Analysis
-
max time kernel
1800s -
max time network
1692s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
08/08/2024, 05:59
General
-
Target
BasebySofter.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 4 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 35 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\BasebySofter.dll,#11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc5c73cb8,0x7fffc5c73cc8,0x7fffc5c73cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7096 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:12⤵
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,4058230371673974218,10497436877792872618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\5d2e4a66f3b84315bc06f651741b97bc /t 4000 /p 8801⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\root\Office16\Winword.exe"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Valorant-External-main.zip\Valorant-External-main\README.md"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_Valorant-External-main.zip\Valorant-External-main\Valorant-Aimbot\AIMBOT\eternal.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E01⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5ef447d649a0e3b4ec039d863b387a5af
SHA1a08246ab87229e49f36e2bcfde699d0c4072c20c
SHA256097065e0b538f1e28b967b39060988233c60d2fbc78d702231d58bd9f5aff439
SHA512cab9bb830a6c5690b0ea6a222823c244b4b1af59a5de4a55dafe85af9fbf9f1cbac218b0931b0c0dcaa718eec13c75f482f348053abf0b8f3624035776ce888a
-
Filesize
152B
MD5302c3de891ef3a75b81a269db4e1cf22
SHA15401eb5166da78256771e8e0281ca2d1f471c76f
SHA2561d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58
SHA512da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33
-
Filesize
152B
MD5c9efc5ba989271670c86d3d3dd581b39
SHA13ad714bcf6bac85e368b8ba379540698d038084f
SHA256c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3
SHA512c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD51d9097f6fd8365c7ed19f621246587eb
SHA1937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3
-
Filesize
41KB
MD500d4cc262b70dd3d386111ff78fb0812
SHA1628d4dcee1e82d04ab3969c29e256cef10101407
SHA256956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239
SHA51212f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5027a77a637cb439865b2008d68867e99
SHA1ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA2566f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA51266f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
74KB
MD5b07f576446fc2d6b9923828d656cadff
SHA135b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA5127358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
45KB
MD5ff6490f2b1414e34b58e0762b0475540
SHA189b5f5d3d6b4332111907000cdc2ad3c2c43e033
SHA25656e798e78e22b5857af2e3a787039c48bd7e39e7409542b566bc5c34bc5da623
SHA51297e4972e20b3b4e1d8e035e25745502050f93859dc60eea6f3121e082ecd7ff1c7a2086f4f6964603ddb04ffea18db249f1bab3343d41989777f2dfeac1112dc
-
Filesize
4KB
MD54d87c46b39318875155c6b71f91c54e6
SHA164a03919d4d4e6c76343904bf8820248de9e8a45
SHA256abd7822e3d02d22f1324e47561931565708521f70212cbe77c6645325cf8045a
SHA512e30281f72a7f88b1781073b2c797d637f256159a0d45fe9e1683a3143c9ad33cda9cc88cec16949a794b73dce6d7ced80b7ce3ebdefdd3f14d07dc2b9fabb864
-
Filesize
4KB
MD5d4cf5a7e33a41de886a6c432701e6640
SHA1c8a1d0e408b821209d97cbf715f9ce93bdd39aa8
SHA2560e09c09e9b35a6c27a0d8991d76b59959c9b2c0fc3fce4fec8fc5bec1f38a86e
SHA512c1bf32ab90b7cc08bfb44b39c94389f5b5dcb884790caf34338a461059670b7b6c3cee6268e0f0e81552a0b312c6935951d53d5fb71a9264bc874f0374131128
-
Filesize
868B
MD537e318c601754154408f810b96b2c9ef
SHA148e5083bc2221734ca89fe99dbcf2d906de67ed6
SHA2563d626003eb4377c2f6d7fc7519e23221ef473832fdd3fcbe461c2de67bc445e6
SHA512f8e8e5ad20db7f54675c0d40a5949cbca48304d97ca188056db722952be8159957cc19bbc7b227fc014ffd930e85ccd0067a9b32513a5780c17cff76ca293a06
-
Filesize
945B
MD5ad2acf0ad0e59f2d7fbcedeb4e7afc21
SHA19b44d72b148f8dcdde85b5036ec93008322f7d74
SHA2561760afaa69053809bb602d25f3d52a6d31693b85dc0b2ec4e1226bb0f815b0d8
SHA512f7d9d539a07c185ff958ffd19c29d56d2ed732620725ddcad2478cf3b6dc36622b07bbd530e4a2f164867cca0add83a796a1b167adee6784148b146296855e82
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD58c318e22da046dcab4974c4c40484c75
SHA1cdb980d240efc3f8d0b2b06d827fc99b8bd89264
SHA25659b21ba15d38a8c4afb628fdaca8103980cb491bb03980c4fd0aaf9dc95c528f
SHA512619c789985677f2caadff622b71584df588569d7fc9100056888541407d272ba6143f9de689c2db0f43feb6febfe17bf42199573a2a5db93465e34c49b253e84
-
Filesize
6KB
MD57cb18330b92ee0062be1caf4fb9d0382
SHA15f05784f4bb50609e70388ed80109cd15ab6a77c
SHA256fa1e0e211096388c3306eb5d05886abfea5c56d7f6efdf7a64e85cfe406611c6
SHA5127204ecd8d956e3f889ba397901e5e659182e8f0b717cf1db0b292aa64421d233567508aefab8235ef75f7ef3b564f44350949aeda70bf03a650b625486818b38
-
Filesize
6KB
MD502b1bf9ef6415c1238f0211156f42c7f
SHA1becbf48e7573154a9abc9f7339c1351a8d1af943
SHA256f2d03e405f5e50d8bb3ee9d763a1ec7edcdffa07c80b2a736c16095944d52e9d
SHA51249899acf63a96ee984a70c4ea4e0b374fe5807a25ff3240ae05c501aea819c5544261607dab8c5f96718f6c44236e8c47bf682d39a34ba672f6caf8b0cb7cd9f
-
Filesize
6KB
MD556f39fb04f7bceb69c9cd831cabe6fec
SHA17934557eed3e71406a37121e8449caf4f1b30103
SHA256aabd2fd2ab6c32e51a8c701ee36727522a89adf61d428226c82cdc0976759aea
SHA51264a8b8d7e8ff899f61a9007a94e5f377e9b49d228294484a0e382b8f56dd4869aa10b1b2ac40e915360359ab3f2fda7828d9040fbd3961fd18cde81c2e454751
-
Filesize
6KB
MD5aa6609e887cac161768dc421190e0530
SHA11adcad2adf9ea2c389d8ac663e756075702999d8
SHA256b3618574ce9510e5b54408561c9ca13a78413bae003a76e69fb001cbc0ab3825
SHA5127b1b5cd70dae06d7aa430518f649d7e3c8616c110620364c51f6abbc28909de390aa55fd43a76fe7a50ab5c936a2663599592bb436d93792c95a72d1fcd5ca85
-
Filesize
7KB
MD5edc5e3dd4074ba21ae1700aaa6b4a99a
SHA14a82ec3016946e6e74e0bb174b8a55cf627d338a
SHA25603ae902058b4be4d35b1ea2a49d6c1f65963c8e936f7fcd8cd11c4bddd9780cf
SHA5121d59a9034dcca84d7842722bc4d540a070a5afdf71763b113e4793cae16e8086f293a7e9cd028b418376f07efacfaea27e1ece690cb425ad0dddf778f06819a2
-
Filesize
2KB
MD50fc31f2748bf3efda3a2ac085c4425de
SHA174e26e4d54f935dea3bee0d2c89c0cedee9d420e
SHA256e8c250bfa8629a93b6ffa93e8ef03d6a0c3bdcf911cc4ca5ea144b69c851ff41
SHA51209848def73309e9d0920e69033d52e7329e2f9229e7e44d37df390d2e87e6f2626d8c0123ffc8a5e4a0c3904ed0156cf1b4c3bde453c7317c6136e6681e4d47d
-
Filesize
705B
MD56935f6b3653a7f37ee073111e00bcc38
SHA17ea53de57b28968c897c0052a8ffbc905c129d14
SHA2563dc8877c32f1707eb9234856bdebb6e45c4f17c2241a1f36aa2e10e6d699ab3d
SHA51271cf303b8995942e6893209349ba7612b29d8d0d4cc9df43127045f44c59ff994dbf2ba0d1a0b95667538777e2bad3c821af8aec01c53848cc5e720e409d1a7d
-
Filesize
1KB
MD5e207d85ea7d4d86581fb9370c4b0e70d
SHA18f51f4cd8461edde3fe61dd09989b47a100d34ce
SHA256ae82f19837149f7f282a208bf2247baeec5c6951537166036ab9808540a981e6
SHA512fc521f46b5f1930982cbf092591da1a42b813d9ac5e4fc1a40f94542247564860890895d53ca26310a9083568f771455e7242857c4d47bd994a6e574d263106e
-
Filesize
1KB
MD5cf11dfdaa31132f99ecbd45c6ecd5b1b
SHA1848c812cd1c50385968ccf9d7b76c3fbadf920fd
SHA2560697012e860c5a4f405feef1e4c7a8dca7a9b0098471ea57e9b0a06e1ce11b0e
SHA5121dfc4639631c2cda0622ae5420645703c40d63f28a4c4c5d3932abb644ca2bd8c7bdfc65383f15a4c545b6aaef870835b2eb89326c7061f2c76706be75b44261
-
Filesize
2KB
MD55258e0b7e9904046efe004ded3a2bd59
SHA1fa27853a0b03ad67e7129be2401a1912e56152d1
SHA2569d863d65e5364c83c6d1a16adbe96b2dbdc0f965880aa3bbb0b6ba312158815c
SHA512af1b5ebed1a669d247efcbeeb986e235ed9a421cad6da6754149b8d9fe57c1eac3dd8d581c71cb14df98024cd035efc240ca5d49d84d23bb587c30e2d5563485
-
Filesize
1KB
MD516ce3c951da54937c7752a6f11a362c8
SHA152097707f5c6929c22683c8d3febf5545de1616d
SHA256be789b0201067664a1028a68388a8695b77691e9045fea243ee6f5aea149bf62
SHA5128b85a0f45776047bf8091051adbb4b3b17f748a0d74ba406a4294c7c938472904b51352336fa08de194dae2d4fc5b5496baf1788cc363f51d0ad627f9dbb9e5f
-
Filesize
1KB
MD5008c177ac5549498fbb12f678177517c
SHA1ff10588983dae616021aadefc80fcba250c04ad7
SHA2565e7bd382bd2ddba28f8b5d5abe47e529366884c358dc2927b5b3ba0001943fc1
SHA5128fb55506e7416d137df85474f994c3e66a1cd71966913134f6d4ad9a939420a12b54a3645400b3d92bd9a77dfbb7627bc9b2779f2e9ef63812b95d6722ce2b4e
-
Filesize
705B
MD549e3739b19eb7fe12f009e204e327b44
SHA1f07a407bad289185c9adb9fbe5d57ffa508190fd
SHA2568377337b01b22ccdd0e5f6c631f37d4baeef2fdbabe49c8c043825fa079c1523
SHA512d5d3e7d55210dd22422655ae4a4001dd22ccd6fdfdd7a8be860504370713b480989c252775a110916aaf0c28b0a324e3bce2412b6a6a935a45d64d1839dd8b3e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD526c9dc8ad218d090fab6f8c8fe22d459
SHA15b78eae8cf822aea8ca89adc76ba0fb988224db4
SHA2568cadd87707c112b06a3e82fb3618cb23f57652933a37fc2e58bc5b2b29c8ba23
SHA512780d9388d80730e13896801a6834ee0ca367eddc8e0b42c26e1df484fde37836d17d8ac2d1fbb108f2949992d7a7d30dff63ca6bbd93cffa5a2a6c673f2c4589
-
Filesize
11KB
MD59936b42a84a4c240f2ecd20bd5194a27
SHA139856c0eced9d4435011a1e1a7c0e9adfb246d19
SHA2565524e7955633de2a999e50ccad5ad1d706eaabbbfe74302ff7baa1fabee79cc4
SHA512c26dbc1cce47a57c2cb2381a24c2a5f5458fac8bba8d537f8680a83a44d22cc6ac7f5fd0df063523d19ebb230304c70f1ba343020fb8a8e461b0afbbc0daaf3c
-
Filesize
11KB
MD57e44453f12740d90048b6d4087f7fb9b
SHA1392f84975d8dd626e922a76ce05b5f0dae2ba24a
SHA2561bbb20caba71bc794e419a5631a38e50c8cba0d42b8cd954de4ea858137d76f7
SHA5126f769478166b8c30e87303c8ca037f3629252bd4dbffa15123693fc5a4900bc03cfde3c4797a5db340b8eb4919422c2d5fa37eb4b658c56b66e5519243a09142
-
Filesize
14KB
MD53f177bff751be3474eb2929c18e790bd
SHA1961ef03f1cd24dc31896053c337fdeab866857b5
SHA256f9592d0be08e171a1fd0692c87ad3c3a94cdc3d8cda3280d8a02b3910a79c02d
SHA51293432af129372f4557336968665e1bbbe919da6fd2ae3f99884ac35cff09ed7bcb9d6b795c367a596ca473014357747fa72b94cdd2b17e98f32d7fd2278b5bd2
-
Filesize
10KB
MD5eed1599235b9dd933e13cbd5751d7eec
SHA1d461f7edc8bdb31b672f97b18d34e38bb7c96c4b
SHA25613ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43
SHA5129679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e
-
Filesize
33.1MB
MD559850df21c84224012b1022742336d90
SHA14d029768e4a7380cca5a669ac9991e730e069f0b
SHA256ae4921b0f517951e1225954c30ad031fd53bfca993af4f8868a02964a0a94f4a
SHA5126a1f40d31f0e935245e7814b790241e2fea4c206f4444a23628baaa546f9701f50840aa5cdde7b230c60c72066b00a1d5ff36766eb46aa55987bce9ce630723a
-
Filesize
3.7MB
MD53a2f16a044d8f6d2f9443dff6bd1c7d4
SHA148c6c0450af803b72a0caa7d5e3863c3f0240ef1
SHA25631f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
SHA51261daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
192KB
-
Filesize
68KB
-
Filesize
16.7MB
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
2.7MB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
132KB
-
Filesize
96KB
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
92KB
-
Filesize
2.7MB
-
Filesize
2.0MB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
496KB
-
Filesize
348KB
-
Filesize
68KB
-
Filesize
16.7MB
-
Filesize
412KB
-
Filesize
260KB
-
Filesize
68KB
-
Filesize
108KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB