Analysis
-
max time kernel
179s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-11-2024 17:31
General
-
Target
Novo Documento de Texto.txt
-
Size
134B
-
MD5
2391e0b72978f242cb09495b35881f00
-
SHA1
7bcc5f680f1014d7763fe105a26e22a3a94b5e52
-
SHA256
4437acbb249285c3517c31914bb1d56c413550b616adc8331f93e6b8d28dd14e
-
SHA512
19c209e5255757e8d8f7887bc6e0c4272d72c0caad3542cf2f6fcdee737b8416d3c1204ab871cf04e7f2994964e32f1c571ab603c4f5370e99d05bbf1276a2d7
Malware Config
Extracted
lumma
https://h011daycrafter.cyou/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 62 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Novo Documento de Texto.txt"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf1ae46f8,0x7ffdf1ae4708,0x7ffdf1ae47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6796 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12737981494509440300,10690002514164495683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PlayBoost.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\PlayBoost\PlayBoost.exe"C:\Users\Admin\Desktop\PlayBoost\PlayBoost.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Desktop\PlayBoost\PlayBoost.exe"C:\Users\Admin\Desktop\PlayBoost\PlayBoost.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\lhkpi-.exe"C:\Windows\System32\lhkpi-.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
62KB
MD56b04ab52540bdc8a646d6e42255a6c4b
SHA14cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA25633353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA5124f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730
-
Filesize
31KB
MD5c03ff64e7985603de96e7f84ec7dd438
SHA1dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA2560db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692
-
Filesize
268B
MD5ecfbc5f41f4e01aa9eeba443e9d18edd
SHA1075877824448033d403d973640c7518fd0c22dda
SHA256165743f14b1b5b20b4a01292b738d7a746667956b15b4652dc58556025350091
SHA512bd88fb55973ed8ef72f4e1173d1b426d1f6424c62346eb9629ffdea06227772d24060c6145e58443d9c7c9c9b24bb1181a8f77cca62b73dbce5753a8ebf0c510
-
Filesize
54KB
MD57fe864112b0c773c9be01e3df8768e62
SHA11d29b86bb6aa09c97dc74b582027ff0500a71cd4
SHA2562b9f85ed1f9550bc5bb031459beb0caa672c68953253f09a2f70badb8c0ac399
SHA512ad99629d7b9152b4d81bb44ae487e405360cbee06ef16fc4bc2f7baa339196f6aca16a1240542c81443eb781333412948455cabb79bd0127d0f3ee69ea4aafd7
-
Filesize
21KB
MD54ba413cb493449b41a393a9543de1f79
SHA1ca49a9ea416d16eafb9722b3bfa3677dc1892730
SHA2562b14d99cb65ba77e613f5312c457f2ed494f5e42d4ddf4af46dc922c17ae8fe3
SHA512cebcefd75433847c8030342fd04ff6a34f12772dbe10b0479a655d48129b8df5a20f96897bcf4ebcd4ee734b5342ce0dd61b09e6a7fb8caeaa760f8c8f409461
-
Filesize
278B
MD54c0d4303f941bd3a31c04b3d169cf2b8
SHA13222201d7024a5890a1583e03fb439560e027a16
SHA25616232da0898e8bef653f43640e2e418a42ea13712a2058459c95dfbc4a3dc91d
SHA51259985cb2998e0449cd3b0c06888e66dc1fed9e70e7c806a4c37a00825ea2931f915e8c08f4e8d46923f6509f286ca4fc217b60a80d397c58e9736ad1bfc25958
-
Filesize
10KB
MD5c9dd6c14b3ff26a5abbeb217fba1afb6
SHA177a67a7b9f31ae6c68bbf6ea93af50e4b046ec78
SHA256664fc691479d129ee65f6cb8a1b3e14ff8bc41f01110ad90f4919f054a657d8b
SHA512ccb6ce4b25cdd163ffec4f18a293f7e457d733b34d6c194abde83f20f96c3ce0ed6cda6ce415ff15a6e051182625ce39ab550af81ebf3acb4721e785b7383033
-
Filesize
328KB
MD54801c5d81a6e11110704e872ddad879d
SHA1a463e5277038fad32ad8a02859a5403eb4b39a40
SHA256d8baff6f4f28483d7a610666590f0bae850944f80b9d349de05101663f5d62a7
SHA512dea6a0db4885ab132469070595e9b3141f5d51bfc3435d88cc4b7ba2b38208a87f69f21c58e5f1e37fbb9e5e8a76c2219bb65d1a6d567197536b4da5ff82d588
-
Filesize
84KB
MD54dad7c2dbbb4708a1d77524df2b9b712
SHA1cc666fd10678fe9bc08fd88085ee69a9d77f0bb4
SHA2565b4915b202787d4cbd16d67f23cd5f14e5224f73ebd4686c96e1f68ab3e08e9e
SHA512ab086a1febbfd0e007d20f696f2825fbc8fb65de8e3e3f786967a722e9c63b6092c09042363d0dabbaddeb55b09f415f44854e263e8a1e801f439921ccfe92ff
-
Filesize
1KB
MD543171460506da5924b0117cfc2b6965a
SHA1f5708413ee210bbaf81e3df7238c63a3ac0be551
SHA2566bd37a2eb16df59e03380edb9ce6cb0080c6d0bfc08cf16a774b2c5bdacbf1bf
SHA512597c0022968a3f599f316a3185591c301a43b04726371de38aba2d9fe6cc1bca9a938b8f7be8c0a45b9571c051f4b5cbd1a58624510eb7b56e0b8f856e592520
-
Filesize
2KB
MD536949a3fc974226466e348bbc9ac0ce3
SHA13b9e27426e853411ed4b6a52720af7f4e10e031d
SHA256ce00bdb5f7db0783c44f13726a237297eefe149a969a2a14e4ef1aba54596faf
SHA512afd78562082f45800b6d18eb98df63c5c975796b4e27c20a6913570b1feaca13b53254f7abd713ed4652a25369c18f0ce62ea941fcd2ed6b2b4c4d265c779273
-
Filesize
2KB
MD55c1e66ae8ec5239608740940eaacf175
SHA1aa4c41a008142a0455e5b394e7f445f3ee94aade
SHA25638bb2d740e9bea1b3c018f436ce3f8aef55a9c9bf5c251af47b3fbc5c8920d9e
SHA512cd040e3447aa93afe44b7ec3b0600f0395f6796a64d39a15cae1f7d3105792eea24846e8ac7fa7a38bf0bcd2a3e2e38a2d1a4a5de03c323139992662ca7d10af
-
Filesize
1KB
MD530af36d457ccc1949e9d997475fba041
SHA1e0e610529de029d8a27de3b2cfcb66570ad5ee3c
SHA256b09fab60ad7c7721c30ce7dec23a218aa7199cd158f53dab2364606a8af36663
SHA512fef05c1d52fe896f5ea90e5edf47582ffc5d08c9e887e2bad2d0866f6bb44748ac3039c15e860cf0755967b73d78600d6241e9cbcfd56f5c1876ef930b6b083e
-
Filesize
10KB
MD54325294275e11a8c8bda583301366173
SHA1803d4cc00a297ef5f92d9a87ef1734f4d1492404
SHA2566bf036e26434c4be718cd208ff0a22fcd869171bc9344b8b3db51c2045a602a0
SHA5122afe4007b5ea7a0c25a58fbddb0886861e56ba8130c8827c1eb125e23a20d681f37cece2ad94a6a590e82c848dce2b94534d6bec796b85ec407c6bc168ec2881
-
Filesize
9KB
MD5a6cdcfc4f75c566bbf8593e9a5884814
SHA1462bae13f74cff30531095835a9e736d4d09fc42
SHA256b7c4716f832812cecff13291f34fbce3d015d3f5645b882bcf68e29964b9f423
SHA5126757fe3cd3941293d5591a2f735bfd5b1370f50a665c0008fcff1c649050e8e3673a4bb7c10616d158bea3c2204d0c8cbe64a1608fbbd08754f228d4fc6b1b81
-
Filesize
11KB
MD5aea85436affd7ed14af3e0892966c9a5
SHA1719bc068d707c8509e55082a87e9764db431c113
SHA25628262087bac6c9c5dce573f9acae2597ee5e14140344041e2971e07aa0528337
SHA512edd14a166be6f34987b638f07e3dc43c73d6f203af698287f7d1d8e13d42e25744226894341a3366ebbfbfb37c7a4139cbd1c4e61c0b22ca4c850d3bb6392770
-
Filesize
7KB
MD53a38c6377cd7bd6c35792c3c1f5eea84
SHA1d0acccface3a4d18aaaeb0fa99180bda0bbcf96c
SHA2560f5dd6379e5e0abea3ef3f5e3c57ab1f7c4e12597e44c931c9455633a7fc5dc7
SHA512356f30d25fe71fc8f6040d4fba08616ae79abad700cc2eb41adec9c27b76d4c8d348b6d1800a4c4766ee269cb3dba3b028fb935359bfceef9d94b09203d9aa68
-
Filesize
10KB
MD5654ea28737d29a9c6b2cf4007e384a10
SHA146cc1b4b8fd574e8696df7999feb37b829ab68b4
SHA25650c777fd4f132ef61076a228509ec977bd2a112a53af2b5526ba81566dcc46af
SHA512ab042d935617f04fc95e95d9d130567ad8f4999127361dc84fc5ff8b7322db7f2e0f59f9f3ec08a54a30cf34e6744cab6fdd20eccc92b66d58e6d9de07bf8c43
-
Filesize
5KB
MD560c2324ad5ed2cce7382eed96a11d10f
SHA118013ba93f77195d665a10b7cf026629491a8273
SHA256ae4b0ba750f5ac19250fdaa4028d4bf3c0b3e87ae2ce1fa6bdff946d40a5f8ec
SHA51252820c8ed2b9c63130f3c7b9d3996e9ec2a0ca30831e3f3581f863d9d512c59f750574316bdf779fb7a70eef4badee4c2e31ec72a94ea0551c4587a35d367e08
-
Filesize
11KB
MD524c5107fbbbc67317dd775ce56e278ba
SHA14c4cf8d1c9a7a021f98fd044d2a2ba6c92d0aac9
SHA2560ba537e88b5addc92dfb5fb9321e427529cf38ab69c1ef80f26ab0dd0c4813cc
SHA5124cc03dad7727cc96757f6df57a404e9e97b6a723245764cf0d0a35e5d7213858a8a845f2b2f967ae735e6e1fc59cf3793dc55b1db877858a67d73cef5354ef0f
-
Filesize
2KB
MD502b0a2ca0a947a76904abc28b37baef5
SHA1685cd22e0a78606b99d62ce822ed336e6b3931fe
SHA256fd3985d1151451c6467418ad9ee94bd8ef0ecab463a1abe51a3c3988472f6881
SHA5121ed91f8bbc24e614a75ad8733fe7ffd355424e7b55ff317fb77b9ae3fbdd0eb7d0de63850c1053c58d572ad784c27a7e308613798d65dd53f010541ae46d43b2
-
Filesize
2KB
MD5395c5971f7111525aab25aad55c5c81a
SHA102c97ecffadd463531c644451317e660b92c7e38
SHA25666670bee300eada0c1534ee8784c023ad85dd0bf461eb7aca7563166a8b5c9cb
SHA512731c8f60164f50f97d236f14a7e516e807ca008815b5919420dd83096374720477838e61bbd33a0eff362aba78ce4087c718cb86a5ca9ee305c9f10272f4d134
-
Filesize
2KB
MD5452bae0ace321cd83e190bcb2af9ffc6
SHA1cad0079f8527a3aba954d0f89e49cb44c8f8bf88
SHA256d577ed4a69a1a3fd6305f984e29ef3188febc7dcfafc77538299c6ad746413bb
SHA512f62a333853dd099b5c67b91b2e0a4a2f3a257e4b5f1a9d381ded21a4255d5b9a927430871271eb8970aaf656bbf89f5be3c26b34c60a13e5bd7d98377ac66fcb
-
Filesize
2KB
MD58a8ca8a6cbf56b45a8aee203d8da9c90
SHA134c41c41c0fcf3a83115dfd6c3a6cc07c7fb4220
SHA256b948ab6eff3fb85880c7c9c990cfe862f1360ee6a01dd96925146debc971acb4
SHA512ed87dc04c78a45fbba0625b724ed0e6a7a80feac52e203771ec164346b2cb545259ff8e1eb8bcbd73077350754e4834140261e7a2f0a3722b354bff0c0d03683
-
Filesize
2KB
MD593ae378130bf98a22cafef41cc26fa6c
SHA1714d97f16e039e0a1841a4a0aba5aeb6c803288c
SHA256437e3606e82b44185ae01ab149f681613c3965baaae3147c5a230b4135c758c8
SHA512a5b05743bbedd40f90190cdf9a1ae80905777ef5665268bc9aa9b02f2f94dc1204621b68739415d66af649b4985c57afd65e4ed51d0f02755437ffeedc9d74b5
-
Filesize
2KB
MD561f6422e98e31db41f5e9ecd875b0a25
SHA1680044b93472198e337fc96996a304cb5cd49ca5
SHA2562a284cec86375f4489b1b8e80702ba40368bebc7ecb2f06d8dbfa9046dd3a5e6
SHA5125ce528df7ffc0883b38eaa56f917cd4369f9c1298f27e636eee7ddb2d502fd9de16e0e9e89171d50c7e1490f169ea84fe6ea5a543985db0d96a4fd626cc46751
-
Filesize
2KB
MD5e2d777be48d56a82badd131c4fd9fcfe
SHA13e4e8a4107c74df4d78168a6040254ec1017c7cf
SHA256c4969e4392bae78b78d45a6ad80218a7d7afd7b4b57da8b5f584b34530146460
SHA5128461c72318616148712d97a17debcc47055566d036978625aa5a8daeaf6d9959c1aa5ca79a57debadc930fdc28490ec70976f362ffabf557ff4af497563a5403
-
Filesize
2KB
MD5520e6b1dd49e11c05bea2c31c2f78a30
SHA13701b32bb8d3a63c962cdc4e97dc48932cfee156
SHA2567b79d9123bc8f03b478d339b66af94e0106e8f889b266a59af52a8889e02710e
SHA512668e7616a81f3367fdd6c00d7cc550527a4ac590bdcb82c48b25a92ea4e1efd594c9648c5aae4254c8cb64885188aa8b60573239c48dedecec985b4080c3cfec
-
Filesize
1KB
MD59523a41aa66b4d678ed88ef5ed212fca
SHA110bd8fd8175f98a3094cce658b44eaeb1f992313
SHA2569316e3d898bce94a204d2e9c768320103e0e88da7f5e37af59995d9156a92785
SHA5127ca71d623aff813685d4941baf6b1bf73fdea223679384938b35a4f6445cc850b6a4af0913740be820abdb7a4c55f4cee156a348fecf873f18237dcb3a0e77a1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53dc5815fff1a4fdb373ee847e469072a
SHA1ba56dabfcd26fb55c466a0cbbd095d456f49630c
SHA256771d35cf91a80bb0ca53b5451adcf8b5c95e4bc364703792983c787d8be26c71
SHA512b205b3f1428d1652781e35dc74c0d152f2864f0d7bffbb9fc26454e483795cf00d2b310dfc299cf9d8768dd45d574156ee44d73d6d5d5cc1fa6187c0373d6c10
-
Filesize
11KB
MD5b9a0e1fcf094d2662ac65da9162fcbb2
SHA1658e900ddb21b0ded1a4b3c1d4f851d830968f90
SHA2569cbeed8eb6744ca3f95398a981451e5c319db00efb9b44a4d538fea4e29b5965
SHA51265f866d78ffa5b33f85d88707955eeeebe6a31ef374120f84c88868030d0220a34f4f969c2e1a732221417c36a04650163afab8d3d38432e00091c33f151ed50
-
Filesize
10KB
MD594ba5e72038e136ca0f2ca412e430bcb
SHA15d0adfe380d598ed8cd0802c503611d344b8349e
SHA2562c05a7e13f7b1875a84eb6c324926a1f65024001fedc694d42e3055b4db74d50
SHA51203d2099ee8fff2674851706c720dbfe45e19949c138cd26a54079e3745aad0aa887c76f4b71ab6ccbdd15ebded298c74c11d88fc73600d98928e7049c1f7ac7d
-
Filesize
11KB
MD5b46d7ee3ead03d47310edd3fd7e0121f
SHA1b3d7cb9e161a8d78f5a33fc97afe2011bb82157e
SHA256eebaebb4a0cbb72dc1700605e985067682dd82f607d74f0e0d2efce3d2a0b107
SHA512b2d1b012664e0d989eb99748b43a32b3c2c2d45e318bf7e2cc9fd1916ecdaaf1dcc3c88174b1ab0a2b945d213e64ba5681e236a11d8d85dd63daea3716c19722
-
Filesize
11.4MB
MD5c713928a51d1f92cca62e34274003b80
SHA15638d4b93521aba17db433f3a99f164ad1514dac
SHA256da012b8e63db6a56830b79def1e8ade4ca125a9053a92eb7813e98c26c36c85c
SHA51212990b95b5f5dee9c1b07b93f6ed2e0e9a39c2f46e41e3b8cb14342999134f7f15a7f768f6c640c16cecf28a42d1d0965e4137b72ee6cb0011c1fc10f965e48a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
380KB
-
Filesize
380KB