Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22-05-2024 22:47
General
-
Target
68e56acafcb0fe632ef7fc0d9d9a6588_JaffaCakes118.exe
-
Size
326KB
-
MD5
68e56acafcb0fe632ef7fc0d9d9a6588
-
SHA1
99bd546220ff8fadee2335cff747c485c9d5c72e
-
SHA256
7c4c29521545d8bb875e91b5ebbf342a39d336fbc77f566bc2cfaefc70454777
-
SHA512
c42f673feab8c17fcacec2f0aa0a6f8bae92e1d984ae4325dfba50e13b4221b2b701a32313fc698a48951bfa51436e193b0daefde7e71d289cdbf0d656901069
-
SSDEEP
6144:T3VTflVq72ECrYhiH6it/PMyWPC7EHwksThzkHY8AOoAt4qLTz754Z:T3VTdVq72ECrYhiH/t0a+wb9mY8OA7Ty
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file
-
Drops file in Drivers directory 3 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 4 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Launches sc.exe 6 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies data under HKEY_USERS 43 IoCs
-
Modifies system certificate store 2 TTPs 4 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68e56acafcb0fe632ef7fc0d9d9a6588_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\68e56acafcb0fe632ef7fc0d9d9a6588_JaffaCakes118.exe"1⤵
- Modifies Windows Defender Real-time Protection settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://hostas.ga/bb/tds.php2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://hostas.ga/bb/tds.php3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WCInstaller.exeC:\Users\Admin\AppData\Local\Temp\WCInstaller.exe --silent --partner=AE190201 --homepage=11 --search=7 --campaign=2922⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS8D5E9AA7\WebCompanionInstaller.exe.\WebCompanionInstaller.exe --partner=AE190201 --campaign=292 --version=8.9.0.992 --silent --partner=AE190201 --homepage=11 --search=7 --campaign=2923⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" failure WCAssistantService reset= 30 actions= restart/600004⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"4⤵
- Launches sc.exe
-
C:\Windows\system32\RunDLL32.Exe"C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf4⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r5⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o6⤵
-
C:\Windows\system32\net.exe"C:\Windows\sysnative\net.exe" start bddci4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start bddci5⤵
-
C:\Windows\SysWOW64\sc.exe"sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\sc.exe"sc.exe" description "DCIService" "Webprotection Bridge service"4⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"4⤵
-
C:\Windows\SysWOW64\sc.exesc start DCIService5⤵
- Launches sc.exe
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh http add urlacl url=http://+:9007/ user=Everyone5⤵
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
-
C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
781KB
MD52a241af18d9f0466aff6cd77c1561f9b
SHA12c6bfc8e583ed026fdf9ec01265d99e22d39305a
SHA256528804013487cdb1da617e512d1de68060602887bcc8a7822bdb1346a2995ffd
SHA5126779667bb57c87fdbf4dee57682e7851b5ad5bea39deb09fcb596ae48eb571317749ff59e825f91bd57527dab7477deac5b24bdbd86471844fad36876c08dd28
-
Filesize
8.8MB
MD52c178ebc4ac7466f63236e00d9e77b54
SHA16a5152b6c1fa9d5856c0ab2deed4c9912d05d9a6
SHA25655b1802b3cae0d58ef5d88b3b9a61f6635d8d568dab2bee7f2aed392a91ab0f1
SHA512ffc647865e75bb5b54b9bad5d218121c38ab8c7abc8b8770a18956a9443766c45820f19c4dc56008792f27951176449c637ca37998310efec44a644509bf4237
-
Filesize
3.3MB
MD53827ca1c0ec114a29bb576bef431f070
SHA11189dd380f160046de9f5f2f1d74459958f31a4b
SHA256dd45886108aa85350feaa6d9fcc6c922b0874dfa18bbfe23111cc8edcb37fcb1
SHA512480b6a1fc02fdec7fc2316f01b239bce98a6d8152770d329ddc4bfb37e2e00a7987a702900523ccc0380caabbee38a404683dbb20fe9c9b9456083559afb8218
-
Filesize
99KB
MD58697c106593e93c11adc34faa483c4a0
SHA1cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987
-
Filesize
43KB
MD521ae0d0cfe9ab13f266ad7cd683296be
SHA1f13878738f2932c56e07aa3c6325e4e19d64ae9f
SHA2567b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7
SHA5126b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c
-
Filesize
4KB
MD5e8b58a307f96dc9ce1eb2729f86e13b0
SHA15cee60f070930dc971e4d35d48e30364f623aad2
SHA2562c9a7118ef74c3b168663c8ec6f3a7b27653896e193129ed0bc5e9aa55a0afbb
SHA5127cd9fe7bcc8c8ec1466acc1adc7ab8c9ab6bdaf7c7c27dcc6c0cb43bab741f2519a88647ce43f74d7e9caf4ae39ae172dc639ed1b2027b9e8f15f35353613d91
-
Filesize
49B
MD595e8c6cd0a911f1ab4969c06b8cf77a2
SHA1be1b1f8abd0420f59ecab7bcf8120cdc2ce34195
SHA256de795f6d8591577054813bee79e7c5b4ee13360039d29aa73971c6b985d26ebd
SHA512e5eefaf761be7bf3cea207e22e98398093fa0a9d3b459af7df22bfbf07755816737a7b8b261acf01aec8b10b5d8f0d90132a4ecdd83c242b2cde883039fac1ff
-
Filesize
4KB
MD5baa334816d9fbd508f201666fe2df514
SHA138b885c4b8b5a977e27c9df390f64081135db040
SHA256d7f0da5e0381dd47bfa58d364f5169f86ac57eeacf3d108cd71213230b96fd70
SHA512f1f512d96d32a4b40964e577b253f9a363636917c4b47e476b1037ff43b2966c9bf840de5d4f7aada8f62248521f390aa5bdd56a303ef795f8f820c02515abb2
-
Filesize
17KB
MD580e1acb2c9fd443f4298bce8af7ccc25
SHA10caed9af7e3e11395246eb697b35532c6d752013
SHA2568fdb29858290d88f953e7eabbbbf6ef7362a54fc50108e9b148cdadc35ed3ac3
SHA512cb89672e2f7b5a596a9d1eb9df1a405c763e24a65d2c5def0ecf9671c5f22b207a48aa44c7e06179b93ecb564df4ed0f5edd26873e47985d99939bcbe034502d
-
Filesize
188B
MD5d78c7bc0d14b32d4e27684cdd3a035d0
SHA12a77ff55ddf1525a1d85525d5701c3f61cbb9ea5
SHA256a0d039a0128c23bd81453a7e9b8f6b6b9132e73bb65a49ed7ed04dd42278e272
SHA5122adfeaa208e96a6317d80526ab05106cf54e32d1d2af802387cc3c10a1ea5230344f12ac6dd52a910382f73f6da57c852235eeded537eb3d232af0f9e7b56d02
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5ee2ab1cb3eda00a537b9a37f726f4628
SHA1629865c315e1f7861e7c33f345baa3d9387b0ebd
SHA256aef2b4a71234767f40220113f20b9a0595bf394db9093657c6657a1f924b9080
SHA5128b99233ec9173c9302615959fc7a56335f4c59c6f1ce23aa0c0f9cae24701a6aef5cb1bd9a0741747c6a475786e4aa5301fe7a491560fde911a3a18934812853
-
Filesize
344B
MD5b22c8e4413b55498c9775b81f68575ad
SHA18d1c2b0011fbab71b321597e7ae92d86f144cfd4
SHA2561d592f52f476f0a9cfd14a27ad21cb34bf596f0223d2ef2cf5c6ca09375b73de
SHA51237674bae3e63d4e9f31b56631305b37559ebe7939d124c151a70145ed65ab857a64a20ed9191e8d660ed0779df30d256aa87dfd8ce3c33fe60860663add74288
-
Filesize
344B
MD5879628d1fff7cc3edfc4a0eb4201971e
SHA109fb30c44e683b60a7b35f41c4dcd72d68d8c18d
SHA2569e698f344bf2979016e4dafa42d6991403eaf97cf46e03051680d1485e62cc03
SHA5120f26a515837765015c6ebddee5a390e9e8c70599fde0a60bf367855383cde825389fc4af5ce38525331066515a6264faf0535d657c5265b94ca5b94c56e54075
-
Filesize
344B
MD5c1bf9d9d89665128cf6b03b200edecf5
SHA1ddd3a70e3788b7db59ca84446cc278bdaad2dca6
SHA256ca6ac916f51c3ef33df9da95d09c815ae5e9ce63be3a908924c3a0cde7d49178
SHA512ac8f632e619c285898a235343106acf68b27ec59b02597fdd3a9ca346a31be624391c68bb8895707801d7d4580d83795f7233539724d4ef084ad876bc1acb50f
-
Filesize
344B
MD590d392275852549fa5e806138276f640
SHA156d9623d171dc1a499791045dbd49b81727f491c
SHA256f5421e64b934a90b3e1d62c1201537c856c2a4749b7174945b642a80f5e8eeec
SHA512cd030485f5e967d80c3d60c77150b9bd24e5dd18ce245548844138677d1a49aad973d67548be026955795267220bf78b9478256e22ffe8b72bf5344bc54a30ee
-
Filesize
344B
MD5d086a32eb2f338773c3cc1618d4683cc
SHA18ee25a68dd6f4fa1f5793bb163d98a3570019fd6
SHA25693e06f24162b25f87cd85f6edc212210915f6b0316a8b8d020c02e541ff223f7
SHA512ff0c45cf00fecde29f4d19aa7f81e12d164c80e47ff965bc85def408bbe8d68809825d4036d68dbaa53a738ee7d1be63d15903e6fa0e0e23a66500a3b39a9cf9
-
Filesize
344B
MD5220fa3cb5005ea618b790965ca051eea
SHA1d0419fb4a53713c2ea4e275b1da8b0be71061fa4
SHA2567075179d8a2b106f93b77c17d16633620b317cf9b0b32756f5de96c2638a0cc3
SHA512b9f298c6c9cf7e6832bd4aeb830b1c0dedc0e04e0cb1899c609bcfeabedf4450d4cc120534bb462a00871a6420509d134dd0e3691ece0942200f39bb852de076
-
Filesize
344B
MD5b5c7a47730cb38b11e44a7c9a2a84fc5
SHA1a208be4c4ba891e3745bdd23e6d62a34a4dd46ee
SHA256b8d4a0e8e892003ea9f11ea83b4e7f37df81dc250ea5f08038bea6a6fe4d510d
SHA51234fa1b8f6a1755b19146fd73e9b74bc124c34105aef0860e69aa6cf29ade90ee0019680b16e814a8349cf9f34616e58f0c4ab916405680f974ada331000e1a63
-
Filesize
344B
MD540b5b9b7c2ee71da4328de538daf9677
SHA138186df3bdfe701c2b52113dc223fbd4d7a08f5a
SHA256855f6a69363ddb5650c765d4e3a248462385d9aa2fc189e715ac842a296e8840
SHA512c0ff1011073f54ae8b0c81ec8fa678438c8b49efbb2b7dd36b911fec215098d6af01133907c9436df59aa969b3c4622d77e8a3f94e242edac16bfc07dd964dcb
-
Filesize
344B
MD584c5adaf9c0f0618fe80ab3ffe35ea7c
SHA10a5df65a5db4c40f4c9b87fe154b4b3b9e32fbd6
SHA256f3bd2da19016f4b08214a999ddcdac2376351cf07f51437d57c2bcd3ecd57b0a
SHA5128988c2f0abd98574be9399033a16a1f2ba7292c454986fa5cc794c4cb8109865cbbdea92d48d8cda80b17f5bf0810844a48d9eb7fb2eb5d73827e5cb5eaa0fbe
-
Filesize
344B
MD5247a8858b457d5a013ddeef9c87a8c10
SHA117d7bfd3b73cb171d2c687b8f1a8a8208d9d367d
SHA256f8ce87144677f95da45dfcc77c604f522eb484746c009084fe02add2adabf264
SHA5120ab0b52c0df715cbac241919fd34a8a3951bd7d9d4dd544ff7af27f2ebcd74a8249f312f39623662a84aa2f65852137932fd89e408191fe249bd262c658620cc
-
Filesize
242B
MD5550831622917cf20855fd9aa3b3919fc
SHA1f5c807753a4e7adaca65b2c1cb02ea166b0f2fff
SHA256e32ac74112ed3a177439dd8f62d7deda8fa0037806efef0974b585053cccab9b
SHA5128c3cc242c619436c2ab4267b334647c91a39a341170fa4d82b8f88da5b0f2bb59dae72a6d1825e8e98b7a89aef18ac0132618bc44b3b8760354ed571ab6b3b7c
-
Filesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
2KB
MD50f52567ff36ee6655a32219f21b54887
SHA14fb341e09eaf176bc4e2d97f37a9de5d0c30872e
SHA25689deccb3a952f09d39de0a9644cf37fd83afdb4ab97b52d9e0a9935f8a6ed152
SHA512c44616767f441448cb32e40c3ae9c0f7836a726989424fa9d37c0f40af8779d8bb0f035b6763e7280063c3baa500dac59a3edf002195960cb85f53c2c9aa8c48
-
Filesize
1KB
MD5e4308a22084be6f951aa99648cdbe1c2
SHA1dbef8d6b73e101397816c3ade09d4f156987a53b
SHA256f96bacba602816427d078505dea2b0423bd391313950e8b60258471d7372b446
SHA5128d1aa1380a5623d247fea0d8e0178cc1dbb61141c7dc45c095930a420a904efbf7f80f3febb5411cb8a152ee12e5e667f6466cf33de58dcdf89e0199fd959867
-
Filesize
338B
MD50a35fbae99f45bc0dccdb777ecfd0436
SHA165e295fde91f90d55b107680e060895654fe66e4
SHA25619af84c48a15820c94367390d58588ddad8164b0ac4056c258a766c726329550
SHA512db3a0973a373c039603c750f0f196cbf65553cddb83739f1942402eaacbe178a775be87c4b034feb706830ae69d20158c3e3ecad8d5d3febc45146b487c3c42c
-
Filesize
2KB
MD5ef12bea72f5f2b272fe26b197b3ca184
SHA17126b27288d8e5108fb15111b779b5eb8f77e902
SHA256692e2d91afcd905969c5aa8fcbbb96b662207df6d1b78a595556bd3012533d39
SHA512b9be043de3eed4e836c31405818a7c13de1da341907f809d809f2c0d093bc6c0a17964ba2e0d9df1faf2708f2f91915a73787c6221c7e829b037d3ada08051e9
-
Filesize
2KB
MD511f06d0ad6ffd5bba69c33dd652f1bf4
SHA116955cf7eff60e17006f1dc334524674952a1484
SHA2563ca9011a3a97508dc4d1bffa39f237dd4d145d49018d589e8810f7315b1cdb36
SHA51275d0027a8c19e9e947965a5749f99f4586ec07245c2642cff233aee6c5bcbf599be1604cefd9edb0a559796f55ad510bc564d60b8c1446bd2317d1a50ddcb7d1
-
Filesize
428KB
MD5eb259a0e2377f4c0bfb8712b773456fe
SHA1d9123b055df58e33aa2ab2f242b30fc6a37f1cad
SHA2564f9d1e187920dadd4e7693897f8240621e498ffd1709915c3b8394aaa1a34b43
SHA5121f6e7c2233307a90dda68eaaa4ac08848b0499b464d3a307390a4b95ec1751d00b923572f92588b55f049ae6f4282d4126d2425e5caf8a95c8260f7600dc574a
-
Filesize
2KB
MD58faad08d58b1207cff53b7dc1a35af91
SHA1e74f806a6cfea16c2e5c6c90ff6a66111b61cea8
SHA256091d2aae6d9f4a9b403e45ebc578e0cf27a08d16e9b8784e614c8710080f2cca
SHA512dc0cfe69c6a3f715875f1badbf44eb90aeb97ebb5fc7b9f3dd4b4f4561de4c403b086709730f4f11de0815828f212591bf63b0fc591e8445ba7a320c574ea2ea
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
552KB
MD5bc4c25ffc19286961d5cc54dd79a6d2d
SHA1d1ca4a578a51946d38b0ceaf63a3a75c4b8fff5a
SHA256409960971e9e9e31121d10d5033f27ec07ac228e52c32873292f2ee8567a8eaa
SHA5120c4fc53d6d5fe5fa478f436616022a3c509d70a2d99714badfb945d88c6da9e005961b2d3409a124abdf5b5858001a0e385c58169c822f3b0d4cbd70327044a1
-
Filesize
242B
MD5bf39a354bc9fa9fbd7a2c37069f17969
SHA1523f9b126e9b267d06cf4ddc9d4f367139cfaae9
SHA2567955e16fd4d80b5d77d6e5b92b67a59e47ebbbacb4984207714d4e36ea5eb914
SHA512f324497da6491ad4b0c8f001a5d63fe5840cd6744d2f00ec4c7bd6759d16eb31ca63f4b62d7d382fa09b23069a54fe8f50ca51aa9932adfc7e452825218fa5c8
-
Filesize
29KB
MD5d59a6b36c5a94916241a3ead50222b6f
SHA1e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA51217012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489
-
Filesize
11KB
MD57041205ea1a1d9ba68c70333086e6b48
SHA15034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1
-
Filesize
11KB
MD58fd05f79565c563a50f23b960f4d77a6
SHA198e5e665ef4a3dd6f149733b180c970c60932538
SHA2563eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f
-
Filesize
13KB
MD5769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA5129abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b
-
Filesize
11KB
MD56486e2f519a80511ac3de235487bee79
SHA1b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA25624cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA51202331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c
-
Filesize
11KB
MD5a639c64c03544491cd196f1ba08ae6e0
SHA13ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b
-
Filesize
11KB
MD56f9f9d52087ae4d8d180954b9d42778b
SHA167419967a40cc82a0ca4151589677de8226f9693
SHA256ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0
SHA51222a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7
-
Filesize
15KB
MD5ebac9545734cc1bec37c1c32ffaff7d8
SHA12b716ce57f0af28d1223f4794cc8696d49ae2f29
SHA256d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26
SHA5120396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2
-
Filesize
11KB
MD5c7c4a49c6ee6b1272ade4f06db2fa880
SHA1b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e
SHA25637f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f
SHA51262ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff
-
Filesize
13KB
MD5bef17bf1ba00150163a2e1699ff5840a
SHA189145a894b17427f4cb2b4e7e814c92457fd2a75
SHA25648c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328
SHA512489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4
-
Filesize
12KB
MD5fbfcf220f1bf1051e82a40f349d4beae
SHA143154ea6705ab1c34207b66a0a544ac211c1f37d
SHA2569b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d
SHA512e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0
-
Filesize
11KB
MD52c8e5e31e996e2c0664f4a945cece991
SHA18522c378bdd189ce03a89199dd73ed0834b2fa95
SHA2561c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979
SHA51214b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050
-
Filesize
20KB
MD577c5cc86b89eed37610b80f24e88dcc2
SHA1d2142ecce3432b545fedc8005cc1bf08065c3119
SHA2563e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6
SHA51281de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67
-
Filesize
15KB
MD5a3f630a32d715214d6c46f7c87761213
SHA11078c77010065c933a7394d10da93bfb81be2a95
SHA256d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562
SHA512920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc
-
Filesize
17KB
MD5c99c9eea4f83a985daf48eed9f79531b
SHA156486407c84beecadb88858d69300035e693d9a6
SHA2567c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5
SHA51278b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9
-
Filesize
17KB
MD5d3d72d7f4c048d46d81a34e4186600b4
SHA1cdcad0a3df99f9aee0f49c549758ee386a3d915f
SHA256fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116
SHA5126bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18
-
Filesize
13KB
MD5a992f1e06c3c32ffe9799d4750af070a
SHA197ffd536d048720010133c3d79b6deed7fc82e58
SHA256b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f
SHA51250bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8
-
Filesize
576KB
MD5e74caf5d94aa08d046a44ed6ed84a3c5
SHA1ed9f696fa0902a7c16b257da9b22fb605b72b12e
SHA2563dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8
SHA512d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254
-
Filesize
938KB
MD5d4b22fb86c88c071335fe2fb623e40ce
SHA1cc722eb1098b3a630a990dbceb62e3338b064110
SHA2562195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605
SHA512369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1
-
Filesize
208KB
MD5b4ecb8001f71894c1a17860476981441
SHA172d28f2aa50082a152cb6b3e25895855188fe9b8
SHA256e6133baa62122e214ab9c114e9fff73bf25956518907a88577a85c8fb88c561f
SHA512930e1b8181048790fffc1a5bd7f9dde91eeb757f1f8f35e01373f9414794963a53c03239b4ccc60b5c38049aba9e4db0ef5c166e278751c15c136a331ae495b0
-
Filesize
456KB
MD5994672c2aa0d63930a0d8614bafeac09
SHA194dc5848fd00f05589707fece3f60b8840aed26a
SHA256c5a088842a698f1938c22f6314a141251282e32f263d99a6854c2d58fdee9272
SHA51247a0d7bf14b46cddc90cc1dab0add345e40621fcd11d97786b3947a04bf9acf1cd4cc304562a51c1f83b7b8422302bdf7f8dd23dd949ee6847850f5e911d6e4e
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
320KB
-
Filesize
64KB