Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 05:59
Static task
static1
Behavioral task
behavioral1
Sample
53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe
-
Size
418KB
-
MD5
53474c750c9187e0490082d8e1c11a6d
-
SHA1
a53490817cd28f7f9d3689c1dff73308e39ea8c0
-
SHA256
22761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786
-
SHA512
77ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92
-
SSDEEP
12288:qINL5QskZOSBJRVhQKUN3iduyA3fpIyTCP/tkhDzOkZ:n5mZOoJPCF3iduy669ViDykZ
Malware Config
Signatures
-
Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
-
Modifies WinLogon for persistence 2 TTPs 6 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\HBimlPyf.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\nTUFfozA.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\FaajStvs.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\bneVLMBl.exe" reg.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,\"C:\\Windows\\system32\\clientsvr.exe\"" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\ProgramData\\683642\\svchost.exe\"" svchost.exe -
Executes dropped EXE 4 IoCs
pid Process 2280 svchost.exe 588 svchost.exe 700 svchost.exe 2952 svchost.exe -
Loads dropped DLL 1 IoCs
pid Process 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Adobe Startup Utility = "\"C:\\ProgramData\\683642\\svchost.exe\"" svchost.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\clientsvr.exe svchost.exe File opened for modification C:\Windows\SysWOW64\clientsvr.exe svchost.exe -
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 1796 set thread context of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 2096 set thread context of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2280 set thread context of 588 2280 svchost.exe 47 PID 588 set thread context of 2952 588 svchost.exe 55 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe 2952 svchost.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2952 svchost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2952 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1796 wrote to memory of 2560 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 28 PID 1796 wrote to memory of 2560 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 28 PID 1796 wrote to memory of 2560 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 28 PID 1796 wrote to memory of 2560 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 28 PID 2560 wrote to memory of 2640 2560 csc.exe 30 PID 2560 wrote to memory of 2640 2560 csc.exe 30 PID 2560 wrote to memory of 2640 2560 csc.exe 30 PID 2560 wrote to memory of 2640 2560 csc.exe 30 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2096 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 31 PID 1796 wrote to memory of 2512 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 32 PID 1796 wrote to memory of 2512 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 32 PID 1796 wrote to memory of 2512 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 32 PID 1796 wrote to memory of 2512 1796 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 32 PID 2512 wrote to memory of 2888 2512 cmd.exe 34 PID 2512 wrote to memory of 2888 2512 cmd.exe 34 PID 2512 wrote to memory of 2888 2512 cmd.exe 34 PID 2512 wrote to memory of 2888 2512 cmd.exe 34 PID 2096 wrote to memory of 2688 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 35 PID 2096 wrote to memory of 2688 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 35 PID 2096 wrote to memory of 2688 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 35 PID 2096 wrote to memory of 2688 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 35 PID 2688 wrote to memory of 2708 2688 csc.exe 37 PID 2688 wrote to memory of 2708 2688 csc.exe 37 PID 2688 wrote to memory of 2708 2688 csc.exe 37 PID 2688 wrote to memory of 2708 2688 csc.exe 37 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 2876 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 38 PID 2096 wrote to memory of 1992 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 39 PID 2096 wrote to memory of 1992 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 39 PID 2096 wrote to memory of 1992 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 39 PID 2096 wrote to memory of 1992 2096 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 39 PID 1992 wrote to memory of 344 1992 cmd.exe 41 PID 1992 wrote to memory of 344 1992 cmd.exe 41 PID 1992 wrote to memory of 344 1992 cmd.exe 41 PID 1992 wrote to memory of 344 1992 cmd.exe 41 PID 2876 wrote to memory of 2280 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 43 PID 2876 wrote to memory of 2280 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 43 PID 2876 wrote to memory of 2280 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 43 PID 2876 wrote to memory of 2280 2876 53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe 43 PID 2280 wrote to memory of 2288 2280 svchost.exe 44 PID 2280 wrote to memory of 2288 2280 svchost.exe 44 PID 2280 wrote to memory of 2288 2280 svchost.exe 44 PID 2280 wrote to memory of 2288 2280 svchost.exe 44 PID 2288 wrote to memory of 332 2288 csc.exe 46 PID 2288 wrote to memory of 332 2288 csc.exe 46 PID 2288 wrote to memory of 332 2288 csc.exe 46 PID 2288 wrote to memory of 332 2288 csc.exe 46 PID 2280 wrote to memory of 588 2280 svchost.exe 47 PID 2280 wrote to memory of 588 2280 svchost.exe 47
Processes
-
C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tuvi9d4q.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES121B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC121A.tmp"3⤵PID:2640
-
-
-
C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\khyr8x8q.cmdline"3⤵
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1343.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1342.tmp"4⤵PID:2708
-
-
-
C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\53474c750c9187e0490082d8e1c11a6d_JaffaCakes118.exe"3⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\ProgramData\683642\svchost.exe"C:\ProgramData\683642\svchost.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ershds7p.cmdline"5⤵
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E7A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1E79.tmp"6⤵PID:332
-
-
-
C:\ProgramData\683642\svchost.exe"C:\ProgramData\683642\svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:588 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\shqplxlj.cmdline"6⤵PID:2960
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1F54.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1F53.tmp"7⤵PID:1040
-
-
-
C:\ProgramData\683642\svchost.exe"C:\ProgramData\683642\svchost.exe"6⤵
- Executes dropped EXE
PID:700
-
-
C:\ProgramData\683642\svchost.exe"C:\ProgramData\683642\svchost.exe"6⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2952
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\bneVLMBl.exe"6⤵PID:2852
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\bneVLMBl.exe"7⤵
- Modifies WinLogon for persistence
PID:2184
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\FaajStvs.exe"5⤵PID:1144
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\FaajStvs.exe"6⤵
- Modifies WinLogon for persistence
PID:2160
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\nTUFfozA.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\nTUFfozA.exe"4⤵
- Modifies WinLogon for persistence
PID:344
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\HBimlPyf.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d explorer.exe,"C:\Users\Admin\AppData\Local\Temp\HBimlPyf.exe"3⤵
- Modifies WinLogon for persistence
PID:2888
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
418KB
MD553474c750c9187e0490082d8e1c11a6d
SHA1a53490817cd28f7f9d3689c1dff73308e39ea8c0
SHA25622761f5b95ad6b2932fd543292606a4390728e4837a9914c087ee0556b910786
SHA51277ffaf942f932c2ec81a1ca2c0b9f321c28745fd8f0cd1f91f8e0b7bd69fc82099b81cd736514309e8f431b7a6cbecf19ee154844587e3fbd1c097ec969c4f92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD544c52c25cc55dd3b92b508c2eaf24e5b
SHA1b29cc28e89a68ebe0ab1c75fbf96f5f48e7ab95c
SHA256165d1c9f9778c508cf37b1b99477ae84c9d831f924a5edcad7bb6bdc9eea5ea6
SHA512da8ed7e82fac5aaaf9729a55c2c017c9f02ee1ba74ca084f8f7bd9dd7a38706a1df7aed57301c5842be36918f57080d2cdb0681db509ed5573e9df3017f0d86b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5904329701d77780524eade97ab2c6fe0
SHA1f9bafd0e0aa9111b69fd6c8d1a12d4fbb3846447
SHA256ac67c5b5a625e91808d639243e8c12c1fbcd50ca8f474e82eec49ba69bb46588
SHA512bbd45da7040fd1739748b9a3b888eb81c6d1c7cd6a95da135abafe8e994d49587d47d4347482ca4f53daeeebc877e75c9d79e457a3e07a907a2852fb139a8c30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5664d1f985eef739675814b46aacfc46b
SHA1f77d7dc0ea92d045a3c6f085bbf2fd1db5156be0
SHA25602e32e9e2c725c161b655fa375c9f450854be53c8145bd89a7b84733fbfd171a
SHA512f9c66034957c0162286f10ca83d06aff8929ac94517ede11641bfef7ff486e71b5e48e6da0c8a3b73680dd6ef558e785659f94761ae703d62e2085df82859f2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c88a6ee80bed03bcda58ce47e21e9690
SHA1cbe6cbf5b5a44b6b35a4bfa7cc71b4e0507be5b5
SHA256957beff88403ea5eff2fd8dac1c35247d26b3ad86fea422b11634984ac640fb1
SHA5124ad08d8568047b6300509b73cbfe3f09c7c9d448a5c19694ce8f09ada35c7d71bf13294df7aa47a5c5a8300fb9ed887f4af850fec1d943dbc15cbe33ef1d76d3
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD56c557886191378e52f2843478bf2629c
SHA1124d824a11b9c09d3de0879c5262389c3a9287d8
SHA256f17ed9b47c3d2a5a56a051f7fdaed9517f387069ff0348a743c9a2b5cad582e4
SHA512c98fb6234de1172d97586a22cea052ebf3251ff53a40c543db7214282cdb98710daa45ca4730781149bc1b3e674e643e3ee2fef4c81265c587765c3f70cac8bd
-
Filesize
1KB
MD5c9f7aacb33aaf22af3c42f1db6396511
SHA155b647772b4b49bf88e2646347e85bcbd1c4ff9a
SHA25611ea243d70691d679ea142897d04d570c172b47f3a733b9a05dfaccd57d3d454
SHA512b072f32ce8a766d0b86d26e55ead8576af4147a9dba70560c39f080299b625e72efafb738c2ea10840081ea22d58cd5a7b77e930ef011066b2fa5d1b6ea1bccf
-
Filesize
1KB
MD57a6278b775c4f260f925a2f3c0740023
SHA1b9ce08f83f6f30f7689c4f85eb438efa314d2a40
SHA256cfa2927c16af1b5e36ee5e78aa5575e94128c693be628d3e2e3142f1cb11e36d
SHA512296e06cc1971edf1fd4a86bfff9dda682f300eab25b8a610cf09cfc18cfa2a532df94c30a4989e71531291e3cf5136c012026c351415c3893a0db8e7e9496414
-
Filesize
1KB
MD5c73a877ed2886699841531d4e96ed622
SHA1e0f83914c03b420d62bc229055bbe998b69c38ae
SHA25693d80d2154f469e211991059a80a04b58e06a6c65e8d9f9ddaec5373b883e5a8
SHA512e4275cfa04ed4b6f1ab98d58c31a01a21c9538184492397512b931b72542289e8461cb0f24b354019097fc92be84c13dd2ac6900e356c840e780d6269d313021
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
828KB
MD5951509d8367f7b779670be79f6092b7f
SHA127aa0390b24dd4752acc95a83dc54091637834e2
SHA2562ab6e1ea271edfde12234c977f1e2f1f9b5d29b15d6d678ec60f5941629327fb
SHA512012bae9f557f0eb379b4f388b134fe371ddb64f43bd13f8d7a9402d06441d707e63ae70bbb8111b041b99983e86a6454cb9cdeaefe5dd28ca50de74b7352f332
-
Filesize
556KB
MD5aa01cabe2e46ab788fa459acffe73f65
SHA1ccfebd1ba8cdcdcd92e6f4c5b55d321dc78e1608
SHA2566d9b255f31ddf168305fbd7ce4a6e60086dc7db602bba8b5f376fbcfdf657e00
SHA5124fc75805177cc4d527b3c92af4a8c4998fc85100df0cdcecad9441ab69d378c505b5634ee335c9781300345f2e854443fe07e389276a09ca6d712c3c02be08ef
-
Filesize
556KB
MD515fb5c463a0e9067dc0853c883579578
SHA1b1c19815167e7670e0b3e0d16b92d4126c9b6528
SHA256e416c3db6974896dd7e3a13cab22788b05fb9c093240db9ebbad0a958d96c978
SHA512d04c5115570aa370d9ac599f8ed5eb5c09fdd70ba49af055d28dc5ba3f83c314e12705cb7715a0912ddb4f94a2766a196572f55b81b15a2be2b192fc90931392
-
Filesize
828KB
MD53df0ad13e4993c96079b3ca01b25cafb
SHA17936af9b12671e315385dacd88f4199bd6ad5edb
SHA256a338c62299c29623c7f43091d4268062cc1bdf05e3df47fe3a7a15d7221aec0b
SHA5127e00d4598eb2f1ea3bf6bada3978c7a82df28e633d9728108e920c162b60bb610c1808f5dcd8eb862bd87536e4751f9042ebb00bd12945ad0a603dbc92e13518
-
Filesize
652B
MD5a1920b4e826b9bfb49014ee353ee56ba
SHA1fc5ed350475b3522b78f157522acfa0d71c707fa
SHA256ca287fab57ccd1bb740045653b2a989cad09818035d4b16fe9af0e1de705fdbe
SHA5124b4a66bd0fa1fe0960307b29949534b596c399f020e9b20877f85404028dd75973e06a30de347723c2039c390a0e2b5a619ab6f8e2d8a8564e17c0ee35f1fff4
-
Filesize
652B
MD559e2d42338bfbb1bc4320969b3069b4d
SHA1d857eb9ba05877394af1cb52827107722aa2abc1
SHA256ab8d27269d1debb83e3992b84b75ca45c2b52d117a94fc0c5c2a59d937d09b85
SHA512b358818c2c568228a9b31095aff76c75ea89ed32e67607da568562d9538c74264b7fd3824d087cd5c2a75d0e028fa1d855ab8445a41a9cfab49f994d3c706236
-
Filesize
652B
MD51f6ad6cb0adfb12c92edd890f22296b5
SHA1a9b3bbf2c1f520a7c12fd7fcfc5892288ca672ce
SHA25627ac9ccd45109a15f78e3c810de80eb498ee0aecfc552ee85d514b60bd5dbe56
SHA5125d6753f6292935da346d6621ec78b15d8e7fc67fd7aae3c7882c3b9b5f49d141eddfad13ed874064d4110a8c7e06c661264b1703282f76d13a37abb983f045a1
-
Filesize
652B
MD545c9b9eed94d3402851c03e753c01c5f
SHA13710f2cc74f59c9a5c844a0a25d2e59f149ef4d1
SHA2566d6830329e58a71045445af1f7de46f55a733c1e5c07f5fe95f683d93fea576c
SHA512fdf799d0c937b8fa48a97bc12e9880a05a70932e54a88d7e864ee911747effe3fe9695290083c5cafd9e09137551d3282df800cc753240a31014790609ff4c34
-
Filesize
196B
MD56f860839b1fc8e58fb719cecf51f6ff4
SHA15621be634f1880fef4f1868dabf0a39ad49f13cc
SHA2569b7f8f0793833684f1862bd2859afda4e555b2f0eb8d24b1fdb5cffb645398ee
SHA5122ee0496c70cb254614701ad2db14d3c7fd656e9d15909db545ad4204b7d0755d7662b8e522f0e27979ac465ce18f88b110b83da7f060695baf4518325f914661
-
Filesize
196B
MD5a82a80484c3bb265cd10c309d4e5d5d8
SHA11b40d54f312c245568064d6c06a6c547f86292dd
SHA256769566cff2789d747a3d8589e873a06921d033a8a6952c99b10c5563577b5246
SHA51260af2eda9e5cd13fe28a10922d119a988433d007245a92b4c01817951846f1ff77ed2622e5a81799eb71a9b0fbf761221c0acda0b660a900a31b8fbbf7093b03
-
Filesize
196B
MD57ae6dc5b6e5880cc09d1dadec0872051
SHA11b4fd0868a0a91dea2902ac6c557c60890680a9a
SHA256f69748d30d23e2b0355c7199e296cbe57308281ffd76079569b55e5a14f9409e
SHA512a0bb8880bc678e800dbda09f445963ad4ad7e79ee80778e5d02bc44e6ceeb042c8a8d2e19d96507d3af11256f03d0da491870e0f342758b241503bbbaa0b0718
-
Filesize
407KB
MD53fc0338c5b131613c2d4a8555d9d7775
SHA1c67542ffa9a87ffd8df40025ccc62c2a15dde83a
SHA25674af134a8b7df9e7bb5198a3e3a3e957eb49bf2b565e402929c913573cf8300e
SHA512ef2e8cc5710fb45eefc9a5241d506dac8ceee25ec886efbb262958d64ceaf86e219a6185f20dd13a68fa8c9f3c6c0860fabcea4eb2cfd310a6cac9a051367a56
-
Filesize
271KB
MD5e7311b28ef77fe20a83d1ea042945293
SHA13b8edf149437d35e4ba4241ddd85a7140827fcee
SHA256bfd1b696ef37f194027c9cf109e251fc5ff73de3a09d09ff77aabb4ae77ae534
SHA512d2711d9dd9b4a61c0db6b238477833ad5a8f56698436fb281fdc8af28d7d66d25de96379ed7a633c32854315891ea0c7a870e635b915c26b2c936cb56c442cc1
-
Filesize
196B
MD540a734cad390e9462e5d7e853c61ccb8
SHA1f3834a00974237cc942324c7dce77d95aaba6bb8
SHA256dc5d5c3db668e4df6373b3ddcc69e9c690d90d8a99c11f176fc5e835d84303b1
SHA512cc032541144a0d88ec815d9bb5d2b66c143cef7e83b6350cad9071b2f5c797136abecd6597d685aa35409956d3b611de68d18eae14943f642a890d9aa89db387