38
-
SHA256
80c7d8b0a799527e2e15dd53e2450b412416cecf38abd649763891b53036defa
-
SHA512
1a6e4e180aaf57c464488c6a720ae99c3c7ddd5949e5084492b38ddeff4511906984876931bb20c12afbf8b5b3bc8cccec6b7eb09a90fe310f8d4dd7bbca5dc1
-
SSDEEP
6144:lqVEX2EKsHif4zznxNNXdA5TyKuIEkGMDZSaThHLYfnLseXyFDUOqsfV:cV42uCOzv23uliDZSqhrYDENb
Malware Config
Extracted
cybergate
v1.07.5
remote
google420.no-ip.info:82
H2H7WPJ0S3UB2Q
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
Svchost.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA} e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA}\StubPath = "C:\\Windows\\system32\\WinDir\\Svchost.exe Restart" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA}\StubPath = "C:\\Windows\\system32\\WinDir\\Svchost.exe" explorer.exe -
Executes dropped EXE 2 IoCs
pid Process 2948 Svchost.exe 888 Svchost.exe -
Loads dropped DLL 4 IoCs
pid Process 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 2948 Svchost.exe 2948 Svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WinDir\ e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2212 set thread context of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2948 set thread context of 888 2948 Svchost.exe 34 -
resource yara_rule behavioral1/memory/2580-550-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral1/memory/2580-920-0x0000000010480000-0x00000000104E5000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Svchost.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 2580 explorer.exe Token: SeRestorePrivilege 2580 explorer.exe Token: SeBackupPrivilege 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeRestorePrivilege 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeDebugPrivilege 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeDebugPrivilege 2512 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2212 wrote to memory of 2188 2212 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 30 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21 PID 2188 wrote to memory of 1208 2188 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1208
-
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2580
-
-
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"4⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2512 -
C:\Windows\SysWOW64\WinDir\Svchost.exe"C:\Windows\system32\WinDir\Svchost.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2948 -
C:\Windows\SysWOW64\WinDir\Svchost.exe"C:\Windows\system32\WinDir\Svchost.exe"6⤵
- Executes dropped EXE
PID:888
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5c39637e5f1315cf476255f00a4618143
SHA152f4c3ca070cc2ed94ad8baa58ad3f1ef36f6004
SHA256e54375d7c9c6618e40c0e21eb56c08b68515ffacdbe9cd4bcbf190bcc1a1c1c2
SHA512addea7be81432540e5ef8b3d58a4114a4e52d13a12fe48a6d6643fbbf9b6273ac82a295a3991427c6c7e9f4998c21d7751adf9abfc751c9487b50f2a55972d6e
-
Filesize
8B
MD57f60ff9498f10e2b019f46fe1bca30cf
SHA1a1bec515d047f4d36db89d74ff11ed80891680b6
SHA256cc72caed7489fc8a6c4c027db311e6a40e9da7d7289a07259b7e05011858b71c
SHA512beec11ae66e5386065da0b883117ef97916d39f364110a1c2dc431c7afc5fe1f2e4144b560af2bdd257f3ac419699d6caa678009a5808653b0ddf9972b42fb5e
-
Filesize
8B
MD524c2c61f12756c975d9cf1e23454fe2b
SHA1ebb2dd746f80ab780cff816d9c0da56f8ac131b4
SHA256dc0850f75a73c250ca0923c6c2dc21b386c555ee4177180cd9b4684fe621d726
SHA5120c8e177911d2601c31da0cbc3bef91b8fc7685b2d70677e7187b3b047b47cfe0e4852b8649d63e85946b990fddb046c9ab773c04fff4b277d492c19083ea6856
-
Filesize
8B
MD51530cb59e3ad6d52e62697829ae659b0
SHA1591f6149e72848fe4210b9e53a21fd58c7e7b778
SHA25691b0924c21edf4f68e2d40c68152edd02330a5126a281ca730b29edd16a3ed82
SHA51295c4730e27a255664e838293cb9d226fc48550dc94b3f0084852c54a95a4e2ea921963bb47c8dfeb10eccb14a943d880a8f4ef664985d5ff787984f5988ed5f1
-
Filesize
8B
MD564243fd763fdbb6a1ea57d57720c8de9
SHA16fa01d640f3750c78182b2776370e37b9cf6c6ff
SHA25675ff77910154f6209a5912c595c6e7990685a99174fd49c7ebb0cb3bee461b7f
SHA512753a5361c5bdb507e4199bb17bbbf91bd095806a9eb539ae39b0512da2e5b3f12776572472f3282c84ead08880dc48f4b1b9a9570c2739d2de815b673e3016df
-
Filesize
8B
MD5fefb69760f9120c48c539712bee3b2c5
SHA174282ac787871d8711b5e6d8988d94c420824974
SHA256a99f82053a68c45acec593a2bb1769f22d02e46977dc4a980e1574111266d3fa
SHA512a02f6bbc3701a9850afb6c0f212d7683a8803e49f095615fa2c8f4ac0a5fa759f41eba8c2c058ce60ad2508cd48bab2ee379cf85d8ca05470b44c57a4f94b127
-
Filesize
8B
MD5d24c82f884c7923cd3fec3763ab44a83
SHA197d24968cbd7751aeabc5afbbd930489d331cec7
SHA2561012da3ff379780d9b366b7e49ca2ada27cb3a3fdd8d90712840a7af93183b6c
SHA51217fbf9eb4b2556180c24828ba5946b6f8b36593980482c6a67b50908821242156a1c2f90f565116e1e3abb37dbe282a58ddde2072aa0451a68b2c35fedf96b34
-
Filesize
8B
MD54ff52f7c9f977e7b3a24e6cb973b2cc1
SHA1b2baee6bbf8c53a082d2e95a77ce27e557815c04
SHA2561a3427da9de18988f23a3f582cd8adfe6ba59f35e44f7879d9f4ed04addad16d
SHA512433773e4e0e8e4d8d9f21887c3d6852a4750e55678d7ee5c1ac43c311ff580005a0cb59e59e87066c6560e3efa3ac30ecf7101c8eddf9da7c263d008f9490346
-
Filesize
8B
MD503cd7797d69350acccdc2906b0cb8ee2
SHA15cc5da4e4cd359e19f42557228e3a649a676bc21
SHA256aa114c313bb5f1a177c384ab5e0fbec41500b379005a1bdc883de23f750d512c
SHA512183fc0749190e0adb185b920313b329354f621f810293e5adabe3f9386a56d5d88f359bc34858e0eca3ca86dda9e39063e9c4e95d0ac481b59d15eaa9a04bb52
-
Filesize
8B
MD5ae85a7c29e53ba00dd0fa9b53d91d01c
SHA1c3ae6962c002858a821b7feabdab85ed7ed43e35
SHA256ebc301a80ef6c1677f6104b1c56894d1f69736b9a11e2efb6d2c90c44c7f8835
SHA5126631156df3e9ccb55117dbae72e887278f3167ed47c0c1abe76b9b3ccaf4ba41f9a6f46161c438d39f2e39d8c5714ab22cb32cc8a592ef7a8c32f6217b821b8f
-
Filesize
8B
MD50f870cd007125515733525d26c6e2ad8
SHA1a2299331fa6558a365846b4067077d7b8365d99e
SHA25689a2a3889b872695149efb8d40586822bc09f4f0e75d2f1af090ae6706319b2e
SHA5128e1c696f6461b13af2a69fdd6051607145ebd0e47b87e82a5db0d21393efcdc1b8940588142294022100d4c03c9cabd1d7eab6fbb23285e998af463ef814e62c
-
Filesize
8B
MD5ddcfc133f44e76bbfdd70b33a0510894
SHA1fc025ff1ad2ed5ecd32023e449fc44faaa123e60
SHA25674cae8b50534a5a579e86dbef3caa46daf4c51a2b606a430fe50e60d8ff15e3e
SHA512655db026405164d51e694d76c8bcf434992d49bfb543ec499522724b270c783bbcbfee48b66b04a73915366bdda418ca408d1e3736af71aa060d06b642fe13d5
-
Filesize
8B
MD5cdde565d6cf161c17d1260f2db0ba835
SHA164f484c8c2d79d55c7998cde2f8c429406d05bd7
SHA256afb3402322e54dea6801734c775c836df7b74b07b7da1d0cb0faf1019916e0be
SHA5123066ed2d1b6443ff94297631a1fcbfce3b249cce7ddbabef6fd2886e5215bd2f653b35582a1d822021c63dc98991023c4816ac867509102d8597242fb0d9b70a
-
Filesize
8B
MD54b2c77cb221a180f6c85398d410f88a0
SHA1a4272f45932fcfa8f06148dd068eaa2665edab81
SHA256fe055451202dfe8b836141d6a7b39afa32ef11d140600c4bbff218a7c248aef7
SHA5127e8a369f3cb9eaf26fbf6354e58e535fe8356b385e4204d2b7d04957a4d49a1b0dfa8f4d1f23b2947dd190f9cdced6cf75a0556efe55220647c3f5f767b3066c
-
Filesize
8B
MD512592c1745dca1e01947e758ae0b6eb0
SHA15a84af3fa4940d507ce8c683f80e1392c28e88b4
SHA256b7cc986243a8702bf813120375f7b3a70e8dc20a44b1168cc40bb7a8efd1f14e
SHA512d3fd5fa977ae464bcf28b465456dcadac2d5885dd9265fd202614d7b8b90d5983ce84e041f724b23fb164f886c0c3ef47ef9089e92dab09a50f19b98b65deb1a
-
Filesize
8B
MD528c403a1e0c99501a96ef1fd78125522
SHA11044e07759a27a89844af74989e83cb92a2cf723
SHA2563640ac2ec72ea6e13d2c22765537ef2cebd010a4a0df3cc5f195db4a6fba8c18
SHA5121eb3b0ff8f043ecf86bad04a6f6b10242318480f6b7a71f1e62248721ecb7134510fef3f31b3c7fca2096638eba061dfd22cf23507eb73cef5bd0b58a0437b94
-
Filesize
8B
MD58e3f897ccf7d82c2ccb5813b0f5dc6e5
SHA15442b476f86eca317cfd8229eae28644debcdad2
SHA25693f48a94fd2020275831509a8c4655dcc00ee0268a6dba610b502214d5a1f1da
SHA5127f6b6248e6d1617ba06e6b7eea7ba244720ce3a749f8905a3f331da9b34c4ec997d08ab444496ed5c43a661ce15c96df90c3af6bc8c938f3b4fff090cb8755f6
-
Filesize
8B
MD5b73737d9ca989a973e03339051645ede
SHA13423fb522e9a34dfa1facdf9f534635d96d22ca3
SHA25695308193298307697b130115b5a493cb9e5e4315f59a2c4468e514a29eeb7dd5
SHA5124a6cca5a2e5caffd3be9ecc68f496c1f455276cef5f9fe2edf07abba900fa23feef4d675de3049f68e75252d8f9a721086b51a8946c1b4323d40d92de743b346
-
Filesize
8B
MD5a5ee7d5df46d38090ff077a740f36497
SHA154735c9292f1c05342ad462c378ff3f9f1728f42
SHA2564beb077e27ab66b2b87c41d6331816fa558fd3de4d8f87a46888a83f765ece68
SHA5124401edb83deea5946d2a6762aeaf849d9b28683f600dee938214d2607780dd5ef64482f45b1f31f22135e37bcab4c67e38e4317c69aaea040b84cdab48e0eb74
-
Filesize
8B
MD5b199d1d5178cf8f7fc14ddd18e59fe2f
SHA17809374ecd8d4bf07dc213a7435296c2e87d7bc7
SHA2562f941dc530d7844118004a14b739ba8268a74b1b7678216da96f1dab77156213
SHA512e2d42cfba174be91f21588e1fdca231b720cf0353f888d28cd44cbb81570ad5adfb0bb7de8df6207049fa2052a88eb3440d5d2fbaa8b8ccf1ce587b403a2dd39
-
Filesize
8B
MD54e6a57fa1955908db90080a06d4e0211
SHA199467383b6cd3a30cd247ee6331aff67fccb6d47
SHA256dc36a9745924f1c7fdfe7819a97945a4649fc2a85c28f04e66a2b84baa84636d
SHA512691569aa5d7b79875b7fefb42598b3ddf83a32bac6eaaeeda0d576bda0beba4b052ec07eb2a536321afc9b77a5f97405c8b802dd732d43f22314fd2304f1f7d6
-
Filesize
8B
MD5007fcb72d9f4665dc018c236e0041757
SHA1d640c8d5a6c4e285cdf8b77e4388a5d00e0a7793
SHA256cf2a51d0c287c6025a454cfe5fcec211e0bb30e6e90ff566f80c99511d764169
SHA5126b1cefea21c3ffd5cf6c70610baaddea09ea2d30cbfb6136ca5350ee705b863309c169466bee82293543a9e5ee9a01c8540741a20eefb1f0886fd63517a732d9
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
404KB
MD5e53942dfcdafc1c23237836a35aa94f5
SHA140f7a660800e98eeaf627467a2ad1f1470ba5a38
SHA25680c7d8b0a799527e2e15dd53e2450b412416cecf38abd649763891b53036defa
SHA5121a6e4e180aaf57c464488c6a720ae99c3c7ddd5949e5084492b38ddeff4511906984876931bb20c12afbf8b5b3bc8cccec6b7eb09a90fe310f8d4dd7bbca5dc1