Analysis
-
max time kernel
301s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11/03/2024, 18:46
General
-
Target
https://cdn.discordapp.com/attachments/1189680308338049114/1190098074383691937/Liwky_OPTI.bat?ex=65fcd933&is=65ea6433&hm=6d4a1bf827c38c2e0b4c961b02e7241247947769f768b09820f745e9bb82f9f3&
Malware Config
Signatures
-
Modifies boot configuration data using bcdedit 1 TTPs 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 40 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1189680308338049114/1190098074383691937/Liwky_OPTI.bat?ex=65fcd933&is=65ea6433&hm=6d4a1bf827c38c2e0b4c961b02e7241247947769f768b09820f745e9bb82f9f3&1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb90ca46f8,0x7ffb90ca4708,0x7ffb90ca47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3420 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8300919747901132198,16662271772430505422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Liwky_OPTI.bat1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Liwky_OPTI.bat" "1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/3KJQibyB#S04fK8utgRDUEdRPV6TmQP-de50EuqZs2KsBf01tiFY2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb90ca46f8,0x7ffb90ca4708,0x7ffb90ca47183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/vXYRSDzI#ZisB8PjQ9KP1nSCQlo92MDbBdrxczo3_xJ5lmnu68j02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb90ca46f8,0x7ffb90ca4708,0x7ffb90ca47183⤵
-
-
-
C:\Windows\system32\bcdedit.exebcdedit /set useplatformclock No2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set allowedinmemorysettings 02⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /deletevalue useplatformtick2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set tscsyncpolicy Enhanced2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set disabledynamictick Yes2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set x2apicpolicy Enable2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set perfmem 02⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set uselegacyapicmode No2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set MSI Default2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set debug No2⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x5081⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\*\" -ad -an -ai#7zMap440:148:7zEvent271561⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
Filesize
72B
MD59a7053a60362de4c7157898563ba68a8
SHA1611f409341a74e7edfec1ad2f13668a86ff09c66
SHA256db622959768b4194235a401fb270625d88c36225d96d6af3009529ee83cd6fae
SHA512ffce2a638a31f49a769e7a7c8d1950c34876d5dab3cf607cc528c1cb0db6b0790bdc16b5f29eebbb0687729ab327e1392f3b662a1fe026f9df883f5e227c3e99
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
264B
MD595d6934028fcbc2031dc7f9de01154a4
SHA1607d5de1a7c63d2496992ecee6175d42e4b73962
SHA25656f7fe20e1a0f72e2aa6d52d33b9d67327e8ce03c7a15c7e2bf3c5a0edb2822c
SHA512995b35a11ca4aa8504d462c9165453b941f9b01c863f22c468f7bdbb176a7e1832fa9b801d78dadca924490d42b18ba715872dfccdd31a6a62585e3f6c387f4f
-
Filesize
6KB
MD545ce262ee7e453ee94e3821ef72c5fa4
SHA1ff33f862fae534e70dc25186b2e5c7df64ec53f4
SHA256371e4cdba5d2ddb47a96408a5ccd30ec4b66592b3d49bc46cf35f57195b80407
SHA512a917e90345e7522df562d4fed9fe9382f6f34b80534286ad070564acdaae2b386e2325fdabe3eb6a786246420e33cc6555b1e822e8e842ba2e9b402f64ac1971
-
Filesize
6KB
MD583878c190a3f0f939be63cb0212904cc
SHA1b37ab015e4e3e715b311a162ff6cf4f47eee7555
SHA256b13404f410841d6d6ef977716d0d4c50d0b96ff1ed2363f70d224cd99de11140
SHA51264d337bc5958d8d87294ebfaaad6ec9cb4e3dc751de006869e806ace1010aa8b569ad4e5de7e449c1e00482e0e6bff25552ddcdeeadd18827e3621c8fe6d2cc3
-
Filesize
6KB
MD58d6eecc1d1a76e4102e132ef2dc3426c
SHA1be9108b5257c6d113199261fa11532410ef1bc2b
SHA256b8f2a8b87d95577ffc1d3642aa6c0bd0445a0fde28aaea7561f956319bce0af7
SHA5128fdbfa27c6adbe774f5c64a0ce202058d72d8533afb0219b8857f8954604803f001627a1687be251c4bddf165b75d1427a08811661f1f9faf208fcfde8408ca1
-
Filesize
6KB
MD555f279ca30558e2a8560fcbd36817fbd
SHA13c7367686d95a4c7ffa0035e6545797f1ef14bed
SHA256d776f349c5e42deb684d5aa899deaf85090afff103018d8f36e0f8ca4803ec12
SHA5123750431975591a98c927b2a3d6a70779a369eb683b08c86f7e53525790b40cdaa538010b9efebb2919e8a62dc9bebad9e2925a484328948c8ff74d41e9cdc372
-
Filesize
6KB
MD535f626e64e69d2fa0cd001c8584376b8
SHA1cf87373f13a5ceaaa6894b0f4ac198e8046b805b
SHA256c51548753fc3f37f26fb4a178f7b55a5edad9473ef395936a4d050fb9efa087e
SHA51206f49f78328f325e5beb9b1a1de76c5ef81e2705e3a972d2159644492083d0e51cf74421c9e721cc35e515e6a3d5380383769b4b3fa8022972bfab206e30add7
-
Filesize
7KB
MD5b85c4a8430b0f99da3c0bd616a04effc
SHA155412f8de8420782faa18587c4ab402ba86660fb
SHA256bce2ee12730e678c572748ce5ca3a8b5ed6d103ab851fe361e1a0c43e80813b6
SHA512fa5b12542a0c069416d07047fd11da7ed37a56385c70cf567994094099eea1b321f7fa3be4b4d887c6cff07328851a33888648e665f063015603c9ca8749c9ec
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD5054246cf47ee3c2b3318c810380ce089
SHA1d527bbbe1f5e2d39276f04fa215c0429d04e3a08
SHA256bbfce01ecafcd80b0006c9ac491e35a34b9fa7e9ff891e2508e389f6a7dcb0f4
SHA51277559f23630ec773400766cde26050e870bb2a76ccbf6560a1691a46be18028232b4ded88b4b09ab7aff07f1fff19ca72450c76e9d332c744a1e9e4b28cb2a65
-
Filesize
48B
MD56bd3a4322c445227520a42adf08ad8d4
SHA15fb17edc8e7d499e27b8ec787225f74aa9ffef51
SHA256b92d38e5f730d6302d806b13049caa5b28b1e89b20a3026c3a1feba2c4ccc00d
SHA512c6456c99bd80f92aa75b173b959d0d89b75936c42c4e32602e6d1a514f8310c661e63b1a3de4948c9ea1babc3baeb4cd3257ee5d8eea7340b1af1e260be194d1
-
Filesize
203B
MD52dda79a9fa5c4e6aa1a548388fbe03ba
SHA115759a67efd1bfb3b58d1f25cf3469f41210502c
SHA2564549a7883a5dd045e73ac4c893306b244d49280148b16bf9cfcfbcb8fd40b23e
SHA512942a689fa47bb110136f1d65a7c286b1d8b4ca61d01f15dd024f5d2a1b23f261042a072eceb7981186f591851023a12719cb416a119efb28c71a1ff714874095
-
Filesize
203B
MD506168815b65cc304d616b1aa90b7680a
SHA15315de7ab97207e9221e0910ad96774f7506fbcd
SHA2561d1497f00a798a0ffe709f43946985df801fd315bf6f6dec94455584734e780a
SHA512fe20448d81595d24b77eb46285acf43c070940fb9cc05b2939405de433e7f746a5afaa7f2b97ca470c4c3a901b205e3093cab50d59c1626583f712aa1fcffec9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5bdc8612e4a0c5886f2d765550d6c67ce
SHA1b6a3252b982984c1be85020693b752cd2be2ba7f
SHA256764c833df270f29c29279742071115ed3df11acbfe3b55f3fa7ab68d9f12963b
SHA512ecf23b2028089d4add1dddc0c5541d8654a8e57639245a43593117cc203ea9466b36fba3492926344920a0d3fc4f9ce149bfddeb6c1f68f2038b9a89a470515b
-
Filesize
11KB
MD54f06dd6aed29f3489387bc25ee78e679
SHA1e55b8c13a9a271fbead64a76d7c09f4759612271
SHA25655bca20d090237973748d96b20047535437cc3e1b5aed4fcb2307ed043b1bd20
SHA512b7745bbb550668642af1e8b493a091149863a70305989c24458f2063eadc0e17fdb2203b5e13ab202ea59f63f5952a35da18db704c329fce8bb223ec58b3c084
-
Filesize
12KB
MD5b0abc5235d8b1e9e1de8bc1a76937bb4
SHA1d2a436f50434fc15750eac6614234a170d3b50eb
SHA256d43564f9ed42dd028cfb6b8d344f4eab825966484c9264b41e0255c673668f32
SHA51268f817faeb1e58372f0ec6f5993e724d3f5aa303e206ec701599ff5abb55ef53fdefde08a542191ef3703e2de1b35047c67ca5c541d7e8f1119867c7b7f35921
-
Filesize
11KB
MD5003c19b2cffceb783e54023e80db5e59
SHA108ce475b8f0c8a6ea001053fab2d4b3bd3b9dd8f
SHA256c927bc9059512496095b5c768ff319015f085cad2afd85f4fc8f336972ff5d74
SHA512965d113a16b7e4b6f6b742e1200e94164c4b3e9b897c82f724a25cf385b312ae5c2c379cd44ef2c172c383b846e7b5be301bc3bd9e78ee137dbddccb35f139a4
-
Filesize
109KB
MD5e3bebdf667cb9d7a6f286d8a6c587ea8
SHA10beb1cca573bfa3c46919d08a3278374425490d4
SHA25694f7a940a27519e4998378fc7cd6e074458802c4089122d1286d112b853ecd4c
SHA5126794c400b6305735e699b97f510ac42f3f8355b94b5bc08dfb1d424f8894edb61eb21ea61926a136d5cac2a60cb7a92e3cdcf8587e04ae9e5f137e4ff0875c2a
-
Filesize
853KB
MD55502a4c26297dd640f8668ee210bf299
SHA107152740ab5177b6404a76aa6369522885a237cf
SHA2560941629f6de8bcf1dfce749f85390c073708f7525ac65626aed6c5799496a08d
SHA512d96df589b147f84583baa2c167503a5d9506589afe66127337bc02bbdedbd6c6e240942bdf1234fc7f288dafb4fb420cd196a7ef58df6c49eeeb7647ddd81d3c
-
Filesize
2KB
MD5aa0c891d3c7a337623cb182a3852e83a
SHA148f8aa730e27ba597a42439a1765be946c5a37ad
SHA256b07a8727e6f312e41b1c805ae997129483c5b510282a8361c27676485fde378d
SHA512eb18c511c553ef607478ad49c04f2a36606d18045dc55933da62c05f6151426616dc5d152bdd7207998ac9036f0a6cf2dff030b679fbaaf0cad64e5ef942f67b