Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-10-2024 22:35
General
-
Target
541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe
-
Size
280KB
-
MD5
541364a81cb365be420373fce3d1f19b
-
SHA1
fffb124ed79715769e61f793cd3b47458ab74293
-
SHA256
2a8285f324c9ad8dc54f190aa3627ac9bebd546173ed89d5ecd1ea7b65641c75
-
SHA512
c19e4d702ea3656b1f73ff263574459fc572f955dd7b492efe7f360659d93739334d669edaeeb15a0589490d67092087f7349bb964d426bc86ee412480a08732
-
SSDEEP
6144:TBFKoJwFOa/QA1LaVEiPZHeYyXIK/ZqVhPy/sBybCcRnYnaFX0:20w7/QuLaVEiP7yYPVJyQOYnaG
Malware Config
Extracted
C:\Users\Admin\Downloads\# DECRYPT MY FILES #.txt
cerber
http://52uo5k3t73ypjije.495iru.top/3630-55E1-4969-0063-7DC6
http://52uo5k3t73ypjije.fkgrie.top/3630-55E1-4969-0063-7DC6
http://52uo5k3t73ypjije.mix3hi.top/3630-55E1-4969-0063-7DC6
http://52uo5k3t73ypjije.cmfkru.top/3630-55E1-4969-0063-7DC6
http://52uo5k3t73ypjije.onion.to/3630-55E1-4969-0063-7DC6
http://52uo5k3t73ypjije.onion/3630-55E1-4969-0063-7DC6
Extracted
C:\Users\Admin\Downloads\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (2062) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Windows directory 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE"C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE"C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE"4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d5546f8,0x7ffe4d554708,0x7ffe4d5547186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1128119766642145162,14450267091788905885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:16⤵
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://52uo5k3t73ypjije.495iru.top/3630-55E1-4969-0063-7DC6?auto5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe4d5546f8,0x7ffe4d554708,0x7ffe4d5547186⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "DWWIN.EXE" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE" > NUL5⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "DWWIN.EXE"6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe" > NUL3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "541364a81cb365be420373fce3d1f19b_JaffaCakes118.exe"4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXEC:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXEC:\Users\Admin\AppData\Roaming\{742C88D3-28A3-E8CE-ACAD-62EA590C22C8}\DWWIN.EXE2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x468 0x4141⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
2Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
5KB
MD5d177f0b6488b44f1e71e1baaea1eb7cf
SHA14163b82e859bdb33d29354b44d3957fdbe4c2f62
SHA256dd0dd2b2da815dcd0a45bdbdd9282a92d80940beade062351d665108fb08bcc2
SHA512c583268f8fb0e8fc3f19de1a48c3b20f08709668e59918cecad9077da1cfeffd1e7865ceb0c3f0b2ac1a0fc3407d1a28acd3cf959d00cd37cbd6309b81bfa66d
-
Filesize
6KB
MD5beb94d52c25b86119a7edb7fbcf981bd
SHA1b4801af358798917b7b94c28ec605dec58341a13
SHA25686f96a6ef922d0eaf652fd98a1de53b2a0a94b7208b89b4362227b05bf33420c
SHA512e04837e2e140bf90885dcf5b99033d3c79a55d649eebe8f7a7912a331ec7e9ef21bc6f3bf85be9d3f97493fa37e0e01382555bc494a238487548684317106674
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b5efae4770fb5d283586b32c5564d038
SHA1ace6de6704dc978d9a41a85537107d8fcad6d646
SHA2564810d5afbfb686af7c1800eb38b9af57c64d5b33acc5a4ff73442d79305f4218
SHA512b7d1d0c14534340b6e821aaa5629714c78b852e1b8513d9c4a8762cf48814f4fa7af263897d0cf5941a9142737a7094ac6bc4b0f2a2a0eeb8cfa391b00ec24c7
-
Filesize
11KB
MD5ca332bb753b0775d5e806e236ddcec55
SHA1f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
SHA256df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
SHA5122de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
-
Filesize
1KB
MD5c971329597cf88d8b5e87cf5557067d4
SHA17fc2be6bf2920d5d34c3bd7318288c4aa12c6c88
SHA256e1fda58d0d4eeb62eb790f7e23594eac460db03a2d2373bfd13e94860dcf38b7
SHA512045b48c780d3482bee79cecb372f36cb1e705eeda37c6130dd12dbd432bce1fcf04a9b3c68618a9c9995c29c7f93314cd8d2fc6f6c6d44ac150c556926307577
-
Filesize
1KB
MD547b31ceaa4ee437bcb996584938f55ca
SHA100a04f6b1d3a6efcd1c2e24898d08e20c5ceee64
SHA256c24863f16c118fba14e5cff2beaad3f9bd0017d3f55800837398d5518534207a
SHA5122add86690e8aff4e905d4c09816fdb1b084c3d69bbdb5a0da347de625c55f11dc12e719c841d6aabbb7e0350170077a628b577aa1aa569b39b4764143cd0627e
-
Filesize
524B
MD54121e8d21f41488b3dde298a32bbea29
SHA10f712ecdd7d3668eacff50e3f762aeeb447dbe7b
SHA2567a4a91cd7b014b48d0abdba2d135ae616dd8169c2e17c05d5fc9bd2319db2890
SHA51206bfaf1df5e2e804721d9479b8534d49ac9f2621f63e8605da7e3522c8d28ee57b64dec682152f3fe54590f2135298c926d854f1db4feecbf43a5e380505bedd
-
Filesize
916B
MD557a1015fc0f2197730779325a0e5e018
SHA1af8204e4614fb54cc190a3733df768e18dbd88f6
SHA2561a0c9dfa249f991788ac49f385fe764d55f645836d5d9394489c0ec66d0cff61
SHA51226bd5124f7a61353e4f2cb1644c2c9b3d71e2f43930d932e4737066b8a5ab6976de9ae7ea91aeeb4369689cfb722c7262423d63ec4443f2429481155017961c7
-
Filesize
1KB
MD5d197ae42c2d6b6671966207673de5978
SHA16572b6bc1ce60218761e40a6fbc019f02ef0e655
SHA2569967682b72536a8b3af2856b07b1a62a6e81903d10798ccd811eb1738578607e
SHA51216ab22cdac7dcd593a749c3c4be2a889ec4605d9a99c9dc42f16023e0f9b778f08d3d07ec33fcd2333dc6063280f2016b92affbd26035e020697b6088ff6ad13
-
Filesize
355B
MD5f64cfcfac0c4219edebc96d6d043c84c
SHA14cb3f1439c17e8a276b93dae2026b0baa5547524
SHA25650ee85e5bf9f7dd02ae5435ef0a024e9a8e3da48c645adb6b3fefa1e08f7d57e
SHA512b6d2f1e612c1cc1b7b1c85704d6645b10cad9c417b2a4b1e56d62b768088827d25816cfe3c442ce370b669cae25ec3495312d09f1960fdbeabaf37af09762abc
-
Filesize
4KB
MD52ffc46a244c8c828e352ff00ecd1998d
SHA1027361be101f81885d640bdc37f1d570ae7641ae
SHA2560bbdb01bac6545d87b2dc2fe5d198ff8120ef7c642a11b554a66bfe0a34e7a17
SHA512d09fef8fcb254157faef211e2133184f8e6d1e4a33b0074b74fd762c8f4b1881ef1af2b839a1df9cb427c774a3be9f94f12faa7a8f25002d6b1c292f73e6657e
-
Filesize
1KB
MD5f87cdb72f8a2c9db4cfa4d46b68df843
SHA194fb29845e1aa22d72d93e99293b237bcbf176ad
SHA256b4cd5fe34e86bd59710379115fc9a9b670f1f6a885f9f2c1d87f94ee90aae680
SHA5120135ff0838bed406025d4b1ae9a95e5f196e06f95fffb0093afeee7b37af2a0cad2cda38033d3fe7d80c8a3b9142758b8fa43f74bd6f7bea5da09d8924e1b192
-
Filesize
125KB
MD5514647032a4e7c2dd7767bc17e2bf753
SHA15a6f0af0725a28d1698ad4499643e9621e6dc045
SHA256aa7a5eb67942d2640114a23047836586a291373d2dbf6918e2739b067303179b
SHA512f8f1afd76c60fe9ba850fdd41aa8fcb4252f44ed0e595fa575e115273b38de81e2676dc0f209ceb122bb4f49b9836039cb9a742603af8a34e09182f8e04f4249
-
Filesize
1KB
MD5bfc5c224f5c267bbb9a1ea11a4d8197a
SHA1e032709043025dc40f4021c4f55ea39503bcfb21
SHA25621b860d7220947839e49cccbce63b1c43fb02d1a2eacce0fbf389fab35ea128a
SHA512d85523232f4a3107608cb8968f1590aec742500053a33b8afe4139ad535ffcbd215fd8f4633ac36ad172d687fcf5b1c9b1005c6c2f6c402ca810988459ac0aa6
-
Filesize
4KB
MD57f9e18fb070fbc43175fcdaacaa674bd
SHA1455318deab797c8110dad52fd5940865fc70a548
SHA256204e41af4678e3ccca8dd8e36c3812f80dccbab4185d121cd4b411cd0364bb8b
SHA51205635cb8710feb946f60cf758d9e027729d4345e4287c98dc283eca2a7efbd24214fbf4952968def90163f67c89b97dd961b3f65f8b5fa3de7d625341b356ee5
-
Filesize
1KB
MD59c691a3a9fb21b771929aae6aaf99b15
SHA12ab032406fe583c46b3c96bfd71415d9ebae9c86
SHA256166422d5c106b2ebf780eab872379b2d0e69f3fe7471acec9c73226401885777
SHA512076adb358fcd8394c94b8bc0ba939f6f568160c956857e73a7e585ef55e1cfbb05f4d780fcfa46a7683b99b3b00053844ef40de966ff899bc0cdd6daec58a96a
-
Filesize
1KB
MD5b37db354d10a73ba88288164bb13182c
SHA13649f45a56cf71a0cb551315372546700cd96a0d
SHA2569840c3e72436433614eab701e18e61f0ce0ab924a9491629463c949186dace4b
SHA5128afe3071ba61ed20c2034c7501d8953a5a7d313bf4acc1a69f50f369296ad4e34df895c039eadf97afd543b4c4dc27e2d0532705121158ceb2a186725ba76bca
-
Filesize
1KB
MD5a6fa5a26bf4103604b94809db8828085
SHA1289a93ff4a4acf2b720606c81e7db713185ebe82
SHA25690caddcad9cc3d2fa11debe4e5e01380e0ca471493b62f3abc25e29126c24199
SHA5122c706fe55037e8f9432ac7aaffdb8f11ea25dd98f3597c92753fbc62fd0a08b3f5e05f9c8c81c577b3ed49d10062145bb8d1e7ed12863f8acce9e938d690cd0a
-
Filesize
70KB
MD5d9fb0839c496f06e824e3a5c41572462
SHA17978f5ac7ec69d8e33751f8009b37279db50e455
SHA25655d7dac32b8533e26549f776bd3ca7c87b359fa7de9bfeee1222dec381a8d98c
SHA512038c604625d6e08922b9befb412f0922de15c0e9cb5118b91419c03b10f727e91c06a0149a80e5acc5f3b976c3f807264d1e5bdfe5fe947962623d0256d731e4
-
Filesize
2KB
MD56777f37b4b47394a3b0e3c61b9e82736
SHA11612fde4b33547c53aeffa10a22a7155f23bc789
SHA256e85ae8f05a52e8f1ab828f201a682d5653845c72b9060a5b0ed89a1b06e4c15e
SHA5129c8c417c77ccbeb9434cc1d85ff3464b5daf17683611e44cb1def10bb89aba8dd9d35b1058e423afb58517a1102c200f33907ad1d7f031826c94dac53f5a4b4a
-
Filesize
1KB
MD5b7a3d5891858ec987692f843d0da635e
SHA1144dfcf7282b499e4b07b3b4ae10bbb5dc23e08c
SHA256a021af7e7c49f2c338f12e715d4e2f853f4f53327dadb73b11d089fb43bf6a85
SHA512c7bb9f9f0cec125ae61617bc2b6ce1b449b736d7bf5d776605d830a4a2e2e9b7957de4b1d146faa403e169052eb54af00f551e392bdc286c190e62df3df3f7f6
-
Filesize
1KB
MD5adb1a285a2b926f98c062fbb74e1e992
SHA11f9799a61072673042a1a3da0fdf3fa93cf10f90
SHA2564ba4637bffa741ba5619c3de97b6c209b5a9deb330385efc7a588492a98b7b45
SHA512aa65628e34601645dfcdcb1f5f0347ae84555bd1a99432d4c25a50044dae932385bfa1f50551f6577d184de684f9264743facb53f4aa2e46bdfeff5c85bc6bd7
-
Filesize
3KB
MD53e6bfa45474395fcab8c295d63fe0ca1
SHA1532af3f2b90b3b1cbc7fd7401777ae271aff5f74
SHA256973a3d4fd3db35ef04dcd3b99176f9df936f4729b1880c189f39507e97ba8732
SHA512058551c718aeff1749dbac4a6d02ff540a8e29c13a9b15ddaaae64afad0fc78b4a91805a69aa210b7c3f14df31ecf539b866fea276bad9dfb2a05a06c702c653
-
Filesize
1004B
MD5c1cf25885988504b0f6f90f1cb545382
SHA15e1f1c88ab034e14dd6f3aeb9da857f5815b4c6e
SHA2567808de9b4c36f737a88e309454101d3655597393323cafcf87d42e4411baa7b0
SHA5127adf12507347a9dbc84c93bc38a14c3dd42ba1e2c2f0f937b0915066d437288103b831b33f5dd99ea252a9f2a0a1e6eaf6289cccb04090b8a20ae00cd652660a
-
Filesize
2KB
MD54693d1d384d0fd3d7f6b0ccb7ac9157c
SHA1fe9c9a0f48615d75ebe3ab0743b23f7dbd08b323
SHA256e520e2b3ba4d8280678f73602ee4221b51782aad62ab25db1eac991de31a609a
SHA512f7290000696d12b1c0f19b907a9d5f15545ee96d8936689427f84ec8a03c1af7aa0eab829badcbb0c6644ed3847e686b7dfcf3513bb3eb6dc27bf0378315c0d5
-
Filesize
1KB
MD5c758bc300dbae3b2ba2ffb06b62d11de
SHA1db8ceb49d310d2d91f50adead7c4b17e9f90cb6a
SHA2564b2978dfb4662e49ef227bd1bac21edc4daacc373c421868d2a0f0b882cc47fc
SHA51240bb4ddbb57fc743e9569b85a06a7c82328d7719efdfc2ccd891160a6d4e2ea7a4c36c67c50244435948faa79ce1c212d8c7eb490e8633815841d137d74fd5f9
-
Filesize
1KB
MD5e930bf24883de57b28a31a733d618645
SHA1416f7f4e017f619d1ac89a34c1e34a5baad73c56
SHA2562f3ce5515bead08015d327ba391060bd70614aea8b8c4325470723f824d51a21
SHA512cfe4c11334a627ba2a5a022bf669a78df88ef9e641596bd7cac6fc590da62490e90f9ff3b1f06a169684820406e452f12be420b13de1b093ff1dd73abaee6b3a
-
Filesize
3KB
MD5b27438aa347f1bc4c68d91bdf2f25a94
SHA1781bfcf9cc215a641fc3d93b686c37770c2eba15
SHA2560a2cc44a45e3057335b421f7b0b80bdbbd1578cf38229f43fe56ae1f4d8d6e15
SHA512e95b5974a5d09e49835a6ffb2733d6a72e8ba06ea4e28aab53c60b00b423133d2b31e645104708b35c049be04d0b7cc9b60435c1ceac83791d6fd153c4524674
-
Filesize
3KB
MD5f7175f00793a0b7ceb2ed58c4a746c3a
SHA128afdb7e48f93395c0a5d8859ef0b93e2469188e
SHA256a7b5202a960ef8de6573cb10f0e8e365e1c3ecef63b02037a8fb754d3fcd93b0
SHA512ad8fa912135b027c7ae52ab1d2a9f7a15dd146cee87e4fe7c1868e17b0a2d82a4d01bcf796a8aad8f76c98191630af02b30776ef71c0cf999f1af836c683ff34
-
Filesize
4KB
MD579925c43e010b7f773242b65c66296fc
SHA1677ec09693b2071537aba4c4eb4c14b7504b0c06
SHA256dac58e21fdfa2e80b413338245985103899adb9f337c602fc77d15fcea550c52
SHA512cd3aadfc1375d5a54f8bdb3caa68128d22ab66726450fb4eb9ba73e1098d29d0179d6256cde168391e9ca32e44abc4e3e1470bfb2f6139ce5182480defafd91d
-
Filesize
1KB
MD5c29954f6f6a53c37aeb7ad23e37ff73b
SHA1068a87dbd5d5277f0508845838644bd5cb933e9b
SHA256045323cff6bd1afd75cd8fdb8c7f65569370fcbf6dcbbbc0e24f4c6d5754c45b
SHA5121760bf9610ae6433b395f2345cf56a06617c64002e3883531e6854b468b2026982883a1a89b33907be3befbb8353aca650a6fbfb42bb543d0c24f2a9416bce35
-
Filesize
736B
MD588d6f04b392d967599688ee82f343789
SHA191818d228042915f86ac8fd846f24a807dbf54d9
SHA256210e911f0bf21a4edd3cff6e5d3c27bd225621efaf9015ed6d82c8b6fca1c18a
SHA512a43e762de9c9514d9f3253e1d15d563382c7c39cd61a9c45611288cc53c72b7611976a836e546e26ffbfd891361ac87a787b273a526df12b649dbbd6d65d193f
-
Filesize
1KB
MD550fbb1df4735fde6da6e5c34160da040
SHA1fb6fc004d59888aaeaa46ab2998c44e8ce02bfb0
SHA25622600b806af90198ef67933873413cca2d37a724535f04550d862564fd3f5e2c
SHA5127bacca1e1545d0191da0f9c4e062ce4d83b10c3ff5658bc07631b44c6b2686e8c719bb072dd48d95f328e67cab25d96388e2e414fef1d5205b36d151b6aa2d83
-
Filesize
167B
MD513194de77e275fe71787174454c05075
SHA193b61619180fff398e48e352f5731cb71bf88eeb
SHA256027981c44bb087ccdd6d77f49fc930ca697dae46ed13b39b2a76d67ab8e09b62
SHA51269ecabf405511caca1e54a3fabc024abdb0be0dfbbf25d817bc539fb65cfc298466c033c2362db811e2272ffb48e68f720c056524a9713407fbf873841175b92
-
Filesize
457B
MD5f06efba39e83f2a70a0328784e1fab8e
SHA1eac0d7b5a5b790aaa612e0424b72abfda6f1d70e
SHA2562414dacd7ad46180e10eff934be18688069461be00f83cb9e6fdb84f677d7984
SHA512943530b778ed16287a65c5f67e183b23b0ab7d9be04dddd693756999182bf9a2f36944e3c9ba0e7ec58ebf668adbe39ca399c688dab2fa20437de0ffa298a115
-
Filesize
865B
MD58ecfebfbb98d6839606185ab43b12e46
SHA1f146f2c17599cf17b98eebead3d7207c3de6c02b
SHA256b40705c3a3a6b1ec1fd376811e31c6eceec3028ee2bd8e8d9b793c9ad6dafcb9
SHA512f3f1deedb32a51263dd42a54e9d7be2b1af4c18a647d4a9b12409fe695d3388628d55d13af60c2ad602f7af473e1c909214229cf1c18277eac46ec178cc1391f
-
Filesize
2KB
MD578174a09c800b5fa05ced6cc5e2c5e24
SHA1f52253b99e621d66aaae55e3a54bf12b4dd2f612
SHA256d0473db04aabf9a77f7f5a7937f2ab66356621a73448d2f88aa3415dbeb62b6c
SHA512d51fbbc9c0cecc520128c632f1685f05ee6aba77a7db3ffd9ef3faea68d519a06883a293f4806efcb5a96af126710ed738bd52194a03aba22c211d7d1b093484
-
Filesize
2KB
MD5e8d4282400a1c4709ecb37b933269a98
SHA1dc9febbb99924c761c77bf69286241efaa803f38
SHA256cb1765e39a9bfde57e60683657257cdae7c84c88d55be43524168a4010be701e
SHA512f51e18f1705fa4bcb5bd7f072095ee4f9c37ed1503b038854a4a147344f08deda036e000ac4bcfbbe4d688bc238434d18dea75db645c7648ca63e8c00a6b11ec
-
Filesize
1KB
MD5748a5a7a333b6d7391c8424ec2ba7179
SHA158ced520776c3c168eff998279262acbea2060a4
SHA2563d13aee8c13d1f3a1fe13311ee046bc95658aed8408a04004de290c9c351fc94
SHA512b1273da7adeeeba9e8d992d690411b89eecde98521c62e91e1c2628c0c11d777ff1ae82fd6f9174cf27b6699893b29e72eb33856171034ec2015125e1ed99612
-
Filesize
2KB
MD56995fc85569b51656600bafe2d328769
SHA1f723b92c6ad790ef993afa40c9f4289e7b4c5291
SHA25634845298147e26a7cdd09f98a895b27a082b4340b1980a9a23a1a858e89c4ce8
SHA512de5f358bb1bb42e3ad6d691bfe0451268cb972872499c4abdd00b2a8728e73ad9e6500e47d92328d8ce05acb2d1f6a5a80ea65e9020145a301aa08bf2d6819d3
-
Filesize
3KB
MD5537b6afacada7212e1fe3a2a18e6fc8a
SHA1444e48a91d3203d54d2e80c39275430ea90600b4
SHA256a1a288b69d74311b4ac05e091211233dc801781a8dfa4c6e2f7dae20d513287f
SHA51241a1c4a96ffa32c0426b107874788c81a9513ff83f42290598a6e04d18d8333f0b8b3c5975e6835a7c1dffa37e8a97e7200c1cf90bf73dff1f38b2779684dda4
-
Filesize
46B
MD5cd1189f6747a3d39a55c8161d9d5359e
SHA1f8591dfaa1f090d94b925a59bec4dbc5ea13eba7
SHA25691236620f96688bec91ed6d98f2372ffea9038007e7ae42089970b87b637f5a1
SHA5126baaedffb6ff818b59259871181e058604d2d576d5fdf39243952503a0fb08fca1fa47ba3a73163c5b2ecb76be80cadfe8cb2d5510a5e1ccf76f86d921276c06
-
Filesize
1KB
MD553d3ecb0cd2596cd97a49d498225b9eb
SHA1bdb84142b64b2ef9454a08ffb8207b2d2098234c
SHA256aebbf7076b60c077fdca77deb28a6ffb8524b8fedcae93d3b155f54dee9289d2
SHA5129904015f0c9bf8e38294eb4a8c40e9ff867bfdd28980c95e164fb179b69a326dc6378d9a5cdd5efc6e58b966db7263775a31cac64f93979c71aca8c912fffe50
-
Filesize
1KB
MD5b9c8db5dd26818a63fb9e031739f8fab
SHA10237909e0b39d6826bada9b63a811925719ddf51
SHA25698cf791cd08a24c5ca85b59be971caf7776af6d31ac812e3bb949a20f7332ef8
SHA512c02cb2275c8e0dba6e997fd04405d84aaeb65a3ea3be89d2632cf0a979fe888fee8d85f0068b807b017b1a52eeadd2dba6dc8fec36f95ee3078d5a2c1a8a3fe6
-
Filesize
1KB
MD5b36dea9e37a35611148b84e339b6ec42
SHA16fedb260507565077492a2c9bfc3843f08a3231e
SHA2562ff797880e22505e09ddaa4d205ab5ce700c8d22631e80cc48434d56dc3cff70
SHA51253ccc4827269d947a385dd27397934b3f33453df60288b03864c486463e1fd69f8a83c2bb3b917f1df1acaab8f0b1cdb959c8e4687835ebf903423e26c4583a8
-
Filesize
315B
MD5e7b835efd565a6bd02237591a64416fa
SHA17ea8027ff98e318758a48907a1f69b1b35f63c72
SHA25667ca7823ea8b02127ea8e4c198585e8442530e7e803b2832666257c4050ad605
SHA512911bd83c92eaa36464bcb00c45102bc1b5eacfc83cd8d7ccebf920874fd5156a975d1c0bcfe0d96ca0461ddb287f43c2c8204722d93c6f0ea8663d8f75e14f81
-
Filesize
280KB
MD5541364a81cb365be420373fce3d1f19b
SHA1fffb124ed79715769e61f793cd3b47458ab74293
SHA2562a8285f324c9ad8dc54f190aa3627ac9bebd546173ed89d5ecd1ea7b65641c75
SHA512c19e4d702ea3656b1f73ff263574459fc572f955dd7b492efe7f360659d93739334d669edaeeb15a0589490d67092087f7349bb964d426bc86ee412480a08732
-
Filesize
12KB
MD50aa5ed44f4b4433f428ae4d676c9a28f
SHA106631031249bebd16d63e87ccb88694b63fa2bd0
SHA256ed39fa0cdce9bb454ef09d65b88a0adf4a3144bca914fceaea420484aab2bb94
SHA51253443f3be2a7c26aeba62c17e4bb2b0d15ad9b84f62da331364c47c075f46486c88c5eea5e52bfcc288ef72e28cb955b8e7216139dfa3d2748c1e8f4e6409279
-
Filesize
10KB
MD59d68b410bf426ec2c9edfeff5303ab27
SHA1d01850ddd461336dfbd4344db63cac58de79bf76
SHA256371ec62d868007125866f4b12de9c8b7fdad3bf34e86b8ddb2fadf7e438ec0e2
SHA512549e09c9d7f5b9908876a28991bbf95cff7793413eb722587afa5ab621aa30baf8cd04dfb9f646328a9b2e0bbd8a419b1673dfbca4b366fa4ed0ba7220bb0802
-
Filesize
90B
MD51b8468904d294395c0da4c649d6b348c
SHA1598f729a52d977598b5a6ca7172d485b2cbe406b
SHA256bc3b8896f4618b2c78dc78a1057ce5fff8d2fc8d33afc694d180e353aae92637
SHA512c4beb850d2cb57ee04f18cfc7acd498bb125eea3789ac8aba77ebdaab1c9deef7a7dc90b54e1b92002f776b3013b0232a893ba77fa69a36d83921baa3e32ba26
-
Filesize
231B
MD59d8c4bfbd009c4d6001e2125abaa8b02
SHA1cd040558172b5fca5b200447a281843956243741
SHA256a652297987f14317100f8c5f7eb26d1bc67eb8a64f0b39b72b5fd5046a9f29b0
SHA512c4c84f43642b805a105acce9ebc9f01aa0e6ef553ea32be3f8b890fc7440f0b7d3ddf99b9336bce20ce7a3d9b9f6434a704651a8af425ffc8407ba39d5de735f
-
Filesize
116KB
-
Filesize
116KB
-
Filesize
116KB
-
Filesize
116KB
-
Filesize
116KB
-
Filesize
116KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
4KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
