Analysis
-
max time kernel
221s -
max time network
222s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
16-11-2024 08:39
General
-
Target
https://hatching.io/blog/tt-2024-11-07/
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 2 IoCs
-
Chaos family
-
UAC bypass 3 TTPs 2 IoCs
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 31 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 15 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 7 IoCs
-
NTFS ADS 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 61 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 49 IoCs
-
Suspicious use of FindShellTrayWindow 49 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hatching.io/blog/tt-2024-11-07/1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffedd8c46f8,0x7ffedd8c4708,0x7ffedd8c47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff72e335460,0x7ff72e335470,0x7ff72e3354803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16212030793305885035,15435092205909350406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\f958a804-8aa9-4f1b-82ea-5876f319e0d0_Covid29 Ransomware.zip.0d0\readme.txt1⤵
-
C:\Users\Admin\AppData\Local\Temp\ca8fd91f-aa8e-4176-8f40-553188e22312_Covid29 Ransomware.zip.312\source\Cov29LockScreen.exe"C:\Users\Admin\AppData\Local\Temp\ca8fd91f-aa8e-4176-8f40-553188e22312_Covid29 Ransomware.zip.312\source\Cov29LockScreen.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\0777675a-7d47-4aac-be08-3320fec88ccc_Covid29 Ransomware.zip.ccc\TrojanRansomCovid29.exe"C:\Users\Admin\AppData\Local\Temp\0777675a-7d47-4aac-be08-3320fec88ccc_Covid29 Ransomware.zip.ccc\TrojanRansomCovid29.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\B538.tmp\TrojanRansomCovid29.bat" "2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\B538.tmp\fakeerror.vbs"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 23⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\B538.tmp\mbr.exembr.exe3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\B538.tmp\Cov29Cry.exeCov29Cry.exe3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"4⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete5⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet6⤵
- Interacts with shadow copies
-
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete6⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /r /t 300 /c "5 minutes to pay until you lose your data and system forever"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping localhost -n 93⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
2Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ef84d117d16b3d679146d02ac6e0136b
SHA13f6cc16ca6706b43779e84d24da752207030ccb4
SHA2565d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000
SHA5129f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8
-
Filesize
152B
MD539191fa5187428284a12dd49cca7e9b9
SHA136942ceec06927950e7d19d65dcc6fe31f0834f5
SHA25660bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671
SHA512a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc
-
Filesize
1KB
MD5c61a8ad81a6d7157a737f895df676f2f
SHA1ebf4da7d02568f5dc2bc2d7abe37fc80fd901f9d
SHA256c636fc562c176be6d5204cb52ba2878332c47d2fb840ff65e59a4242e3ce88a3
SHA51208646ab378d81e9d123fa59d1dca48bf962d1a89b91af3e3b3e3652f7a4f27cf5bed6ad8a1f203574a725b337ef2990c06f5b92f46cf7ebb0b4d51679b3436a1
-
Filesize
47KB
MD59f96d459817e54de2e5c9733a9bbb010
SHA1afbadc759b65670865c10b31b34ca3c3e000cd31
SHA25651b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609
SHA512aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD5b275fa8d2d2d768231289d114f48e35f
SHA1bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA2561b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
25KB
MD58b06b747bf45671dbbfd53cdf42b39b7
SHA1036ab57ac56e3e82e24d25b1e8fc3da0e758dff5
SHA25677b7ba43678eb41699aadb083add7958be7f1a7d3bdeca68e356ce734bebb623
SHA512d8545ae12e2ee9da79e099d02e94b227e79bd7d4b79ebb65fae983c68b1234d3556951805a659876e184db92c8575512e84fa850ff2f2f90bf93e8eb17aa7b32
-
Filesize
6KB
MD56032785cced4b65d628fc111349f5aac
SHA11a6cd4171f9589ec636d5c66cbebc77c747c9f4d
SHA256a3acfad7964ad93f84d65a5e72e2e1792b120067333d1ed67a02bd663d2e0406
SHA51258b425d4be380627b01d6e902a18e12cd18b9a860ca0ab6535b591d22b1ec09764ebf09f4eb989cbf3ecb39f653fa896908f95b523a2501cee30d7a55f9d6fdf
-
Filesize
2KB
MD547f38188544093e63a948078cdaf6da5
SHA1549c7f9e16901b2b6d4b85d3ab6ebf778de38a60
SHA2561d4d32224618a6fc61cceb3c1798d9eeffe3f2dee014a51a514c2d6d5d42c31d
SHA512b3d6d9b69b86ba2ff9cba49d420c13d9edef7f25089e1e1d994ce4a472ab9e39c0168d85f74db374836505d1b4867bb8718b8332ca6237301820f65ed0d07ea9
-
Filesize
13KB
MD547a96d244d9e5408d0832c2a410863ce
SHA122537647ac1a13375c62b030c6e46b368b4dd344
SHA2563e11cf18ff1478ddef4ef35762a85c21ee09213fa12a79cb45ab866fb973a342
SHA512f6061fd690b60594e99ca92b38d88c3ce117953562222a200030c39673d3d412626c8e5050c4b7489ab4131574ce902d047812113621ad07de16e47389128e8d
-
Filesize
1KB
MD58d246c190344656bcfc495ea73414cba
SHA10cd7747939f8f9939ccd5a6f0f9b132f38757fc8
SHA2563afb32c84ac07ecd3e5134980a5283c186f4cbba03c21d2017f0ecf737cd30ea
SHA5126a7e6be0c136570f7b8f810dcd186aaf85607e36417ed254b69bb430912f0e67d9d16d743d9db8bd0524cfdf786c3fe96318007d5692db0193db6bfa6fcae0e8
-
Filesize
3KB
MD56c04a8100290d41848cf1fb6bc3fdbd9
SHA17cf234e5a0170491e666bf2ecaaed99ea5ac92cf
SHA25663cff6742a048bf357e2e182b602a99784a28960a7df4ae08f96be1a0de6c76c
SHA512ea75f7ed8d56677eb74869b9eaaf6eee117b4ce6bdb7bffc15432ea2612cd80f2542dea79e520e1ab524040fb121e47b42c5e37be8434016affe13cd190ea874
-
Filesize
2KB
MD5a33b4373ec4741e68ae76f0d26ac5abe
SHA1b30de006801bec7b457473c5962d77384bbeeb91
SHA25649a84e13d39a052d1621620cfe1453ee8e7ca037ac804f9f993448bffc675ec4
SHA512a97436e063ad51ca79a673da026e5d93c701a493ac8aa75de738205352fe909d44f5783b6d36c75f3ddab5d77fc25118d5dd7ffdc305fa78f3ac9e24ca8e275c
-
Filesize
11KB
MD560c214697d13e12a624382981267b515
SHA1c2c75ce6617a14b4427f19d808388b59e1517f87
SHA2560c9e7435c2cd0ce6fa163443a7c9a3e1fc9325236e3b555019f7a85652927c6a
SHA512fc22a48b6f7aef8dc8909c4001cb065093dc77bca07358ef7c226ed99b850e6434c905e16daf091ffa18d2f9af9ed0dba5b17620f0d7f89f7774d7d0fd651d2d
-
Filesize
14KB
MD5279a0cf645f977973f862234ff626789
SHA177901c42ecaa619ab6c1ae1a18e6ebefab5e0f47
SHA256cc2922877d6d40397d7efb447acffbcbc059a4846dbd2bc29c1e46b0b28c67fd
SHA5122cffba13ade8fcc2378f681926d46b3879697252b492655096882315bc25243ebae57c17d39c38fff973091d46ab5022db4efaa222238937cc586d04035c49f8
-
Filesize
1KB
MD5c7b608c759e2ea9c5653edc77f4dfeb1
SHA15beb9949fc3dcbb126408a2d3584513618ea0854
SHA256a2c047c6bad3e47816daf462f10af144246e6614b0c4fb19faa600e09f6406a1
SHA51227e4d9fc92e519acbf121ffea0f2bb2929c3f34348a61b4f417452d3f206f1cfee3e74310139cfa91e1fafe465e10ec5bf60b6ea32043fe0f23786da51921d3a
-
Filesize
3KB
MD5b8da4a43223765049978b4776d443a58
SHA16d5d5b047c53ac9f2fa18ccfaf7e47bf72841ed7
SHA25663463e2911db6e60bbb0e8c3bd3d3bcd23017cd27ea089854866344105a104c9
SHA512574beca1ee3d5f5d66b41afec53d08b35f762595cf46a4dd8c138879be67ba2857c46dae0b026121f193644bb3c050744f01000a28562c1fbd6af7f94b8fa82a
-
Filesize
4KB
MD533ad1c2af94862f91252ff56a14ec794
SHA142e1c746392b3cc54c0bab4f564b6980087b0049
SHA25673bac83c5f5bc6f300b12146a018c0c4926d7fb8cb931a40cb80d4cf047e8b5b
SHA5128225c95021f1a43fe0b15512f753b66e184033b7d635cc3aad1efcb8ef69b733aa13d76759c224795aa3a7defa6d7e625be9fc0ba33ba90ff2ecb89cefb79c5b
-
Filesize
5KB
MD543b5780e576a0fcb24635170f6c2c68b
SHA1154008b56bfb945a532162a554bbe509d739af1d
SHA2565903a27cb95c474c96d944413de4fa4b23da337b017dd8907f4c71120bd41fc6
SHA512b157752457ca62c28aa17935f380fe21df45a7b38d270a621edaf68c5cc3a1910e6d8d62e7542b50102453d711e64e1452df9b02bb37a350435e45900eabea19
-
Filesize
18KB
MD53ff0044419457779cd1a153fffc38400
SHA16481ee4bf856b8c21e04120dfc524124c2a1d63c
SHA256a2643af646f433d1cda63ff421ef73db3fbed0581647525fad045c863dd0c0ad
SHA512204d0609b8ece7ba71d378b7289ef6a7af0c731959e18a023d797e819410a22fa33ec9cbbb40e74dbb94cfea62b41b6cb8b3a093b4d861ab82b26d58941adafc
-
Filesize
6KB
MD5aa0b2116a4e2a80f65b4c7131afa1dfd
SHA174a8649264dfeeba7c0d2731609968424a182c18
SHA256260d46ef70fe64013bf7032fac8cc79ccaa50b4facaa76216f7deeec7ed3c1f9
SHA512fe2956d984dc4be0590d5f2f33fa60109cf643e8d404f40a975a4fc74ca595408357e0e159f085e85aae202b2b738ab4681764b4bcbf5962c993c11c39ed4dbe
-
Filesize
2KB
MD5d21ac04a7bdcb262d9e82ff23068b384
SHA1cee278f9de8ba749d83d82fcb32205493219773d
SHA2560d89c2ccfc92cb6e63dfa3adcdc83526bac8de7cebf3861d44a4238f8b8d9e8c
SHA512c0a44519461f7c3c97ec092a5e34e6a0df529c772343432a5b9836adc566914d71faf81e4cccde4a87123440968d86b2eb1246488ba3c8d712705168703deea3
-
Filesize
1KB
MD5691af4293cb085835e9a4fbe9c862b42
SHA11d75fda5ff7ad91157ac0b4f6a8349a6b7714976
SHA2563706b2252d0f1253d0dafade5a6a33364e312e50c86f9982bc1ff4226ddd1c06
SHA512f98d501220746b5388f521357e916f73204dcd8fecf6c4e44f190033b0e65cf0a0b0e7e4d314719a50e38563a2d25d72af8e7fb6867b6ec5206de86faf74205d
-
Filesize
2KB
MD54c6fcf2f7f85ab4fe7ec9d8d57b01b6c
SHA146c73bed00ca9297fda7d00f8437ac455f8b1957
SHA256a15a235f0a01da69def86bf593078ce57beeb24d8f614557b279d2a984870969
SHA5124a14ec3dcf3dce18786ac1b21e32020eab0bb0508de75ecf6580d53951d47e8d5df75f1a06781b396e3012dddd1e876aa4f6010ead82ffa4756f29f2d78f42be
-
Filesize
2KB
MD55b57d797e252656c418b3c551aee39c5
SHA1772428f3b7fb88b093089cca16dda3c842b61f8f
SHA2569b13466a383552095fdf666f7a6e7c6ff58c0d817e5bc3811cc6cf6b7a089592
SHA5124db9dc42c25e71a6b1860b502688f1b3115b0b0dc2c91e6ec4ccd12d58e2883d55d50fdf5a83db51a659346a6b529120448f89ab7efd8fdef3eaa5ad35c22ff2
-
Filesize
2KB
MD5de79b08c08fb5744bd6f1fd36c249015
SHA171c07c0cc0ad7b97b634b48da7d2a509cdc3aa12
SHA25679d9dfe6573cd641dcc7e495d55f5bafce29ea175d5fa6dc8a8e6ed12e2b550b
SHA51208970582867dc221ad699cc579aab429955332f88c66c8cda32e435cb2a1238cd5c5ea2ae54befae84dee68bb3040f4ed23b6daa7e4b4bc6decb70aaac6f5433
-
Filesize
3KB
MD5922985afe6c46aa57a7ad6c1669d653c
SHA1e2a381af1dd7b722f2ab89bd892859a295a971f4
SHA25619214b315874886938e4be889edfb5f125a97ff8fa4fbda0786fc3a4dae23538
SHA512d39db58b49c0d4defc5baaa59825c37d818143d9428297ddcab8c1cf7e2b59c81e42a7fc3b19c252b29452e701a29374ebb95a38cd145bc4e585b435afc28b1b
-
Filesize
2KB
MD523e62c1d22c74ff78cb64c557e87401e
SHA1c3e2b02a357e929b6c270a920bec9d4a1cc12e11
SHA256cacf144f685c5392f57ee60b49c3b56e3c2609d61e17a7d9557bc23a2abacdf6
SHA512191d8b02c8e1dc77174d4f7ba34b6d567d8c39403a87af5c2846a702bebb9a8f329b9765a243a67b90e8cca8241a23289c99b42a58312a64a167a0f71b626bc4
-
Filesize
5KB
MD515e2872efdef90a6028b4c902ffcac2b
SHA1a86a8a2075d4b598e9e38309286394fa7754a9ad
SHA256abac00efe849d49217b37fe8eb179716c25876eea4dabef69294b52c626d9614
SHA5127406d8cfa1a7f815ba93893304c79a1ff3e5f38ae00870aec0edc06acede557e3fe0341d59b3671d0a0886976c610b414b10092300d719affe2dc6c4b35e377f
-
Filesize
2KB
MD568e8eb36a5041fffa4f7e482f1aad412
SHA15dd409da6ad6e7a774e080537599c8fea2cc3898
SHA25654f8f734991e600a44b1beed7721f4b332c779e5d7ceb3ef2773ee081a61755a
SHA5128cd893439d3b22841e479603f04b9e19b205eb53a30528ff4ccda37d6c08ae03ab1cc4572bf36b95139117eb0648d961b8a44ee8be47087e0a40b1979c7bbf10
-
Filesize
2KB
MD5623b3d496d84aff50c2bf9f210d3ba4e
SHA171080f41cbd4647c1db5c0221377acea1cdbe786
SHA256fed8f5ee3ce76971e3fe38b4b704b553c12d58632c6619945c590f12b7911b76
SHA51219a7d6350ecaf5815233e3d06207aa6c1f9892dbbd6d060934e1107c2f0ece66982eeea1fde7734c029778f01e902ae32022264df63e3653ed4f886ad784cdd5
-
Filesize
2KB
MD56ccd1ed94a187881fbb5ab3dfb3ab3b2
SHA152a45dd80deb60181befd4efe55712157f20705a
SHA2563c1ce6e02d48a70226a5742ab45435dde50b73c738ec576d99441f66d1bab4e8
SHA5122fc9d1c7f9ce2091a09a290a92cc9f5bae2e9a544543c297e478504748a10b3cc23c4540ef35d786910d35d389c4643049c92bc2c49366b56dec9c410d1be3b1
-
Filesize
48B
MD5e43028e992f87b736611b8e7e2060710
SHA18653255db9c0abeb295e7533bfb7fc56bcf02952
SHA256f14c4ba323fa32010bf7e7dcf0e44816ac0341d9eebf50418584fdf94e769e98
SHA512bb0af0a855479b20c11bc7f65787f77fa48b47e0c45fa46b86c93bc8a440699e20fe4f16ac97b2c06c73d4d8b5a3ed29364a754424238086d6eeb20df86e7e08
-
Filesize
4KB
MD555637c1532636255236daf597d6f4316
SHA133bacdbe9c901679efa038e59cd7e9f827c9e110
SHA256e856cc4dd96dcf4743f58318e509fd82e6e42f0deda7b8f4d453da3714225d58
SHA5122e7083bc932d3ba300041edcad42d80855b2521eb67c5939ec13aba0021237ea820ee816c0490ef5ec5ca1ccf68917d92e1a5f3f2bedd14255b57a75e522b766
-
Filesize
3KB
MD5df9176bda327c61936bf4c63f29962e5
SHA19c6db824aa0f8adeada088e4a81443b68db0a338
SHA2568039e5777c2ad99b814519ff9c0a1d817379d9290a84ad97d174f8efbed3d1ef
SHA512990f16a87289a712f2f47c17a425304d0ee48f739eb7de5073f2577f7c0b865a27280813a4af96c39f41bf286a4181f67efa48c53c1f627037c077949cc2de80
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
6KB
MD58126ab1b566db403b9d7180645c99689
SHA1a22b6a405c807c4b41ca165666b21ba07d80e2c6
SHA256570628e73dca697a347752ad94642f57d40427c7a525e9f5781612e5dc652c19
SHA5125f8dfe39d5c88a4638e408c8edeec2d055456a39d01108c8c9875933e7090215fee47b6edfb20b9375552109a80814cee0e44597ac65570c6afbfbbcb26bd5f0
-
Filesize
5KB
MD5d67bdc045bc3684c7660c663e971a235
SHA1b1d965821ec44df52237eb200ea0b3f4910ad044
SHA256ceb71055cdb835f5bc6625be864600dfd04e5d61c7874c4f8adb5ddb2b118b96
SHA512f7e193d088043d98428ab3116e1c46970743bcfa441fee27a2398caa35a4fe2fddf196c3d56b576a67126cbd1d9a6717f522dbf7e2099769088e9e1e7cfed711
-
Filesize
6KB
MD54f225236ac0d43441310fe245de90f39
SHA186fbf121d55c06c064e8381694d934d807f91b33
SHA256909431a52921e3ee39c547dc041da447a6537bcf69167dee584071f09a51babb
SHA512535be6aee75f224d2c8408466981439473e752d916dc82326d113a8b8ebb33d9f5364a99dfcc94f31d06575a3c8c40449e49f8dc9786947a980207274fe6fd13
-
Filesize
7KB
MD580e0382fae73c25a7301a11d25edda7a
SHA1884e1284ebe364871d641595d007fd51c3925e75
SHA25692f89f3c42e0982aa5f1af39d12b088c2d9d0a20cafd3fe60c7dd6c44f05dd4b
SHA51235587ba826c6f0b13fc3a7393b5e6c8f3ea5e0a25a5032af3de85fb4ecdb2570ad976604b51a1dd51811c94d3bf3f5e632b06b47dd0592f20690e93bb99e93e4
-
Filesize
7KB
MD5d9fd7572796b70d083d17a17ce4bae71
SHA16f56e7abdb0924b14fd977ee87fda2f41d3a58e8
SHA2569e11542d25b4746449c98de0f9b655bd85040a3df9c544934364d89f7bb9dc1f
SHA512119ce750b51ff6f2a9b1aae97f2408af9108717e5faa86f6b107e5cb1d69fafd10163d31c17f65cce23afe97a0d24f8d67a2def4ab35a31f3cfadd2a4a6decaa
-
Filesize
6KB
MD58dc37959363fc3c8bacf040d8fdd2c3f
SHA1f70621cee5baeca2991549d9b9617f267e63b9a3
SHA256e870c156bad52a2ad11d31b6823b1e63785548f9a8e1e552efe44bf93e4d4de5
SHA512a6b1f7be85fd5bb1baa1091f29f8786a6e1b713d295ba2568f0f4eefd0aecd156f9f2be06f3a60fd04d43fadc14a59827082fecf9b2db6254b9c5d6d42ce71d2
-
Filesize
6KB
MD54f9e995a7b6a17c62c806783bb69a08a
SHA114d8e872b90cc1ac674c7ab9fe1aef5b2cff484d
SHA256f20e3d8b00e0eac1c0c1347dd27f4fa2bc49abc456ab5e4dcfff3aca7a9cc495
SHA512bc4eb1584ebeb2f81d4f099619bd544c68a66f3987c20fd76507e2f535b77d08591ff5fca5c6815758715be27f8a106f6efd689e8f383bdd1d83b6c7e1ba9606
-
Filesize
7KB
MD5612d9b5fdfc20f6db1f55e0b0a4b8a41
SHA1c1737e13fcdf079a0d0ee7cae947149dff80215e
SHA256382134feb09a1d79bf47454ba5adf4f24fd58ae58275cd33f12c45a962ec2100
SHA5123c73312b3c93da0a47cb0d68bb2c7a9fea07689d596bee625eeef5a62c07ac8483a459d3fdce6078a1d2bb3daafbe55b933e14664da00ddb46920c9f23d6ac7f
-
Filesize
7KB
MD5eb3b35f805385a783fdaa7b0cccf0359
SHA1e83266d9b9cfca3bf3e6284456e55dfdd47cf420
SHA256b4b662ddc1daf98facc9a78c0037e3656f6463edd0821f471a08a56331aef3e0
SHA5122d1d4fbccb8a7d918bdc4c4940a4ae5b624d42e3adc05f6bb2497a2ed60514d305c246e5bfda8f4761a0deb81378d154a58e2a43df190cd1350946f6699560ad
-
Filesize
7KB
MD5215dfd362649ddc30d2df0c2747a540b
SHA1c61571a93f66cd44fadc2c08acf0fdec452f9e97
SHA256f9226106582b1e256ffbcb07e646027fb65c8a44b2a346550968d8f06a32e0d4
SHA512a5353ed46b90ec7173d32595ee975bd47b5084a342978026b1d9835f70d8b1b58ff454370d6d043073c6c3b84bec87ca6f88f11e897aaa509832edbfd69df2e2
-
Filesize
24KB
MD560d82bd601d64fd00bb0373f5ecd65b8
SHA10e8bde426270dfa3ea285c2c5b7282ab37771d4c
SHA256bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97
SHA5125ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d
-
Filesize
24KB
MD50e98d1679e15688ad133f11eee8458ee
SHA1a4b1a83f0a3f2867954d3146d95d314441950606
SHA2568aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e
SHA512eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f
-
Filesize
1KB
MD52a6d0d7291ffea66e94d8f1c5597eab0
SHA1878fc3087198b4791cdb014d6ea65fa3a1c566c0
SHA256f6932fdab3c78b61ab48623244d505abb9b688e4f62db8467328a7e122a7fe2f
SHA5121b6764279e87f8afdbee52190d326f6503f5344dc088688c80a13cf6eb8d19d3e7ccf1e48c79b77149748829d9f1ae0702f7ee566f6fe0233e6b0c3e63c5df01
-
Filesize
2KB
MD5c9dbce6d617cb1f156648353cd4ef2c3
SHA1277136deedc2925c2622f63f9f90ae082e486d3f
SHA256dff6f1eff95dec65a460045e9c30cbad1e72272ebfa20083230ba430d2b0c826
SHA512242638e7230edf5329037450bcda49f0bffd7c1ac51b6ede0541184696d0abf89a8e58d08f323414dd11f2f2bc3110d9c0580592a5b02023eac572eb016181ff
-
Filesize
2KB
MD506c5f336fa28775af8a8361efefefc2d
SHA1d768c5e3df9c01afff640d6ac27dd0f6917eb9e4
SHA256ac7e68f5a1c60224d164865d804442811424f3c50bd4304e6991180569d74981
SHA5123e46c4a7a385cd210a6647859cbf2e9b6318e6c86bc75af2b0f29f48d63decfcf01a9bb9e3fce237d35d5c3a7c6d3d2e7d4857ca88c7fc84706270095cabcf3f
-
Filesize
2KB
MD5ed72e15ade3a62f387f776aa37087f49
SHA1fd36adb4540eef8798fe0b0a69dc7bf21a7e2d8b
SHA2563676ceae48649a7ead010bbfdf11ecae4973c57fec99a9909e6da443e9b93ce1
SHA5125567f71ffd55ccdd3897e8cfa61b0cfdd9d9678d54e83f2aec6008377a2a3d2e2d52f21cc8df19bab9aa93d3687c98f48cbe59a3adcf6624408ed4fab0e16a04
-
Filesize
2KB
MD561b1d05cf3b773b9f87c7e13589c3854
SHA124612891af22b9826073838122469613d02ba442
SHA256cc4bc079b1b2fc54e3403baf7bb195a207d3738dc1a9a72093f46e7c4fc4226f
SHA5128998e811d0c7462095d4744ae5d3b2d6421c333c7f88e93a7ad15e57793eb54534745658936cf5666176c0412ef5323cf078faddef19ce3d97b1b9db9e7c13bb
-
Filesize
2KB
MD5f40fc3d4a1dfb902d3aa8d69460c91b7
SHA1ba2c61e60035beea4723cc9e5fd488e21dc6b404
SHA256e0d515ae1ae7179b91c05b1958d4a8848be6fa1134110bcafcf67a893e7ca630
SHA5128f58f05208c8680864098bb321b239665ee75f1eed0a98f7a836dec5312dce96a12cd003b14f76f88923edccfed96f7b2f6cd3bfa8652088f2e39f46c70d521e
-
Filesize
1KB
MD523e7997dbbc4686aff08a4e78d3bbb23
SHA12aeac711be5ad2ae0813452a42447e0dadb5c7c8
SHA2563aa002220e828d04ddd2b9d3dd47dd835b7aa8c26a91e55e88fbf73664593adb
SHA5128c7cc51e310d6809e214ce9b51a88000713a4e1b6e1a67513f8b256d54d1d4999c8ba3c92b8c31d12df57c911b16b63db9550ec59d15f70cffd5218f19024e2c
-
Filesize
1KB
MD55c3a897c74be78baff404d999f6b5fc1
SHA1d36870397f18532600a52515722d95fc35eb901e
SHA256367b5a36f3f2fbc8c34f643be5d38223a6ec3e910d2d0988fc1f747b31dbb857
SHA512491466ad4b27a7b8743128026ee86863337f2d5bbd665ff88fe8ce1e047ac5a2b0c532319f0ba3428b277ffaf65aedc9a0262c9b315aa2a129a0f0b5f2a83044
-
Filesize
2KB
MD5553752b3de45f7f847325fcfe30c03fe
SHA100c708af6ada207c49217ce8ef5e126b94f16411
SHA25679b574f6cd951b2ef6614b2e8f0676b8b34303210e176770a45bb0ee10787973
SHA5122327b62424d9ebed3efbef1a67fb7abbc54631b305d389f561988a172e4b4d886613ade99b29939c0ddaa56454686b33c84e496aaf0634905eb596dc5345d00c
-
Filesize
2KB
MD55d7b1469a72d1d9c8edcc0ebc1417cc1
SHA1aaccea526f06494c2dd8e3dd299682d530eea308
SHA25686a46fcc901d636a19becfe8c272b6f3ed74b7c266c70759299d6213fe1cb067
SHA5121a0b14f3736984d63b317887d7413f333628bdeb6b89523e106065c5ec7111221e6af444332470aacd2cee8e7ae96ecaba46477652cef9ae4b0f3ed2d0c9664f
-
Filesize
2KB
MD5764a1a52f04571339ca2213baf80278b
SHA1e1b5779d70f5034f58c826fd71dd21cdc9399468
SHA256b74375102bb537c29c08bdd89c02bf066a1ddf5aaf18363db3cafb4c2f9b49c3
SHA5123f695d6d045204b7d00549cac725c324393a8d43ccc32d0385681ccec4d21aef50b6285b738b371deb810a1ca73a46ec6ca9c6b0db864a9edbb5f8a8c51e3dd0
-
Filesize
2KB
MD5148e36c1d0786be02af0ae416959c254
SHA1d16351b2d356bdaa9e3ebf2bfb9f2b04bccfb37c
SHA25628b78a1ceabec83cbf405265f45bdbe17761994b9f36b5d646ec417b372f46a8
SHA5124d283b617ed966171527c897e95f614e5fa654b35cb5f003a85f47a898d2fa22aeaa1653ef485c8707037eb1ea68de95c93a3192fef79e899b276b63d0608579
-
Filesize
2KB
MD5435fff43f220863f111c4c16c11d1c6a
SHA1d6899dfdce4d74b0fb35fde7cdd5c99439292fa1
SHA256466353d76d505776255a94f431935c94b37ca914fbe0145bf2e33a9a026bdc18
SHA5128cf9a23926d9e655de8b84fd7d8b61bd58ddefdbd21e800bdc7d2382c47de34fde965e5044243a542e0432241d11f9db6a9e58746e04ef1d9dcdc86954680fde
-
Filesize
872B
MD5647fe3a09da47a7dcba8c73b349c1bb3
SHA18c2aa3fe135b46b95b34565536c567a5c2b3f3cb
SHA25615ae4b3eddb8746034c26a463c72b58a5411381588eb1e195ee4b2e37c30afe1
SHA512d8be11704b3c553182cec37c1bfea05feda774378fabf944a0631237fdc2e6fb3eac021a1ea1b80a27466cda299b3674ae49a48507577111488b2b00d64415d6
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD523cb7216daec45d61417ab654f4752c6
SHA1bd03efe324da5dd12776288efe3c90fac3fd67b6
SHA256ea75b42b5ecf4884cad89ea62bf321869116ac0bf6c4cf0c1df9346169781e87
SHA5129bf8478b6a127b009603c7cb8caf5fca75e1ecf4f9cefeac4a4e35b080e837e9e607db0a4f019824de27fe95d6b94e135f89bf9b1360f703cb81c10324d5a5db
-
Filesize
11KB
MD5aac8ddf9af66e5eff7f4b3de4d7024a5
SHA1731872c600ebbb34e5e57a7627aaaf3cbee801a3
SHA256813ddb815109d5263e760d90508e8784757d9af34d84b00a882102463999c429
SHA5122c054ab5d23ffebbe18ae54d635b42e0893e43e3c136347c9205db909e983af465f3e9b086882462dc0e461cd1e9157a7a5ebe19bac411467c7e87f3c4af17c0
-
Filesize
11KB
MD5eb625e2a9d4df4349c847ba1be4262c9
SHA146d7dd325d7b9231ae9e10e3f238289f614da201
SHA256bdd14dd6d4c1fe3da28374411d67827ce54f6ca21d541478378b0d5be5680142
SHA512aed2f67628474472d83803f93a1aebc3b1a957db7b5fe00db2a470dc84b0368726e81550eeb308129cd9bc517f2c48d53a1310ecef1e1b152fc43adc1f3c87ac
-
Filesize
11KB
MD5904868b51b1ce1dcddc3d82b441c65a3
SHA1a450e4d16d9c879ccc9ced111aa431cf725c28c4
SHA2563b1cb181e6b1d7764cb9f9cc39e856671ff04b10e98093d7e10851d1b974cd2a
SHA5124c061ce14d318f0e82ab4c20e8e2d0dbba80ade6a866e6ecd319fa4ec6ca6210fe80d29d4d13d65471fe218ccffe09314ed666a380a0ac37b5407268975767d8
-
Filesize
11KB
MD52bcae7289c7505f18642270cd30730de
SHA1053f0d5caa8f1f08f573abde25894b0a26a544fb
SHA2568f915fdcadcf938cca70a81165c94dc3022dd9c51200453bc21990aa05964c4b
SHA5123bf28e4c235b3819515292d7f3d6bf0f3a31ff0121f5931293bf9750b11df37c22559a879a94d30724b16828c508b33616bee273afac58e796b5f0737a8e2ae0
-
Filesize
103KB
MD58bcd083e16af6c15e14520d5a0bd7e6a
SHA1c4d2f35d1fdb295db887f31bbc9237ac9263d782
SHA256b4f78ff66dc3f5f8ddd694166e6b596d533830792f9b5f1634d3f5f17d6a884a
SHA51235999577be0626b50eeab65b493d48af2ab42b699f7241d2780647bf7d72069216d99f5f708337a109e79b9c9229613b8341f44c6d96245fd1f3ac9f05814d6a
-
Filesize
1KB
MD557f0432c8e31d4ff4da7962db27ef4e8
SHA1d5023b3123c0b7fae683588ac0480cd2731a0c5e
SHA256b82e64e533789c639d8e193b78e06fc028ea227f55d7568865120be080179afc
SHA512bc082486503a95f8e2ce7689d31423386a03054c5e8e20e61250ca7b7a701e98489f5932eba4837e05ec935057f18633798a10f6f84573a95fcf086ee7cabcbf
-
Filesize
144B
MD5c0437fe3a53e181c5e904f2d13431718
SHA144f9547e7259a7fb4fe718e42e499371aa188ab6
SHA256f2571f03eb9d5ee4dca29a8fec1317ded02973c5dd233d582f56cebe98544f22
SHA512a6b488fc74dc69fc4227f92a06deb297d19cd54b0e07659f9c9a76ce15d1ef1d8fa4d607acdd03d30d3e2be2a0f59503e27fc95f03f3006e137fa2f92825e7e3
-
Filesize
1.3MB
MD535af6068d91ba1cc6ce21b461f242f94
SHA1cb054789ff03aa1617a6f5741ad53e4598184ffa
SHA2569ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e
SHA512136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169
-
Filesize
2KB
MD5dc55e3bdc109927a5ec7d0ef3df6d1b5
SHA1360673537d90a76c0356fab928af6333bc805f05
SHA2567341dd4156ebe1c16a76dc4b291dbb6561f3f94e4f338ebf94709e0acc89a1e0
SHA5129fe35a3ca22fa9a53c175f22e8d2f8370641a129c069b732e0f638a2acaacb95a6161920d44454a0b1fbfa4b59c9fda18788dea8c5aa3d35dd68cbbe4eb70aa9
-
Filesize
3KB
MD51b6db5d368942260136661a9f3aed2ab
SHA1e836520a7bbbc6329440797a920bdb4ec38eb9b4
SHA256585c428fac002263907972f78852144f7e8e8df0318ac5d3f4aab77534356c69
SHA51272b5b363c98985db13fa7e752004abc1bf3dfea39dbe20107b1d4970db875dd3a8a46d00036325d913ebe0b4a18c1fa7fbd1e35015540b9065cddd9e0708bf26
-
Filesize
3KB
MD509f7635110276433908dec2294d3843b
SHA18cda89d68e3520110511c2a88e239efc8ae4ac26
SHA2566bd468afc66deda4b8d1126e023ae6eca5bc1fa002ea5e091e6ad9c63b6c9af1
SHA51271b9eacc29f4c77775697cac6bea3e16bed705e8a6d4d29828433b4bae485822eb84601918ecbf0b0c1cc20e732b09f64fb7ff7091904d72d616eecfac127f64
-
Filesize
861B
MD5c53dee51c26d1d759667c25918d3ed10
SHA1da194c2de15b232811ba9d43a46194d9729507f0
SHA256dd5b3d185ae1809407e7822de4fced945115b48cc33b2950a8da9ebd77a68c52
SHA512da41cef03f1b5f21a1fca2cfbf1b2b180c261a75d391be3a1ba36e8d4d4aefab8db024391bbee06b99de0cb0b8eb8c89f2a304c27e20c0af171b77db33b2d12c
-
Filesize
156KB
MD5f71075f49b70a2a37a955836d13cf49b
SHA14f2457b6df6dcd57c128132a7a49777a0e7d2cc1
SHA256521621037efa7f0b3570237e7df550562133c30a13359fcc09a591420784276e
SHA51248060e0ba7f9f2802eb0449dbaffdec94f17bbda21950716f841ea45c84ad1ed269fc7c48d6a7b3c60a2d9dec90af2650048aaa7cb816590855da3fafbf858ae
-
Filesize
982KB
MD5d1bfa4726bd51bc486725dfbec91f007
SHA1147d2fbe06b083e107dd2709292703cb26f09841
SHA25629944768d8d93078ee98c57fd67476e8e24dc7c86d727f2161cd97c3110e000d
SHA5129e505680bb79a00a681560362815a24c1fdd82ac39b12a5da49ebc2180a00f5cbe9de69158f27983dec4cbcaf0b45cd75e48e2e20634e4c5365b8e6038a7f8df
-
Filesize
1.7MB
MD5272d3e458250acd2ea839eb24b427ce5
SHA1fae7194da5c969f2d8220ed9250aa1de7bf56609
SHA256bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3
SHA512d05bb280775515b6eedf717f88d63ed11edbaae01321ec593ecc0725b348e9a0caacf7ebcd2c25a6e0dc79b2cdae127df5aa380b48480332a6f5cd2b32d4e55c
-
Filesize
1.8MB
-
Filesize
864KB
-
Filesize
128KB