Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 08:29
Static task
static1
Behavioral task
behavioral1
Sample
a008c96c6e8790772a2c2f782eef57f7_JaffaCakes118.ps1
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a008c96c6e8790772a2c2f782eef57f7_JaffaCakes118.ps1
Resource
win10v2004-20240611-en
General
-
Target
a008c96c6e8790772a2c2f782eef57f7_JaffaCakes118.ps1
-
Size
909KB
-
MD5
a008c96c6e8790772a2c2f782eef57f7
-
SHA1
e0a6fc502a846bf41e945cf97b5645f0b750dc8e
-
SHA256
f01f25a6a6ea86833987ee1a4f6f43c1349258e04e49656765c8830b78720fc4
-
SHA512
639eae5e1ebb44d10dc9b8763cf45b9e5a74ec50ddf972a6dda3cabc532416ec481ea5c3e47eeb6d0d700f9a7dd1ca54d988beb0c9da70039928d2ed3ba375eb
-
SSDEEP
12288:dXcAeyJRoWaf5Fs02EMSPiYUfRLfQkRftpRmPyRf7XcNHiqueRvpkLZJXuGynNe1:Z
Malware Config
Extracted
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\4868DA-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Signatures
-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Renames multiple (7466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0172035.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ExecutiveReport.dotx Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts2.css Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00367_.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OLAPPT.FAE Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2F.GIF Explorer.EXE File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS_COL.HXC Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF Explorer.EXE File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SCHOL_02.MID Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02127_.WMF Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PRRT.WMF Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3 Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WITHCOMP.XML Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\MSART5.BDR Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0216600.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\TECHTOOL.HTM Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF Explorer.EXE File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\4868DA-Readme.txt Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\FLYER11.POC Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\excel.exe.manifest Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boise Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF Explorer.EXE File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic 2.xml Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00373_.WMF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xml Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml Explorer.EXE File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\4868DA-Readme.txt Explorer.EXE File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00932_.WMF Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho Explorer.EXE File opened for modification C:\Program Files\Java\jre7\lib\zi\America\New_York Explorer.EXE File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF Explorer.EXE File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107490.WMF Explorer.EXE File opened for modification C:\Program Files\VideoLAN\VLC\skins\winamp2.xml Explorer.EXE -
pid Process 2304 powershell.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2304 powershell.exe 2304 powershell.exe 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE 1244 Explorer.EXE -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 2304 powershell.exe Token: SeBackupPrivilege 2536 vssvc.exe Token: SeRestorePrivilege 2536 vssvc.exe Token: SeAuditPrivilege 2536 vssvc.exe Token: SeDebugPrivilege 1244 Explorer.EXE Token: SeImpersonatePrivilege 1244 Explorer.EXE Token: SeShutdownPrivilege 1244 Explorer.EXE Token: SeShutdownPrivilege 1244 Explorer.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2304 wrote to memory of 2612 2304 powershell.exe 29 PID 2304 wrote to memory of 2612 2304 powershell.exe 29 PID 2304 wrote to memory of 2612 2304 powershell.exe 29 PID 2612 wrote to memory of 2068 2612 csc.exe 30 PID 2612 wrote to memory of 2068 2612 csc.exe 30 PID 2612 wrote to memory of 2068 2612 csc.exe 30 PID 2304 wrote to memory of 2712 2304 powershell.exe 31 PID 2304 wrote to memory of 2712 2304 powershell.exe 31 PID 2304 wrote to memory of 2712 2304 powershell.exe 31 PID 2712 wrote to memory of 2920 2712 csc.exe 32 PID 2712 wrote to memory of 2920 2712 csc.exe 32 PID 2712 wrote to memory of 2920 2712 csc.exe 32 PID 2304 wrote to memory of 1244 2304 powershell.exe 21 PID 1244 wrote to memory of 7048 1244 Explorer.EXE 37 PID 1244 wrote to memory of 7048 1244 Explorer.EXE 37 PID 1244 wrote to memory of 7048 1244 Explorer.EXE 37 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\a008c96c6e8790772a2c2f782eef57f7_JaffaCakes118.ps12⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3ohjiq9z.cmdline"3⤵
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BFA.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1BF9.tmp"4⤵PID:2068
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\_cn8evun.cmdline"3⤵
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1DED.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1DEC.tmp"4⤵PID:2920
-
-
-
-
C:\Windows\system32\notepad.exeC:\Windows\system32\notepad.exe "C:\Users\Admin\Desktop\4868DA-Readme.txt"2⤵PID:7048
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5811560f10f7ec8b09d2975b5115d26a7
SHA18af17af3c9d975addc0546e1cc32db2723345401
SHA2567344cefb3e3c13f0f4c4e1cc7ee9012ece0f28ade1bce76faa292f87f575a51f
SHA5128a633fd34a5c70c9057a0a5d078fdc628fcd1cebe0c87521c2beb539c009f8d76973c6c75730511d6aacd202e8e4ae281a562e0b9a7eb75cc2d4a0c2b4c0f7e9
-
Filesize
229KB
MD51c3447cd3a14d2998504ac99a7b6984d
SHA1e9642bb29fce754685a492709aa4c81f2f43fbb2
SHA2563cade122a8c47c423d3d52af7a5fc51742724a5ffd08cfa11a9a79df7632f4a8
SHA512b86c01bac326258bb1e30ee0e0444dfb4f73ba07c8d76b928cf27fc73d0fd29179292fa29b66d3dd5c7aa9763f1e39a6a970ef4f0e3dc628425a87435a47f40d
-
Filesize
201KB
MD5088fc511709ad9d57ca5f0506bf7ad65
SHA1cf1fa9b80ca3fd5980851b77bdb15cfe587cd58a
SHA25618bc16e7e42dc6cde2e8b80e5b9cde2f4c51732d711f988be93c6e28c5a3d686
SHA5120ae2ec911c837f1d2383a091e49b99e9c21beb83106d9a53acd4798f077212932ac465db7b51b61b99397cd7adb770d64f124c623368cf70440b7df423ec9033
-
Filesize
491KB
MD5af951ad1e99ec581571414a8fb793ded
SHA1baf0ebf9fe96a072a01d0a35f79c85c13047dde3
SHA256f87a267c632832fa3f80076301a4100d5d4aba3324d3c1a77354ed6f2b6cb90f
SHA5124785b8674709abea649e12058a3841fa8beaeb1ca8cb7ac368ae8053a229c456cb20a583b92b5423691c3215420c81b00ff5d6434a6a2153604958add30c83a6
-
Filesize
14KB
MD5f09e15a9baaa98fbb73f65dce4a0bd26
SHA1da6be343b7a03e951484bc69e957c44fbe5ea5b4
SHA256d9fcb458715c5a5328321939803dd317e610a73294d4a9d9f6873f28a6b1773a
SHA5126626ee730f780ab35cb4cdc3057ba584a1bb0c13cd9da88b333c9ab81bdcc11bc38d7b9d067158fef5b855a9a1e02ba0c7ade4e95698aecb97ba13d2cbc3ae1f
-
Filesize
284B
MD5e51ace737dfb554e214cbbd998a847ba
SHA13d56aad187727040a7f0f16d27f8c4961010f8c1
SHA2560bbbd0bfdd78e55a2e902c3efbcec133f8d8754dbd690b4ef45ea54401947033
SHA5121ff4576a3eb9d9754aaf5c48872af21f88078aafbe3c0d6ca8bb7e94d130baa58378337891264c1822fb83c5392636a9ecd8a9cc97a9fc495d82754d1088b28a
-
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.4868da
Filesize864KB
MD55866906d508007d0b8357c12cbba4357
SHA13a3ab9ca956747fbbb4113878a2f63d890875a4e
SHA256dd5fc322c75524f4ff1a8ec2f67dd99725eccbd771d09d9d75437297dbd2cd04
SHA512ae92da6b5adc2905622c7c799ca14cbfe9cfd5cc90b414bd547954703c0f18024d947f7cec081de6f3b3f466ba91e8d8ee9cf747ef2f30f8fd61cdd987e535bb
-
Filesize
637KB
MD5da81e8367728a03b4a4c12ff2e04b12b
SHA1db452f9aa0f2997e9712c7b87d245a74396e31e3
SHA25678690b330cabf006d8d4ad7316a07efc22662ee36a83f7909c3b0bc1e552bfd2
SHA5125a3f83a5f83f7ad3d16056c7b359ec93761906ab82aa15de8e5991aef2b04629407f0489c7afb42310255ade246928426d42d97d7b6eb0f87b2e2e126b19c401
-
Filesize
11KB
MD551fd9b3e557e97312c7df8fe9437be79
SHA1e5c075e6234c43970e0ca9a1da6b75c93ceb5fc0
SHA25602d7cbf08496a13e30871c0c8e998bceb33444f7943c71438e9e33a576a87b98
SHA512394e9368db80c0ce4506b7c8a97b1b7d3834cd7de36aa99c749cb2ecb93143cbbc757217b1ebf88cefdbfbbc1eb0082f6d1ea2b586dabc50c0de21e569a5b7c7
-
Filesize
269KB
MD589c0f0b600650e651d9a21a8813f4dd6
SHA13f590459979a4bed8022b441c755f2f403f9bbf3
SHA25674d25e86f159824f03f0eac06cac498d00b4e2449cb5bc74b2d1f34dc14c9df4
SHA5126c2981f051ab2b3870e85e06359265aff8a3cdc51c882135e5c65558e3f5a3ff0b3003eed74e271e80f8086e8bd39ef1671634609630ab9b7004910f65d771c8
-
Filesize
105KB
MD58d68ad7251976b2c9de7c881e751e709
SHA166e29ed1e0fc9caa84180f76228d85e4ef3aef74
SHA256e42a905941a6ed5a8e778b1f7aa48e941fbcc1d1f3ebfa1c0895d6c61454d128
SHA51201c8a4c276d5eb47e395dc0cd4fa439cacf45fba18efb56555c83120fba553bd7ee992131a00c3b20247c4056128b8cf1e4616b36c2a0e6812c27bc0acfdcc74
-
Filesize
544KB
MD5276014a01b3987291103bbe1013a0110
SHA18f03456c73b8317e39484d0461789eb41c0008a8
SHA256bdaeb28fde30da31b85b47122783aa1e6d662e903a5450868a023fb800a24a9b
SHA51211a5f3d4d2a9af9819204acdf3c73e48c32d6bdbde33cee36fb212b19a4c1124f159f89725c72da1ba76a18d3f881af7f587f25754ee475e80c58165a9448439
-
Filesize
352KB
MD5c1c1e08098560111a996f8a256e5d095
SHA1905cc302960413438bdd6345c109628532fb1853
SHA256172b63ca18b097170ff0ddcc8c74a8e8597c9a87fc3628c2af23f6e599769544
SHA512f5db8bc096374bbd9299cab94207a62064ec5c5924304d1469c64f907a7cee74a83f2149b12f7574d5b1941c9c65e5e96e542f4647c5081904e986355ab56f7a
-
Filesize
26KB
MD5a6613703cdeda3ef6965e118fa6cd5a9
SHA1843afc747baa225edb9abd5f1bf1e31a4edfeb85
SHA256429aa6f66c529fb2575bbc6d5579b82c3a198889b32e76c0f3778218eda389a6
SHA512eb6c966f324bd2df5715fa3ca34cb8435a2a62f34a1e725298c8a9fe320fcc87d843f6c58e5cfccd23be12da30123236dbfb325c78d0f301e71f866700e73ebb
-
Filesize
145KB
MD5d1312c204c49d1eaaee82de53cb18d9a
SHA182fceeb0bd29b33e2b6e6bc9e411a00da8e18d65
SHA2568c5102e44374437a9cf606eeb2d2fa52ea5cbe666abca52da8d12c4e2a7f5106
SHA51269bfc83e5edf50bce733d0df6aa0498d2a7d5b2557e09ef935933390878b920f0ff24b476e4fc851177b1b11f826749f4e8993e17f54a1fb402a375146ada328
-
Filesize
142KB
MD5144a86239ff4ec7c6488e06440aa54d9
SHA16a993f184da4a0bea4cf27915d7e0f0bc8868555
SHA256f4d06245d900683c05625592ea5048dcb31238cebd1b113df2307b33bdb943f9
SHA512953f9101412840f11dc1cd8907389662124ce15482c0798feb2dd0f993789b4a79565c815cba61e941042dd9c78aa52c5df58ee2e026d8ee2603a2c0003ff076
-
Filesize
14KB
MD505b1fb48a321740b917b0d164c6774c2
SHA1d6cd3f04bf57c8019b7d69462a20be9f90148d64
SHA25612bce3872536b3d9eff62bc794405dd9a0b07ff56a8881c66ea8f20e680bf385
SHA5125ddc3b6da023129fbd36303bd3915c92137eb3148776e179b4e8c97442dcf774b9acbcaae4de53ea057f456c56cc882cb3054c3eccae9674207e868af1c85a8f
-
Filesize
1.0MB
MD5d16b5a4ff40124e815f89222a309a3ea
SHA10ec973bacae9e52fc1bbd04c71b84fe01529f6f7
SHA2569206dd52fcf4dc2669cfc1e1b81baf1680208ad6027c84b1441b7b856703c6ff
SHA512df26021144771ab50c58051519a5acb5969e30bdb5abbf8d80711e8e6c46be251b53f76bdf15f976b745cd4d8122383d77b28970efe8c43b79f3eb2fe9f363a5
-
Filesize
6KB
MD585743f25bc34f3f948818a86485d5479
SHA1cf53dd81cb486fa647e2e0f298d5443e2d5efe2b
SHA256a5ea781b7b0cde9cf0015b74c83b62b27aa3e129da8321a71a6985e37186935c
SHA5127256cdd02479fbfd4399664b9a0c28724b972b89aa7433b45235d52f76b18e484913c8dc720cbd8cd47d72fb39279a756c1b7b08899434272e8588b3deecd805
-
Filesize
7KB
MD502679fd7b1883a11dadf157a9c8bb458
SHA16a3eab4414e451ffbbdb20487c7c1864279ff872
SHA256a4fd64bbe47ebcfc55d63ef6471fce8a63ea91b3396c53873ffd87fca8281728
SHA512a8ba52eca06d038149b21cf9c825c64b18ea787817f1362ed11d3e939ded4cd51dffbe7a2ce99033c23f7ff23aa04feae40398a1837ca67ce086452ec855221e
-
Filesize
1KB
MD5a07a70aa2a6757ee55837ed69e0a2532
SHA1bcd1eb130121911a2848c43e2b104f7528a50fd1
SHA2562c846b287bf35de936094b8e230d2dc164e7b38ed160caa9d93ca5f3de6f4cb1
SHA512ff0d7b42de59bb6e0b2c057452eb67d81b45a57ec2d6a2e0d6a019aacecfc367f2b0f57f9897f3d38dfbfa376e29e5645216baa6f58ec54ebb9938d7b4d54f8d
-
Filesize
1KB
MD543ccb818a73b1e798bfb459b43b922c5
SHA10d1d11835f63131b20731a2ee51eecd80a07018e
SHA2561cadb3b226ba737eb71326d9881937a58b542cee1bad6b596da8f732a32d88d4
SHA5129a3c79b997075d2030d7fad40c3d71becd339c772f05d2043e924b6fbcd9270d04137ce674cc46fcb66c661e4638ec7779c5eeb1e8896c78e4dd892dc37727c6
-
Filesize
4KB
MD532b7762fc219ed6a823c83e41f34b752
SHA15e83ad4955980edbebc1b17cadb659b6c4b1373d
SHA256de5273534fb74178eb731ba8b887e4f9ab0c9ed96cd84f4f32e9363e0abdd913
SHA512a3b860db89ae2e3387346be1a049ad4b8d2eae47cd917546e853bbecb5054fdc92a4a499c52a00c1c7e1f4fca86c8f4cdaa791d4c92534cc98024452734b4a9d
-
Filesize
7KB
MD53ec30cf9d656d091d843acc5c42b401e
SHA115418d68c34052253b4f292e9a80ec8e6f4c9bf0
SHA25696dc21545c8e1f21caf012709b1e2353024829388df3ba5dc7a3e6b338b84961
SHA51252ae1f4379cf81c289bc209f47f493336a0e33ef519668758cb4de40c129bebf691c8fd5c77096bb43773b56682d5b2bad64f194c03d2e32d936e24a7b6f5e1d
-
Filesize
8KB
MD5adb821d681853bdb5f96815a435533c3
SHA1f10358ae09199affc58a4c4b9b31677612252762
SHA25642fd2b1e45721ff7f27ec7ba2f9fd7840f03d38442da3fbf25ea687c4e5fcf68
SHA51214f6a680c227635e826b5e3b6b843b95d4b02f2a99581e9d67cf53fe4d08dae1217f6ecc42c2ac1409887e3b88fc65c0589b06beeec80dfb5441ca117a58777e
-
Filesize
309B
MD5604e4788aaa077169595dfe8d7b70fd6
SHA13c0b2cd27c58a088b821dc8fd6d3d46f79a51e69
SHA256886893bb579d981adf42c273a9ae419a9616f14ce1002ca7fa02cc62078ffa2e
SHA512bd61b1289e666fdd34d2070e0d9c656e1537d8cf2b3fd24909c1eb35f109576c4fc0f9886899d9648b24c7721fe0752b7a52956a9c0a4c363c15706357681142
-
Filesize
652B
MD5253cb724bd2dc07fe2c40ae4b31d1993
SHA1caf5ed93024d4364cc54215435d81434dea295d6
SHA256941dad5eadfdaeebb080d2cfc7649173c62e47c84b689861d9f53b3d88129443
SHA5125d353ca0a61b882a68284edaad0c820a9ca5db860ee7fb30dd77e5d1aaa0d192a3b82fa6fb02dca25e3172be3fb190fe674ae7df4a13b410527cb9a382088303
-
Filesize
652B
MD526bffa3bd5a87b6d588bcd72c05759bb
SHA1777afe8f1929a101a6bc6c5da11a77839bb2506e
SHA256a7b60cb895bc69619fec9fc420b32968d3079724130de960a088ee41c0719e8d
SHA512f8a732f2749b842a644fdd279212530e836238e306063e4d59bd7d232d4d0a3e49c014ae9436c5a0688a027c1b0ac51b6ac41cc72eae7831431b0ecec49492da
-
Filesize
2KB
MD5aefa890f6d791978020f664840a0e823
SHA10c6fe24d21f924ae96244b34fb0581bdede8f3b4
SHA2569590adbe5616b3efb6439412a0fd56f95cad0264467735846457f914abcd940d
SHA5126fe262134fc58d8ef3d3fd8fcf5695e0e7957d14e35915fc6d78abf677f13fe73c22d5950e6c6a6acaab3b02002250647b58ed826d1a7bdbe6f3068fa1ccb0ea
-
Filesize
309B
MD5d935481bd40e4da2ead7040bece01544
SHA1ccf2076fb25815c778dc07bb1f963a38f1a2e85c
SHA25632a93cbcb4dc0e2d0e65225df21c638e93c3bc49cab0468c7009af5dac3dc02c
SHA51216cfdebc472ff4954df0a13e9adadfa21ec9e92ca9bdaf20e065a827db648ab5f56cc891646249041cb2a0347d5c815988c76a749fbdcb82a5e497473d3ebce8