Analysis
-
max time kernel
30s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
28-01-2025 15:46
General
-
Target
JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe
-
Size
1011KB
-
MD5
4c941f3e5b45e7dd7a0c952ea0eca873
-
SHA1
62188d96857542f646af2e25efc9bfaad360989b
-
SHA256
6b6c71e2acdcd6cd60b6a92a6315bbd8a238c515da7121b2093a5a5b8f012de8
-
SHA512
bf85324101691d2e46ea6df1283179cf3ebaa4781022d82a74eaa57ebbecef57eb2912e7c0e696899954165a1e04341684be422b2b5bbf9ae3120807bc320d27
-
SSDEEP
24576:ea0wkR6E2GhhOdVOrP/snad+sIQ/RgsG3Ev4LVKrwK1Y91jYd:qsGOmr33d+sj/RFG0gLVKrwKc1jQ
Malware Config
Extracted
cybergate
2.6
xlskk
ratxlsk.zapto.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
explorer.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Hack been created !!HackeR!!
-
message_box_title
Coded by !!HackeR!!
-
password
1111
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Modifies firewall policy service 3 TTPs 9 IoCs
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass 3 TTPs 3 IoCs
-
Windows security bypass 2 TTPs 18 IoCs
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Windows security modification 2 TTPs 14 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 11 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 2 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 53 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"2⤵
- Checks BIOS information in registry
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"3⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c941f3e5b45e7dd7a0c952ea0eca873.exe"4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\dir\install\install\explorer.exe"C:\dir\install\install\explorer.exe"5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\dir\install\install\explorer.exe"C:\dir\install\install\explorer.exe"6⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
8Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8B
MD56b7cdcf9b24e1644f3f871bdb8e228c9
SHA1972e91637e7ef0bd42a20bb3325d21886c1f0de1
SHA256aaf7e3364e8a19f56eb5df6f550660795902fc68af1c387034a327fd988e9858
SHA512b7f6ace4d5f00d71c1545beaf15e337135f363120b368fb4743cb92e44b81151b92ddc135b57658378d871367045f97f704d6991c11981079cf51ea4aa6a9833
-
Filesize
240KB
MD5528f841bd23f4885314d0c45a97e4c2a
SHA154a5bc9333f10c39bf376dfb9cb718ce79676e30
SHA256bdf6cab5ca4f7ee31f8ca1d673023312b585ebfc30458079e082d8b0f9742fe5
SHA512119bf05471fbd838c625c586f9e25b48525df8b69495818bbe8cf9a1d8bafe83915e57d87ee37c015ae0311f162e790d813741f6239a89df79d6cdc4c8783c83
-
Filesize
8B
MD5a799885cf240c082f957355760df01e7
SHA172eded5e5d07461795b7aa264f421a54044dfde0
SHA2561a706017f58c9547991d0be292a2d93c78f4d4e940acf3bf0eec34ca6da204b4
SHA512d8315606704c363073e3b94e095e1ae678f8220d43fd3b43eeb6b35153707b6084b029a6c72d313b5e0031da7e4a5475ed3b58d4a542e6eda18841e504bc1ab9
-
Filesize
8B
MD5ffec55bd5487a59c8b4a49cf81bac654
SHA1e1448c9a9920687bba4c382f11553ab5ae4fc2f3
SHA2564741e6ea58705a21fbc202323fcb769ce8a57b52bb7c699a761e9905adca31a9
SHA512d6154197443b2968b19564a4140f9480849cc8ba3de5546b6cc0f76a366907b3cbe746e433881623576637e84d821c41abb7b296f3332fec7ecb30afa777ca26
-
Filesize
8B
MD5a6562087fae3c902f14ed753d0ec85c4
SHA1c205406c8116d4cb244dc1efbc94568e4843289e
SHA256347c5deccec711f086c39f3149f4f447761769d74d4b493f7903241220fbc6b1
SHA5127dc0d51551d474daa6b544ddb06ac3611b71623acdd8c09488e0c9c210bdf50349a0ae2a34faa0a04024f6e52c6c99d9145ad417ffa276d508a45f9489dcdce7
-
Filesize
8B
MD584bd910c840adff8bbad1cd899f3ba0e
SHA13253991624e02b0809194fd6d69d3ce97b92b4be
SHA256eb0a66481052a3e75d5bef75de2d3be22159b7a5c911851183cb0867b69f60a0
SHA5129b95f32cdb5a9a4656fc984c4af179882e093f8ff0ba477918ad59e563b080f9d0302263e49d9c4a6c89b3b428661075de7c6396b690c8fdf10d401d111d306d
-
Filesize
8B
MD5f699c683e1955949cc9ba21fddf65bfc
SHA1517e0e9d57222eb8144f4390141c0a1fccebeec2
SHA2561dedb3863ecc0247451f581bca9906c0e2b9905ee38b2b68315e16210e6e63ac
SHA512fb5cf7b2160e77b8d0181ac58f4bfc732a4c644fe9b93a114f2bde7195438258c2344f5525c5bbd0f1b0c91c72e3766f6d10290e3a54cfe6478792877196f51c
-
Filesize
8B
MD5dabcc2d85f61c55f6a4f67811415a994
SHA1b1fe4b265cc60f53abb08092c6e68255ae6fa4ab
SHA256e867cc34b2536528a07490d44a8af5f63bb08c9f5cd21f7f93892252524cdf15
SHA5124ff662dc4098227aab569f7f710c11ad2ad8ea132829cb608b7ca8c011a6ad5c5fa5fdbe80899c5fce225ad8fdbbb30dc2c30af3c7d81682bedb4d673e197ed0
-
Filesize
8B
MD551423853cb34105d896d56fcb27a8f69
SHA1d9d0e1c8691dcd519ccc4e552d49116e72ce49a7
SHA256ce674c7b70ffa24cfec37eb5870824fd98c92fe4190027320526d807c45ccf2d
SHA512e14a9fd0b74fda10177d61f3c9eba99baf4d163df9ba2833a577cf59ecb38b00ecdf1c7059557b5ba8bc0d59499425cb6c0d343a6fccdb4db8ce2311a781397a
-
Filesize
8B
MD502be15a90fd4cf8457c374eb458dab35
SHA18009b068e1384b4ab0a6813685db61d784acffe9
SHA2562ec2065f18b0b164fa4dff53929d027b6d7256377d029b74415c635a0b579bb0
SHA51252ce9db886dd3eac78737d29379313e085c75b3cfccd254fb2b618155214ca7430247e0ff4c88bca538b49843006ba493c62b9bde8137b79fac0b6fe61081953
-
Filesize
8B
MD5cab4566772f765e7616911aaa59040e6
SHA1aabd4d56b86794afc754a74275403b0a25cdd49a
SHA2565a35bb95bb9ffb520f33dc681d7c7c9ac8ddb97c086a5a3c5e094b4a43d71419
SHA51269ce57535456f425d51efd164bc780027c2a355ac48f03018cc9973428e518f7bc4a48ed2cc377765fdafd0aeda16185a20ba540e408fb2eb4953c09d45feb5d
-
Filesize
8B
MD57166c4a6387ceb84fc548c38f65ed26a
SHA1b02729d9c8cb018702bb27a5904310d387d38505
SHA2561dc39860f9f08bb6ba5bac5c2c10db673606a292132d25fb91b3334b10744377
SHA51268db3c7c5ae06b048bb4220a32e7ffacf96211f273ffe583e1046f5fdfe4d2ba2eea73f9210d50c35701a44e2fcc9ba5cdfb9d9022001c4e158ce6256f09876e
-
Filesize
8B
MD56cadde660fcfd9db300f32b0a7eeb37a
SHA1cb69cd3e310371330d677798919ba26fa7fb10c0
SHA256ff333c133d718bc0c00e01ec7b8bc67d00a18094626a1a09a7230de6de387131
SHA512daf66fe774be7a6cbe283102d4ad54bb4ec670671352fe4a93ddb88329edbce248864f55114f80d99cd66dc959fb30d9e4f57b5ef45efc671b78a186e6f9bf1e
-
Filesize
8B
MD53faac97ca67bf355a64470613b71bc82
SHA1c2d1ac8fc0917d04abdff7ffe16443a8d0ffa0fd
SHA256e19217d1ea175714b2ec770ef2b9f0f8ad9a3d0cae8572da9b8c0915f7c5a83d
SHA512995c5e8428dd62195837bc4f55f50f61e33bbfda9ca5aae9d49ce83b731dc1b4e3612fea5d946c3181af51146aa804f715319f9587e21badbea73fb74182d8e2
-
Filesize
8B
MD50e7c431e16bd75aa62944e07439f25d4
SHA1ac20d05ab746cf8aaa3769acddfe660f0c2fd742
SHA256aac4ec3e17eb4d81d6e246c81df6a29f5d7a7f983e4e0818ebd7ba7d5d70620d
SHA5121fb1c2834c8f3a5c3ebb6f50e5157d9b27c40d1839e4bb7d4a716ed88c33cf83c4beadd6fe1ca22638732c6214a45bd35c8be2dd83f49c809728908cc91a12f9
-
Filesize
8B
MD528f68a7cd631baabe1ac7ba5fca36ecf
SHA172b61064eeb2c1c85ff266dbff141085932c4940
SHA256fccd3582fa8b981c39b123a13c286d5deaae0a4723cfc1b54b605f961e04caba
SHA51221b53f3bc1ae46fe280ea2988de96ccc41d679903c55227b2d10942d38c7709b07d97d581f7b56c139ce6d902125cb1b091b1a8d6bfc5e549f14a7e16ba9bb5b
-
Filesize
8B
MD55c9300cbee342b0898b971311c0eed58
SHA127cf05a16ade8e39aa188706e9618d1d5081c79b
SHA2561466eecda165d7eaa601a32985dd4e8620ddb7e47e5053d924b05236a8eea690
SHA5127a99593039f9aca41841e095aae68b163d8f4e29d22e1237ad142e09b0d7831209fa5d3caef8f4fcdbecb457cf3e6f12e630f5ac63e2d3ce0ea50de923e52938
-
Filesize
8B
MD5c038f132446883d67b30851f376c0ad7
SHA11b0c9943ea55f92f0cfab05f80edaccd04bc2674
SHA256b626bd66bd1eff7e5e20ef254837402c018b199a3b98817a4aafcd2c3df30d3e
SHA512f8b4b883e8a96729ef7689fe49cf18658adbff522946307a398eabb1fab7f90b0cd4ac1e0b0b4200a0790d25bf3922ddac26f35b03648eb29cf1def6b641637c
-
Filesize
8B
MD536b57b448301a606bdd5b80422232b94
SHA17e0afcb9be8a09ca77405095acffcbf17e949ae4
SHA2568aec9068aa6bebc4e6384fef7044990429e2fd6bf415c3778a980fa1bfed62a3
SHA512cb18fe50ff7233e7510b730032d11bf47419e5d7149ab4807693393653b240925cc4ba40362eb0fac4c11fbfc2a9947055e9bd20d6ade52265bb7593a5698a81
-
Filesize
8B
MD5b9a658be1b1f0c5b4d8251785007cbee
SHA1113439033d6dc4b9f8daa8c77f3e3432f728022b
SHA256e668b9057abe4e300374f16d7ee6ba7507da51b6eb6401cdf82c3031ee241914
SHA512063ceafef5e6d0f6d59935474d94898b635e049543c0b40834c304c52619849bf88390dcd80f1304b89f4fbef1852884e9ae63863dd3e8a5d59c4c8cae93da6b
-
Filesize
8B
MD5075fa1d816ab9604179f15a70d754202
SHA1cd26d0cfc05d747a2bddb3d6d3d28d3fdc89fdee
SHA256d592e0a2c6ce7026cb875b0ef523d9c1e17fa82ed1a27b45aebab798c6e8f10a
SHA512035310b757a25ed1c33e03e3899907830629efbd547e3aee2538dafa8a6afce09f137e487b79a0878faf60da965576aece49220285ca16903ad9c36c2f69adc7
-
Filesize
8B
MD58251daa48115038e9451836676da7deb
SHA1d4179fd9ffe317b5cb946c0ded477eac98847744
SHA2567e2db36997427d7a763c8adafab3c049059d7df1bcc9db59cca2d77c73afd6a5
SHA51254673c780ee0d37b5ade18f3f54f3afd2978fbd822ede068b9de14bf0b5fba9e565cc143f0286f0810957b222180ee312b3002343f59a7fcdc76825d459cdf6d
-
Filesize
8B
MD50fde1181088c7862ea42183c0639010e
SHA199c4d2d76b37e1fcd64ea04458f541245bd71bf8
SHA25639ad8e69e7c0ae87b92cd4625eb6bd16115b92a8d82617b626183b2a7b60f5df
SHA5126cb62aba098874d67cb088bff75f2d129bbe0d50fe9dcbabea2cf8f87508021d3337b38e9337c37c082ee39b7f6beaac952eb04b4ceca377c7adbe9a24f9784b
-
Filesize
8B
MD53838e631810f6bfde082f45acfe54278
SHA1391f75c70577abc28b8213a0ddac3ea008097505
SHA25640d0a244a882b4a95ba3993205a21e817facb0bc9dec7a59570c22752f19daac
SHA512c7a5478d88d2c6fdac63167a740461c1e21e89bd25d621c00f7a0ba614f0d88f9b6c164d322f8b20ccf3535a14c45cb1940836b14b8d6b9aee1a73caf94dcfb2
-
Filesize
8B
MD5af6000953d98bdb13c474be8cd35c543
SHA118997c4a7328b34464ec5854bfdf0cfc2417af75
SHA2566182dafd287bb734cfd317dba4fa6da66e66d395ec572a5a9dde3803b4dad097
SHA512058aa8d3d26372526f3600888ce0a1afebfbc7063af9684c3381dcf2905f5464a1f8351ba736a47280abbb8af8114095d8cfc1a4d84c70ea0b1c92bc37753ea8
-
Filesize
8B
MD5a60d35835fdcbe8e2cf557868bb15995
SHA171d9948ce0f41b96ac5eea612eac7520ecec25d7
SHA2562db07ea4b9f7e6e065223f94b7f06c1e35b7da64419c0c8fe0ab350c5f18179b
SHA51205926089935f93963fe19f8f6194b6ce0cc0dd8f3284a6573d36749453300669b690e540fc55f91a4290fa10f4e3d9d5892f35ca985a4533904eea1d5b9de94b
-
Filesize
8B
MD5a410f3a024f5577a3dec510b0049f45e
SHA102953a77367edcb51a9ad319d6cb7a511bf4d39c
SHA256bab759a573b32b082f7cbe05d0040418b70b11317d7d432b4c5c753bb59a4254
SHA51223538c9ca9a40fba14c3e614142c7b193008915432a677d0c63b19fa60c6b012b2a42cbeda8172d8e25a428c36f6e7f0c901d770e07f3d513303b521cc6f184f
-
Filesize
8B
MD5e774288b9d203a741f4bf1ab31ba4575
SHA1602c603898156c382b1cbc5c59e6f52148f4672e
SHA256ad54162ed9207be2e25d360ceb02bbcd7ea17050c10b4970a1944ccf83f3b965
SHA5124f3fe0eff0ac7b4e48fdb48f335a70489de3e2552d695a446c8e9ac1d5338996c1ddba1beb14b063778813603d89aa5f2abc8e42318ea989cb936c9113d6bd13
-
Filesize
8B
MD5c1c6f7e60797637873ac40d3fd49c5bd
SHA15a1a3293cd51e1bfd5bee8cf5df127c9a1beb30d
SHA2560774f0c826134d3bb857fa2953b7065cf4d4d0c4c296f42c2f3715a3ceab50a3
SHA5125b29bf8e13c7a493389007d9accf1e4bb890379b9f009dad29096e2df3d02e80ee8b2fe4255ff54a8067780174cf77ae786d6de7831c082c0fd9a9a9e05da814
-
Filesize
8B
MD592e74546e0dbd3a6105a46ff37261993
SHA11719919cb2c5afdb7cb4bb812b920b5a818b692a
SHA25648fb8100beea0599c55adf054d4f8917c3205ff947fedc9b1716ee457fc709b1
SHA512704478babf81cfb30d31e6593656bc817eae17450d856b5ecad3e824ceca1e2b6b2682ec316fedae8947e6f029154ddb369e5df745eaaefd6b6e5a5351e5e8f1
-
Filesize
8B
MD5ea86aa2e28c1fae665550af6ac6667ab
SHA16dd4656c776db3376b2d8c2e9c6828cfde995490
SHA256ac00caf68cdcfc006835a1ab8392e02f70dd53a476b790ce3325424ae71b3e35
SHA512bc7caaf65e41cda98920ba3088ed0f1f4c40c3e11d791faca174203ca9ed2d8691497d8f45e70708f2bf24a2fbd94160dc620e407a19745ca40eda4968ee9e0b
-
Filesize
8B
MD58b4408a479e19d58c725b60b185f4672
SHA17adf6aaa1e10bec69844bd95feaaea0f0d25e1c5
SHA256419654a539c01dc0e504e1ddf747b821d31804fc05f7cabc86e3ba2d02022140
SHA5123431efd43d2347377815dfcb4a7658fb1750270cd8af9819d22f409ef06331c6748bd0ebba1d767003249fc5221cb856b99f38db83eaf6256c83de08be5381a2
-
Filesize
8B
MD52b9829a42b9ececbbcb9cd09aac0a918
SHA166eca4f3c1092347e3122748db2d54494cb6f551
SHA25634e3effde47582182fee213b95586a3a9d4b01bdbe8bd00380623e4ad3f19919
SHA512d8f88f783998d816ef743be4cc85f8de8fcd6f9c820724544f97f6983da9c6047a845a14d42e927da9775ec430475d6ff6ea342c092fd75164565c3ab9c63787
-
Filesize
8B
MD5a01a4d6e1434641cabd0e4de640f8295
SHA10895597b2cd7d8ac77121346d4e874641bb9e992
SHA256afcc378c7e8e47dd8b3e33ca1f1f2579c75afed93d5022131d85f185083a813d
SHA5128aa8abf1913029f518d76bab30f38c19e5281dc3f1bad21c2a3da470ff10d4c5142946d59664738c07a519f8fb3af85921b97c5f58d21e0064afb803d9938615
-
Filesize
8B
MD5430cf3fc0b339f9f4c3c406302acfabe
SHA1f1476e037085873fce6ff91774b068cb7f1e3e01
SHA256f129af02101b94feb4a0f64801b3b07d3e48afe069e7d2698dbac0a8b7e7ebfc
SHA512ddb175e3c243fcd31dc861bfe4ed2d7cc1680e653e43f5091632356ac8f0a93b4bd563ed67e950700073809964bbddf4c72de4846079e34eb87f7a5aa80c4c27
-
Filesize
8B
MD5a1e2dc6d6c2ec24741907e38b7ec6b5d
SHA17701f0bbf7afea0c99a920d4ee9357353bba7f2b
SHA2567261fef3233f37cfd267724fed5cd97b318680c8b53d07b81e532c72b89feb03
SHA5121262b4fa5771ebf73f1ec30d47ef84e74824a4a5d3a8f4cd70dfca7aab32d6b12ec9232acc3df3827cd1162f6467174209070e87a688471d7634890ed1b40757
-
Filesize
8B
MD55581d51edc85a6cf7fe3f05704acd7cf
SHA1da76b553f55fd49d25dfdb9edd6f0893a9cdf816
SHA2565ef48b5ce5e8e48076d6fb39eed1c21ee94b81f43dd069fb58bda1d0ff616ecc
SHA512b536bc18c1e656ba849727e6412a063810014a8b1323f9028d476b16a139bf00823a80468b8540cababa9ec69fba88ce3e6253462baf47536550b67d86774e35
-
Filesize
8B
MD5e4469d1414eb9139cd0de947d658d917
SHA1d29abd98beb50f9c769bb74fb41bb54b3c1dd479
SHA25656458575c1f53c67334e3faae369a10fe0a6b1ffe98359067b2e9bc164c40008
SHA51209c7215dbd136519b43f04cffaf81067e3271b484cf5643557635b1ea73cac38252a70fc42d3fe0b523f9c29e176c1835279f15744b16ece57dbc1e92e72bb0d
-
Filesize
8B
MD52f73cf056d532cd336f7b7253939486e
SHA12f283f02b3bac3c6cbf9b0e5e2a99ac00e9e1467
SHA256c071f86c07c4c720b2c0fc8302ac0b970eecbe29e06c18dda0e3cd94b4a53d28
SHA51275b6510e67ee0087941f8e65e520a0c38801305260f4573cfac6930aae90c7cf4873c4d30d684ed274f4ef050fa02d707652dc4c18fda16745775336e6b3d2c8
-
Filesize
8B
MD55435a4c779631c2196324d824a013a0f
SHA1b7fe205988254acc4155054915d63f03dbba917d
SHA25684622404d1ab2f824cc8c57fc1aeeafc66131539089d6887315df0041dbad91b
SHA512bdca7d8689534e0d70c19c910f1d6865011d4782e5a2d03579dc7ed21971004722c389edad917420ca394d1d238a71262b2d84faf766a07581e8a0f33d482ff5
-
Filesize
8B
MD553efee8b4e8c3cf14035db10b5be9afb
SHA18fa352aa61f3cf3575b3f71397b0c22f83b37f8b
SHA25686d61b6835cc7725741143465da3a995fec92fbbbf4ddd7f128cb93ccb82c28c
SHA5120dfb00a42890591b3a06a15dc1fac0a145624aba3b4835ab99ffffe90db3d0569c4e64cae5fb7a33f6546b27170f1b85666e07d2e7e99bc35daf9b1d30fe61d6
-
Filesize
8B
MD5adf98a9acce994daac8f2ac39bf26144
SHA11f31d61bf563c8cb00aaf7ff1577cae75e97201a
SHA25629f31eb3385bc50c2f55c17487409ff8298d94037f4d5c3189c5c947815a0a48
SHA5128f22f6150000a15ec8fc2534e80c9daf8201b48d0b909f3c034007cd9bf42df4b50c5b427109137f69038a8ddac0b78e48cd22fbe0ecb5372f0ee0a682f2a04e
-
Filesize
8B
MD593228faae6a510dce01583c55044c265
SHA1ffcdaf9f3936cf03e280072952e40cf93e173f94
SHA2562b698e61b047d46760e22f60dff32f729ca301f6d4f084469e59f8cca0a30215
SHA5122c3f71fce445649a4aa2d1f55273aae78548cc2975b24cdb415b146c72bfcba888f848cab0bb08a77ff825b6e7fee66513aaf0197cf12c86a15d694218eb219c
-
Filesize
8B
MD57ff5e992a3708eeccfa9cdc84b1d4fe5
SHA17dbc6f42ba09fa663c4b2f959fbe42cf58834fb5
SHA2561fc7b8b21cb663bb40aad58755836666013b96a5b404315baa68a6d9d9f9867f
SHA5122c6e43e74958c4f6bcbb0406c243e88b82fb09120bc9ff7d0a0021e23ebaae12f5caf276c1700e6743f675ffae486bd258666cbe794a38617130a8fff70b776c
-
Filesize
8B
MD5731ea0f264201483ca9de1f7d2c5a05e
SHA1dd1306936affc510d9fa99d06c9ef38bc7a26b1c
SHA256550d75adc25197b66bd254f3c88005f27a184086b3f19fafd5aa2468d1bb6086
SHA5120ae8ade870bd91d4180279db60a15362d3a4d53457fef5996f4cb377e6520afede76d936b3e06c6de17a97c048797442e38bdc00f861a4404944cd5d5543b3f9
-
Filesize
51B
MD55fc2ac2a310f49c14d195230b91a8885
SHA190855cc11136ba31758fe33b5cf9571f9a104879
SHA256374e0e2897a7a82e0e44794cad89df0f3cdd7703886239c1fe06d625efd48092
SHA512ab46554df9174b9fe9beba50a640f67534c3812f64d96a1fb8adfdc136dfe730ca2370825cd45b7f87a544d6a58dd868cb5a3a7f42e2789f6d679dbc0fdd52c3
-
Filesize
15B
MD5e21bd9604efe8ee9b59dc7605b927a2a
SHA13240ecc5ee459214344a1baac5c2a74046491104
SHA25651a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46
SHA51242052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493
-
Filesize
257B
MD5b9174fe8a02ccf1a0381fd560a3e84e5
SHA11a256bf3867aca97e301f3bb6ee7fdcca6900728
SHA256b872260fc81d37f418dfe3739b3b12de3dc6cc97d62bb09e53878b41a964c450
SHA512499e24b65044633a3d352a587398a002013736f2e76bb66d66dd5456c45d9fb17eebf4b167f10622d1ed2b7f2e8da8d0b9093a9d00deb4f3fb99b99202528c2b
-
Filesize
1.1MB
MD54d0a997a4571026b66cd9b2db56c6eaf
SHA14604263a91face8a76ec97a09503c4750aff6e46
SHA256cf3408498144d401dd34aa63039af562eb53ded26954250c2b278a2b92ca4fcb
SHA51245c74f91ab42740b20ded7ca41c3ad1a05b5e42fff14bb05a98b2cc108f05e89d5cc55caabeb4db6e8fc300664ccd6ae9f58b3670fada3539e9c8c07c6c4a7d4
-
Filesize
1011KB
MD54c941f3e5b45e7dd7a0c952ea0eca873
SHA162188d96857542f646af2e25efc9bfaad360989b
SHA2566b6c71e2acdcd6cd60b6a92a6315bbd8a238c515da7121b2093a5a5b8f012de8
SHA512bf85324101691d2e46ea6df1283179cf3ebaa4781022d82a74eaa57ebbecef57eb2912e7c0e696899954165a1e04341684be422b2b5bbf9ae3120807bc320d27
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
392KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
392KB
-
Filesize
8KB
-
Filesize
888KB
-
Filesize
4KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
920KB
-
Filesize
888KB
-
Filesize
392KB
-
Filesize
16.6MB
-
Filesize
16.6MB
-
Filesize
16.6MB
-
Filesize
888KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
16.6MB
-
Filesize
16.6MB
-
Filesize
888KB
-
Filesize
16.6MB
-
Filesize
8KB
-
Filesize
16.6MB
-
Filesize
16.6MB
-
Filesize
16.6MB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
888KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
292KB
-
Filesize
920KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
292KB
-
Filesize
920KB
-
Filesize
292KB
-
Filesize
292KB