Resubmissions
10-07-2024 23:05
240710-223vfsvemm 10Analysis
-
max time kernel
796s -
max time network
813s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
10-07-2024 23:05
Errors
General
-
Target
$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys
-
Size
53KB
-
MD5
e3ab0eeb7613ddbacc0388b96048ff5d
-
SHA1
f6e382597081451d6546339948edd3e854b7dfae
-
SHA256
5fdde96d05b4284fa7ee985a7777739c46040ad89b3b8217a729da9695e3e542
-
SHA512
40c0c7ac884297350a40d58a6a870796381ccb82ade22d69ca3cb9be0c3251b8768f95ab4b0f28f209ed65aed23894a7e77529316250ace7e5da8a99d0bb81a1
-
SSDEEP
768:ginpYN85Ry72IqbyReYU6uPwoz4djHIEoF+NdKduH1Qk8AI24o3whJ:BpsK64yRGwospoJFsEuH+k8AH1ghJ
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 3 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\ScanGuard\updates\SAVAPI 11.0.1\on_access\win32\win8\avkmgr.sys"1⤵
-
C:\Users\Admin\AppData\Local\Temp\$APPDATA\ScanGuard\updates\SAVAPI 11.0.1\on_access\win32\win8\avkmgr.sys"C:\Users\Admin\AppData\Local\Temp\$APPDATA\ScanGuard\updates\SAVAPI 11.0.1\on_access\win32\win8\avkmgr.sys"2⤵
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff819443cb8,0x7ff819443cc8,0x7ff819443cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3372 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1796,6108914495458395467,10649458737200301195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004F4 0x00000000000004C81⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- NTFS ADS
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a3d055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b0499f1feacbab5a863b23b1440161a5
SHA137a982ece8255b9e0baadb9c596112395caf9c12
SHA25641799b5bbdb95da6a57ae553b90de65b80264ca65406f11eea46bcb87a5882a7
SHA5124cf9a8547a1527b1df13905c2a206a6e24e706e0bc174550caeefabfc8c1c8a40030e8958680cd7d34e815873a7a173abe40c03780b1c4c2564382f1ceed9260
-
Filesize
152B
MD5f53eb880cad5acef8c91684b1a94eed6
SHA1afab2b1015fecbc986c1f4a8a6d27adff6f6fde9
SHA2565cb8554e763313f3d46766ab868f9d481e3644bfc037f7b8fe43d75d87405a27
SHA512d53f3965428f73c0dfed1d941a9ff06eb70b254732410b815bc759b8c7904e11292ad7e9624c12cccaed6763e7bea68208bc0b67fc70b7616d25bda143833794
-
Filesize
69KB
MD57d5e1b1b9e9321b9e89504f2c2153b10
SHA137847cc4c1d46d16265e0e4659e6b5611d62b935
SHA256adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af
SHA5126f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989
-
Filesize
43KB
MD53a8e93c58f214d4622af88801ae9bfce
SHA122caf6fbb49eeb1697eaf9163b5763f2d62bfabb
SHA25659ee19c450be3359b056eafc37e00e51a88ac2ccd690f8be043b6c4c185b19f8
SHA512ee2a7471bb43c0244e07cf1a76031b09fbb39176ec87e07a806608a402aa20567d1a9c5b7a0dc45c9cf7e2c42dc601eaf475b4687bca75245256a6a384c49378
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD532f58aaf5a515bdbb3d13f72879d2bf0
SHA11742585148dcce5d9a85464fdc5b25f394e4736b
SHA256b2be2096fe98a9b55d92512ae7859e8ba6a54be03afd7eb454b220f9ed888ec8
SHA51228c693e9a85da7cd7441209c60c4da4b9b6b7da7555c86c2039387b470c453a474a07597069959cccc2840360f76dbb307f88a77e52248adcf8de71ab99cbe19
-
Filesize
69KB
MD576c36bd1ed44a95060d82ad323bf12e0
SHA13d85f59ab9796a32a3f313960b1668af2d9530de
SHA2565d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542
SHA5129f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40
-
Filesize
42KB
MD5dd3b4aa69019c2a70a9838a9cb127a34
SHA10786bf0e6b4141d74d766b5283ec5b67ddd482da
SHA256ce9422848c8e8eb18a55f18e8659b893b6b878022b15f615e4daf7c6d2290b6d
SHA512ca54f037d991a731f30a782b0d2f7f30416e9f6232e0d0b477e7c2a16917ce7d8dda11dd01402928ee499704b4870a5fdb2f4fd0c7616ad0f7eece6bfa389ac8
-
Filesize
63KB
MD55d0e354e98734f75eee79829eb7b9039
SHA186ffc126d8b7473568a4bb04d49021959a892b3a
SHA2561cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA5124475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79
-
Filesize
5KB
MD52d06455bdd9c727c3165979b3d718ba8
SHA10a4d0aeb33e74296ac37b1bed043dd708aa70f96
SHA2566c762ddba1b30d001ee0d1c13f40fae2be858e4ec3e13a9366140c5350900a73
SHA51239b0a1c182ab3d86a5c6521779100fcac69e8bce75eac615edf401f63dc02018fbdf0cb696e4cce23d5d70602ee4bbbd47b2862f8ebe685185b020f9245d71c7
-
Filesize
3KB
MD5e78f58d51b02881df24153c10b8c9b38
SHA16d7616a0c90d67a69d4c38df299bf5f2f5bd1ae3
SHA256a0c100b63bf7b816fbdec29ffb2a60ccaa16eafd9769f4425b005094558f2c08
SHA5129299349b9e8ed37572a526948ec14d761c8b0231d5c4d301b9468919b5f780faf112ac8b587ab6d0fc612c05731a7e10764c0cb0a268435f409cba014cfb1e2c
-
Filesize
2KB
MD568af7677108a20f8e609b5c508e27719
SHA1a572d0d8e5964b59fdc921bc69ec5cce0a004fc7
SHA256f3a4908f8d75aa505eb94fc5b99d7a48150aa83592f5f71e0c356248a757182d
SHA51267029156c5a73f6e1a36330ac8d15b085b3e373831b4e5ef966f30e08bcc3ae8d5a200c0befb80a75c6e33920fab6b3b932cc928f12e50fcbdd8e62ca7b98dc1
-
Filesize
2KB
MD5b03a0efb4afe90165b4dc4831c37531f
SHA1f29a053204b2700834fd4fa65e7bdef49c095a72
SHA256f500b10eba20f39e559ad1d0c9343dd5e6ff438ec5a86db61aa1349e446b9f14
SHA512fa03917c926050f86123bffb79e1b9f29f8ce1e030e70e0012e15bb744a89adf66f6bacf0c6af112c1fac11905acb2777b5b4cd30e179e59fb35af631dc7c8df
-
Filesize
5KB
MD53bcaf5209609654d82bb3f9dc3d6922a
SHA18ab00e863c6421200799cf51b5e9c5932c61da8a
SHA256a91ce86f5fbefc2d9c2e64d040a07062514dc5ff52b96e7eeb32dce1a19f7da4
SHA51262edd205ee9bd80f2d9910a70760cabd4a7be17fbeaf5c1a3f7146ee2f217de4a5dd72c3bc1edc2bb5a4dba11a19f422e22a4a908b57b1d37bdc37b20bb3879c
-
Filesize
6KB
MD5be37ba0ef733dd881c4214673b94d728
SHA1f5fa3e88e81276fca15313bd83f5120f09949b94
SHA256247f76cc21d7496803f26404feedfaaa8b46a1800372b93c056491eab1a5ed6d
SHA51278fcf3620c2f4c268e4c6b6f23aab159d8eddbf3a84a15e7665c90dd3b23d87db10608a77285a349969b4cc5d25be3bba6fb37ad9e58d771eb394839763b0bac
-
Filesize
6KB
MD5cb5a5d2dc8e8a295ee61b7ab3c804a31
SHA137dadd6bb00042307bb048510b4eb915dace18e7
SHA2562fa55540d886c8d46a6a0421f447cbe79f24afe4bf6979c8696c62407d7b8533
SHA5128479461ec7caa6e80b0958e6d786095f65d8a71c673290d7aa07630a9994206d89240619021d0ce54900d8f430d87c970b7bb52d91cc112c8c9677f23e68a8c3
-
Filesize
7KB
MD5595b12b2e72206a76081ca0751b3f50f
SHA1469a6a20b10462c90710ec314a264a39be065608
SHA256b404658a588c2c8ba91372996fcc21616ef24811b790a892315d6441e34bdef1
SHA51218d49c7ab24112f0ceb51605f80c54654c1455db1ea28f8dc0a9f43a9ad48d18ad8c9208901f0c41e7604140644bfafd2cfbf9fe978b8deaf7da380cbe8597f9
-
Filesize
7KB
MD5d08c3536d9837e6a37259db7acd2b04d
SHA15d8a7cf6aa72a862738948d9721cc3e5d94c4d47
SHA25662844f5dc3278d43c92f32fc557a0df111defcbcaabd45fb40450a90fc1b853b
SHA5125f9f9c202b875b5e8a08baa301576bda493b01917f3c8acacf84225bc9d18767644e972f76bee35c6fc20f2136920ff81d967a245d2ce5004ba05a6054c3894a
-
Filesize
5KB
MD50b6f5bb47de9ed402f003b349c16f03c
SHA1713a2aa1f89921e763374480bce0fb989fd3aa28
SHA256684d3da661d9bfc0fb1cb32d3e8ee89d507b1a3d21268233edebf699259fe1ba
SHA512f34081e6a9b519007821f8e0203b61bbaa3a830a936b5a4a5bab319a16e3c90b13dbe1baa81016ccbc5e6c83a5536bc4f328f1fc8bb77738a182b6aee206c091
-
Filesize
7KB
MD5be10798e3d00ee99e6e501c8efc78d44
SHA1ec7dcf42bce7c0c9f7e4d3dda4df8a55c6d1fcef
SHA25623569d12ad0d2519fafd48f2d5e3e4a404bdb7e4431e3352f50f69d610e7e1dc
SHA51205e650241788427c164907bb854ec26524869196efb379134255b3c2e58bdee359aae79895a96657aa0d360e804fe167f50c310f5fd4c04acb6576290012fbaf
-
Filesize
7KB
MD5ca9060f8865563f42a942679951b6cba
SHA11a13d165eadafa494db880ae2fd0d9038a5977ca
SHA25658043929cec8b0ae27b3962479d8a7839c3d4cdbfa8160d20a09ab8b011c1d9f
SHA512d8c6093a8545abc9870fbf0dec763f6863c621e1ad89080744dfaa19856171827b1b1b97ec93ee592f42ac140e76e009ddadcba2d829311b1a0519d99e91711b
-
Filesize
706B
MD5a7c5ec849ac4c792fb13cb5c004960db
SHA123e61b4398fff6fc880bfac1ff488104c539435a
SHA25667223e8da433180abb0d7ac1c97d472b4f412d95698c770d4219e2b991fa5576
SHA512c1f4d8171995ab389e50d58f36a2e3f9c2bb5f77fc85397a5df3c0514162ac58ced2cb438a55f83d608f8396433cd8432090ae09ed845cc0001f78dfbfdb8e2f
-
Filesize
706B
MD578d466fa9d8c9842fdf85005f283ee06
SHA1bddde372e539a632a80ef94ac728999f9900d7e4
SHA2565c5cfe92b724019d26477211fa6dc530ff53edc0a69a97009ba762fe3440b3c4
SHA5123fd9ddd196ba12ab8443c6dc7796e8f6e2168dde18d359cbd95c040f7f20ace69aabef2c61d8f37546baef134d82501494d9d00d391d0f7f10e79d932539ea53
-
Filesize
1KB
MD56e448bba59388939dbcbb0b5a5c435e8
SHA13185070d473a8d3e8989e30bb84f70662d692ade
SHA2567e02dab2d8e6a1ce2423fe405393498c3a4fed530f5a9346b92cdb7663845bef
SHA512a4c952f3177bd46d251f62331787b5336aafc29e4de281d403e95100144a6129ab6d266e147c7e8c1aef90ce540035d6bf0d6fc451d436dd590154801b983215
-
Filesize
538B
MD512ea3b80e862078c82de879ce6bfb934
SHA123d9dddde7a873e838304f70c1ba2173682490ef
SHA25617f370c9cc6428d6f5362bb86f88982194ca83f72f376bc87db48d50598fa28e
SHA51230bc51dfa9a305b6aa073bca0c6112624c602f7bd31b0891b945ec1feda2477c33b207c499f24c907c8dd18494f2f785cb78310326a501d57c4cb91f950d9174
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59cbe28e25f4347129fc86a665a52ad17
SHA1267e973ceaaaf700d1fc6f772530ff334ad09738
SHA256d86e267d7c6ab27fc4fbb8361b9e18921b08f8ebc70c0b41e60882b4576c94d0
SHA512cec2e887fbc41dcc85bbe59e7c896ffa8859258acc2761e3de3b5bd6534ff56708e9965d18a62ab6c3f42dfa963f59677f012eb6b43d3d1948433f7314d25f7a
-
Filesize
11KB
MD582875fb3f9d1bc6e4a55a813934858f5
SHA1ead475498198655e5233af7ff444c6c89caac0a3
SHA25647f6a833c8bac01f2cba5fa6b19113ead85a7a61b079996c4d7b4156cdf64aa3
SHA5123f83abdff55fdab5f9ee4ff53877b2f9ee8dd1e2e85927c7bc187b9c3b607b138d41f4b1cbafe2d3501381909bb0988772b5c9964fe254f5a21720f8594c1536
-
Filesize
12KB
MD5488fbf4a16e98fb48a3da0d9cc04ffe5
SHA10660670fa3751c61f4f49c00179adf440cb39eb4
SHA256cbefb693d423c189de552522a9836adc5ba8f545b99e0b5aeb8c3db46b1362ef
SHA51252eed0275996c55d7fce041154fdc0d09e93bc05571765273d13252fdcf82ac63f36fc01e7e7ea2370d9d53776f442e396a27bdc92d670a6b6b569907fde2af2
-
Filesize
12KB
MD5d01bfdbfe5f05614dcc976867b9e5990
SHA14ba99de70028d87aa1679a5907ab1bc4e88d1b9e
SHA256e779ee2d58793f523ef02ab09181597a09f050cb4de78fb6390979b532ff52c9
SHA512ce1f8c12e41db51bf67f913b9df9c5606b1672d423e474110162783367636218cec30302eaae9d7e18169a802f993da10a315dedcd55f7f73967c427437aa68e
-
Filesize
13.5MB
MD5660708319a500f1865fa9d2fadfa712d
SHA1b2ae3aef17095ab26410e0f1792a379a4a2966f8
SHA256542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c
SHA51218f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
666B
MD5e49f0a8effa6380b4518a8064f6d240b
SHA1ba62ffe370e186b7f980922067ac68613521bd51
SHA2568dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
1.8MB
-
Filesize
1.8MB