Analysis
-
max time kernel
101s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
03-03-2024 18:25
General
-
Target
https://cdn.discordapp.com/attachments/1213539495215898745/1213578524061990972/OxyCracks_NL.zip?ex=65f5fc13&is=65e38713&hm=dbf6abb58f3a7a0bff1d75c9df68bb44f0758ad1bc62a2e1db656b5f30887a3a&
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1213552478973333615/HgqZhFkfFc23la94axmDeeor-_w_RVjs_T-hJoCsewm4NGKl8540wNg3DAdr43d0NjoV
Signatures
-
44Caliber
An open source infostealer written in C#.
-
Modifies Windows Firewall 2 TTPs 9 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 16 IoCs
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 17 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 4 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1213539495215898745/1213578524061990972/OxyCracks_NL.zip?ex=65f5fc13&is=65e38713&hm=dbf6abb58f3a7a0bff1d75c9df68bb44f0758ad1bc62a2e1db656b5f30887a3a&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ccf46f8,0x7ffe1ccf4708,0x7ffe1ccf47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5584685412728536887,14852326060913317574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\OxyCracks_NL\" -ad -an -ai#7zMap4571:86:7zEvent55721⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\OxyCracks_NL\OxyCracks NL\NL By Oxy.exe"C:\Users\Admin\Downloads\OxyCracks_NL\OxyCracks NL\NL By Oxy.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Oxy.exe"C:\Users\Admin\AppData\Local\Temp\Oxy.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\server.exe"C:\Windows\server.exe"3⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Windows\server.exe" "server.exe" ENABLE4⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete allowedprogram "C:\Windows\server.exe"4⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Windows\server.exe" "server.exe" ENABLE4⤵
- Modifies Windows Firewall
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\CiliBaba.exe"C:\Users\Admin\AppData\Local\Temp\CiliBaba.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\CiliBaba.exe" "CiliBaba.exe" ENABLE3⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\CiliBaba.exe"3⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\CiliBaba.exe" "CiliBaba.exe" ENABLE3⤵
- Modifies Windows Firewall
-
-
-
C:\Users\Admin\AppData\Local\Temp\Never Give Up.exe"C:\Users\Admin\AppData\Local\Temp\Never Give Up.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\server.exe"C:\Users\Admin\AppData\Roaming\server.exe"3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE4⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe"4⤵
- Modifies Windows Firewall
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE4⤵
- Modifies Windows Firewall
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Insidious.exe"C:\Users\Admin\AppData\Local\Temp\Insidious.exe"2⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4c788658h0e69h4cdah8ef8h67333d840ce31⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe1ccf46f8,0x7ffe1ccf4708,0x7ffe1ccf47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16830338657636828678,9540339033487762724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16830338657636828678,9540339033487762724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,16830338657636828678,9540339033487762724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
Filesize
152B
MD55e64bb28a70b33c78e6782f17a561cc8
SHA17534626bb3d214ab78b77748ce1a48a3324f1c3d
SHA2561ea671aa3ba067acf9f318f8ca698aae76ee8964a66db8deb96a78c13dbe3e30
SHA512e114f488a51bdf0efb89d65e13170475d4098625cfe9946683608310a92041ba72255083995894056a0235860fa55cf04fbdc278f9cba5169d31ac0be374c601
-
Filesize
20KB
MD5fa32464b2f0ebead4b25e3c0062eac8b
SHA17e5eba71ec30a5d305d4226bd31b169e2f0ea7b0
SHA256ecfe5d737b95d4452f45aaa58b40ec1d3f02cb63ac57472cc0074efbf8c2cdd6
SHA512a96dd84346dac377e18236de7c70585384181b5eb7363481c7c3ec1b0a98eec62cb835f3236abe4ca8daa4d5fa230888ba45bc87b52c2ef54639b6e4ed61523c
-
Filesize
61B
MD54df4574bfbb7e0b0bc56c2c9b12b6c47
SHA181efcbd3e3da8221444a21f45305af6fa4b71907
SHA256e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA51278b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
6KB
MD5f2bcbcaf1728447e4d98db9beb46736a
SHA1a8a47d3d5309533509367f78385624818399ee90
SHA256bd6f89bf94d495f5de7c6079f1e5b0e2f2acca31821a21f6c9948ce412b68375
SHA512009ebd93ca030ebda9eb59e623bae61d51cccdb8a1a914a88004f4553c9263ef7648b42fe179290689056fd84c36e4d58a43af233f8e8964a665c1629427063b
-
Filesize
6KB
MD5e669970614c13de7bdc49d5cf16d2bac
SHA135055b14c8934ff1cd911a512c38375784a2388e
SHA2560fe82fec34f9836883a200f73dacd554df18181bdedbed89e0227be9e138522a
SHA512bde7706d6c1441c2bc4b5691b22515bd73d49ab9fe98debfb6b93431b3ef6c85cc1f0eba8a3e4535d360df7f9ff339790963bac60a891e7099329d93c76438a3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b94fd5d8fc7f3e1cac2855db33efe142
SHA172eb6f76213634ef0358de2d926678b74448f197
SHA2567195df406f6d4bb1c270fdf98a6352ccf9d1840eea9e3cc263f2efda42400ec6
SHA512e6f57c10c27fcc08ccf7d324ce2749185cac0c4dd762b299fd9f281d0b445f1d7d130a80d552a734c12efa44ffde7cece1e718108c4059e6f777f9e54f41f1e5
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1.2MB
MD5563bff808aed8b94ec27f90e982206f2
SHA197f4f00ce8fb90cce08c5f83c17771a5c5b71ba0
SHA2565405bd7ca679dfe6ade3f9fc733196563623a2cc01e6a97d36e8da02974d8cbe
SHA5127684aee114784ee58c673df9768473241114677490f09785d633cc505ab1b4e17efe330e22444571834d1091d813c9d990c159c977124f1863ebf5b0d578ed29
-
Filesize
960KB
MD54b2232ea5f1f55a3a506899ec08eaecc
SHA1c25db0ac3e92aa80d1e0d55b77af03fc003150b3
SHA2561a5db00efa1fa8297ffa9aa9066304fb976a7164f8238776dede2a7853bbca87
SHA512fe5c11c5db954d509bae1e3e90942ee946d0cfec29b87c83c826870301a887826dd78ec0359c2ed798e4e038d5f123b4c3369d443030bac3351f55f5793d6ef6
-
Filesize
1.3MB
MD5a6e884cc24bf04ebe764788a4809b480
SHA1a6a8175c619940e908caf5710e2f098c544eb859
SHA25622b7cd4e38d202ba4f3a94e1f9eb035a0d789af23eaad1ee64b46a3c81024a94
SHA5126dbc7b8e8daa16604425abc5e4c817b7e7a85cff4ebbacc2cd9cf68d4cb7eceaea7ac19181c638cb3ac95843712a7ddbf5f2bf40bdebd7060855940d50ba5681
-
Filesize
896KB
MD53b064ad14e03493986e670f6882d29c0
SHA1b467f5b558bfa1d6d6d4c836f09dc099917565b2
SHA25614a7507b22ce6469407122d551a9f2b5194225ccf4e87a27c3dab7050ab3d6d6
SHA51208d31ca193529980112d60fff9073767d4822371bf0181ec3f5ad4881687b6d7c973b428a1bea41346215a9ceea8d746e7ea084c0a693eeba9485d29bf8ae178
-
Filesize
143KB
MD5c8458152f64cd12af8253a942d7a0d96
SHA1004a6eec723c95b35302cb737ef748aca822823f
SHA25660320214411f6f8dc5eb31f2694177190bebe8feccc54fbdafbc6fbe141fd66c
SHA512a6b31c03616f7abb5a572eb22c4dcb9d6fec7ced36dd82f17ec53d4dc72377b7dbe8ad46d8127e21e33f54b76694f399528bc3fe0d203685cc6ab07368ba39ab
-
Filesize
274KB
MD54a9cb193934224753cb78b155ed433a4
SHA199bd1bf009525469315895c531af64da0292ad43
SHA256bb84b931c5900c04cd9f0e5eb6ad37fe83388b9fdd807e006eb3fc83e9d7f5ab
SHA51258b64c177fb8bd2eae97f22a9c0c7e9db47f316b5ec6d8479f6aa04f4a5b931388d45b7a2514f5d3521ddc3858c2df08668e32eb08ba62526da6e52db1b47034
-
Filesize
149KB
MD5213b9545ebaf4a3579849cc7e27c1e29
SHA1ca629386992d6588aa90df3a41c348495649dee2
SHA2568ae74c33d58231e3d236731e9927c5831425323b04a069176e1d6b377198d8e7
SHA5124b1584adcfdd7848ea4012d586953c08ce403d6c4000d8adfc79161dec0e74f1dd5604e8afe745d596cca7a4812c1933359ddeb58ded70fd723f998d369a20df
-
Filesize
144KB
MD57290e9bf05676c9dfd2f28ecf4b5782e
SHA1cf332986527dd04a6b723c4d607770cc19f727eb
SHA2566de014d27fdbba57c90d4cd7fb5150a83d4dfa86be0f1f17687aec000e3f4f56
SHA5129676bcb086f9ef76a3dfa4dbe4e20f0bf3ae7a35bdd618ab974374aefc35cafc64014094f51341ad8eefb649b22c52e1a6e76d0fb0984c5b717e5128cf0538d1
-
Filesize
116KB
MD5be8dbe2dc77ebe7f88f910c61aec691a
SHA1a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA2564d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA5120da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
Filesize
48KB
MD56c57219d7f69eee439d7609ab9cc09e7
SHA152e8abbc41d34aa82388b54b20925ea2fcca2af8
SHA2568e389c056a6cf8877ddf09a1ae53d1a1b1de71a32b437d992ec8195c3c8eda92
SHA512801f5b3f15e25f3be3f7ece512ffa561c97d43fff465e8fcb8afc92a94fd0bd3ec57c3e4df775beb1a6357064fad2be2ab6345bb8fe8c9b00674ade546bf6bc3
-
Filesize
58KB
MD5ee77573f4335614fc1dc05e8753d06d9
SHA19c78e7ce0b93af940749295ec6221f85c04d6b76
SHA25620bc81c1b70f741375751ae7c4a177a409b141bfcd32b4267975c67fc1b11e87
SHA512c87c9c68cb428c2305076545702e602c8119bb1c4b003fc077fc99a7b0f6ffd12cafdd7ff56dac5d150785adc920d92ea527067c8fec3c4a16737f11d23d4875
-
Filesize
106KB
MD5787f57b9a9a4dbc0660041d5542f73e2
SHA1219f2cdb825c7857b071d5f4397f2dbf59f65b32
SHA256d5646447436daca3f6a755e188ea15932ae6b5ba8f70d9c1de78f757d310d300
SHA512cd06ea22530c25d038f8d9e3cc54d1fdbc421fb7987ab6ebc5b665ae86a73b39a131daef351420f1b1cb522002388c4180c8f92d93ea15460ccba9029cac7eef
-
Filesize
35KB
MD5ff0042b6074efa09d687af4139b80cff
SHA1e7483e6fa1aab9014b309028e2d31c9780d17f20
SHA256e7ddac4d8f099bc5ebcb5f4a9de5def5be1fc62ecca614493e8866dc6c60b2ce
SHA5120ff0178f7e681a7c138bfd32c1276cf2bd6fbeb734139b666f02a7f7c702a738abdbc9dddcf9ab991dead20ec3bf953a6c5436f8640e73bdd972c585937fa47a
-
Filesize
86KB
MD558b19076c6dfb4db6aa71b45293f271c
SHA1c178edc7e787e1b485d87d9c4a3ccfeadeb7039e
SHA256eff1a7fc55efe2119b1f6d4cf19c1ec51026b23611f8f9144d3ef354b67ff4d5
SHA512f4305dcc2024a0a138d997e87d29824c088f71322021f926e61e3136a66bea92f80bce06345307935072a3e973255f9bbae18a90c94b80823fbc9a3a11d2b2f4
-
Filesize
25KB
MD5e8f45b0a74ee548265566cbae85bfab8
SHA124492fcd4751c5d822029759dec1297ff31ae54a
SHA25629e7801c52b5699d13a1d7b95fd173d4a45ab2791377ac1f3095d5edc8eba4bd
SHA5125861a0606e2c2c2ebb3d010b4591e4f44e63b9dbfa59f8bb4ac1cda4fbfdcb969864601dee6b23d313fe8706819346cfbcd67373e372c7c23260b7277ee66fbf
-
Filesize
43KB
MD56ef6bcbb28b66b312ab7c30b1b78f3f3
SHA1ca053c79ce7ea4b0ec60eff9ac3e8dd8ba251539
SHA256203daa59e7bf083176cbfcc614e3bac09da83d1d09ef4fcd151f32b96499d4b2
SHA512bec35443715f98ee42fda3697c2009c66d79b1170714ea6dedde51205b64a845194fe3786702e04c593059ee4ad4bbfa776fbc130a3400a4a995172675b3dfa9
-
Filesize
56KB
MD5467bcfb26fe70f782ae3d7b1f371e839
SHA10f836eb86056b3c98d7baf025b37d0f5fe1a01a5
SHA2566015c657b94e008e85f930d686634d2cafa884fd8943207ee759bc3a104c0f48
SHA51219362aa94e6e336fd02f1f60fde9c032a45315f7973a1e597761ae3b49b916aecd89934b8ed33ee85fd53e150a708a4f8f2a25683fb15491daa8430c87a6511c
-
Filesize
65KB
MD596af7b0462af52a4d24b3f8bc0db6cd5
SHA12545bb454d0a972f1a7c688e2a5cd41ea81d3946
SHA25623c08f69e5eaa3a4ab9cab287d7dc2a40aca048c8b3c89992cdb62d4de6eb01f
SHA5122a8ed5a4143b3176e96d220f0255da32a139909dd49625ef839c2dfce46e45f11a0b7340eb60ad1f815a455333e45aece6e0d47a8b474419e3cbbbd46f01c062
-
Filesize
118KB
MD5eaeb07ef0948a7707d3b2319b4fed14d
SHA1c1c89128b43af6b4157b873e1e9a26a601567076
SHA256e50f635db07a7fa0f58046d9e75a3424cd4c2bbb5b5e254c979d20c767739612
SHA512f8d7bd932b0d868299ca8c18db5bd8d20b6e14da5f565eed149e6c7ba0b16e8b6fd9dcdf3232448b1de72a5329358ca6c6935284b4c1cf95ead03c9f6404a810
-
Filesize
832KB
MD507053bcfac386ddacc15cdc6353fbc6a
SHA1c16c74a738594c4fb5c3fdd33769e02c1ac48277
SHA2566c2e9fc9e1f6a890e982a7b90f241be4eb6d94d69368810ea1f26d93be9fa1ae
SHA512d9a338ba9fc435b2ea03d144cddc60f4693a7603b6824f8218273204228dbe5b9ccc6d4e20b1e4356cf834f96a239864bf83d0a3f92504650a3258547314c811
-
Filesize
29KB
MD508b000c3d990bc018fcb91a1e175e06e
SHA1bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA5128820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf
-
Filesize
222KB
MD5264be59ff04e5dcd1d020f16aab3c8cb
SHA12d7e186c688b34fdb4c85a3fce0beff39b15d50e
SHA256358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d
SHA5129abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248
-
Filesize
1.6MB
MD5b167b98fc5c89d65cb1fa8df31c5de13
SHA13a6597007f572ea09ed233d813462e80e14c5444
SHA25628eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76
SHA51240a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8
-
Filesize
1.1MB
MD5bc6ffa9c00ccf6d34f8fdfa2d56e783a
SHA1c1f6cb5320367d5e7453c3d7bd0b266bf8becd39
SHA256bc4abe830b9b4f44f8b1603f4790943222d2915b547f906bbb58efc62e79bb37
SHA512a8693e907752bee73e1822e3fe8dd981f763fe3372374dbe4240b8228ebef1db1c2b02976fc5e3f9702109c83c16e53b17258822f7b65548019b3df8a5b8f05e
-
Filesize
615KB
MD59c223575ae5b9544bc3d69ac6364f75e
SHA18a1cb5ee02c742e937febc57609ac312247ba386
SHA25690341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213
SHA51257663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09
-
Filesize
456B
MD54531984cad7dacf24c086830068c4abe
SHA1fa7c8c46677af01a83cf652ef30ba39b2aae14c3
SHA25658209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211
SHA51200056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122
-
Filesize
25KB
MD5d76b7f6fd31844ed2e10278325725682
SHA16284b72273be14d544bb570ddf180c764cde2c06
SHA256e46d0c71903db7d735cc040975bfc480dfea34b31b3e57b7dafa4c1f4058e969
SHA512943ca5600f37cf094e08438e1f93b869f108abd556785e5d090051ed8cf003e85c1b380fc95f95bc871db59ffdd61099efa2e32d4354ca0cc70a789cf84abaa1
-
Filesize
630KB
MD573b763cedf2b9bdcb0691fb846894197
SHA1bf2a9e88fba611c2e779ead1c7cfd10d7f4486b2
SHA256e813695191510bf3f18073491dc0ea1b760bc22c334eefe0e97312810de5d8d5
SHA512617cb2b6027a3aba009bb9946347c4e282dd50d38ca4764e819631feb3a7fd739fd458e67866f9f54b33b07645ca55229030860a4faab5f677866cfa4a1f7ee2
-
Filesize
320KB
MD5a5426e8524d3f7cb6d743cf657748fbb
SHA18206e09b1868669dbd8476da58374753871e6087
SHA256b8403deb9ce9a091f25f058565faf05a2104a7a7d2e5c6f418cadef1bef360b6
SHA5121e5dd664481ee1db9f2f5ddb96d0d331a9b2c13de46f230ffa9e53aa674428b65496f62be9888631ad5110028de9b0eadf9c1e188e25602107440b53c9298257
-
Filesize
295KB
MD56873de332fbf126ddb53b4a2e33e35a5
SHA193748c90cd93fda83fcd5bb8187eeaf6b67a2d08
SHA256f5631d92e9da39a6a1e50899d716eac323829d423a7f7fa21bd5061232564370
SHA5120e03ba8c050aeadf88c390e5ea5e8e278f873885c970b67d5bc0675d782233a2925e753dae151c7af9976f64c42eba04a4dcec86204e983f6f6f2788a928401c
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
1KB
MD5114c079471b3fbdb13baacbbada5769b
SHA1907c8013d9354ce277e08f8904e887403551893c
SHA2564eab4e70f80afc43c7c3c8a4808fd7300406a201c3f343cc963126f4e75091c2
SHA512fa43a9331ba61670f73da0b3a90f1e1da83f20434e3cadb273c7b23fb032de3f2c1acb2b9332f68497bbd40cff40583c314943be2913de11556505006b4f7f41
-
Filesize
4B
MD5399f38fdf7aaf217d0b32896af9f298c
SHA1db37bfb5bd821b9068587df50d57b38f0287d760
SHA256c4814a00866e93627816b8987550d30010a862936285a5ceb656f06b6d285b46
SHA5120130418d2e5bbe23e1a796ea11be0abdd639ae4ab36eae64ab0404984c1b0928a95fb14ee5444b0681e6e0eb23911fe3ac619137ed0241ae60cf1d8c8672d179
-
Filesize
7.7MB
MD5c0c4fb82443a571255c910262d7cf4d0
SHA18cb29cf457c8237774627ca58148a39bbf899ae7
SHA25603ab73f7daea7657290ea1b61657ce07c8f98c1e743e3006052214294bebf401
SHA5125072fcd961b9db88c201c9b82bb391b355d403b5a602747f3315b099668ba775e78715af99fa6b6db528514cd95adc8e3451cd35fd87cb30ca2d92f60530824e
-
Filesize
8.0MB
MD50fa734c12c775665eef35bd81657bc2c
SHA10a865ce1dcda1602ac25c120e15752b430744908
SHA2563b12897906c0bed01a985254c1a6ea59081ba743c4e498347dc0f9e2d6e122d2
SHA512b3bd6c4cb5bfd599b558a559a422dceed426948facb35acf70a39a466c7dd334ba6148869a042c38ef7f0c0cc45a5c1618b884ed911a123b2aa258faca5a0493
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
296KB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
64KB
-
Filesize
5.7MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
5.2MB
-
Filesize
144KB
-
Filesize
5.2MB
-
Filesize
1.1MB
-
Filesize
60KB
-
Filesize
140KB
-
Filesize
100KB
-
Filesize
5.9MB
-
Filesize
144KB
-
Filesize
60KB
-
Filesize
180KB
-
Filesize
100KB
-
Filesize
140KB
-
Filesize
5.9MB
-
Filesize
100KB
-
Filesize
52KB
-
Filesize
820KB
-
Filesize
5.2MB
-
Filesize
80KB
-
Filesize
204KB
-
Filesize
52KB
-
Filesize
1.1MB
-
Filesize
52KB
-
Filesize
820KB
-
Filesize
80KB
-
Filesize
180KB
-
Filesize
100KB
-
Filesize
204KB
-
Filesize
52KB