Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
23-05-2024 04:00
General
-
Target
69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe
-
Size
215KB
-
MD5
69aa03bcd10948392b001bb9ae368a92
-
SHA1
12741edebdd6accd7e309da808083a60113d8dad
-
SHA256
021cdf3bf0bbd3e078cf45cbae784ac1056bfe8e7fc5ff8c5d446b9a45c0bb63
-
SHA512
abf0752de3827af70f75ba5c74fa77b077659e55e4a3478cc2e8b8aedc945a61097b813649655ad2f76c40e982acba37832bc4820ad8d3e5a498e59dd3eeba9c
-
SSDEEP
3072:myAaQqe90u5DdXJP45JXWpZ1iFTsQJwvfLrZAPSGg2HTnZKyOr25PqU4DMKgLhfo:myAge9RNOXAZ1iFTsF91A064D205kuL1
Malware Config
Extracted
C:\Recovery\WindowsRE\# DECRYPT MY FILES #.txt
cerber
http://cerberhhyed5frqa.xmfir0.win/98A8-F5A9-6AEF-006D-FE85
http://cerberhhyed5frqa.gkfit9.win/98A8-F5A9-6AEF-006D-FE85
http://cerberhhyed5frqa.305iot.win/98A8-F5A9-6AEF-006D-FE85
http://cerberhhyed5frqa.dkrti5.win/98A8-F5A9-6AEF-006D-FE85
http://cerberhhyed5frqa.cneo59.win/98A8-F5A9-6AEF-006D-FE85
http://cerberhhyed5frqa.onion/98A8-F5A9-6AEF-006D-FE85
Extracted
C:\Recovery\WindowsRE\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (16402) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 51 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{D7C5F711-6E4C-D772-9749-829CD9653CCF}\ktmutil.exe"C:\Users\Admin\AppData\Roaming\{D7C5F711-6E4C-D772-9749-829CD9653CCF}\ktmutil.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{D7C5F711-6E4C-D772-9749-829CD9653CCF}\ktmutil.exe"C:\Users\Admin\AppData\Roaming\{D7C5F711-6E4C-D772-9749-829CD9653CCF}\ktmutil.exe"4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\vssadmin.exe"C:\Windows\system32\vssadmin.exe" delete shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc83be46f8,0x7ffc83be4708,0x7ffc83be47186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10415611561663581483,15961387548011869704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10415611561663581483,15961387548011869704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:36⤵
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cerberhhyed5frqa.xmfir0.win/98A8-F5A9-6AEF-006D-FE855⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffc83be46f8,0x7ffc83be4708,0x7ffc83be47186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13740378231931088335,16713280639294752971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:16⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "ktmutil.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{D7C5F711-6E4C-D772-9749-829CD9653CCF}\ktmutil.exe" > NUL5⤵
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "ktmutil.exe"6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe" > NUL3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "69aa03bcd10948392b001bb9ae368a92_JaffaCakes118.exe"4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- Runs ping.exe
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x404 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD597abb4b7cc08b7f539a40a1f28130073
SHA113a1e82b0c65cd64f5020db1184b7b310d35c211
SHA25659ed79118e81237045da6afc2fba6610710c7972b49601b36b3784f4b719d481
SHA5127b143becbe1cd23e8da0769fe5af670c629068b1dee5506a04278b2f5970b098d8eeafeff6968ddc3570b639f5936cadad6324cacee02f616738cb3f8c7c34e2
-
Filesize
10KB
MD591329ba6b97d8f9354935737d4258b8b
SHA13f99116c9c9c68b8ac04d5037a6f547c82c9b6d1
SHA256ee29e6a38fd7b5e487015f8c217f1f9c2c14ade416c72bd431054f7a5285aabc
SHA512558d7b68b2c65f7d7932d58199e1e52bf88ed9203d0398dc763517b62c4a7ec11db1354032cc5ae7f50365a18c62d04993202f8db8d6c4460be2cfbdbded711c
-
Filesize
85B
MD5b60c922f3561203b8385a7bd88c876d8
SHA1a7d9223b7204972598d143c244149eb97999e272
SHA25684fd21e35788990211bc105f49b0ff4b9f3e41b80719bd2bcc8b5778d3ba4046
SHA512741639eaa70d17108f5dc8aa72a0090147247d099759ac77577ad5920786f8510b111cc6be46dcc5efd995e1eb6382ea8cbe32ed63b87e950f80f4e726d8802c
-
Filesize
225B
MD5f6d629f2a4c0815f005230185bd892fe
SHA11572070cf8773883a6fd5f5d1eb51ec724bbf708
SHA256ff1de66f8a5386adc3363ee5e5f5ead298104d47de1db67941dcbfc0c4e7781f
SHA512b63ecf71f48394df16ef117750ed8608cc6fd45a621796478390a5d8e614255d12c96881811de1fd687985839d7401efb89b956bb4ea7c8af00c406d51afbc7c
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
6KB
MD5299ab3d38cfbfaa62bd28770c220b4b2
SHA149ded6954fbf2276c395fb6e476771a386d41fb3
SHA256c33459982e968c018e7871773cb67de3521262bc37b859084d798287e6099485
SHA5125990dacefffc9eca78c8b054755e9b9c4604027d44283f79e5affecba3eb213bb4b73bc38f56cf60b4499131a390a146ed253643d3ca4665df1f3a6fb3bda3d1
-
Filesize
5KB
MD531490d573bb8990a4d98ca5439c0319e
SHA1e8ab0be9cf7bf7ead4b57ad42bbaeb8a3326fe06
SHA256fb6caa5ff1c82a2d0abb6379b939c062bac625f5920f9805e1dcea58e12520e1
SHA512cdffa5513753ee389adef8d53fdef81ddfd0a2707a1aa97db54ccec769b5b547781e07623b29596c565f125dbed52ec95feefea5e228be15ea3caeadd9529022
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD55082e4d262fc5b298a529aab586a8d03
SHA161615b68b5d0080ad3685b60f4df8a42c185183d
SHA2560a108d2089403c74235865cdd3ae27eea457f71261e42abbb6bd2963fb9d4bd5
SHA51253aba605ff179e81288ea1cf4b9020be941c9415ccea5a7908549921b55952952fbc5846c1d4a0d76b5a18a1f3a6ce0991ac5890a957a756f57b70284ebe0e3c
-
Filesize
11KB
MD58c687eccd76ecbe063ef570687456485
SHA194295179fd8bb0afc4067a0e119b13954c1b4d7a
SHA2560d72fc61f24d40dbc2ec9935bba93510ca311a5723f54907c9c4e25f54adf387
SHA512d9664d4552d291f0f6a8ed1317ee492d830ded43b13736d8294f80f64cfe09344659d05fca263d929964547de8139511101e498af62b8390cae951dae9261e4f
-
Filesize
11KB
MD56f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
-
Filesize
1KB
MD5dc10893b02f9b0bd2be338d82a98ef21
SHA1f5b071ffa7894a1b2a9a3a35e1bcdc784c5ad921
SHA256de9f9eda5d26dece0b8de402cda59982710b58a7856286fd90562b101a2e84d9
SHA512c7e935d9092e8a893790870790ec464f90e6c5ae134c58d9f7244e5b520af03d785a70a6fcb351e366d0eea89871ecf88adc4667a7ab79c90050cf4e9ac106c4
-
Filesize
4KB
MD502fc9c141c7fe565396ee5479e0206e4
SHA194f8be8f0a8f5245155686c37a78b83ba51d6984
SHA256dd0a8f1fe12bdab4387ac528e12244ee68bb6d098548e31e84343e8660b9ba2d
SHA5120ca311a23f55ba2c4eefedf7a2280257113ed77c3dd7a7d6c4d04c4e1a51de6c3596c4cc8bce413f3799e3f279ae31b402ca26de24584fa97060e0a6fa24a307
-
Filesize
59KB
MD54553e7c51216f3bc007ab83680479041
SHA12832749a0c8d40c1eaae54d132c8bc4fa52d567f
SHA256664c3ca4053df5a50f464fb196d8e68d2d9244c6687a26210b9db2addaa065c3
SHA512235fee1f317915c22d836a593da2f5ccc1d0ece70023c45526439d6c221faae8618545909b480f17d5923ae82b0fd44962f319ac2fac794df7df6773ef4e5bde
-
Filesize
77B
MD5d8bf90c6c458e81d3fb17371cc1ab80e
SHA139843cd866b512e8dd4764c299068f025d2b96ff
SHA25618eba9d5e645204556fd02348e43728a82ab429ee4580fea323475d4ed021b19
SHA5121d688c68157b370ebdc3dfbdec6a11e38084b2df2f27fd706053a35ce466d841d7091ba7fe3d6cdedcf6222105ebfda225ac216d056e35086af173a1531f848d
-
Filesize
1KB
MD589de3d027493b9dbe3298a06fef9a89d
SHA13d8ac130c5dab1becabb0a17cae55c9aa42e50cd
SHA2564d1380365eaceb6082c783f733af0ec9fd99e947c1c08c84fa6ff1d370b551ea
SHA512d7699a070cc465d5d960bd3d712fe72f68b24bd6e6bca6e67b5a17fa9581bb0cb02d10bfca2c32949ef86c3156c08e8bacdb33f1bcf4b5b188f149fc52870829
-
Filesize
77B
MD5a1593e9a0d43137ed13bc8019793ba78
SHA15f84bbc68a7eb289c2a8bb28ac3cb1d99368dec3
SHA256a7be0b24e37b0c550a6ab178184064039d200f483f4272fed94c327bd54cd00c
SHA512723f6ffc3972b8c5f349dd54d8368b157198faafbc9e04318488c277039dc4a9fb337839e39623f55900c4f8de342a07d9a346545658906e90c863302f1cdee3
-
Filesize
1KB
MD5b4b79c9010a449efd53a82bdb8437628
SHA129aade81c299a3d802a39082fbc14d9bfe2ce0bb
SHA256a9cb5ed1461c5fcc8f9330d6d14a93f72e3265fa39f61e3e1e160881b17b2331
SHA5122937f907a2bf30a62c9451ec5524de88540a928e6bd87176eb7d815cbf87e830d49437c3356cfb54b6feae22a62a2874962b81b39f5b014cdf0dbdcb49e1f33b
-
Filesize
3KB
MD55f801547f79019d60fc68319b1f049b4
SHA14d525d254adbe2187b4543c5c92d5c01a61885cc
SHA25690e9fc4efe897e08e4a6182c4a077e3303ca0c132ac2199ce1a5473ba91b3205
SHA512f49a801bb62c22f95d4e52ee74fdd1dab2020839c5c10c21afbd0a9b9f1a7b6e34ba026ea5b9f504f60af3feb1e2a6c5cdfa2d926addd4b65ffdd01708f3b6d2
-
Filesize
1KB
MD5927b9f9afabcd9e3f77f1db84adc9c0f
SHA1d8567dc6a6ad6afd3ab185ce3a8e2a8d76dd3fc3
SHA256f2a6faee56a7b639cb99025643e9d920411df84eebbfae1115ecf646ecd7064b
SHA5120b066b83153a222bd641329a27886aef834f1173670b8f139ab50e7af1ad4b15374584338764af630d8537af166217218659d6f8b8170e6ca891dc14e7cf1949
-
Filesize
123KB
MD5c337e3929a8857455ab4c910ced96e11
SHA1f308027fe3786f197908e9df3f947b351ee8d147
SHA2564a0d1df4e5bb396c09e59ad6d8ae83c5d39bf8cb2468a3125725812d22395290
SHA5125b8eeb64016ad880a7a21d6392b393cf795d56d0bcd241d3bc95074c2c677c4845d73c96e3ac8dc01d27d66dee76cc47fc58c916d24838cb4017fd19dd6c21e7
-
Filesize
1KB
MD563177602d55dc84d6cd0a2a57bd23188
SHA1d51c49344136ac7fbc511bb47b686dcde30de989
SHA2569d542f61355d3acda4e6c77d252b8a5285a6abbd00bf85ee1390cad66c9275e5
SHA5121ab99e824c1e5b7a53eb216cba9734e633386ad9327769286067f637678d8269ab47c1a16acefab0cedcaaa644a0cfe4dc8e6e8c5223f43a55a6cbf41f09d572
-
Filesize
1KB
MD5f54a1db59872675c66c0f6451b3d3bd7
SHA1f7f8bb4e465f62c770bc934c1c7457fb7ce96001
SHA256bbb0dbe902d683af20a30c031d1b25733dc940e0f7f0992b2d70a77d8f7862d8
SHA51211a4d80c8bfe8dd1f06b4330f7712421619ed67c92ba1f21d2390e19f47050e080f8b1763387a904f3f4aa8626183b1fbd394ece10c9fb002af218c9568c7d81
-
Filesize
1KB
MD596fbf408fb9c1a281ae2c5179c66be7d
SHA1a7b0afef1255652d44c1245172a672b2ed38f3e6
SHA2562fd2206f1e7db86d4bc0e25982b12ac3a769c261b2791802c544201a9dc73666
SHA512c34ef857b057181bf8cf5184d22716140eafaf18d74d61018e42171a0572d0a0c2b7cf5d7085c5eeede42336fc481772008567a7a36ad56044ea135228d855fa
-
Filesize
3KB
MD50f35831306ce56cc5d24f98a79ce2c71
SHA1214525f3fa4a0a20f50d5eb14939d29bc948ddf8
SHA2567df8896768ebab6c524dd13acddccf4129816686219ed8ee0ffd716658d73c08
SHA512e9a856b47949cde50b413c654f3bfc0e2ff5cb5489dfd4b04be75cbb5dad39acb1312c06d73314613593deba8776d7a4a08963b80c1e02a7d363ba6ad0b17c99
-
Filesize
3KB
MD520418349e7f8244ea53bc174b2ff9576
SHA1edb9087b6d85247ea0cad0060f540b0f890a80e1
SHA25635d36d6619e249e8bf4838098fd1770c78617e3019162aaca092f8fa37c82dcb
SHA512b12946ca17bb23403e106d561ae42d15695efde73eb4efb4099b57824c7ba0d2e331850022405f1d5da9502b568a217c06f259600cbbacc0d1c2b7210b31081f
-
Filesize
5KB
MD59e1ca7064624f37fe0be75e53fe66376
SHA178807cb8305b7e98079dc361c0ed3edaf8eb1015
SHA256eb5cef68cb9b7b55d2fa3c62e741f23782904f877ff18ac8bdad00e89d470e63
SHA5129619cbe7f1be4d4bf52b492b7c80ebae746a34f6a9f1769baa462a6e370262af743818846e1e6c006ca9bd536f7c638baa72d173e6f83b824601c321522dec69
-
Filesize
4KB
MD5db4452b6491adb8f5dd4a318bec9f901
SHA1d0854e442a158da86b7a4113c3e765d435e02066
SHA256f4b792c5a07fc27ca2e675971d7bc2e6aaa9a28951995725e19cc0214c469a52
SHA5126442f88490703393598e50db5ee0697e69e5c623b48b87a052c603ca60fb0ae201b5e3cc2aeb32dc1ad6211fb4cffe7d069120325974f673d5783dc126593b2f
-
Filesize
1KB
MD5f10ee52893c12ca486fdca6504dc67f0
SHA1c228c9102bf8aa985f4f45be7fecec50201c8a7b
SHA2564130f64ec5a7c18c732fede0cc539182c9f15eeb5ec8b11dae92406c4d42422b
SHA512159ae48b990de73e43f2be9250cd215bf001fd32b491026a3abb56bd0edbe5fff8a56c1fa9f01b28d4ec4cdd4b385fffdd7f807d03b9c1ef7c287be50c6c6986
-
Filesize
1KB
MD5671026e8f81a523575b346275f619ea7
SHA1974512f4dbd74248120922478d01ffba73ce44ea
SHA256ff9bd1b23341b5ef229ce7b706842db6b2f6691fc5f7df31ba49b13e0c26d3d7
SHA512bc8a89eff659242a8af09003c99bf1f469123e35612cf48215dae1f53680bad4f438764d230c6f2c9f3da21831706fa82f1b6843edb52b2cbc0fc25801b93eef
-
Filesize
1KB
MD5cbbc86e59b6ccc6d26f554d5dffe02cc
SHA166e460bdc8d2c1760ba82b3653c65aab4d85367e
SHA256bd780f6dc2337ec62094bd80e2fc470dc298ecc739663b9a0ccc74512cb45371
SHA51242a5baca3894233559fe1c3f4f5f937d058d8e439d17632ee0093541461febf4ab5639140d1048979506f9d617d45b93198efd4a98f0408979abe6b990ae1b83
-
Filesize
1KB
MD594fda49e032aaee5149670d9595419fa
SHA162c2f1d3f71ba95fd9f5c4297ddf66d5e995a5f5
SHA2563c13443ae7fdf9322db48c3ca147d61301ce574b0c706f5369332f09d4f8dcb5
SHA5121ff03cf386edffa4dc01ab8c9554b08a4ee89ddf06ee32f6b6529a1ed3f4d32b0ed29185a7d07147777ab6070df66a7a77057f875e49390289c9b01d5e3e352d
-
Filesize
4KB
MD55a9ca682974b4d70bd1147ec1689fd45
SHA19ac3cb66eed7ba4d251c4142cdf8bc9d2fb35cf5
SHA2566b21e2cfc46235a4a003f2165c634338a0b20e65b75014ca45bb6489f54eb225
SHA512e7bf143cd9fa6fee1bd7dfc4996b4ba172f5f98336667e5a06d49ecc4e2e3225778e10694e96189850d9efb34b85e0e7809e0227c9be64aa44a844794edaf722
-
Filesize
3KB
MD56f42ca6b4105204fcd946cc2ae17d9a1
SHA17d4a234e40ef4564943ece66d46d9e1417586887
SHA2567d4b3a73836005095e230d6d34297baa68f816b71cc6b78ced7a6f60b46c829c
SHA512724726aa1b898646522140872210fb4766d5c9998eed3192f112313081377e68077536f6589d98f3300909592584bf3b65820da253feea8eeb558153900cf97a
-
Filesize
2KB
MD59fc48923343e48542e75a9ad63f058aa
SHA15f0d0f52f0320252c8e095f952d20569259bca35
SHA2568583bbf1e634a1a1f117f4a79767b4d0e9885f3926a88a336564d52d43f1f06b
SHA512509fb1e14a6828288d3f2f5031db2073f67f14e65eb3dc1d52bb99c0be43e75177db4c09871e8831f40ff6455b008da2c2423c8b73a6f6e8f020d5fa307a8728
-
Filesize
2KB
MD5b8403bed485ab2bf409901580574bae2
SHA1f1b17751d3f08b77ed8f0b1528ebefdc72081626
SHA256bc2165aecccaa1d0ec5cb14f147a19d265d944f10ca7c69b9c61709a63c5b866
SHA5122a0d9054f9ed885884122042ba065c84b833b12bdf0997ea5e8f1c1b16d422de36bde24d15910eb0a54513c31995bdeb1a8ab5ebbe479efb27e1070e72168aa8
-
Filesize
1KB
MD5bc1246d86ec68e75e83cb0724b66ee63
SHA166963ca5859b96ac72db863b9f6cdd26a30f3103
SHA256675556d6c41118dccb394758c2d754f1b3f5ead6737a0d320ccc22713e96db82
SHA51294fc6cfbfbea1505812ada9dba6d8e3b8be189300200fd187d9c16bdfa42ab5ff863116508dbd457f1f87c988aa8d826e04b59116a9e60922fb4026b7a0b396f
-
Filesize
1KB
MD5193e264b1fe2fdfc15045e201ddf04a0
SHA1999ccc70d4c4c45c808271b751cd1dfacce9be03
SHA256ac2c14478f5cc431f4f9e57b8b8469db26cd7b94bbcbb886c6965bcec587bebf
SHA51200f2b20621ca0cf73434b7693891f77167aa658818572f046b0929e2f3cfc00ad653d3edb435a498e42ad71aa26d5fc634d61f4e9f0a1a31c8386a43d06f52a5
-
Filesize
1KB
MD5c0be85541da54ab492119060486ba5c7
SHA1cd15d21918a1cfb2428d9ab2d26ee01085cc073b
SHA256bf2d1ffc671de47f6dea14d06bd4ef65ca392910b1865e437414691a1503ec05
SHA512be10a88be94bf90675bcb5d553693ed5907de8a58d1e9f0837c4c93147cff3a288ffa7569e2f6c5f0d5dcfdb7ff105c55dc5433078e6bf93191aadf74b05d726
-
Filesize
689B
MD52168a573d0d45bd2f9a89b8236453d61
SHA130733f525b9d191ac4720041a49fc2d17f4c99a1
SHA2568ee173565b2e771fecf3b471a79bdf072aaa1bd9dc27582cfda2b2a322beeba8
SHA5121263589e12f587143ec1dd8ac87293a041f7d77439fcf91503e62be02e36d13e28560342deed86cf800c7bc01cd31837004d1ebe7ae53c670340040c68eb0e22
-
Filesize
1KB
MD568fd0c4ee03e5c0ba1668d1fc086931a
SHA15f69a5bc03d87363f762aac8857fc4d91382314b
SHA2564fb441a278cf2c85c08c9eca7eb2cf5b35c3e4519e989265f2447a6bcf1ac7ea
SHA512af1431c40d614c2eb7f529cd3b99611a2e1bbb3dbd76a1dafc4886a0a7c12086e552e169e989f6e0387b6b31a9060e3bf9f88169e2af735634487399c59ff240
-
Filesize
1KB
MD57fa0203427f8c830ee89e253aba6a774
SHA16d29176a6adb5a1984c5a0306b9eba1521e6ae2d
SHA2563be925ddc71466effd0796939f0963f3e6ad0ceb110a39c2ac6e7ec0a9e6e298
SHA5122d1d13de10408a05986862e5975f0563554facc6e2c2cec4f0b97b965236b6f8b38b6d1c30c77d972d5b058f7fe8b49c8d6f60a6dc317035dd134901c41bd509
-
Filesize
215KB
MD569aa03bcd10948392b001bb9ae368a92
SHA112741edebdd6accd7e309da808083a60113d8dad
SHA256021cdf3bf0bbd3e078cf45cbae784ac1056bfe8e7fc5ff8c5d446b9a45c0bb63
SHA512abf0752de3827af70f75ba5c74fa77b077659e55e4a3478cc2e8b8aedc945a61097b813649655ad2f76c40e982acba37832bc4820ad8d3e5a498e59dd3eeba9c
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
88KB
