Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
03-12-2024 20:41
General
-
Target
bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe
-
Size
218KB
-
MD5
bf244a0d9ac81f0ca62e5b3ddfb7b72c
-
SHA1
ecbdbcfab600d5cfc2a1ce67bd5a1819ae340a33
-
SHA256
9abffaee18a87032e9db459d1309da167460acdd98dfc4c7fc4c3941f2cbbaf9
-
SHA512
d2f5d096b09446cb2c5ea99c33dad75b47e76cc5b0509c6d9d571d89b6f245ef86b3c63e4958d2766ef11f4483fb78af3cba49354912ed7c1f8a5497def44a53
-
SSDEEP
3072:2ELO8OxPh5XJkC456AhqDpl1nBTVS7R9WsL2VaAsJmzcsxoY9N/M75kDthsQxMWi:2EcNCCBAhqDNu7RhL2oAsUj/DgQxa
Malware Config
Extracted
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.txt
cerber
http://pmenboeqhyrpvomq.wz139z.top/D43B-1E28-8721-006D-FB53
http://pmenboeqhyrpvomq.dd4xo3.top/D43B-1E28-8721-006D-FB53
http://pmenboeqhyrpvomq.vkm4l6.top/D43B-1E28-8721-006D-FB53
http://pmenboeqhyrpvomq.y5j7e6.top/D43B-1E28-8721-006D-FB53
http://pmenboeqhyrpvomq.onion.to/D43B-1E28-8721-006D-FB53
http://pmenboeqhyrpvomq.onion/D43B-1E28-8721-006D-FB53
Extracted
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Contacts a large (529) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 16 IoCs
-
Drops file in Windows directory 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
NSIS installer 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 4 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe"C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe"C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe"4⤵
- Adds policy Run key to start application
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4ff446f8,0x7ffd4ff44708,0x7ffd4ff447186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9050770182273065088,3265741817559045527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:16⤵
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pmenboeqhyrpvomq.wz139z.top/D43B-1E28-8721-006D-FB53?auto5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffd4ff446f8,0x7ffd4ff44708,0x7ffd4ff447186⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "mfpmp.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe" > NUL5⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "mfpmp.exe"6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe" > NUL3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "bf244a0d9ac81f0ca62e5b3ddfb7b72c_JaffaCakes118.exe"4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exeC:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exeC:\Users\Admin\AppData\Roaming\{9D3B20D5-7968-97DE-9EE7-58760A9EBF19}\mfpmp.exe2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x524 0x51c1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD52f47de0c0bcc7a202b6e40337c96de6d
SHA1b54cfbc0b7270c620b00f4a074bb0b3e6925c351
SHA25663caabbf47c317b0afe5afe95aaae21cb4ed803369c3d7a4efcfba62fe151376
SHA512e7ab4d92fd640153cf0b4decf0d77ad81d6d837dd4eb42e1643624ebfe613eefe432f6111adc31ef73399831026b64569948549ed0d54f47c1b06f72db601bf7
-
Filesize
10KB
MD5309346dc3ada17d2915b9fdfd35a0552
SHA108148c2320740cdf35aa456d914b3f2f7aeb4ff1
SHA25660e0726cb7de677b236d7bdfe7bc95842e5d5bc6f9c1a8ffef882d39828639bc
SHA512e9a1a5e901178e6940b17cd64ecc7390e3fbd3bb8fe7b22b1aa82a8d81c8552d4d63387bebe5808ea80ce305c1c0c70a041496178e6f2b96bb6324c0608bf749
-
Filesize
90B
MD588396120323975cefb9c7cf3b0c41a73
SHA15db96a201919a96c5ec99000300e7a80e4909bec
SHA2569dbcac4ac3f03d1037de5b228b9aac52431664f2903805245f8a708c91f3c3d3
SHA512a334d6af27cdc38ff8fc92c329090947f2f20abd160b004c04c4c1ee14c344d2ad831f3ea70e053ba8ee14eb06c545ae0364c1701bd9a51307739be03b39d475
-
Filesize
213B
MD51c2a24505278e661eca32666d4311ce5
SHA1d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA2563f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
6KB
MD53914dd88b94755d201797faf9f53521a
SHA1b3880a0758f8cffa2fe8b9ad36b2570f8691eaf4
SHA256b0130f543822b795f06f7b0f7d27b42c9e290c7c0c80468de0972606d55dc2a2
SHA51258525b6343a900bff7a0360e74d1ad91232661e952591592ac905762fc5ac3f2e89efefdbaca287563ad741c82f77a0746b61968b28fd42bfb0fb4249945f0a3
-
Filesize
5KB
MD5ce376b5c6b7075f79bf4f79779796446
SHA1521f79995173e561104ad572726c2d4ff9098593
SHA256e0128d1e0c4d945df31c089450ae47da660cf5193f565aced53c565b90f65e31
SHA5128b03ae23ccb5b30ee6951e9961ab408ffcb0e87f74f66de4b8e3601f9e4d08acba92296ef22848d35b99ceb081017a2b6d0d0ed16322df18ee72cd97c64cc36f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD55ef27d1c8213ee76c9fa02a3e86c1f43
SHA1c6e952337eea95c561c67eb584b103dcc9ab552c
SHA256878e4397af426074bed0d2671bf344476d37d7bff05a200c500e55fe65978224
SHA512e850849e40c29717bcb3a674a0bd7ef4ee624a4623308124bce49c55b6c4d52154aa8617bde1daaded5609158346f476b54964c8d3d300e8cc156971c14f7a08
-
Filesize
3KB
MD5d0b27d901155b40f518d158f5e491028
SHA193a71de9454d0e94edad1bf7c3c7659c2cf99c45
SHA256fef5272cc87850a7e422d6bc5be7986fec6aad06f57746a728d58b7de6dde0f7
SHA5127b4a732ff48df05c895e07245b1370f1dc530af45f592aa60224bb9c17bf0a7066449cfb2c8f0c93d00ee61f34e8da3663f7f60585846d795cb329015f4b4b72
-
Filesize
1KB
MD51c7d2b2fddd34b82883053f74613a7f1
SHA15ded4a3340c5baa2f7875a09234200662a5fb6c5
SHA256f42aa8b08eac61b29a5cddc51819a28a692b69480948f7d003485c0dbddedd8b
SHA5122d54662a2a3f852d88e27232a93e5807bfa84be55460f4d9c9d2082d22e7818a337d75edb3fcdbf2fd5e6e34721722df16ada243576ace9598701a51797f50db
-
Filesize
3KB
MD51e75354ac7277ac7d729e9d934b3fdf9
SHA105ec2efcebd31cff1c77d9896c94c11a4722ae32
SHA256b6c74c438f6cff931161a5ab8b0757ed185ad6c02033deac6503c9381414cac6
SHA512e6db1edd746250f9c12c63785c4139bcfa29ec4de4cf10e9532588584f4532b6a990f3304306dc888ec6a24f04b94c7f42f615d580bb08e9db395c7244bd065c
-
Filesize
1KB
MD589de3d027493b9dbe3298a06fef9a89d
SHA13d8ac130c5dab1becabb0a17cae55c9aa42e50cd
SHA2564d1380365eaceb6082c783f733af0ec9fd99e947c1c08c84fa6ff1d370b551ea
SHA512d7699a070cc465d5d960bd3d712fe72f68b24bd6e6bca6e67b5a17fa9581bb0cb02d10bfca2c32949ef86c3156c08e8bacdb33f1bcf4b5b188f149fc52870829
-
Filesize
27B
MD502bc5aaee85e8b96af646d479bb3307c
SHA11bf41be125fe8058d5999555add1ea2a83505e72
SHA256e8d8d94f0a94768716701faa977a4d0d6ef93603de925078822f5c7a89cc8fca
SHA512e01d82ac33729e7ee14516f5d9ff753559f73143c7aa8a25ed4cc65b59dc364b1a020bc28427f8ec43fec8ef139cf30b09e492d77f15d7b09ae83240cdf8bc14
-
Filesize
1KB
MD50b8717be9826ff70ed75c74131f1a776
SHA1471eb762c3dafc031ac6a790c7e9201a4f644d60
SHA2560759787339284a189592ad2a6b8aea00b7c3cf37354ffea6bd9979348d14387b
SHA512710ebe69e5fef8e57903b588ec453daf6507072f2b539e14c7eb284de96092b573cd2d9e4701ed4cf9773ad6bea77de5fa26cd402d74f54f0ce6733924e4f4f7
-
Filesize
1KB
MD5ad7857a8abf9bde686b7507079b9bc75
SHA1c9ad654502127f32cc9658d9b17b9b84a45c3e4a
SHA256622ae0e9a6c1012b7aef688cf4b9a57a3659066e23081f67b2565ddd9d55e170
SHA5125ebf99464292a5a94d610ba04cdfcd53b4fa39b05715948e14a876cd58a83f42759ea0ccb6aa72f75459fcd9199aa988ab5793847b9d7cb4118b059ba8bb7f6e
-
Filesize
3KB
MD549b34ea2cbae50de619d8128e6fa3b2c
SHA135e02fa92a71c32153f9907b72ec9a38833f6cec
SHA256e6e3a86896d639a24240ef4ebd68228567e28b7f8c382d2680d698d2e2ffe3e6
SHA5122468f066f6356a8eaa790a31407eabb68e420b047d9153562c28386f13f3768ba767dcbd5b47c5dc9e25c6e8c3c800c84ecf56704a9a58243923535009c92122
-
Filesize
64KB
MD53a0a6e99fd25fdcb0b600d3e655e520a
SHA197e9ec2b8432c3aec0c5d56650a43c8a922c8766
SHA256b10f5c24e9c066aef23df3b7cf5311cbb3cc5bcbd414ff40aace396a41422625
SHA512f9918ce003301c87a954ed26e4c3b6848e5968f165022409b4922a6c8998f885e979d691cb7f165de569e583c20837497aa35638514fe6847798d1a5c29d2935
-
Filesize
148KB
MD53e45eef93b3cb1119e3510dc9b5719c8
SHA1adf13f7d221ee3e0f6f443b01bcde4a10b54e33d
SHA256b68684a53123fa290b5ea29fbdc4eabb930a3f179a690554366d3ad63a3cdf8b
SHA5127fe8d4fdd541333c8b6720e8d3902f59a181606d87bcb38c6ae79d3af3e8c92f227fc7f6078c897018921868ece16ba34b521904cfc75d7bdf83132a5f80b665
-
Filesize
13KB
MD5eca26c61607b5b8f511f73a2c820de3d
SHA1cfd03bc71cb462edb70a476c956ba8a9a9a44ea5
SHA256ba57adfeaf6cbe5db7e19b428552900b083e3cbf19f0d1d30f5c35c9e01f51ea
SHA512b9a065b75e5f8d81de2c2bc3333ab775450c13b7ec16ed7f17c3963e969b35a4cd4a71533ba7058e2f3398136727a1cb90c1e76a3d489379299d9c89278567fc
-
Filesize
1KB
MD5275c7bebd1f409bfaa98227f7787d3b3
SHA173edaeb7a5de0b98b922414191d69ea6617edcac
SHA25651e2e5877b9e355118cc27ad284db0bd6fce616a78e64e9d905cf836277376b7
SHA5123fcbfefa952b0f122fa6798f471805c13643a11fe060bcb8c22ec13ea7d0571717e0177073cdb3c4d43fc755cc476036b7bf0426f621515975c709a503d8433a
-
Filesize
622B
MD5141edc03b0f0c08bf8847a4d20a2d140
SHA18fb3d2fdebb7f5cf86e7d33b22b676f37a6a34eb
SHA256c19de564c3d24b412a55e8d39cc4aaf4b226ad1d87e41f1dd676e82e6ad2f56a
SHA51215ddc9e4cc13121c3687494753ce2a3341bfd1c9263150c32620000ca2a1839529f9c497f75c41783e647e49229eb518b382b3ac229cc08c134395b06614d1cf
-
Filesize
524B
MD5a4c0299e39c677afd7a7517d2980bf15
SHA18748961f6bda83bec226430bf60589d6b2344211
SHA2565b2da553b3587b710311b4b6318464456cbb2cdfd1c8bd7a831b3bb36aa8ca23
SHA5121e0491cbb298f18b192e96d23fd629739ea48de85ee1b7ed3a7e96a3a645d1ca8471580b6bb0545f10d0edc845612d002920071870bf69a7c90ed9705f8f52d1
-
Filesize
2KB
MD54b3b2473db1fd9f3f04044bb47d000ca
SHA1a52a3fd19e5a1b72f9285ce4d0451650507a5dea
SHA256d116d6e0ef1c1b5cb1512e2de16fb266e86960f636e4a608147d214fd2055a76
SHA5122e110bc9822145b8347fe656b8021d985840a9a44c7659e9524059c94f3617c444900c248a263940f11b32ff82d3efcaa9a400e64d34303055ed9db63aaf3b80
-
Filesize
4KB
MD54039f96ce68791185b4bd6c6836791ac
SHA1bce49bc0c17ba5c461e77f840b4f7c66f7203202
SHA256b764c6ade27c74321310e38e47f72d79827ee2ce99d41f3f5b8e2711906f8a70
SHA5126f6feb92364ff863fa63750f0a0123934a0f7417aaf5a38485642b278b9ad2564520ca8ce4b62c6b794aa0f792dda95b0c99f9a793952ebd445f74d6714e1ec0
-
Filesize
175B
MD5a6b21e84cfffda8936b29e7c9a99be33
SHA152c8d102768228cf95165ce94482efe077250693
SHA25616aebcb843ceb74d45a814c633c1f2fc2577bc8ab485da16d20700efca8b80b7
SHA512f049f65179fd715123f193f18c201ee23b05589dc16f9c08d4d04b4deabde2b01fb63cb905e09ed3bae6ce17ef290b26d19b66fb3a724399f450b0ba8d2ca4af
-
Filesize
11KB
MD56f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
-
Filesize
1KB
MD5d643761bea8094c5df36a455c62dbf8e
SHA1efd0caa0a405ee3f5e85b44e9dc5a4e747a2ef0e
SHA25661ebd46982a911e786b1a4707dd1661cc9998d3ea97cb0ae28d0e0da90429e52
SHA512cfe641aba5aa5e7418673a8d488a28657efc0136cb06f256e786f94eadd67ac5f8495e8aedb51a2eb4c854f1eee88a94fa2b90969bb28e03a8b026fdb6e62d9d
-
Filesize
218KB
MD5bf244a0d9ac81f0ca62e5b3ddfb7b72c
SHA1ecbdbcfab600d5cfc2a1ce67bd5a1819ae340a33
SHA2569abffaee18a87032e9db459d1309da167460acdd98dfc4c7fc4c3941f2cbbaf9
SHA512d2f5d096b09446cb2c5ea99c33dad75b47e76cc5b0509c6d9d571d89b6f245ef86b3c63e4958d2766ef11f4483fb78af3cba49354912ed7c1f8a5497def44a53
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
4KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
