Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/12/2024, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe
-
Size
404KB
-
MD5
e53942dfcdafc1c23237836a35aa94f5
-
SHA1
40f7a660800e98eeaf627467a2ad1f1470ba5a38
-
SHA256
80c7d8b0a799527e2e15dd53e2450b412416cecf38abd649763891b53036defa
-
SHA512
1a6e4e180aaf57c464488c6a720ae99c3c7ddd5949e5084492b38ddeff4511906984876931bb20c12afbf8b5b3bc8cccec6b7eb09a90fe310f8d4dd7bbca5dc1
-
SSDEEP
6144:lqVEX2EKsHif4zznxNNXdA5TyKuIEkGMDZSaThHLYfnLseXyFDUOqsfV:cV42uCOzv23uliDZSqhrYDENb
Malware Config
Extracted
cybergate
v1.07.5
remote
google420.no-ip.info:82
H2H7WPJ0S3UB2Q
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
Svchost.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA}\StubPath = "C:\\Windows\\system32\\WinDir\\Svchost.exe Restart" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA}\StubPath = "C:\\Windows\\system32\\WinDir\\Svchost.exe" explorer.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2HJR7NAL-W7YC-5UJQ-15GY-2HQ72NH462NA} e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
pid Process 4804 Svchost.exe 2144 Svchost.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\WinDir\\Svchost.exe" e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WinDir\Svchost.exe e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WinDir\ e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 1064 set thread context of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 4804 set thread context of 2144 4804 Svchost.exe 86 -
resource yara_rule behavioral2/memory/384-6-0x0000000010410000-0x0000000010475000-memory.dmp upx behavioral2/memory/384-66-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/764-71-0x0000000010480000-0x00000000104E5000-memory.dmp upx behavioral2/memory/764-166-0x0000000010480000-0x00000000104E5000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3488 2144 WerFault.exe 86 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Svchost.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1464 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeBackupPrivilege 764 explorer.exe Token: SeRestorePrivilege 764 explorer.exe Token: SeBackupPrivilege 1464 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeRestorePrivilege 1464 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeDebugPrivilege 1464 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe Token: SeDebugPrivilege 1464 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 1064 wrote to memory of 384 1064 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 82 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56 PID 384 wrote to memory of 3448 384 e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3448
-
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1064 -
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:764
-
-
C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e53942dfcdafc1c23237836a35aa94f5_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1464 -
C:\Windows\SysWOW64\WinDir\Svchost.exe"C:\Windows\system32\WinDir\Svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4804 -
C:\Windows\SysWOW64\WinDir\Svchost.exe"C:\Windows\system32\WinDir\Svchost.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2144 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 5527⤵
- Program crash
PID:3488
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2144 -ip 21441⤵PID:3964
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5c39637e5f1315cf476255f00a4618143
SHA152f4c3ca070cc2ed94ad8baa58ad3f1ef36f6004
SHA256e54375d7c9c6618e40c0e21eb56c08b68515ffacdbe9cd4bcbf190bcc1a1c1c2
SHA512addea7be81432540e5ef8b3d58a4114a4e52d13a12fe48a6d6643fbbf9b6273ac82a295a3991427c6c7e9f4998c21d7751adf9abfc751c9487b50f2a55972d6e
-
Filesize
8B
MD5f49c350681450f4a76253392f1a571ed
SHA1feb11ed8aaabf05e6fbcb5b1f7a62f90dd84a120
SHA2567531c255077e67940c684788813ebb65ba2f0176e71c32202e2354000de9e280
SHA512093220375347555572dfc35ff83e8e71fd0837d369e9e33c611d0c154e650a51e7f2dbabd0b9513c1623e06861a39091ad46bddfc7c8c7b08d34137975c10b03
-
Filesize
8B
MD53bb69791f06f6977841ed1cdf423c29a
SHA1048df64adf8df14e877734608a2126ff284182ab
SHA25684b393a7a8678c001eb3d7672ec29ae3c5f73e016802d7c1e59f194a555931bf
SHA5126253503330f2f902c18c74a7a2276c96ba7267e0f5713e3d18c68f30fbc50a19ca706fbd6362af69b6a223c30ca1d27e6eacbc09aa7099e9f519095d3bde3b74
-
Filesize
8B
MD51fb82e696b6760ea0161720d95e9e61e
SHA1c7a138693cd6c2a9630ea6a53cd570e939a3b11c
SHA25693067c29a680428d05f848af86b2ee4e074d66a10e3886cddd9c79a111cdfb63
SHA51265e844720bbbddd90afb48bf2c366ca5635798f90cb7b4ab61208a7675631b78a9ae27dd8ba8c41200c957c4a88263b7b028b7e79a58c2c5c503cd88efb1c1cb
-
Filesize
8B
MD5108139c335e2a018b557270611729a69
SHA14b764543134a38bf1feecadaa68d8e389e6e8eb0
SHA2562fa586873f0df6ddd3c9c176c3bfb5a94c84640d4384a4f4885c4be77fc70c4f
SHA51238e53b37249948d474afc29cb725dbaf9aa02cce787571430b1c0ad8a7d47c92ea161d6118d2351c7bf7c8fafda7471057dbf6629d44f11168a0a128f22f493c
-
Filesize
8B
MD59598e580a298fecc4519213d1cb590b7
SHA1cbfefe0977150bb3e4a537337aaf34cbda99ddaa
SHA2565ac5ea71c6558beb459699b69cf5e889a205d2a46249e8e2fe1ff27c7b62f822
SHA5123207e826cd530be0b67bbec152e53e79b274f519a8e12f2e976c8f99f41071a3b07d0802f8440f5806a16a9754c929c1d7df0b9ba019e64058a46d46696a824b
-
Filesize
8B
MD5ffc3f345124e4f25e18622b1566e5962
SHA15792222bacbfa2aaf120d6265c91ecc27a939eb7
SHA2562b7e696663e7fb73c184404116dad583b3a00b6cc42e8598062b75212a0efc4b
SHA512483dbb3deac0b3017a64b78d4819f251c51ff74cfbd424df510ccf6ecbeb83061b3dcf6a2a1a3c08ac5e3f2bfd6850104e2df83cec4c3f1d6af9beafd933ce55
-
Filesize
8B
MD5ad2869dd3538fd77e5d24cdbac5992b8
SHA1b5fdbf1093ed1160b0f174dbef384df853a37ad1
SHA2563bfbfeb178f11bdfaa21c4e6920711a00ee68bbab211c8ff859c1293864a1da1
SHA512451710c71438f4ff0c5a2ad23be621b0e84d0281d924e73793c9c8b7d34d5c0f632690611758a13c9ec5853e7f97c59d5425d73b76db0f08659df22fda16b8eb
-
Filesize
8B
MD52d75b8861bca2c2874c0caf7af75e592
SHA17336e57d85d06d706c2e51a4f67e9644e811742c
SHA256b587ffdc0f27a09d49a46c8733379cb3d9421aa05e49b9cb8f770c86d5836b56
SHA512cec2eabd5533a607825fce06d4715f565ece3c6c99b9ba320fe08b1e8bc8bd0758bd9f5e3adb1a42f958f74f1e5526811fc5a8e7eb28364191c4aa5982c1f601
-
Filesize
8B
MD51f267e5046b2a296a62ffafdbee4b348
SHA10513b5acf85f495bb9b1b66de2bc5c576a08a703
SHA256e695c3a921aaa03b0e884f6a28598c3d4fca8eded7b608fd40c614951646158a
SHA5125d67f18e634c034191db3c3de992fe2c6f61e163fe1b9c3aa65aefb3ccdc48d2c0c3a468969d16bfeb556e29c30f84ce6aa3b6bed675aefae4ff5cc418b6fa60
-
Filesize
8B
MD5ce08c652ec98ae1d458eb13a0927402c
SHA1cb912edc4c61375ee0e4f32606c8c38a7222902e
SHA256cdb6b6ff804c9aa09183f23b1bfbf4478f6c89113b2e6ab80fa6c54591c282ea
SHA512a9c5d137ccd8c8222f1e65d04f3d5230d579568fa5aaede2f81d26a209a404a9047d1c50c210ea08c1ceebc8754aa7df55c0f426626b65ddda15dc6f242b1da6
-
Filesize
8B
MD53887bff3e7f1a9c3611a473eec32a196
SHA1ecac6e63e0b9f6fe8458110db5c7675f1585f2e3
SHA2567e63875a1c375a1f0dd31efdbd8136ea6be04876ef2d1a00c989f36d61bd87cd
SHA512c058ba2c1974294963f31a148d83973378d5772f4cc09685c471b393b8a2faaf36fd5668a84d22c6eb0604a4e173573c15c3018d42901020053a3585c9874429
-
Filesize
8B
MD58d7d49de16db7c0feb14bbfe569f34a9
SHA19894a72f5891052aac7f8fab03e30a2288431132
SHA25625943bf4f06545575cb874ee4814502be56c580523f70cd17c751209e940196e
SHA51215fb5655b2aa0a91faf99090c41943b567f31332783af167b49ddf2cd7fe164be5d14bfa512743b3f42148c4211063066b04ed9121ba8ef100efc256c8b6ad24
-
Filesize
8B
MD51d9532cfc1ce436c7b1fb6a138c5cdd6
SHA1f2867f205a8f5aa5efe5c3384cae2db6d065ebbe
SHA25677ee34f25b7e1b4298eb138c063dbc63de6139591829775142781548ee9062f9
SHA512eccde57306c4581375fb78451d976dbd7af4b8941673dd22d55af43837ddaf79e0c463929c0776793c5ebaa37e113d9ebb427fb7aac801fcc8fdb0666ac332be
-
Filesize
8B
MD534f14d55f82da4fb92d261c566a5c1c9
SHA15dbe0556ecbc57663e22fbd37d1a24efff4ac6a1
SHA2566e6be211ffaffe62e9bcef39bdf0f91f99cbbd2309f1943c3c127dacce8317dc
SHA512f3ddd3f19f15dd9a16ef6468cd8e5baa1a1b8fcc303023308638b5d6e46ace5d8552c6f55c4012079d460ff94e3f3f2d168fdae95b6aabcd9fa19b53ef68fa24
-
Filesize
8B
MD590c43796718a64a9f160efa49db7b9ae
SHA1423dcb8fa1e160e2cf4d71ba1b1a199efb567366
SHA256a45cceca0eb4c60392d220bbee05d9e421ece2e677e1291a3fa8128baba4a1d7
SHA51220aba14042d7a78aeae8344692d8a13ff47ba8996f879d112dd4f13d40a5e50898177d750ad2b34c4b8200428d556c3621b0a9740a5f755eb1884c31671e9407
-
Filesize
8B
MD5555bb7c9d50f82dfe90ff67bfb122082
SHA15806f607c72a8ef12f22fca315d096138de71260
SHA2566d7faef16e7cf503bad29d696608e94394befbb68802fdb5071b0fab4becfa38
SHA512ed45da412ce040ec1d4d5d50ffab7a0ce0f254f664b674bb5946650170790d8dc4237fbfb7866fc250624515a54a755ce6bfeb6caf0cee9cce04ad2fa0cb70fb
-
Filesize
8B
MD5f837a4fe1258d09fb38adafe93c21c03
SHA1125c95e005d663566e38dc80081452fe530b299a
SHA2563d4fba0f7de8ff6becfeaeaa145395b80ff375aa1fab550fa8c4e909ce2a6422
SHA51282fd035140bd51d0d1fbec901a11c542cb11f2ee10de778933507588cd5cac540f28518829b93005b72ba28c6295a2f3581c711c6691472e32b25679df23a2da
-
Filesize
8B
MD521ec07092565e386a9fbb569359e1508
SHA149171a26ef5bf0d86884bd0d9b3d5bfa30bbbb79
SHA25688538698a850abcfc43a61aff38eb32bc6cae0129fd41c2eb97d0ee2d49d95e7
SHA5129c8ab8cb9b4a269a79640df8db5202593878158e5113bc7b9257adcdad4ca6f409872a1c5bad097d01de193126f68d5d758c466b0a87c2d1fb2c7500d40f1bad
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
Filesize
404KB
MD5e53942dfcdafc1c23237836a35aa94f5
SHA140f7a660800e98eeaf627467a2ad1f1470ba5a38
SHA25680c7d8b0a799527e2e15dd53e2450b412416cecf38abd649763891b53036defa
SHA5121a6e4e180aaf57c464488c6a720ae99c3c7ddd5949e5084492b38ddeff4511906984876931bb20c12afbf8b5b3bc8cccec6b7eb09a90fe310f8d4dd7bbca5dc1