Analysis
-
max time kernel
135s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
03-11-2024 06:23
General
-
Target
8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe
-
Size
244KB
-
MD5
8a0c2641e45b3c5b473f69183c57cbf0
-
SHA1
8553f089e9d0b2eed4b7a1674ae568e4bc803db6
-
SHA256
14543e3fca12e0f56f2b88905ab0103ba4e049be8e9a12be30de38659ba8113c
-
SHA512
36dedb28aaae39019de8d45761377ae9156edece9513a4a9015f585132832049977a841ec7fee17764c0f6eda2afd2db65a369bbfa4686bc8ad09b559b5d2ae0
-
SSDEEP
6144:vkieBa28s1lxE2Xl9Kzh1CAyDDgHpEcHTXRnB8CteHR6+:TO8sbxE219mh1PyDDYWcRBtE
Malware Config
Extracted
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.txt
cerber
http://pmenboeqhyrpvomq.0vgu64.top/B05A-9EDB-ADDA-006D-F93F
http://pmenboeqhyrpvomq.wz139z.top/B05A-9EDB-ADDA-006D-F93F
http://pmenboeqhyrpvomq.r21wmw.top/B05A-9EDB-ADDA-006D-F93F
http://pmenboeqhyrpvomq.pap44w.top/B05A-9EDB-ADDA-006D-F93F
http://pmenboeqhyrpvomq.onion.to/B05A-9EDB-ADDA-006D-F93F
http://pmenboeqhyrpvomq.onion/B05A-9EDB-ADDA-006D-F93F
Extracted
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Contacts a large (531) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 16 IoCs
-
Drops file in Windows directory 6 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
NSIS installer 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe"C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe"C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe"4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccbc46f8,0x7ffcccbc4708,0x7ffcccbc47186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2726390498384511929,11156293502494979652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:16⤵
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pmenboeqhyrpvomq.0vgu64.top/B05A-9EDB-ADDA-006D-F93F?auto5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcccbc46f8,0x7ffcccbc4708,0x7ffcccbc47186⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "mavinject.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe" > NUL5⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "mavinject.exe"6⤵
- Kills process with taskkill
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe" > NUL3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "8a0c2641e45b3c5b473f69183c57cbf0_JaffaCakes118.exe"4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exeC:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exeC:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mavinject.exe2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x3f01⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5b2f22a36e3648aaa5e846a9b4ee93fd8
SHA1c17875dd9d1f7b66404409206d4342ea46abf6b9
SHA2566bb09fd62008712483f0baded6e4ee91f3e7c7fd19eda225c91d964ed9d7e29d
SHA512f2030bdc502b38de15e53bf77d3b25f86f43c663eddf8fa7eea53a4a0c37be8351825046b75485fa98f4cdad5deac868e13994d23bb7046a1ae071bf6cc274cc
-
Filesize
10KB
MD58c032868f611c04bac1d32651dc4aa6a
SHA1cbbb483168bf848f7c293b11d2c80cf42418ce7c
SHA2564a373dc222b26b2f44ef06237e69fcc51de042092a591e7942197d10cc1ebb2e
SHA5126ca9950347e0dd340594aac349ddf0eec33e1d9f6f858fecb3471089cae70bfa8677195d3a72f50f95091137fce6c6105d4bd01ea1c5b4c02f5002b2b1cc403f
-
Filesize
90B
MD5faec2de58d7ce89f3d4a425e401218dc
SHA106bbb70f77bd84b6f47c8ccbf8aae91955b0ceb5
SHA256b762e3a90f26c7262e15fc4f937d1ad9e35f97f65e40d5381100cdcee2e9eb16
SHA5127ec42ba0e6ff6d8477ce9b526a0e3312e4610613025944423ffc5a2046eb93f6ffcd965f287b586dec27350a6164bceb27debb4598058ea9bd2021a5744936bf
-
Filesize
213B
MD51c2a24505278e661eca32666d4311ce5
SHA1d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA2563f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
5KB
MD50c45633be518e42b54cbd81a63905475
SHA1ed7b2d7d7fd23f8c716458ce9645f5bc538b6c50
SHA256c8d90a0b52c4eeccbc24ffcc1bf49cab09c29bae84ccc8cb57872e42eec3d778
SHA5126144e7ff27e1c2d7d2725d252738e2d1efab52981d690174c55c73623b61cd4f7440d84b9196ff0b1ac09f57a58e50f792f5a7d7a6dea940fcbc87cd529bdbc6
-
Filesize
6KB
MD59b347f7a7d577eb219a59d05e7f96e8d
SHA13f19b1fdf0465bd991e59fa7db1db7f31035bb3e
SHA256b177e7cd2878e2adb9c9f609897e4d6f75f8c61600cf351552cca8eab513c267
SHA512ea53bdf7594fb2603244f4d03bf93bad1a449cab262a3a6793feda548ecacdb6b794bba809ea52257296464b37dc3a5033565ef5df6b7cb0320a1b26975880b8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53e665f1712a53bca240e38b8ff6f20ec
SHA1a17cfbe6fcd4d704c136fb9d3d9eef88816ad040
SHA256b18be168ba0fde8487fbc18c7a30bf1dcd272c93749b71a60fd292b535b50928
SHA512f1e7af4c0b94c39cc953d2d66e1d6766515efb26a15ce4378b621585f5fa86bfc81a4da872c64bf9fe572937efb46938e347f343b55ba03a6c2f1626815dd239
-
Filesize
922B
MD5b327f714f4ca746733f335129136f01e
SHA19e73ebaf229d43dba61da0fba7392039d99cde0b
SHA256e1fa52366cfb7518c1269a6d52de74b567a0c352a141725a7f35abca022dee1b
SHA51286cd7acd2e692ddd4f07073b973b4ff18cc4d31faff54d320a8421eeb265059279f7c28a22112e23cee03e1d2cb37b9a1a329a2b21df7d89acfe9a842c320d69
-
Filesize
4KB
MD53a55f29d68c69ba9d51ba990c1826c00
SHA12ef1871466f55111c8c3e2d65e5f684b48ea30fa
SHA256dd2792ec4cebb647c5b4b7775c78862cecc42d87d72492642183a5f4b26ece19
SHA5126904e53751209bf12d19a04859be41fe19a7e58a88d41e24edd083a661884ff303956be9c22af94d422c8786e2dc1a624a4eace3d93c6d0ae838d2194c37c84c
-
Filesize
77B
MD54ab96999f28ba4b075188be03072b6dd
SHA12a1293003921b5bd6f4751f02d27090293d12245
SHA256c9d43500b918ad58d7cc10cc98f73b0fd8de3743074b9c9b38f3f8657ab3cd3d
SHA5121ee024ceadae616900cc460b9210bde8c799e9e10229312fccd039fbc0f9c114d3ad148e3f120d25356e9ca7c07be69cea4aad7e28fe892f69809b8bc7390f38
-
Filesize
27B
MD517534ee83a92a2d70abce2aa260abe12
SHA1aab0ac99816678115277832badc6ee7ffa690b43
SHA25653141538145b0c46ed3eb1f8dbdc1d8badb1061cfe6865232fee384bcb4d0b91
SHA512ddbb134b0d53df5c1872930cd8108a5fbaf6d1dd850987303d1a6a7faf7653a71ac0008798f0e30e360d3d82d475b24ddfd5d8e0e088528fa9580dc8ab6c032f
-
Filesize
27B
MD5aea56e4cc048a9d3ff31445372d346a1
SHA129ac5ffe91a926df97e1a3e04a0c76a22a6f5c8b
SHA256500ebdba5c37298efc86410f21dda65d2c0e59771605cd647694879de03533fa
SHA51215d93c0e845eeaa4d010077a0032c4dc765f71895089b3c04a2bd6315373e43ca473e65caefa8927a973a664093d585c58295ed7ad708cb20f9b8452de317920
-
Filesize
148KB
MD5705eb958cf1355f374f8f081ef0d63e0
SHA1c1668f3b82647b3193c144c97b51b651a9265979
SHA256f7279b4d4e75835d0e72a32363135f1cd5d9234eb72d15f930523b61c4bb738d
SHA5120ea24b3bf10035dac53f7d558ce8ab8f89ce7e72fc1b078cf687734d9bc66d4b4e01718727812068e59e562fc175be50d49b9ae98266e91bc5324a9c66e09f3d
-
Filesize
34KB
MD5eab0c0a99549fe4fc568b20331d1db27
SHA14cc1a151bf4ef04be4c41278e42f11dd44f937c6
SHA256246696d31993da811c210de7455d9158d0f4e0e3f75ef4367a1fb43c7fe27764
SHA512094d6a63af23ae2ca54dfaf4ce59ae9c266c7de34e60828e4c5f636ab256be17da99061ce2965b99c4cce7a58f4f0c05ab09d38dcd0c2aba31d8b26d70ae7d55
-
Filesize
1KB
MD570a12429f0b20c26d121a2538099aca4
SHA1e6796ed228fa4691314bc99c2754a8d76512d1a8
SHA2560e86911736d8eec310a61888c9a2e954d4c95814514b4256af2802a55a1df779
SHA512f225b2cb7fd132a8437dd758f79bf8a2b5d2575798412337be9f8a9afca1cea807a769aa1a07d30fc44ba0d3208ae666ca4debfbac56328a491d50e24c866f26
-
Filesize
3KB
MD5122a8a2fa7fcb0dd3fc16f837feac89c
SHA181abf451ed1adb6951d8c0b067bf53047cf59480
SHA256ca3cc76ac417d68ac6fc56022e5c0225a54e04ed05ee66acb01be6eaacc8de57
SHA512aa5c44fd4f596c5233b96eb7874b3cd7a395af61479ecb5c7bd5d4a84c3a104c06754dd718d4fe3b31efa0f506789523f7278ad77e355de7001583b50f4bc0a6
-
Filesize
2KB
MD5411d77c4da856563aba36bcbacc83879
SHA1868e7e0ff63120a2dafb22e036d066dc6ade0ed3
SHA2561e2333b01209da29895e2f51fc836996bd61f42a61c00a613d663c628e173e19
SHA5120d10206144f681be4b5b9de9973b69752e04d8ec61c82bf19461e8076ed42e25a89c5915c92a8e6bd534fc97ac51d4382dc5327764b45e7119229afa58b438b5
-
Filesize
197B
MD56c0fb6fd9810560e7b438cdf662c2734
SHA126304263ffc6724e5bd5a0dc440d74f233bc2fa2
SHA256bff0a0f00c9adb0ac7bcc8421882b4bcd0fb5b47d278ed64cd661ec7dce51cde
SHA512d85b9b780ef0ecac44e9af6ca0c766c04dcbc22cf3bf65efd23395806042d8cdadebbe088d21a0be75b37b2c6ddeb7aa726483c9b139d4284ef6b51101ca8c8b
-
Filesize
2KB
MD54cb40bdad1a43c4fb89f7b4400076efc
SHA1ab2a3689957a412dbd3cd7f83e5aa35d44055941
SHA2561bb2e1d63f0787ad9a0e0ad8b3987c42f74d873211f440e6338f78bfa62d4ee0
SHA5120e444c130721fa155e28af88b21c0badced98ea2f1fd0df915cf07e4cf4b6d364e24a5babff81ad3246c5839595df520dc3e4d9a13635903f0e5ab4dc795a840
-
Filesize
2KB
MD5440ff2d813de32dce6a8eac522c6e69b
SHA10fc65a6d0eb99abecc95579307d0d9b35c8267a1
SHA2564af8f0f40f8d0470bca784bf1f5401acc268f06d9c8b25650cc92f65c78826e5
SHA51266ac4515c6a12bd8707e019da569b6edbb76b82cd48b2a4dcfbe21dcc1f9b36a7d961c6faf3c7c4737ae165fcab3fee2b947d751ff98683613c5236f1d14f502
-
Filesize
2KB
MD5e61986880dbf11a3f9c9e73ba1a5f821
SHA17ba2b4bc224e0f135b165ee164783513d791ebc4
SHA25615abed0f08ce04c57be1b84c3b76eeaa86cd4a7079896f20c652035246a23e06
SHA512eb707225978681ab2a2c70a7ce4f47a88c743e15bad91103dc96afb8951e8355b8cffdff7b2de1c26b661a35735740891cc64ecdb98de0c9ebd797de2b102a7a
-
Filesize
1KB
MD561bb87909569420e9d889bd076a11aef
SHA1668909823ee96cd46b76ffb4aba97e2335dd65da
SHA256386b26bffa39406bea409f57f8d332a590856554373b073b7b5b340d5e68eaca
SHA512fc873eb58c1a25f830ff3571b863c0da371f751d75052d3e77d1b94bb5ccead606ca19aaa73621467bbbc86aef817cfb9c9150f04af18f1c87846fc31f81f03d
-
Filesize
11KB
MD56f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
-
Filesize
1KB
MD532c817e56bc8e1007861fc2da6ff6ea3
SHA15b26ce23ec10108049f2b1d4df71264c7aea8123
SHA25630ad886f3c8ff7a98ef31d67705449fa144372b46a084b0357883791f846035b
SHA5120e9375f7246bc0372de5937b64aaf7ff1e22bee1323995794564ccfe007b516a12c55dc47928fb52ccab01b3f337edbf4fc39965992e05207746e4f647fa52ab
-
Filesize
244KB
MD58a0c2641e45b3c5b473f69183c57cbf0
SHA18553f089e9d0b2eed4b7a1674ae568e4bc803db6
SHA25614543e3fca12e0f56f2b88905ab0103ba4e049be8e9a12be30de38659ba8113c
SHA51236dedb28aaae39019de8d45761377ae9156edece9513a4a9015f585132832049977a841ec7fee17764c0f6eda2afd2db65a369bbfa4686bc8ad09b559b5d2ae0
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
4KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
48KB
