Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/08/2024, 20:01
General
-
Target
c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe
-
Size
225KB
-
MD5
c98816fc2c87a9999388c5ec2d3be78c
-
SHA1
a7e21c65435b3be3f0226c72cd076c7d83e18f63
-
SHA256
4cfbf1fbc5335ad8ddcccc3f3deb1066872e30f0c0f01f9f3d633af15fab8c67
-
SHA512
ee6ce5e35ca3e1fdc0dea35d38e112c47edd281607bf8db459af52415cde9b310725d8e5cffe5d3ef27324c0096a929156f7d60163abcfbc233d0d7038cbb918
-
SSDEEP
3072:kgxI+xKQaIWoXJ+G45vrva2iqcPLicO4v+JAbpe6+vA8iOLNOnFddnbyyTnDmsYd:kg1KQjoGw2DPx5bSiOJOnFf3TnDm1qk3
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\# DECRYPT MY FILES #.txt
cerber
http://cerberhhyed5frqa.xmfir0.win/FF70-83DA-6904-0063-7838
http://cerberhhyed5frqa.gkfit9.win/FF70-83DA-6904-0063-7838
http://cerberhhyed5frqa.305iot.win/FF70-83DA-6904-0063-7838
http://cerberhhyed5frqa.dkrti5.win/FF70-83DA-6904-0063-7838
http://cerberhhyed5frqa.cneo59.win/FF70-83DA-6904-0063-7838
http://cerberhhyed5frqa.onion/FF70-83DA-6904-0063-7838
Extracted
C:\Users\Admin\AppData\Roaming\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (16400) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
NSIS installer 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 50 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 51 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{8B6A684C-8417-5985-E325-DFD878548651}\fc.exe"C:\Users\Admin\AppData\Roaming\{8B6A684C-8417-5985-E325-DFD878548651}\fc.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{8B6A684C-8417-5985-E325-DFD878548651}\fc.exe"C:\Users\Admin\AppData\Roaming\{8B6A684C-8417-5985-E325-DFD878548651}\fc.exe"4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\vssadmin.exe"C:\Windows\system32\vssadmin.exe" delete shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\wbem\wmic.exe"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff820e146f8,0x7ff820e14708,0x7ff820e147186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14210624529382382166,1330980694246126112,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,14210624529382382166,1330980694246126112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:36⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cerberhhyed5frqa.xmfir0.win/FF70-83DA-6904-0063-78385⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff820e146f8,0x7ff820e14708,0x7ff820e147186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:36⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:86⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10993827791820185124,3888871423227157358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:16⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "fc.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{8B6A684C-8417-5985-E325-DFD878548651}\fc.exe" > NUL5⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "fc.exe"6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe" > NUL3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "c98816fc2c87a9999388c5ec2d3be78c_JaffaCakes118.exe"4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x48c 0x4f41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
3Discovery
Browser Information Discovery
1Network Service Discovery
2Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
6KB
MD5ae1928209b24e736277262a91f9c2dbb
SHA1053a672660dd50b32db8cdd5b6e354910d0cb7b1
SHA25625c6010eb95825198d7f76d6020f7473b9e83449840ff878bdf121908519f063
SHA51209b8952cb7e3260d2339b0ac6edd3c665af550a738ec49bb183fb488bf91c7ea47e96c56518587fccc1f3616e205970db9f193f3d66580d1b4c6893bdd1ddb3d
-
Filesize
5KB
MD5a2685786463cc6e4908b0eecb524da21
SHA13b3e39a868b0843d88b7ce2fbfd99177095e7446
SHA256257dbc5db86663caccab617e26323e588f9c40d4b1c3dd2a38e375f6f14dc600
SHA512db48ae2ac238f9200294851dcecd30ce9d9edda2c0eeab640245510f35456b14a49cae89d37bee29fe8b20b98eebffc2ed06bb187562ee7461cf7ccf68d66119
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5638b6aa315c4b94b09cc3b30339cf085
SHA10770c95b09adf9112cb4983729bb1e5c99675d05
SHA256c2bfc4f3c4fb4169e78204713d4d06e89cb627c44eb65121d54518b30dbfd444
SHA512e78ee7d2f739f76e45b94db590bbd1ffc5add8879d5ca730e7d7da9532ff0acc4eaf7b9a96ecc9b038fcd774b7e176b878086cc92697f247f7ed03f8eaf30311
-
Filesize
11KB
MD5ac3111229def1f18d6758ac0d424e31b
SHA1bd3b85f787e3cee381d425a0817d16246322c724
SHA256516f2ad356bb904de1130083741c6ecf73e4462fd0a3c29afd4ebf70e8b0ca3a
SHA512f17a2a571e972872e9dd63d240f5488a223520cca7801c59f3f4336afa941f0619a7408e24724bedad529232785ccfacca6e5fed5eaa013d3b48f47437d8d221
-
Filesize
11KB
MD56f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
-
Filesize
12KB
MD56f929be890ad9ba7a6768bfaef437f0b
SHA137e6b301fc9cc09867c4bc286d083cbb7358b066
SHA2563822197b6efeb0403a66a2a8c76726087413e413db876c08862cbd7f527986d4
SHA512aaa62800df875222304e34ab82b543f47f01f93402bbe92647a7c3bf0c80ae1d2819393163548698ee7cf4ecb8da9089d9226d7e839cdcd86983b18299aa967a
-
Filesize
10KB
MD53b0287ea1ae1335721042da8411b550c
SHA17149a935acce6da26c8064f172702f3ca744f42b
SHA2560f512922b46679e755b454c930717e9c447fd1790e7d281eff6528dee6a0c856
SHA512388c78070818cc9d7d582fb4c66b85f28b87fa42d7ec02e397bbdc1fb59762689df37f57dbf59a165bca31fc99a5d65a23b87b9963599012a91c2efdc95171ce
-
Filesize
85B
MD558ea4f44663d09b8f1c3b8d6cb72638f
SHA1f3a42039a71348199661627819512b04e0d6c358
SHA256f3795a2cdf19e9e6922543858794410e66099aa7e2f69308e9995e56b642edc7
SHA512808d80e39973b5d8c89edb0bdad718125845b6f9b920598a0bd7e1540f2b8675298b38127ff72a39fe32016268cb2025e15c16d83765a49d2a72e7daccc4fec9
-
Filesize
219B
MD535a3e3b45dcfc1e6c4fd4a160873a0d1
SHA1a0bcc855f2b75d82cbaae3a8710f816956e94b37
SHA2568ad5e0f423ce1ff13f45a79746813f0f1d56993d7f125ab96f3d93fb54bdc934
SHA5126d8e68b969ef67903aff526e983b0fb496678e4c819139e560a11f754a36c4b5770ac2ecf3fc1d9cb5aaa84f80363b4f55553255569503893192911b80d9d853
-
Filesize
1KB
MD50c93f7227f87c0e7d9f4d77d75acad15
SHA1d7b032788083e77d2f0da09daf37244aef374249
SHA2560563f30bacef9fa713949eaefeca4ecff9b45fdb0fe6b6ec64d9dd81fc69e0f2
SHA51234b8e22cb725e56c11105d545e59fcccad6100414d938003bc3ca8ad1b36240dc9093e5c5f11a8f3d80467a6eb81ca8760e7e2869e868af7f236b80a100e34d3
-
Filesize
1KB
MD5dc2fe8d12fbd50b977ad509e7177085a
SHA16b463c5972dae535a402ce4a155522d1be17915b
SHA256151a80f94d514a55f05639a43a0887eea77e5fff7e2bfec8709dd4fcf4bc0f10
SHA512632ec6da0e6f38176d94a26ce240f65a91dec298fbe7b49e220454e22eff2d796b41a1784fc96ec88420cc242dfb3bcdb0b1c010e18e9316126e083cfca4571f
-
Filesize
1KB
MD52f753a2aecaa422b5a034df5caa371af
SHA1459f201ae8d6cb1de8c210a11f9743b4530f0626
SHA2560317c6819056bbc97abf73186128bed7aba1f5823d4530b1f835aacedc91fb15
SHA512cb2432f9237633fb35d058468a2b98cd42fb140925eebbb5c13ae8c8fd18a77024414b2df27940783abe53081c662a6c0aa9f6b999f176d966ffc67936b1861d
-
Filesize
1KB
MD5670a196f9dde1a619cec121493f9932d
SHA139f7ce520b3caa5aac76c02d55027111fe0aff0c
SHA256907275144601233158275428fc3f886d3c501f939d62b296e352dcae40bb53f9
SHA5120a6161273580489972bab1db9edd6a1ec50fe4c7f5da8d25eb4aea3fe70aece59c9bafb69c8159e0fa1f8db66af7a72b4ae859f0d0a85187ad2d0f9d1def25c8
-
Filesize
1KB
MD5259daf81c7f14c4cd930f93e7ca920b1
SHA18dc09538ee2b782ed2f6017d6b2516ca0bcb1164
SHA256b895819fe9e4dc06e5adec64573423951d21a8ca2858d5942e7acd15c0d6bf04
SHA5127c6ea606d21f10ccd73dddb3c71f4210ec27be1e465b312ec51d8d5cf188c3395435bd47c9dee55a8c4e1119f1b8836ca076a09ebd062f305830d769e386ec63
-
Filesize
1KB
MD56b8fd8f78de86c085f8da203de86ddf0
SHA18dde0c3d953d922038db2f3d8b280d74c3ea0473
SHA256903632acaa0922141a6781b6a0ff2a84f977efe85333481f80c07e68697ac536
SHA512ade4d98b19dd4aea42a48a58da0bdcbd84d3e1180661217b081a3ae8d39173fd3db5c4f40b055e546e9f32c79334e218ea0115b43548780891524b22ffa4698c
-
Filesize
1KB
MD56d6a39d8da78f43cf645c2cbd09a3ae7
SHA1d9becaff6df3fa37c53409ba61669c36d3fc2a1b
SHA256926e626828e0a82e05681f27ba5511bf99331f9f28b70a9e0da487411d63af04
SHA51248d2ece1b55d7ed36c0b69c1a20f363edf9c4181f0b652ce230eec4d876c32f55c51ea7a29473dc0f1757b3739dc5c96f6a6eea0eaf55a729ea0ecbfaf401d13
-
Filesize
77B
MD5d7a8d88e7d5b134d92542787e019e123
SHA1ad633d30aa9f0bf314bba5f004060fc90a14a16d
SHA256859d70658cc7502f214d9abd669c4e730e798210c372fd7020ceae470ac7756c
SHA512194e553ecc8ffd376c029670ced1f2480509b072d2adebd6af22fa69945f3fafb58a3385d5a09451c85f03d891049b8123c0cd3907bce944cb4784606679ffa2
-
Filesize
524B
MD5addff08028e3f4a5041eb92d7e44102d
SHA1e177dd091f4f6da23dc3e45abb9e573f1dde5ee2
SHA2562c1c182821d93f40e68baf7e3051783b7e76cb6e78d3b677815899b4db217497
SHA5128daca88b815199a29e11b39bb4406d4030589685157d041e9e8c59b7105f50b7c823169119933d34ab390377116864cf40ba6bff3844bae1443c00ea78adaf6a
-
Filesize
48KB
MD5327bfc5b6f9166937a1b5b2a272135f4
SHA13e309a22c86200155457df21b1b796a2b5d5cc85
SHA256f191f88ceb7434a68388fcc65c0d8bf630c21fb25eb1462839bade6ba8b16f6d
SHA5123fe712c7d828875b73ec92e3750746854c39d2fbbd48dee62a32a673ece60dc1a46e4f3a94cb4d7dd69ee0b9670c135cc72153704321a0ef9838657117db7486
-
Filesize
112B
MD5279a2aea35c02e3bfa03458920b09185
SHA1c99130fd7897b8555a7172fa4933977c35818f9d
SHA2560f5bf6d6da96e5ef6a580a4b578b488fca84e62f004874fadef444d4c351723d
SHA5123f2a8e0e969c5fb913fe88134ef4a0b64feae82f82d015ab70191822dcc5de57116260f3f643f45ec0357c6a76fb188d89ceaed9147ac2433190cef467d67c06
-
Filesize
1KB
MD5f4b7cb6444340b95f4918d7f91176230
SHA12e9a28996b7450ea33b293d070cbfa0ab5ce62c2
SHA2569bc1517b7dc6ba9829b5029ff788803cd0ebf32ef638388d51fc32c86a1cddae
SHA512c1d6dd624b61e86969783480a99694981eabab1f19eaf6ef4794967475b8b05d7584ae485e2eff5bf66b158b41f4251ce50dd819f48c5b7c3e4db04ac2a1de17
-
Filesize
1KB
MD5494066d0a081130639ae0ad93870eee8
SHA11ae55a49d67c50991c91a7bee074f422300d0d07
SHA2563145ba33cbfd51fb664f59e5ff413b9eccfd06c25a94c6edd3ce94edfbd1a96b
SHA512abab23e585bcf8f04fa0d5caa6fc614e93a492f12dc72354b00eb75f83209a1af601aaca6ab50c88cf9464354a37eadb47f2a27dfb64c64fcad5335d4a1532f7
-
Filesize
3KB
MD5bd8078dcc074aaebdc63ba53082e75c2
SHA1a3887f75154e5de9921871a82fe3d6e33b7b5ba7
SHA2569e35270e3510c195a64635292dfcc6dc508e93dcb5715c3e30cf3ec15af6951e
SHA5129a0b6c67c52ba0a0c9175a62680e9e35793676e4e06dfc6b5bafbff3b50474c94c5434e700d19eff4c46ee84ef0a424e850a3e7fd78d6f62d1d19912a8a38e66
-
Filesize
4KB
MD521ddceeb0c385676eb35365c4ff1d24d
SHA19cbcd87590720bf2ce80304d0b298fbb44cb61e3
SHA25682a9d562fac82452d5a767c2d0355e2e8f2d8550b62091522ab3985f6ec7ed0f
SHA51215e115831e4ba38e8d73044cf50de8f8777faba3d1d099dc5eaba7af53ff87cb7c752f708b25aee35e1a416cac9debcf4f94e85d45a58ab109ac45d435c22840
-
Filesize
2KB
MD57b7728a6082ae083a208c03eb06cd4f9
SHA163ed0c97f0db70cc153b397766e3a915d7b4d574
SHA25663e39aecde889723764da7e8a3a33be5447132354c182f9ac5b410bc06e25a40
SHA51235b26ff048790a4415feb01b92e2665c51162927f9ebccff40c65132fda17cacf36ad72f94a90cad65879ed6efd263d857cb4f81b99e6bc57924a8feecd33bd0
-
Filesize
225KB
MD5c98816fc2c87a9999388c5ec2d3be78c
SHA1a7e21c65435b3be3f0226c72cd076c7d83e18f63
SHA2564cfbf1fbc5335ad8ddcccc3f3deb1066872e30f0c0f01f9f3d633af15fab8c67
SHA512ee6ce5e35ca3e1fdc0dea35d38e112c47edd281607bf8db459af52415cde9b310725d8e5cffe5d3ef27324c0096a929156f7d60163abcfbc233d0d7038cbb918
-
Filesize
52KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
52KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
