Analysis
-
max time kernel
159s -
max time network
163s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
19-04-2024 20:30
Errors
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan.exe
Malware Config
Signatures
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 11 IoCs
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan.exe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffadd09758,0x7fffadd09768,0x7fffadd097782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1980 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5744 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\NotPetya.exe"C:\Users\Admin\Downloads\NotPetya.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #13⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 21:344⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 21:345⤵
- Creates scheduled task(s)
-
-
-
C:\Users\Admin\AppData\Local\Temp\DCA4.tmp"C:\Users\Admin\AppData\Local\Temp\DCA4.tmp" \\.\pipe\{CDA264AC-AF41-4C5F-833A-D978EC840149}4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=928 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1664 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5904 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6092 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=832 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3196 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4412 --field-trial-handle=1916,i,18151159714001426571,10134840599619763298,131072 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\BossDaMajor.exe"C:\Users\Admin\Downloads\BossDaMajor.exe"2⤵
- Executes dropped EXE
-
C:\Windows\System32\wscript.exe"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\79D9.tmp\79DA.vbs3⤵
- Drops file in Program Files directory
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"4⤵
-
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator4⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
- System policy modification
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"5⤵
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"6⤵
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch "C:\Program Files\mrsmajor\def_resource\f11.mp4"7⤵
- Enumerates connected drives
-
-
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon6⤵
-
C:\Windows\System32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT7⤵
- Enumerates connected drives
-
-
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 035⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost1⤵
- Drops file in Windows directory
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xf81⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3af2855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD58b2813296f6e3577e9ac2eb518ac437e
SHA16c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c
-
Filesize
1KB
MD539ff49388130824d685606814c6e9b7b
SHA1f89562a6c5dea4eb7d65ee1bc38698715dc450c5
SHA2569dae14aa700e0a8e2da7809316b97441bf5d4975128574d2183184aa452f52e6
SHA512e09a4903e4414a3ef2dfe558479cb512a92393060c7958534128a0dda7348852603696b9510bef07c288097aec9b9aad7d52be3be2c34ca489d7f8a2c83b86d2
-
Filesize
2KB
MD551a5d064756c3b35bf2b99e2763f91e0
SHA1fe6569b5a6e5fd94c24dd2bfcddbf43252c32760
SHA256a4f09dece60a5c8c2a5eb133b2df24d3eb9ef3e9b481045d47ffb105d2d2d793
SHA5126a85dfdd7fdd5263400a651b080d5e7df957f6c75cc21ababdcfea2c9c39781bcd65e4582dd87fcae830f9eb41213272441ad3353941f743174c8b137ccd20db
-
Filesize
1KB
MD549e37767c86661b89264a87cfda16fcd
SHA1b69d17c73dbea19c0cea5e41145c71db62379e28
SHA256a34eeadba1948c0abad8895f3c59aff347341dc6405f95012571cee689352e56
SHA512006087191a05352088c0068e256f4a8bffdef616b24fb643ffdb5c7513a36f4213a64abd0abb855629203ba39784e2893ce4ffb6dc1863086fe96ca341e835b2
-
Filesize
1KB
MD504758880218e15ca9d2ad789fbd11167
SHA17bdc46736a217ad8e63fe3d62be6453b1f9c95e6
SHA2564eccccdf37ef6dee89076bbcee3f0f0521952c679c8246b7997da9e69714940f
SHA512631c4a1e7f8b58a9fe653201928ec89b323a3689a7fbc6390dc294343024c69fd0c7b9af5bfed803d3d7b7af5e484b50e5eed22bb1d1b4879121dc0e1880ae46
-
Filesize
1KB
MD51b3ddcf5334528333e01c38f6f0d30e2
SHA187af882ad0629698167f92115f4b9b67455130ad
SHA256f0e1adbf33623ba6f22ade7e6057c0ee9969d203d2be0ac86b7d34d4b6568a75
SHA5129d1d52673a028b3ef9f9f11ddcb6cb3e0f90771502e3d00350b94e61a8d71a15f2bfab4bcb957205a1071ec537a84b4c71ba23d4614c7a3f10cb480b4f9358c3
-
Filesize
1KB
MD5e2f59dbb9daa468ca008c83f2e38bf5e
SHA17cb5864d94d983f769d1c62659bf197c67f72986
SHA256b37a4acf34ab1d62520fd40844b464b6feeb8d2e40832fa0f85f01757d87c3cc
SHA512ccebc5d15c3363eec8ed8b0c37b894c1254905ea3cea70c33fb5fde8a55df6c7872b1a5aedb53ea09726f268bb3b3233b38c2d43f38f0b580b27ceae7881133e
-
Filesize
1KB
MD5d87d83c9577c98291b94de54125e9b48
SHA115ed2e10d62f57660542d32dc755207420640027
SHA25657e168c947fe6899d872214faa2facf4a072e5e2ee9d594f106f9680d321b875
SHA512569ecd8e2db2cd1277e6207ec4a09a14abf8afaf5de5fe53c26f171e90a0e727ac956d8ac4e8afcba723a2694a4ad7f5bfb0820ee7af8c8e083fe74f98614fe5
-
Filesize
1KB
MD5aec749fae06f3119d4c83e784f0c31e0
SHA14ebad4da07e729667c5dde5e890f5f9a0ad9896d
SHA2569c434974f02399e82a7a52193427a8e1afef7d713edaf5c357dcd7ef14fe695d
SHA51232b40167726c871d0acceba661660681543b00a084fe71e0aa4f3729245ed2f0f3bdd13ef6668e83bfa1a352dbcd62dfc8a441792e08a8dddd377a35025c2860
-
Filesize
874B
MD52c839a3bd99f4d81d3dad8d22bc01029
SHA10c78ba20f60bdcc3775d502fe426fcdf809b6278
SHA2564e457c85a740a29dd7726932c9fddb02f8bdeb4a1c9c91f91daa441058b7280c
SHA5123f31cd76d4b78641b1b788ff8e6bb264f54a8614c25f81834d15693065dfd1a864f62680463631d5589b0c6b13bf5031af227305e4ab3c3dc8f882bf0bddb547
-
Filesize
1KB
MD5ef44699e278703088bd358df84bb242f
SHA12659b9e1c0688fb2758a68dec47027d6c9031d08
SHA256ddbb607c81e5331603883aa6f130e86ff490e236177e6022854ddf46d0b0e2f2
SHA512c29b578c11c6a066bf60f4335cec9da1c5cc65e8ce84fe82467701521a63d3014cdc8c5c7cb73c3722d4a3d6097e0cdc0ab5276cb89e23f89f901b1cf199455f
-
Filesize
1KB
MD577655e35c4bbdacdfc84c4d84bddf541
SHA19d1c9cc4e4cdfcf27cb8718491cda8911b176918
SHA2565903727a316abdbcbb004a623932b96595744d1ec5bb6da3afac7a47b0bd87ef
SHA512f2f4f123ea94fc98de27c691b7432eb0e0da0943244eaedf4b4d446e4c3006d64e91cfb416f3bf354bf032240cdf035b25801bc503df5091190d0450c03d17f2
-
Filesize
874B
MD5f46a966305be352cb0409155f0335bb1
SHA1457f025ea166c41fd00029518c90aad98f4cc75f
SHA256b3b41faa5656ad78819554e5f2fbd5d42406e72c548cc0ffdca844fe6381b580
SHA5124b2df10c10670ceadbd4d9f36600f466765d104d0f82cfd258d19732fdcb9f532be2cd9a5dff99ac2fec3319b6ae43bedab40e3b05340ac9214c0713c4e6be16
-
Filesize
1KB
MD59e41a5e8c57712b813a180c25225e02c
SHA1fa7939e466c258b8febe6aba6f43ad84949451ae
SHA2562ffbda4157e3933a19cc09d36dd9bacdee54e934cf74cdbe0b0065b45acd9f0e
SHA512d963bd0b7e2423d169a4c07bfcc0dd988d7fef0fc43cb8fac7de666cfe0566e0821788bffbf21995cd8461790a8096b8c2720a07dbae8f5fd2f110e2f2597f0f
-
Filesize
1KB
MD554631b46770133778015972dce761c9b
SHA1005b991bcf8becd1d327be5829f8dac327c5b289
SHA25649d234caa4b1540974107d8ffaa5863c6822b3ae6d85ed1c45d0d30436afbb67
SHA512b87c27413d819c794ca1dd571f611361caacbd14cddd519e0849c335f62e39d71f480d435c24f457a46c7d0c1ac59fea82ff5ae21bdea6c8d77cd34350bcfbb8
-
Filesize
1KB
MD5cefac98c4cb63640470134a3df926bb3
SHA1ead5d254a20c3631f69181370c536314c1ac75ee
SHA2561245670430d48be59d86cd19a196d0127097b37378c56bb51febb7725bf60ad7
SHA5125c0f772260e791597450d0834fcd1d64d24db778d37ac20fb48fbe5c3a218d2e9fa167452a0ab0b9ede85dfe9130d9a9f6524779e97e04d4ac5ddfd3bc115490
-
Filesize
6KB
MD53641be798cae23684d48fea6fd606e34
SHA1c49de558170639851d051c15d8a7abd6466e68f8
SHA2568ecb0cbd7e8d741a4a80ee890c58e04dcfd6289842ebfc60f6bcd2105a95b6ac
SHA512a85599c774f3a103b56350e9561535b1f0c3a97ebfabddaf41acae0bbf87514a5df559f6064a69adf4d7f90594276e3672dd51392de43bdf931dab198d3538fa
-
Filesize
6KB
MD5b95d7858d44cdbc7355318f59a15b74c
SHA1985c56a5d2addadc0c9d8644142657f9fbd4a84c
SHA2569d16e2b80ff123f196ddc739b7b18a7feeb1fa85d7f999820be728f2665ef740
SHA512e3d78d329ca8677541fb5d6e16a1f6f36d7f3accd2cfd8546227a75588a2bb8ecf98a443749986796d821ab367a8406488f7e26a97b5b2f643b3e1997255a90a
-
Filesize
6KB
MD553d6cfbf980fba4c1705ffed7943f3a3
SHA188e42808cea90f06bc94602fd0b38ea144cde679
SHA2566e870a55c5126a73209d3c033b877e201d79fa47e95ee4f44775ad26030c7a8a
SHA512e48ae925bca2ed8662397c486fb203a0ba0436c2927389fae13088846efc8a5f9d4ec53bb81be526d5f2d37710014b05fdfb28618998171b26e786870a09341c
-
Filesize
6KB
MD5a24d26fe18d9dab3ac2a42402f8c60c2
SHA12fea3ca9a71ad9e4212f31ca58395faf93933483
SHA256da90c23c6e226a3ec25b05d55b6fd47f20826a7633d52a775b9ef82f9ff5429b
SHA512e026ecdb03bc5268095b5337ab40626334dd7fa0c73b4069fbe76ee0062d32f9f40b07e69197d7a24c5b8cdc01f89b8f70e150fac6eb9f111a465fd58ac009c3
-
Filesize
6KB
MD5de1ca4f175c821627bb67fad080b14d7
SHA160e43024aee777dbbdec219d9724167d71b497fb
SHA2566c34f1e89ae903d73487da08cef1152b525f493427ebb4a83fb4e17d9c370768
SHA5126b2d3e9f247e0651828c8df8995e1dc31aa9694b3668899e3f7c982b50c9a78f46fbc8d3a8398dbc7093d08c656e116ad6ea33c6d135548c78748ff6c8cc5a2c
-
Filesize
6KB
MD5039063f6afe61e137a0c196dee6feef7
SHA1f1ec9540409c77899560acfa886e57dc9ed53614
SHA2562c81a3b079881446e08054b9a75db9e67b2fdf30b82693f82dab6067d3e2a1cc
SHA512831080188c73b672305aa59ae425165bb3e256883e951fe5eb391dfa64c062c8989618692f228fedd7f6569f437c27f52ebc8451ebd8ea0e08a60a3ac4dd7043
-
Filesize
138KB
MD5ea4d76a31936a897d9ecfaff5965f663
SHA16c881510bd26b70d2d5d0bd7e28ea709de5392ac
SHA256ec9b66b33360b436da81924a4e1e09c884b464859b31bb82e1ad78dfab1f603c
SHA51203b76bd405b0ce4099792fa05bd8807ed8865dc64266ef9a881f0ea0b5b523c29c4bbd2420169c84b4deac08bbf510af9384c4517e37ecc3a671fd80e59554b7
-
Filesize
138KB
MD526130183c9f059591886b70cde8a4aaf
SHA176f2e390935bbaf2386279e2954377b99c376574
SHA256ec8c45f0c6366dd5ed78db084ab8dab655e05618879ad6f851bb8f19461f2254
SHA51204952a8679afb0bc42c9f25f64c15570cecf96d0b1cbe3e8e870752ae5fd7e4cd479259bec14f23f8b62713e7c8aea89d87c63021962d7802f222730f4f2fe29
-
Filesize
138KB
MD5cd913e61812715a0d4b8286fa56766b3
SHA197121c28c0c8431fa4df48ad68e27cf24a2ee0a1
SHA256ccac2191d531992ab26ec3422002bc9b4a59667f5087408ae230db8c08919910
SHA5128d26136f9447ba368ebc44543cbb3044096e83631902a5436eaecf629792f51e2a35b7951a94ccc81305f1cf285d94f4aaa05d9ec92a909efb23ac82cff3fb84
-
Filesize
137KB
MD52ab4e490f025149e7634208d9bfc1feb
SHA1266150fa8ff527a9d8ee0dcadb473d9452a2fa2e
SHA2565c831ce97b4e4da5368370b54792ac6c6f1b682f3c414cc001bc942a2e77cc80
SHA5125b650a9cc0351377a67a1e9b33ee4d91c5d27a5adc8ca15cfb498b626b15f430e98c4ededb7f6c2cdbeeaac2a61298a93b58d97111373d16c85e7354bced1be2
-
Filesize
198KB
MD583bd4ba3fedd5771b2ef3d8c595aa33b
SHA10a0dbd63e296ceec58cd0f0c80315b96dc193199
SHA256a129ae87731577b25bb173f84d07583c176a3b877828411542187944a3c2bb30
SHA512d33363330fd23d46423d31769585757337f83c7918dae2d8263f1d2787c6b943ac9c2a3642c99cf123f832af126cfc50600f304c31f22f2aa0f8ef15d76976b9
-
Filesize
138KB
MD59638bace49607f64e3a538483d06d4c8
SHA13dcc32eb6f6480d5301711277f15926883572244
SHA256fe5c219859e9f9b9b0936d369409bde94b02d4ba6a70d2d064a0b731fd6393b4
SHA5122d0c9df650d55d50a0c3d531acabde393c00d5ee52fbbd8a4a6e588c7a73d03ee3ac4cb1a923939c58786a8d1108d4b573355adc631589fdecc8f3d3eec6cab2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
256KB
MD5f19cbc0fe6f95513f453d8c1d0bc0a43
SHA1fe40eec93c9f2bbae036667757c786583a028592
SHA2564360d972da47246e9f52a016a2f2c1a43e101cb10f7203f9ab489de34c50011f
SHA5126ff6fe4cc24f6bf89c4ba432abe506c0c3ea54eda519ce5f8ba94ecf01148e5f6c05924a5fee483af043e7acde745b20f851f991f5d1fd291c715e7ccdf88541
-
Filesize
1024KB
MD5c9bb1495fe455633ffc2a2f7e4db8c6f
SHA110c09c09821a37ee73d530e42cf69d575f8deca3
SHA25606ab9dcf1aca0a54d104424f68693840bf7f83ce2ab6502f471bb061d9b5e7bb
SHA512f0b5e8d846e8f40c4f9c1a77f399111c9ef57ed4d5df67785d8c21d12575955a42250f87ae0392bf030eb4c7b41f5fa297d78218353b205968d20ee39f092057
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
1007B
MD55706bc5d518069a3b2be5e6fac51b12f
SHA1d7361f3623ecf05e63bb97cc9da8d5c50401575c
SHA2568a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad
SHA512fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047
-
Filesize
92B
MD50e4c01bf30b13c953f8f76db4a7e857d
SHA1b8ddbc05adcf890b55d82a9f00922376c1a22696
SHA25628e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738
SHA5125e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1
-
Filesize
360B
MD5ba81d7fa0662e8ee3780c5becc355a14
SHA10bd3d86116f431a43d02894337af084caf2b4de1
SHA2562590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816
SHA5120b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2
-
Filesize
244KB
MD5c7bf05d7cb3535f7485606cf5b5987fe
SHA19d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5
SHA2564c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311
SHA512d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8
-
Filesize
590B
MD5b5a1c9ae4c2ae863ac3f6a019f556a22
SHA19ae506e04b4b7394796d5c5640b8ba9eba71a4a6
SHA2566f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529
SHA512a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03
-
Filesize
71KB
MD5450f49426b4519ecaac8cd04814c03a4
SHA1063ee81f46d56544a5c217ffab69ee949eaa6f45
SHA256087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d
SHA5120cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc
-
Filesize
98B
MD5c7146f88f4184c6ee5dcf7a62846aa23
SHA1215adb85d81cc4130154e73a2ab76c6e0f6f2ff3
SHA25647e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963
SHA5123b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10
-
Filesize
117B
MD5870bce376c1b71365390a9e9aefb9a33
SHA1176fdbdb8e5795fb5fddc81b2b4e1d9677779786
SHA2562798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc
SHA512f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53
-
Filesize
7KB
MD53e21bcf0d1e7f39d8b8ec2c940489ca2
SHA1fa6879a984d70241557bb0abb849f175ace2fd78
SHA256064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5
SHA5125577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922
-
Filesize
3KB
MD5cea57c3a54a04118f1db9db8b38ea17a
SHA1112d0f8913ff205776b975f54639c5c34ce43987
SHA256d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b
SHA512561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0
-
Filesize
1.2MB
MD54a9b1d8a8fe8a75c81ddba3e411ddc5d
SHA1e40cb1ee4490f6d7520902e12222446a8efbf9a8
SHA25679e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac
SHA512e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601
-
Filesize
227KB
MD517042b9e5fc04a571311cd484f17b9eb
SHA1585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb
SHA256a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424
SHA512709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f
-
Filesize
266B
MD530cfd8bb946a7e889090fb148ea6f501
SHA1c49dbc93f0f17ff65faf3b313562c655ef3f9753
SHA256e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210
SHA5128e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2
-
Filesize
3KB
MD5e3fdf285b14fb588f674ebfc2134200c
SHA130fba2298b6e1fade4b5f9c8c80f7f1ea07de811
SHA2564d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92
SHA5129b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a
-
Filesize
638B
MD50851e8d791f618daa5b72d40e0c8e32b
SHA180bea0443dc4cc508e846fefdb9de6c44ad8ff91
SHA2562cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722
SHA51257a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40
-
Filesize
55KB
MD57e37ab34ecdcc3e77e24522ddfd4852d
SHA138e2855e11e353cedf9a8a4f2f2747f1c5c07fcf
SHA25602ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f
SHA5121b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587
-
Filesize
546B
MD5df03e65b8e082f24dab09c57bc9c6241
SHA16b0dacbf38744c9a381830e6a5dc4c71bd7cedbf
SHA256155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba
SHA512ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99
-
Filesize
523B
MD5d58da90d6dc51f97cb84dfbffe2b2300
SHA15f86b06b992a3146cb698a99932ead57a5ec4666
SHA25693acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad
SHA5127f1e95e5aa4c8a0e4c967135c78f22f4505f2a48bbc619924d0096bf4a94d469389b9e8488c12edacfba819517b8376546687d1145660ad1f49d8c20a744e636
-
Filesize
1KB
MD51f22cb748e5ced1d722f19b8cdd2a038
SHA115ea554f40adb1b32c0052131de0a27a08e0cc61
SHA2563493e32efd1755d988d7b3d74bdbbb5eb109ea6d27b66c8c0b3fb8e7aed7440d
SHA512ff60ccdb217327010aacd2f9ea885dc29d8f1cfdd11d06db146ee316af7a8fb2f436bc2cc141b96b19c1cfbe66396d7b5864a9a9b1f2c152dda174d62dbf67ad
-
Filesize
27B
MD5e20f623b1d5a781f86b51347260d68a5
SHA17e06a43ba81d27b017eb1d5dcc62124a9579f96e
SHA256afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179
SHA5122e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b
-
Filesize
1.9MB
MD538ff71c1dee2a9add67f1edb1a30ff8c
SHA110f0defd98d4e5096fbeb321b28d6559e44d66db
SHA256730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
SHA5128347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
-
Filesize
390KB
MD55b7e6e352bacc93f7b80bc968b6ea493
SHA1e686139d5ed8528117ba6ca68fe415e4fb02f2be
SHA25663545fa195488ff51955f09833332b9660d18f8afb16bdf579134661962e548a
SHA5129d24af0cb00fb8a5e61e9d19cd603b5541a22ae6229c2acf498447e0e7d4145fee25c8ab9d5d5f18f554e6cbf8ca56b7ca3144e726d7dfd64076a42a25b3dfb6
-
Filesize
353KB
MD571b6a493388e7d0b40c83ce903bc6b04
SHA134f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
SHA256027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
SHA512072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
