Analysis
-
max time kernel
227s -
max time network
235s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-10-2024 13:37
General
-
Target
https://github.com/pankoza2-pl/malwaredatabase-old/blob/main/Twitch%20Booster%20by%20back%20v4.exe
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 4 IoCs
-
UAC bypass 3 TTPs 2 IoCs
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 3 IoCs
-
Executes dropped EXE 6 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 34 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 19 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 62 IoCs
-
Modifies registry key 1 TTPs 8 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 49 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 54 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malwaredatabase-old/blob/main/Twitch%20Booster%20by%20back%20v4.exe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7fffbf8fcc40,0x7fffbf8fcc4c,0x7fffbf8fcc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=980,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5032,i,2048476642920768551,8857718683728478627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2820,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:81⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Covid29 Ransomware\" -spe -an -ai#7zMap19961:98:7zEvent28971⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Covid29 Ransomware\TrojanRansomCovid29.exe"C:\Users\Admin\Downloads\Covid29 Ransomware\TrojanRansomCovid29.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AF70.tmp\TrojanRansomCovid29.bat" "2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\AF70.tmp\fakeerror.vbs"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 23⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\AF70.tmp\mbr.exembr.exe3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\AF70.tmp\Cov29Cry.exeCov29Cry.exe3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"4⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete5⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet6⤵
- Interacts with shadow copies
-
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete6⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} bootstatuspolicy ignoreallfailures6⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} recoveryenabled no6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet5⤵
-
C:\Windows\system32\wbadmin.exewbadmin delete catalog -quiet6⤵
- Deletes backup catalog
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\covid29-is-here.txt5⤵
-
-
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 93⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\AppData\Local\Temp\AF70.tmp\Cov29LockScreen.exeCov29LockScreen.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MS 0735.6+7421\" -spe -an -ai#7zMap23441:90:7zEvent160352⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Users\Admin\Downloads\MS 0735.6+7421\MS 0735.6+7421.exe"C:\Users\Admin\Downloads\MS 0735.6+7421\MS 0735.6+7421.exe"2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f4⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
- Modifies registry class
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x498 0x4901⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
3Modify Registry
4Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD51cd0ca3ad537f5e56ece8863a0835b96
SHA10d297621fbc9ec6130cc1b428109f6dfd28a5f8e
SHA256db89841e61451fcb29d386a998035ed4c126525436c8d7704c19e678db529d65
SHA512350a6e8a71c316c2a2fd962915bd67eb6dc90ed3e1203b9c8f4fd42a883883341ff3a3e34be6d1b5c44407f88589a2960b30b579751dd7f8876b7db68b573cf8
-
Filesize
2KB
MD56bd8a5275e781b72dcd73b04378eeeaa
SHA158c80885413e542311e29d4d214ef2bccdf770f5
SHA2562aeea8250b23ab47e6da0df434f8ee8b7bce138f1dd59076ce37eade54f21239
SHA51235cbacf6d8fca023bff5bf2f1db5a64b1ff555dd9116b88dd1bc8476d3aafc04676d74dfb68e53b96caaf3023e1ff0a754dc6d1f769c363e3b845fd867942350
-
Filesize
1KB
MD5ecdee2827687762780395cd55ac92a24
SHA1406dce8e4968c41f312820fbb1e6f5d31855b9aa
SHA256cd858bff2ed1af5d7403a4091784cd9750840954ceb8d6f9010cff53faead081
SHA512b5cae6b1234961c5795f769e90e047f368aa10c4163cf0298422c107258baf86546e02ba044f28292843120ce140e07c4334c9c6b478dc0000859c88fadf7343
-
Filesize
1KB
MD5e19c793f38c99250b47f72db1f90a1e1
SHA117493fa820968cc76999dbb57ce7b9dc8c697c63
SHA2568b49805c8d4c440621eb8ef72bd9ef93aa5f2f0689e214cbf891300e96f88f23
SHA512defd4abe2b8babd54bb4503f65372d32854d85ac19838110c78e71caeda002859ddad110bc43f380e7f403a1b6b30ead0a6c83d2b64ecbd67917e7397ba9bddf
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD546011651aed82a14c3e598a3b4fb6dd5
SHA147ac5a7ba689d30526e3aa0d8b6badffb5532401
SHA2567fcaa91a268d25a7b1200751e7b5428c22641d50f62814b7f9fa6edd7437df51
SHA512e484d202e431cc779c8a0ef58f0134e20a721e033959c8a5cfbac9120d0e952b4c6e8bc6cc9921996c0b56bc84cf124b588cd0f29f8c1572d99e4b5898010969
-
Filesize
1KB
MD5232f74e64e86d26220f3412ec78ad853
SHA1b1dd5624156407f5dc88b99a5178f01c50194633
SHA2563f90167db6c6f7f12ddae6dfc6fe299062f3dc4446f5a3d0e1fb05055ad0fdf7
SHA512a2efae4ba6e3f6593228e6c0ae264d01ea5f34ad0346fe1289b3c1bdb2a7b7c6fcada08f8ecbddc8f97fdb956e6867c4a3a09f2454c67456d082856a79454368
-
Filesize
1KB
MD5eb8480950b1ce7350f0f3c3ed56d321c
SHA18e922563a3d148934981b524eab65aa6a1a661b5
SHA2569a23723297923b21c4f81167149ee7155cbaf35ea6eba3fc89e24b35b4de5ccc
SHA512606be96e52bab442420fc1084f78312795db031e8935e9bf6f9e99b1a22e3f62585b0347c0f3e23ebb060bb6b439fdb09c3d69a068fe1ffeac49cb3bcd0d2e5c
-
Filesize
1KB
MD5e3d251c77da71fbfcd41ca8f688ad9d2
SHA1ec2ba2f82b8faca9fec40b371cd6ba963029b789
SHA25641e3ec6ce8ae5f200da4621b1f20624885ffd94080c76beaef2dea495f665d25
SHA5120275d7029a3c3d85effa2c9d041b1515e5511d06ee3320844d436795feaeeeaee956e82df84e385ba46c10160c2bf61bded3c60fa86fa6782d5ef12c99908135
-
Filesize
1KB
MD536abf32936970863df96a469cf783d54
SHA1ec9c79cf58bc90552991eaee4d66ce7d8c79f95e
SHA2563bb1918df876f9487366135e03512ea17d8aaf0667ff726bbfae32a7e0f0ca04
SHA51246f6c337c0870cd75d317b74a105797467f9827e4a0e4c4ca4fe3d3a83581a101980c099d3f0886c3f006b76b4bcbf6de71b0c762b0e23ac958c79316f98303f
-
Filesize
10KB
MD554f993889ffe39213261a03e55ccc49f
SHA127ca7a35e2aaa66b17ce2ee0c10cfe3386a4929b
SHA256be26e0bb0951423dcad8bcac15ea76241d5ba9d14e4c20f53f3542b8392cd676
SHA5123d4d2c50854416be025843f659599a7f6848caf2aa7a082b0fa63cb0c77521daeeafd2400d5afd17ced9acc665d0d0e80e1d76147ccb74ae1edee09f584f33ca
-
Filesize
9KB
MD5de294b113196c7800ffacb8878394968
SHA1d21ddaeecb4e19b544acc8f4808a4f4aede57e0f
SHA256b4db1f842bfb0c444bc3ebe7804a675b4a9fc20f46c18034f06f3ade9a952117
SHA51203442cd8c2ebc7b73abd1f5278145911bfd655df9958c5e5d4923e04ea8d8b49e9d55b8a2f2e7805d5263ab57f7b0cbcf33d94c7a4cb54b6f788ca2bdce9723b
-
Filesize
9KB
MD53e44c7022282939e06ccf4cf5e623b2b
SHA1267bec147ffa6bca8ddebcba0e6b8a9815fb6737
SHA256c34af0a92463943e5ee374cbaaca28f90d9377d8310f9a4f63bedb83c3ffbf30
SHA5122a5c0c8ceb9abefb4853a6a1c3e66afe2c0a1b0ab2fd625dc32c0acf3e31482eb3cc119a9522bde79e296f42f75f1ce8b7c40199a57b838a7006c17494c4a293
-
Filesize
10KB
MD5e1842ec190f79a84235009e7ab3537ff
SHA19312e0aab6464188a82966cb784dc18648fc0fb2
SHA2563f122ca46cade67a9e20f46614d1d9617d9a699617f3b5543e9930a2aca938a9
SHA512b2b3ff2d5561cbe46f947a62a8a12d99a60d8ae26817baa62240a9900f4199343adf28b274cd8cda5023861c4f2c177b040a2e9853001fe8cf7c69b05882ba65
-
Filesize
10KB
MD52247aefcb3133b6a195a3a9b8ba657f4
SHA16908b585a5c7e5563f8baa858bf15f82e32bd995
SHA2568ebcd8f5139b5e98fd71c16d8241d6205d01df0ce1350f32930a7ef23d6f7b97
SHA512a7287b1221dcd45eeb59bf9cd497a1857d2444f2bafc92c4338da440fef02a142a8b166de924036a955d1eca6ba02a1c1d7acac5ac8df2df22ec50cfad820edd
-
Filesize
10KB
MD51e2cd7616feaf156ffdfffff934e6d86
SHA1e63bdb2ec15740396fa026915ab3231d15569693
SHA25616853a3f84adb4c2835c408a43547c5745baafb666d5b2afcf7b90c90806ad18
SHA512865e96e8826db91bec8f3c4d337e7da7761aa9cd768200fea13ab6f4d25c0d72c554230c78e65d898a1a9b27af61a171beedd83c64690a983e07b2b5ed8e2f82
-
Filesize
10KB
MD5dec0bd514f41783fabf777d0ea4ff09e
SHA1a8bba4d5bc63280f169287dacef7564edaf858f9
SHA256d9d08c427bb99b6d3c829fdf0e2d4edb3ebe107437118c7691be387e0051cd6a
SHA512512a7d10689382f59c7fe2e0bc289b9693d4d4fda3ff9e039c2d2a80ddae8cb028742d41ddecc9ab127b21c8c30bf6550635edc0c095864f393d0413251d7da7
-
Filesize
10KB
MD5f11a3884db871ba55efd6e4e134e7915
SHA1baa3f30d5cd40c690e4eb22f2d5b026089092ebb
SHA25693cd32c1803e826574329b5fab7298faf2258bd2187a2a09c842e5e17e57d9a9
SHA51220eba584bb37d4fa8f2259b307f357452ea05a2e88610947ad4fa56bbb0ad9b1790fb4c14389eeeb0028861a170c98d4592f340013cb22921ea764a0935a1299
-
Filesize
10KB
MD599fe8ae30295abd24892ed8de5ecc17b
SHA1a5a17c0fbbcca631f9e510ddfd44dce5ca8ca29e
SHA25602343ac4501eb9a102afb5b143e0babc557595e7ce9e5864bcd31f071a6f2762
SHA5121d79e4f6b2f4b8b5d3826cf35041473487c915eee5166bcdbc7d16fbc0830daf32fd0cc22367007de4aeb6c3ed43bba817f2288d272c41cb16e4c5d54eefe116
-
Filesize
10KB
MD5cd186fee16888b998b96a868d087bf34
SHA16b53b72d7e202bfe6b04941ccd0e4ba02abbaeef
SHA2564beb4f73375bfdb4b1bd94e74c95400cb944441d09aaa458dec4b63360b6d9d0
SHA512a377c9351872fbe920337436eb533f00e9aaf0c3926aaff992086773c0357913f7ef0cc0fe62a7902b6d8d9e0799ab8ab0a1465dfb86b9ada533b853a34fe1f6
-
Filesize
9KB
MD5528faa57a568308d527e186239603429
SHA12339a7cd1794e223d1dedacad15ce575ea94cfdb
SHA25638136d3c53981351d0bc6cdebe2347fb9fd47e7dbcd8cc1835d08ef30bcfe00a
SHA512ff1c1d10e6d6f77959a7348a437b9be7bc33eea0c59bc13064fbd7f113cc40629e7de47ac95a77c5e22151e314f68fbfc5c34c196f43a0995c4e2bfbb759fa46
-
Filesize
10KB
MD58d3517986c65d6a3f2eb3cf8c3e9d588
SHA12070cca8feacb88f2f9e12661351261787ca2c52
SHA2564961d8863a2df367b88172c23c347c96770df82b4c64b3a6480fa5f650f3bd09
SHA5126ca6272b0f3d8a7768d53d37349b4756ff362e040d812386b6d0447f679e015e4d40f04af8d22e8d600cd19399ac577d592a85f699a6e8a7e7c6af91ea6d0210
-
Filesize
10KB
MD50ee4a7ffab5a50e322e0557b3c40f214
SHA1070d02e0b543d15941bfb82781a8d5b9e924446e
SHA256d8def25678d7b1c0125cdf0a4986bd59b1db11d5cdd9ccc56324754df27bae6f
SHA512a2050917e9b896c164936683eedaba23607480f55f629423efe791e12312ddb4425db37979138c29287f37b1aae8edbe047c9ae20ca1e7f80fb42d084ca2a3cc
-
Filesize
10KB
MD5dbd49678a955e4315ef4f08106ac8ef8
SHA198a92ed0c429f429b2a7d78e5686fe578b9a6bb0
SHA25625b182a3a61769c673f91b9929868e361ae5555c2d6cebbe8cbc5b7ad03911bc
SHA5121a98324cf14adbc15c132853021c12d63860633808bb9d7951003191c2e5965155bfe7c67a4bafac376ab281eb8c7f3310d165d5142e748c5dacfe5735ef9e54
-
Filesize
9KB
MD5cbdf3493787d58d8b5074460efd3b904
SHA19711e6634ffa7fd5dbd7ca94c75ca8de51ce7514
SHA256be7efc9fdcffcec055bcaa57850a3643fa82a41fc1dba4272fc838c1e5d4f863
SHA512c7daf48fdbe4e1aba3d7e8e7f8d5a65d82428c5717ec589a0de42819d13b6a9ef86c6e38c11fd64b805725f1faedaa518bfcdb38072aef208287a41266e0d071
-
Filesize
195KB
MD503b8d55242e5971ed6e17618263bca8b
SHA1d0ccadd18f489851d06e5f0e6811d212424e8743
SHA256a29497cb17d50b38aaba8b1098e56db2be03ab33e8e524c1eb469853d4ba4538
SHA5129133eea35dd0da94153c66224a8f3886d257c555dd9bd2c966f0d1deb572a9acc616b71a2af48c0cf8c9b794a02e21695d85d744a3b4b49b2177311c076a76ba
-
Filesize
195KB
MD587aeac1d69ce4eac1f5613353d799539
SHA16fb75fa1de2f4a7c11ff70ba389c1a6d4a67fdd8
SHA2560efb4bf268d8aa30b8faad06fe8fc8431f506f2182ca54ba638729a2672f24dd
SHA512119eed4ed190b5262bf096b3abb8df8296254e64b75c8a1cd0a3a1cd14fbcba534f53b9268926f5a08f20f6e682f9da6c86b2c1b059a45017d269562ad6b9cea
-
Filesize
195KB
MD5581237a21c1c12e9bc3a8056259126f4
SHA16fb539878cc9891bc4f4c5a766540ec41b01409a
SHA256c926246695a422def17529a5a518538fdbb25e5607d09cd787deaefd38563c1c
SHA5120c30641c39d5fbc4965a981a8f11dd27947241d239496f300e4145c6b5e7c21f06bf80016aa35256abbd7104dd6f0c6920d459984f436d966effee8fd255b6a3
-
Filesize
264KB
MD5f74f2f12a7883f284b125a9fa6c99469
SHA104f2b74fae24fbf7c9e360eee400f1ee15657b86
SHA256e6162e354a5d23bbae93664ca1efb86e035ec18deeafd0e48021b80514b12cfb
SHA512707b940f31fed79509269902509246313ecea0ce534f3cf2412fdc5755ea24e679529e900b6896ec1bda4d6693dabad324883f1b497ef6bc5d69c1d2f0b8f968
-
Filesize
103KB
MD58bcd083e16af6c15e14520d5a0bd7e6a
SHA1c4d2f35d1fdb295db887f31bbc9237ac9263d782
SHA256b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a
SHA51235999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a
-
Filesize
48KB
MD5f724c6da46dc54e6737db821f9b62d77
SHA1e35d5587326c61f4d7abd75f2f0fc1251b961977
SHA2566cde4a9f109ae5473703c4f5962f43024d71d2138cbd889223283e7b71e5911c
SHA5126f83dd7821828771a9cae34881c611522f6b5a567f5832f9e4b9b4b59bf495f40ad78678bd86cba59d32ea8644b4aa5f052552774fea142b9d6da625b55b6afc
-
Filesize
1KB
MD557f0432c8e31d4ff4da7962db27ef4e8
SHA1d5023b3123c0b7fae683588ac0480cd2731a0c5e
SHA256b82e64e533789c639d8e193b78e06fc028ea227f55d7568865120be080179afc
SHA512bc082486503a95f8e2ce7689d31423386a03054c5e8e20e61250ca7b7a701e98489f5932eba4837e05ec935057f18633798a10f6f84573a95fcf086ee7cabcbf
-
Filesize
30KB
MD5108fc794e7171419cf881b4058f88d20
SHA1dd05defd9fe5fb103db09eb2a3bb72c5ed7d8777
SHA256741d2576009640a47733a6c724d56ed1a9cee1014cde047b9384181a1758cd34
SHA5123a1a22217ff636e48612ff3b55ac6611eda6ae0b5a1f4d693440cbd6aef84d6657d3cd076ca828ba828ee556ab64e5bdecb37c1d682590877f3b23345baeb0ea
-
Filesize
144B
MD5c0437fe3a53e181c5e904f2d13431718
SHA144f9547e7259a7fb4fe718e42e499371aa188ab6
SHA256f2571f03eb9d5ee4dca29a8fec1317ded02973c5dd233d582f56cebe98544f22
SHA512a6b488fc74dc69fc4227f92a06deb297d19cd54b0e07659f9c9a76ce15d1ef1d8fa4d607acdd03d30d3e2be2a0f59503e27fc95f03f3006e137fa2f92825e7e3
-
Filesize
1.3MB
MD535af6068d91ba1cc6ce21b461f242f94
SHA1cb054789ff03aa1617a6f5741ad53e4598184ffa
SHA2569ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e
SHA512136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169
-
Filesize
861B
MD5c53dee51c26d1d759667c25918d3ed10
SHA1da194c2de15b232811ba9d43a46194d9729507f0
SHA256dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52
SHA512da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c
-
Filesize
1.7MB
MD5272d3e458250acd2ea839eb24b427ce5
SHA1fae7194da5c969f2d8220ed9250aa1de7bf56609
SHA256bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3
SHA512d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c
-
Filesize
542KB
MD59f0563f2faaf6b9a0f7b3cf058ac80b6
SHA1244e0ff0a5366c1607f104e7e7af4949510226ec
SHA256a8054338891db7231f9885ca0d3bc90a651c63878ff603ede5c3efafa7e25254
SHA51240cdf4c754977e60c233417e42a62be02f9b5bfe239c0378664c28757ce6ce1fc3b91b83d6ef6bb184c4d831761f57a07255526d12a3a955c3b473bddb97f4c9
-
Filesize
285B
MD5f4f557db9c615c87e524802af8a9992f
SHA1692692c464b2a0229c697534c97d391179c5b646
SHA25617976e8a6952b0123b729b50b3ad981cbe97083db9de66a37eb6f8decc39b76e
SHA5127e8b9f2c01edf81252b722e2f9fffd1418150e9c5d6c322645bdc675561bad5b204c93ee5484b464c27a2d56ce86abc00152d32609bfd5f8271c32089b12d4c0
-
Filesize
242B
MD5d3be6c4edea45f5a9a766dd235e4c23a
SHA1bc3f164c51e8f9b223b2992688aae2d492a18353
SHA256236d6136a9ea4241facb7c459bf0bad6d1fa572d436e6e73c44884d6126e5ab4
SHA512bd2f5cb1316bcc64bbf30b2828d497157129e2013a529be591733a5c900f4d3450e97eed3ba75f057a49884cdb9c0a72dcc2ba5768db33fba7ce9236f5cea6bc
-
Filesize
16KB
MD5c5f0f9ab684461c635f551d045e6caa5
SHA1d68eabb18c68f34abc7e91b8538c445738c619e1
SHA2566c9eb2da924df69bcee50c50f51a67c66321eaf1f453e4c864f037d31e08cf93
SHA512f4ecaac100f6901dc1172fec228f48c5f73d828845dd579059143a0099ca3f5df17789808953b4145d236470acde80811d9c7e89b05dd773e9c2bdcf6142df42
-
Filesize
1KB
MD5189eeecf41700ae5ba9ae1a4a1c49e9a
SHA179dbd0e112eb3a184643dc4d9b76356c272fbc6b
SHA25631fd1820ee3f7aad61f1f99e944d2df2c5406f033a661ea98e07c389d6334ba2
SHA51237973f4103ee102d0fdb1e1d6a820be41305dec6293d6d73b55cf34852533392e5aa5c38fd6ed7554fbfca7790e2670d0799774ad64e23c816a48592f623be5f
-
Filesize
47KB
MD5cdd3a90a2f2ab81410f356dcb38fc17b
SHA166c451a8cad0def71e1216e66741c79e908c3304
SHA2567b288d1ad9b942447462f51c72fd30e050934240e9f5efa85e73f4f64c3ac1a9
SHA51290018991d0127a434758d37d41afa047b47493c4a7d503a8c185e569b52ebf3f10b1f899021c946bf599f623db2f6e11f0765f574573ad55fbfc86c776ca3928
-
Filesize
147KB
MD5c2c802b751e5a25b524b9369f583c371
SHA1eaa3ed8f1c656c3ffb0a434241e65f2dd181ba4d
SHA256930ab1d5fcd9864c45ad88911b2b13d84b379d0081dbfa114089eb4750c7d04f
SHA51272716b0c22b82ae3e38e21ad8fbc3c738da8bd3ac437e6ca0b022e0094c1d13a2f65f61e6a5c7fad6ee3fc6240990caa73cd8b0e53cf330a655457c6a2b0c37c
-
Filesize
365B
MD5d20eddecb5625b60d61d80c067537188
SHA18418cb3dd155a9399e7be92da3b4fcd50b559f99
SHA25645eaa30a90c739fd9fb32d59b29d3e7cd8871431670a3e64d6c34fd53a08f979
SHA512a0f1578adbabaa0cd5567678ac382637ea078070ef7f567251374ff7f1d1e3e2c6d108471a0cd6aeeb47058d06e0c2bafd0e8f487be04208e44311e478c1f980
-
Filesize
112KB
MD51b3cf59e94f7d599ed2d54c1f82acb5a
SHA110d84b9096c92331106212af9a88cc7f8119c458
SHA25657c3e5002750b9da9dbf7526a1288bbd84f339fadc16f828ef20d1889c51e483
SHA512113328d190125c1dd0f7b5dc323a68c41f5a98c1afbec51e414c5f2776097bb1daf44af9aa58acb221c82c11e68b580f414ead1cf8184caf28da259793555a45
-
Filesize
134KB
MD58e88b778e3828cedf9fb313e78653cb3
SHA182c5f39adcecf8f7be72d8a611e9520c16a4ff28
SHA25666b3314fd80a7e8fe1e260897059796b072ffb583ef5520e578208bd2dfc4a88
SHA512e4c42f7c5b24dcc7ff6805c3746ed2e7ce9d563623d09e3f3fbbd50b856335651f7905658035fbb9105d3238c5205f1ef116a8560ed79f4e49a0c90ad1bbe131
-
Filesize
171KB
MD5b13850aceaf6c1ee66c61bc94135fa25
SHA1f23280f6bec2f097ddf77b97bb19b643a2c5a80b
SHA256ae2a43a7d58e9766fac59032ba1ecf1df7866ce5bc09b879c6bb111036789ed2
SHA512d4344edb6e4a460e162169e5621fbf851538c70c6489cca034d1600c3a9a677e8cfa0607e464ea8de3a22066928f540833bc10bf18ae3b1ec7e9147c0d3a897b
-
Filesize
128KB
-
Filesize
864KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
