Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06-12-2024 13:58
General
-
Target
cd5c31ede1cbdd9d25065e61a19fa245_JaffaCakes118.exe
-
Size
2.5MB
-
MD5
cd5c31ede1cbdd9d25065e61a19fa245
-
SHA1
665573e81301cd999cdfcf62899aa437558eb9d0
-
SHA256
ecca5e5ec8023a414bf77bf0cd489f33540e603184fd20914688a999a08cbab8
-
SHA512
b54dd6d0fee7050419d6df7358ea53690bf00e6f4b84579e0bb87b979499b348b1eef22d5e2a7fa5a51d69607201738e42fc16fa27d3f3b19e215bf365d39b86
-
SSDEEP
49152:5XPRhJBTk1xLWUMu8XQaFjeVPq/AMHNR8JH66thE0fO/2K6juvW:5jJBI2U6XgVPSMJHHthE04uuW
Malware Config
Signatures
-
Disables service(s) 3 TTPs
-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Rms family
-
Indicator Removal: Network Share Connection Removal 1 TTPs 4 IoCs
Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
-
Modifies Windows Firewall 2 TTPs 16 IoCs
-
Sets file to hidden 1 TTPs 8 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 16 IoCs
-
Drops file in System32 directory 45 IoCs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 48 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Kills process with taskkill 10 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 4 IoCs
-
Runs .reg file with regedit 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd5c31ede1cbdd9d25065e61a19fa245_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\cd5c31ede1cbdd9d25065e61a19fa245_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\setup.exe"C:\setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\stop.js"3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "4⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im RManServer.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rutserv.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\SYSTEM\Remote Manipulator System" /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\System32\catroot3"5⤵
- Sets file to hidden
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Local\Temp\stop.js"5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Local\Temp\install.bat"5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Windows\System32\de.exe"5⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\net.exenet stop rserver35⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop rserver36⤵
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rserver3.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im r_server.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im cam_server.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\system32\cam_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\SysWOW64\cam_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h "C:\Windows\system32\rserver30"5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h "C:\Windows\SysWOW64\rserver30"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\system32\r_server.exe"5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\SysWOW64\r_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\net.exenet stop Telnet5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Telnet6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config tlntsvr start= disabled5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\net.exenet stop "Service Host Controller"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Service Host Controller"6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet user HelpAssistant /delete5⤵
- Indicator Removal: Network Share Connection Removal
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user HelpAssistant /delete6⤵
- Indicator Removal: Network Share Connection Removal
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /delete /tn security /f5⤵
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="RealIP"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Microsoft Outlook Express"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Service Host Controller"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="ò«ßΓ-»α«µÑßß ñ½∩ ß½πªí Windows"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="ò«ßΓ-»α«µÑßß ñ½∩ ºáñáτ Windows"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete portopening tcp 570095⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="cam_server"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete portopening tcp 57011 all5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v "Ä»Ñαᵿ«¡¡á∩ ß¿ßΓѼá Microsoft Windows" /f5⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v "Service Host Controller" /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v HelpAssistant /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "cam_server.exe" /f5⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\System\CurrentControlSet\Services\RServer3" /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\catroot3\rutserv.exe"rutserv.exe" /silentinstall5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\catroot3\rutserv.exe"rutserv.exe" /firewall5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit /s set.reg5⤵
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\catroot3\rutserv.exe"rutserv.exe" /start5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Users\Admin\AppData\Local\Temp\stop.js"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Users\Admin\AppData\Local\Temp\install.bat"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx001.cmd" "3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\setup.exe"C:\setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\stop.js"3⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "4⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im RManServer.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rutserv.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\SYSTEM\Remote Manipulator System" /f5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\System32\catroot3"5⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Local\Temp\stop.js"5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Users\Admin\AppData\Local\Temp\install.bat"5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Windows\System32\de.exe"5⤵
- Sets file to hidden
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\net.exenet stop rserver35⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop rserver36⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rserver3.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im r_server.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im cam_server.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\system32\cam_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\SysWOW64\cam_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h "C:\Windows\system32\rserver30"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h "C:\Windows\SysWOW64\rserver30"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\system32\r_server.exe"5⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib -s -h -r "C:\Windows\SysWOW64\r_server.exe"5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\net.exenet stop Telnet5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Telnet6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\sc.exesc config tlntsvr start= disabled5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\net.exenet stop "Service Host Controller"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Service Host Controller"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet user HelpAssistant /delete5⤵
- Indicator Removal: Network Share Connection Removal
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user HelpAssistant /delete6⤵
- Indicator Removal: Network Share Connection Removal
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /delete /tn security /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="RealIP"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Microsoft Outlook Express"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Service Host Controller"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="ò«ßΓ-»α«µÑßß ñ½∩ ß½πªí Windows"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="ò«ßΓ-»α«µÑßß ñ½∩ ºáñáτ Windows"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete portopening tcp 570095⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="cam_server"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete portopening tcp 57011 all5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v "Ä»Ñαᵿ«¡¡á∩ ß¿ßΓѼá Microsoft Windows" /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v "Service Host Controller" /f5⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v HelpAssistant /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "cam_server.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\System\CurrentControlSet\Services\RServer3" /f5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\catroot3\rutserv.exe"rutserv.exe" /silentinstall5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd" "3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\catroot3\rutserv.exeC:\Windows\SysWOW64\catroot3\rutserv.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\catroot3\rfusclient.exeC:\Windows\SysWOW64\catroot3\rfusclient.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\catroot3\rfusclient.exeC:\Windows\SysWOW64\catroot3\rfusclient.exe /tray3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\catroot3\rfusclient.exeC:\Windows\SysWOW64\catroot3\rfusclient.exe /tray2⤵
- Executes dropped EXE
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1System Services
1Service Execution
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Network Share Connection Removal
1Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD5d17970a0af7b0b32e133bf7c6afcc9a8
SHA135b458062431be19c60d52055dd5352859b97ae9
SHA256f8a1a89c5eaf95a5294135e452bc6ad8bb5eabab1256f37243c9e56ca1267217
SHA512256d048a0af8313848e4355db3d177554338655b31b5487c25297467c4ea2e1df51579c5f904bb541551fc3eeb5d056e68e1b3a85f6b3ba65a5d15996e5f4d2a
-
Filesize
120B
MD58a31d6f5479ce86ce736e89cc2fbdfe2
SHA1dfbaf647a39269658125be366cf0ce0977939aa2
SHA2569830386c00c661099f30e7a5c1586fa3f3f8a8579e0f0999cd0e1b9ba9f61f4d
SHA5124267ab9ecd73337f2bce43216180446ff5bf8b1c4c89298bb319fd0c3b4b4456a4b4020186cb8d3f4aa19a61ca1eb3cf296069635c63967655c32bb78f1538ef
-
Filesize
144KB
MD5513066a38057079e232f5f99baef2b94
SHA1a6da9e87415b8918447ec361ba98703d12b4ee76
SHA25602dbea75e8dbcdfc12c6b92a6c08efad83d4ca742ed7aee393ab26cab0c58f9e
SHA51283a074bef57f78ede2488dd586b963b92837e17eea77ebd1464f3da06954ae8ca07f040089af0c257e2836611ae39424574bd365aea4a6318a2707e031cd31a5
-
Filesize
1KB
MD5d34b3da03c59f38a510eaa8ccc151ec7
SHA141b978588a9902f5e14b2b693973cb210ed900b2
SHA256a50941352cb9d8f7ba6fbf7db5c8af95fb5ab76fc5d60cfd0984e558678908cc
SHA512231a97761d652a0fc133b930abba07d456ba6cd70703a632fd7292f6ee00e50ef28562159e54acc3fc6cc118f766ea3f2f8392579ae31cc9c0c1c0dd761d36f7
-
Filesize
448KB
MD5d7eb741be9c97a6d1063102f0e4ca44d
SHA1bf8bdca7f56ed39fb96141ae9593dec497f4e2c8
SHA2560914ab04bfd258008fec4605c3fa0e23c0d5111b9cfc374cfa4eaa1b4208dff7
SHA512cbcaedf5aca641313ba2708e4be3ea0d18dd63e4543f2c2fdcbd31964a2c01ff42724ec666da24bf7bf7b8faaa5eceae761edf82c71919753d42695c9588e65e
-
Filesize
96KB
MD5329354f10504d225384e19c8c1c575db
SHA19ef0b6256f3c5bbeb444cb00ee4b278847e8aa66
SHA25624735b40df2cdac4da4e3201fc597eed5566c5c662aa312fa491b7a24e244844
SHA512876585dd23f799f1b7cef365d3030213338b3c88bc2b20174e7c109248319bb5a3feaef43c0b962f459b2f4d90ff252c4704d6f1a0908b087e24b4f03eba9c0e
-
Filesize
325KB
MD5cf6ce6b13673dd11f0cd4b597ac56edb
SHA12017888be6edbea723b9b888ac548db5115df09e
SHA2567bda291b7f50049088ea418b5695929b9be11cc014f6ec0f43f495285d1d6f74
SHA512e5b69b4ee2ff8d9682913a2f846dc2eca8223d3100d626aea9763653fe7b8b35b8e6dc918f4c32e8ae2fc1761611dcd0b16d623ede954f173db33216b33f49dc
-
Filesize
98KB
MD5b8622a3042d7fa48b2e6de433007c870
SHA16399b9d115c3f1d3c5469f81b1a821bf75b75ae8
SHA256cdb8330b9a36462dad63fb5c98520c4dd1cecf8a20d071bb0eff15ecf9fe0c98
SHA51219450e826c78cc9526bf9ccba356fa63c8282ae3093db9ad71c1f21bcd80b3850b3aabbd2221fd6ddc293378df3d52ac0484c8882aeee517145d018ce3b4ed73
-
Filesize
84KB
MD565889701199e41ae2abee652a232af6e
SHA13f76c39fde130b550013a4f13bfea2862b5628cf
SHA256ef12a65d861a14aed28480946bc56fce479a21e9beac2983239eac6551d4f32e
SHA512edbb1a1541a546d69e3fd64047a20613b47b3c08f2b639a53160b825c4a1462c4cc08a7bf417aa2db814f412fb16619c6c0d9364e21cc1c6d753ecf81f1d30f5
-
Filesize
240KB
MD55f2fc8a0d96a1e796a4daae9465f5dd6
SHA1224f13f3cbaa441c0cb6d6300715fda7136408ea
SHA256f8686d8752801bb21c3d94ebe743758d79b9b59f33589ec8620e75a949d1871f
SHA512da866275159b434205f259176c3937b7c77b14ed95d052152b05b984909e094bbd3b2702d3e874a4a1e1bc02fc5a8476ea43df8aee43542d56e832eacc8f54ad
-
Filesize
1.6MB
MD5086a9fd9179aad7911561eeff08cf7e2
SHA1d390c28376e08769a06a4a8b46609b3a668f728b
SHA2562cede6701b73a4ddd6422fde157ea54644a3a9598b3ba217cf2b30b595cf6282
SHA512a98f593a306208da49e57e265daf37d6b1bd9f190fba45d65dd6cfa08801b760f540ea5cc443f9a1512eb5ddc01b1e4e28fc8ddecb9c0f1d42c884c4efaa7193
-
Filesize
4KB
MD59abf3c42aaf72838183735217b5cea01
SHA13d052727ecc8974294da7afa1d63a7ebd052c2eb
SHA2569215ce00c1168e012f73599605c575361e56b33c5f4123289ac4165a02350f98
SHA512b6178a3bae692b688d70a4bb1396fb5a4c3025d641fc53fa1ef9273526c6812db4c83f89e606f7318e19ec44c89192d9d44d89f2a358b9481eb10c593e48bedf
-
Filesize
541KB
MD58c53ccd787c381cd535d8dcca12584d8
SHA1bc7ce60270a58450596aa3e3e5d0a99f731333d9
SHA256384aaee2a103f7ed5c3ba59d4fb2ba22313aaa1fbc5d232c29dbc14d38e0b528
SHA512e86c1426f1ad62d8f9bb1196dee647477f71b9aacafabb181f35e639c105779f95f1576b72c0a9216e876430383b8d44f27748b13c25e0548c254a0f641e4755
-
Filesize
617KB
MD51169436ee42f860c7db37a4692b38f0e
SHA14ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3
SHA2569382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46
SHA512e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0
-
Filesize
2.8MB
MD5a90c6e72a9e2602560c521a1647664ad
SHA122f7f0ddb0af04df7109c3ddbb7027909041fa73
SHA256579e5984ad5eb6e5e4b004acd01c95f609a1330f3900cd9851562eb4ac879197
SHA512fbba623cab28c0648e8bdd03c99df9e2a84180d72ea8e63367e943f8b432ebc36a7e10a8bfce11ad1803e54a8514f1ded4fec72e680ee04386965b5eb6a5d6c2
-
Filesize
3.2MB
MD562dbd11dc36780e35af1aafaa6a8f0f1
SHA1dc6aaac7171b351be3397c3e0e1769dffa848723
SHA256b06604ee55206b081a8378f771f3501f48df1c0023b1d6edcbc5f781aa521f57
SHA512b7f311286387ab39a0a54ac3dbcb74d9db3de4e2657dd6f0e182e38e9ed5400e87f1000c7b978fd4bb34fc373dd99bcb18271296f03248366a9cb52afdaa695d
-
Filesize
310KB
MD53f95a06f40eaf51b86cef2bf036ebd7a
SHA164009c5f79661eb2f82c9a76a843c0d3a856695d
SHA2561eb88258b18b215b44620326e35c90a8589f384710e7b2d61abf4f59203bd82d
SHA5126f28b5de28026319bed198f06b5461f688ca401129f1125e9e9d3b58956cc0d546234c2d202827bd74b99afd2ead958a863a520a1f4b7e599d385a8a67062897
-
Filesize
14KB
MD554338ceec07b7ad0c2df48a3554ceed4
SHA1aabc2b5ab7507f79555dd9dcf92d72c2a97edbae
SHA256c5fe24561dda93a8e03f6ab6384d92a3a07cb0bb94c7709d54d2dedbff05ea78
SHA512ca6adf5a11666119a15790352437aa82a8a451099509035a6f9c68fd699cfafdc927bfc9886d4fc5ec2b02faef4947c3e08e60530e62727547573a15ef653712
-
Filesize
215B
MD5804b35ef108ec9839eb6a9335add8ca1
SHA1bf91e6645c4a1c8cab2d20388469da9ed0a82d56
SHA256fe111b7ea4e14ab7ba5004aea52b10030e0282bb5c40d4ba55761a2c5be59406
SHA512822a3ec5e0e353058d4355bc01a44440dafe8d16c57744a3dcbc962eb110ed3f6843556568616bfc5dc7fad5f5832cd27d6591dc50105f2c79fc16c33919936d
-
Filesize
2.4MB
MD5c2e4a4ad4c46b753683ed89dfb53da06
SHA1a48d390fea3fe3f687ce3bc114e20f848b75eaec
SHA2565194c439d22de3cf80092dd77507d393506a72b6cf7aba946cdaa8f75a75070f
SHA512e7509423732a75143265298b9b1be68a95099717fef658742da8d1dfcdd29e7cb9b71f048f6dd7ce95650df51da1c90edb724a42faa71047231fab885f87c12f
-
Filesize
352KB
-
Filesize
3.4MB
-
Filesize
352KB
-
Filesize
3.4MB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
3.8MB
-
Filesize
352KB
-
Filesize
3.8MB
-
Filesize
352KB
-
Filesize
3.8MB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
3.8MB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
352KB
-
Filesize
3.4MB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
3.4MB
-
Filesize
3.4MB