Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/01/2025, 21:16
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe
-
Size
575KB
-
MD5
97921228e2d648d225b4f1ed814bc32b
-
SHA1
b13f6a7b01eefa960360a2394f69aca8731aa94a
-
SHA256
4e675dc623035d1299f5bf2ecd72fb1aa10904d00f23c4ab136c7317bf14942a
-
SHA512
9b43fb2232cfd1919cf80e91f3a25f27c94f2aadc8627854981dd3f9d46a651ea6528ee98c183ffaa7fd751ae36aed6126fafb7609cfd6b436adaa551c0df681
-
SSDEEP
12288:tB86bWoRWbXJz7LA9FLLdrlGLE0kuGnESB3:I6bWlNz/AT9rEMtnESh
Malware Config
Extracted
cybergate
v1.04.8
Fcuked-U
owned.icm-bot.com:2020
M43IIL0K723SE6
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WindowsServices
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
ma1lc0
-
regkey_hkcu
WindowsServices
Signatures
-
Cybergate family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Services = "C:\\Program Files (x86)\\WindowsServices\\svchost.exe" JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Services = "C:\\Program Files (x86)\\WindowsServices\\svchost.exe" JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{0J2CI178-6VV2-0HY7-IWNV-N5F0E2F6D384} JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0J2CI178-6VV2-0HY7-IWNV-N5F0E2F6D384}\StubPath = "C:\\Program Files (x86)\\WindowsServices\\svchost.exe Restart" JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{0J2CI178-6VV2-0HY7-IWNV-N5F0E2F6D384} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0J2CI178-6VV2-0HY7-IWNV-N5F0E2F6D384}\StubPath = "C:\\Program Files (x86)\\WindowsServices\\svchost.exe" explorer.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Executes dropped EXE 2 IoCs
pid Process 4952 svchost.exe 3868 svchost.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsServices = "C:\\Program Files (x86)\\WindowsServices\\svchost.exe" JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2148 set thread context of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 4952 set thread context of 3868 4952 svchost.exe 89 -
resource yara_rule behavioral2/memory/2524-8-0x0000000010410000-0x0000000010471000-memory.dmp upx behavioral2/memory/2524-12-0x0000000010480000-0x00000000104E1000-memory.dmp upx behavioral2/memory/4300-75-0x0000000010480000-0x00000000104E1000-memory.dmp upx behavioral2/memory/3104-147-0x0000000010560000-0x00000000105C1000-memory.dmp upx behavioral2/memory/4300-173-0x0000000010480000-0x00000000104E1000-memory.dmp upx behavioral2/memory/3104-174-0x0000000010560000-0x00000000105C1000-memory.dmp upx -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\WindowsServices\svchost.exe JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe File opened for modification C:\Program Files (x86)\WindowsServices\svchost.exe JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3572 3868 WerFault.exe 89 -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3104 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3104 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe Token: SeDebugPrivilege 3104 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 4952 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2148 wrote to memory of 2524 2148 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 83 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56 PID 2524 wrote to memory of 3416 2524 JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3416
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- System Location Discovery: System Language Discovery
PID:4300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1556
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97921228e2d648d225b4f1ed814bc32b.exe"4⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3104 -
C:\Program Files (x86)\WindowsServices\svchost.exe"C:\Program Files (x86)\WindowsServices\svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4952 -
C:\Program Files (x86)\WindowsServices\svchost.exe"C:\Program Files (x86)\WindowsServices\svchost"6⤵
- Executes dropped EXE
PID:3868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 5487⤵
- Program crash
PID:3572
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3868 -ip 38681⤵PID:3760
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
575KB
MD597921228e2d648d225b4f1ed814bc32b
SHA1b13f6a7b01eefa960360a2394f69aca8731aa94a
SHA2564e675dc623035d1299f5bf2ecd72fb1aa10904d00f23c4ab136c7317bf14942a
SHA5129b43fb2232cfd1919cf80e91f3a25f27c94f2aadc8627854981dd3f9d46a651ea6528ee98c183ffaa7fd751ae36aed6126fafb7609cfd6b436adaa551c0df681
-
Filesize
222KB
MD523762fdee142a2c54d1e5dd9309103dc
SHA1ca0e795cc38e62c209d563d4b846c50d643daac6
SHA2560d0f3e12191e8f02ea6dad930845511fc32e57b9bed282aa3ad7131ff26aaa03
SHA512688b8ecb999f1a8505cd8e73fe008fcb460dd785e91abb09551505f896af4ded26e51fd11bf8c905ce859eb294ea8ed26419ee481bcb9b6d3b1d608131d8c14f
-
Filesize
8B
MD5e4ac9fd352698e3570d6f495a3862e9c
SHA1812c74af84bfd8f3b786e61aa4484349dfb30a61
SHA256a29545b5fe974c788d6478bc2c2e1d8d0da21a543f11f3ef266a82d553430f45
SHA51238f2d40262e43dbd6e55ba2ee8478d6676a00dff56e30ae32d7738cc7ebef52e2ae3b890b8047df0eafc5a6053584aea787a67795d9c8f95c7d04481fe6aa440
-
Filesize
8B
MD5528ca47a0cabfa93b6c0e840e7562bca
SHA18d70e9cac37d71026b10a0e9895da1ae67ce6856
SHA256911845e2a5d0abb2fde3555231be12334f4ce4a4c2d33b5857aee40259073f14
SHA512a9302d0cb498619ed0fb2918aba6be62e76188dc9bcfe33b026390d76d7e0bd2f3b28004ce42c1faec2718c29e934e425aa20326a167fac68346eb9b32577331
-
Filesize
8B
MD518052fdf0d1a6f9c3b8c05142bb4dbd5
SHA1b2cc97832062d6b2a892745da30f6f6c7c216290
SHA2560f015c1e2ee56ae5e409113966599a670e598b3c5bb31349c68e475d0bd45fa5
SHA512b18be7dae575db7db6a93f5a3315923fc804cf896f9cf5490dab9175360827deea4b930899d4d76e6d49c7d9715ba2b6926632a7ff384aae519b4e4f5b2f80de
-
Filesize
8B
MD54d654017c178a1a3a9bbd6f2b561011b
SHA17d821d90f604ec07e5145fbfea7395a2da8134a1
SHA2563faa8cdd21dcb966124f7e8ecd7f093fa1ed741a5290a7d9eaa407cc113b2a69
SHA512f58851edc65e9a2698968cc1c0e9d19e8c300129df67f52c69e5e836a2934b3a7dc07b3de9443cd457a33f31824210853723abf6e4a0ebd4132fa6d1654d1a91
-
Filesize
8B
MD5eb020ef4076912d6c8307f10a7d82a6b
SHA143df939d0824a0ffa4178ad453562b7ce6374052
SHA256d7c7472b0c05bda897021296e99585c81d8fb6908b600af4496c56fff18e8064
SHA512aaaa73388a65615192b20ceddf307ba21bcce139e310ca065aa3605d0f387e7c0ab1ea1141f31acfaa0626cc765019cca968984038cece4a58163d73f4a81666
-
Filesize
8B
MD5840ba62a2d23b421fcaad641ffc55f1d
SHA15a1a78ec956970aedbfa686ddda46dad8851c4bc
SHA2561a454ab02b7f7d63198a3148e3fc17f1cdc5048a0afe5f05a5ca5310e13f1118
SHA5126ace0d35965f69cfd9bbdebec361b18b8fefe60a3b64147d7b5d9e8b21ed261eb8d58b5c92146c1be7a2e8609bfc228b6221ef980d535781eeef24d74b1c1dd0
-
Filesize
8B
MD563cf4dc781ac65e5bcebb9ee377315d9
SHA17cd28bf5a767919ea79c5ab41a6ae16f6d1aafaa
SHA2566445d448a75e20919d186e4f06f389c398868df43b8fae6fbdd4a45a363914b8
SHA51266af4f0db5a8a646cb1dbc50e99130f5bcb41c46c5c4f47aa1852750d4b6e3783eab9c0911c03cf8d82064432bede286a7495f67472b1fd33beddb959c4f55e5
-
Filesize
8B
MD5ce41b4fc832a19122db66ac441cc3286
SHA17308c858745117e6df81d379623c11ae4e1bc8c4
SHA256b5bc4ce01119690f9ad4bb05821477e7538ec5238015fcaf6798e46d0ea086c1
SHA512e334e6840c2a270b1fbb2fc1db9130b7637adbe46d51cb40cc3d3dae9fe238a174021a1ee567bae4f91d8a3b5828338683913abbe62dc5a7ca26e9ab18b01f89
-
Filesize
8B
MD5d2bf9d427b48cb26305a6e50a465a7d8
SHA11efea849aa730ff65249eedf4f705ed95f460f9a
SHA25647487b825313d8a12ef10f0343cd38eaff021592639a885e0bcbd0f9bd06dae4
SHA51202f8e444c18e4924b2eb3f941b5a686384e3a119d12c5889b46c3e6ec1f1c433fd90e5ce70908d50d53bd29141b6e2b06d0c0aa5ba86476384a16b4a7e22af77
-
Filesize
8B
MD59a588d7511321aa73af9748b5b44ab19
SHA159f91c34a080d91545f5830973c267c2b9f1f33e
SHA256169f9c19bf783ddfa5c36af75f96abd643a29ac750fcca5318b903ed3a26b4b5
SHA5126cb84f51628ab2ab703e66f443447ccc970003e0327a9f5342676c87879e14b9fca489c146187ea543786c046666dcdd15677b88410b3227c83a62a603a87877
-
Filesize
8B
MD59606f4255b2071b395391c7c8868286a
SHA110282400145aa02b1e5d4fe74621fecfd83feb67
SHA2563e83b2974eb5e9d66eea266ee4f1a8ba1e04e47ec25068393cb06beb1f876efe
SHA512438db8e28169f0b3801b2622d0bc897ea99f2f2105782db0921819b01f29a610084de2107277e538d5d3015f302487a61dc68a4d7ee1f812b815ad617216b46f
-
Filesize
8B
MD50833216549be53be9ecac72ff2a5a0b0
SHA1066195396420cf73b015284847aa8d447302da9c
SHA2564e20e80b8c4aff148d32a60b2c2f272afa3a27e68eedae6d610582a0ca4ded4e
SHA5126a4f4982b12f497c92c0c6dc656b7c57a1bf918709035a2f02b7e6df16784d476fcd8ec6dd814f1f1f3877773bbaf82b097b0f89ca18551e415b99c4ef4ef4b3
-
Filesize
8B
MD5f75da688ce019780bcdf3ef99708976a
SHA1d811b05620dd371696e152e0797c1b29716652c3
SHA2569e151286be588f07c014fc74655fd6ff77a08970136b45aba4a6b9f7a33a8ea4
SHA512e0b8153da6824cc3d8ee6f5857311dbb73b14706c7d6da4a376bf3f44630d94eaffe3406d805c67495704d5480b2337e2dbb73b52c4910b54fbf6dffccd25057
-
Filesize
8B
MD59ef347067437cf3fc7b662dafc4d002b
SHA1a7fb12b766f817c5d06669f6df50b8dfbb4edb86
SHA256190cf227aabe303109be232e9c643f9cc973712bb90411ffab4f47014fe1504c
SHA51279de33429198bac3c5aa1f4c8a9c14271b82a65e89351fc2e59d13d1062f3bc2c91b7b4cf0ac9063979ac4f4dcd28e099e7086eb1dc190125ef48853d333957a
-
Filesize
8B
MD52b324ba9073526aff57e29a608b0c2d6
SHA106c9bb1355c574075734fd292111b190b3e3b1d8
SHA2569bad86aa82f438e07a75d9157cb45f5e7dc565493b1e515e9f62082bf950141e
SHA5126f92918976f7a1d3082a020aa159517cac049bf8f750aa80d4072332b478db182afb8cb5e6ea6c641a5146c043d1e9d1d406a0905647a33048f4eb9e8123d5c1
-
Filesize
8B
MD5d2f8cbef933eddf37c5ea7e287621c15
SHA14edc1ba5ca2b7761ee064c294a68db4e900adb7f
SHA2566fee9c5b8299798799374a7aa85880532c39238ad2bfc549311b08a5a750083d
SHA5129cc2b62f387d313e590e62b7ca87ac00823bb8bdb3b8e00be6634547214f180be4773b45c164a92914ed9224a77532693f644bbcf1140a988c879a443834f503
-
Filesize
8B
MD56fd616984fdf70817cdc20f45e2ae9c9
SHA1cb6a7ec76901b814bf8883976acde43044ccd43d
SHA25645b800562690cb6ffbb50e0d18973f3c7dbb4291d6f6a3b34460ea5177ab7ed2
SHA5126dae61fe4d461020b3754a1d5598ac97e58796996b617777f5a5e9d1784ed6d81418119add40a4a14b8518416f9cf96935b79678d03175ff495e46e869db8da7
-
Filesize
8B
MD5a9647891505ae6f4a1e86f25cf9c8a98
SHA1342dd1f2e65e3364f6d251ac78029e2a649ecf15
SHA2566696815f16a25ec1b2fc9bc037cb0fdfdc35909e7cd51071a967e9e6228f9cfe
SHA512fa1aa7472c68b5509ae015ad4cf4482f6eec60caa8b22ab3661c9f1e7116360eaac0c14efbd9c25316156c70f044278b67b0c4b8045821e5dd4035103d1e722f
-
Filesize
8B
MD5892755261519bd4b5765526cca169621
SHA11b5958929364e914eea9b442af342bdd41c60821
SHA25668b534cec61810808ee51b4c5f091b2abf793ab84a75800bc3652dce4f6b3b8a
SHA5121e244d27260a688c439967ee2dab7cdc0e974bc0c87a66fe9f3e52ea6d297bedfe7b0d24b23e13bb2d7cb4a2bffa8439af30b1522cc024612e86281480211fba
-
Filesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314