Analysis
-
max time kernel
18s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 07:26
General
-
Target
fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe
-
Size
189KB
-
MD5
fef9344ab43ca53984e45b9de42b07c1
-
SHA1
b816b11ebebcefb845a5ce52bef81d4ab6977174
-
SHA256
27774522cc4848729069300e39654e834e34809f42821d0194ae1f81a412e52d
-
SHA512
ca804be21964c00c6f1e6b6194a1db5515fba86d23ff3b38afc142140e4199d76bfae1e3f420a07f014082026df9532a3864a8b7bade636cad05984229c212d8
-
SSDEEP
3072:o/xkurCTnSOfXJv451a6ahso77pRoh8ottNZOUaWK1vbcHPjjPmxrJTLftFc5zEv:o/uTZFua6af77e7Z69lbxrJXKgaTJO5
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\# DECRYPT MY FILES #.txt
cerber
http://52uo5k3t73ypjije.b7mciu.top/9A6B-0529-7108-006D-F6C1
http://52uo5k3t73ypjije.hlu8yz.top/9A6B-0529-7108-006D-F6C1
http://52uo5k3t73ypjije.thyx30.top/9A6B-0529-7108-006D-F6C1
http://52uo5k3t73ypjije.h079j8.top/9A6B-0529-7108-006D-F6C1
http://52uo5k3t73ypjije.onion.to/9A6B-0529-7108-006D-F6C1
http://52uo5k3t73ypjije.onion/9A6B-0529-7108-006D-F6C1
Extracted
C:\Recovery\WindowsRE\# DECRYPT MY FILES #.html
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Adds policy Run key to start application 2 TTPs 1 IoCs
-
Contacts a large (526) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
NSIS installer 2 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe"2⤵
- Adds policy Run key to start application
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe"C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe"C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe"4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb47186⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2508 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:16⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2492,12320505542361399074,8067408143602408494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:16⤵
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt5⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://52uo5k3t73ypjije.b7mciu.top/9A6B-0529-7108-006D-F6C1?auto5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x38,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb47186⤵
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"5⤵
-
-
C:\Windows\system32\cmd.exe/d /c taskkill /t /f /im "ByteCodeGenerator.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe" > NUL5⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\taskkill.exetaskkill /t /f /im "ByteCodeGenerator.exe"6⤵
- Kills process with taskkill
-
-
C:\Windows\system32\PING.EXEping -n 1 127.0.0.16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe/d /c taskkill /t /f /im "fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe" > NUL3⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /t /f /im "fef9344ab43ca53984e45b9de42b07c1_JaffaCakes118.exe"4⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exeC:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe1⤵
-
C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exeC:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe2⤵
-
-
C:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exeC:\Users\Admin\AppData\Roaming\{C911B2AA-596C-4108-AAF3-1A9B368B3E1D}\ByteCodeGenerator.exe1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x344 0x4e01⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5bc5fc7318985109d0938f5b2ec11947c
SHA12a7ca11a015c8d8d730846520ddbbf78978b42cc
SHA2569261147fb4c11c2c450ea25e0f693cf877bd6bb6889f25b3edf7d7bc48c939c2
SHA512ff2672f0b5fa7369bed7a99177bd97ed7a46a0a7a9f25c955a807e4237627e9707643ed0d520775ff628a15b0e51134c647bd16473a453571f904ddb783cb504
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
6KB
MD502adde5c6d4421100f1e21c2f6f7dd16
SHA14dfb5ec623fdd68611698cd9232bcb78ab8586f3
SHA256edc251b48cdc40370c699e320e8d6ede56de7cb84cc7f6b3d554a52b98b0a982
SHA512254f0b28928f7285500fedbbead0d0f69224c080bb995abc6ad2d86aa395ad189740b2838da909e2b7b729a3a05ee5556900d410e33597ded07258cbe854262d
-
Filesize
5KB
MD55683df009c99c8090c8effe658eda3a8
SHA1f96621794eca08bf1d5bea52c40a02691def33fd
SHA256f3f8dbb9d3b3bff8e493885ed0262ba197bbdf7c236e126f8e27b754ca1b9ed1
SHA512c0e1b13df585758154ffd3c61078d6e0eabe7697cc903639b2d6c7731149147d0d79e7cc74dd067cb0f22eed13838e07fc5a6d07d1f82b14529a2f90df499b55
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5422f86dd72136b9e7d1450ec975c9065
SHA11ac135f14cff3b3c642be9983f7f15aa1e308e57
SHA256f3a0bef8fdc778cbaa504226d2918b3dd3e2ea3a61efab4e7a756ec3381ee5e0
SHA512f5aacda396619fca51eab0b97cdf4fba150d296c8a1aa8593219ac6c2d3c1e3c9524402a5e5db18f08462a14e7b2eba066e49435d49a34da50837764e1a8e188
-
Filesize
11KB
MD56f5257c0b8c0ef4d440f4f4fce85fb1b
SHA1b6ac111dfb0d1fc75ad09c56bde7830232395785
SHA256b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
SHA512a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
-
Filesize
10KB
MD52b9c19ebb90a4ef0a7093ce8e0bfda8e
SHA16441937097444a83d3b0426d1a7ec1305e9ff220
SHA2564ebd88dc39c46c4aea5cc6a657ccee02c89f8e2c3a23816c489ce767a6c8c48a
SHA512b01d001c5617b7de6d8c3a592f31b1b3e18c0a71535a0cbca939c123cb72e2493be4d2995751f8619ddd747ec4fe5846e563bc6e56184d95a5dacc524e22d10c
-
Filesize
90B
MD59066348979b12f072fb921a71f042a93
SHA137b1d242760e612d9e56809bf0dcc5656d232e93
SHA2569b9a49c8ae6b0d0d19960a040b81a5fb4847c64aae55dea54a160444b212c316
SHA5125753c2ec857c14ec1294bc3e5f6116c065a1b49666512ad39b360932c3ff19e8e824ab707e62722b4e2da7e3dd1ec207f7ff967cb0cf807b0160dd51732b5829
-
Filesize
234B
MD56f84dbf74ef41dc3d861f5fb3e0f45ff
SHA13e5f17e9b9589f33ce6add7f2518a666ff2253a4
SHA256df5f432d7e0d2bd1c4dddb1fabbf1e77bd1065b9020f71abaf1a45fbb950bbb8
SHA5129f9ec25b815be7b20df26244d31848c9a4896b130241b63636d63511a290eaad78d289a9bb04592c0ba31492064671351b4c7359310f03469e27764132a20a5a
-
Filesize
1KB
MD5fe97ee17f001e5724ef103754fb32f7e
SHA1b12ad571d8201d5584446c20df7302947b94ae5e
SHA256c44863944bc085c1c8af13b0d22d79f44689c0dcaa19dfefcab8532906baf27c
SHA51230cb641808fd1959915a0e1fbcf45da3be5630f1df0a859377737e9651bd56ab1fdf2d94594233f36a093ee74d919a102e3e2ae2a66947c109c9780ed31d10b2
-
Filesize
524B
MD502710317e2ed8cff32667d51f5b66075
SHA14864ad2b003b38295a26301488366d5ab02ce546
SHA256d0807c59413e8607b26eda3f20989ce2baaa57ed387e8754e050ac64df39230b
SHA512698f08773b1cd7702a96dd5a0fd3dc5185abe070dabdc2c2907ab9968bf39cd2ad67ffdec778997e60e3785b56d0ec288b66cfe6a37bfa0f69f2a3be962a1c83
-
Filesize
126KB
MD57371583b0b6e0103780f9679e260b16e
SHA1532e0dc9a8974bb7b2e4a86bfa3c4903b68725b9
SHA25638d4097752e305b798335ca41a0bd2727ff44065f80c8ddecdf99e2adc5af1da
SHA5123b8e00435ba136d8d0eb44d4de31108a890f93fb324d620f249d3f3d17c8d4f44888577139a0ca46f11a1ac94b84b013db3c9cba1f7a11208db38a2ad04cd21b
-
Filesize
126KB
MD522ecb073f20fa7aaa0632df14f5413e2
SHA1f4357bd1101d63c09c8ae615760e0ed6457ba1b9
SHA256e15fb74281f181b806253b61bd416ff02b534732bf39c1d01d540ec7a33ccb2e
SHA5122837f49a675a2ab5c703ea387a905894a96961aa4f17ad3ebc3f0c85b95cc8c4ce45681e30da5aef1f7d27d95d7607197d7da05006e813953e8ce978846d67c5
-
Filesize
509B
MD5e48f88be96ebc26dbb0ffcc604997483
SHA199f857985e9eeb3e78b1d07ecf93701349a1772a
SHA25671b97cc87cc10a413bd1ad45e5c131d99acd5053d7a326bbbc8e041b0b1c4926
SHA51286221e10d4626779cda787e3b83e4d5f042660b6e5ea31f43c448fc831b0c6a26ea749699bb9676362984c6e798df1e6bd4a45b6897599e5e17d0efda8949ced
-
Filesize
3KB
MD5c2b143dc4ee1df5f628a40c06c9553a0
SHA101b6854f5204656b7d35681fb7ad871385a6cded
SHA256001902229a1cf8b5774ced9a929320f9f3bbc7cd6ff44c692b317fdf68fbf93e
SHA5128cd0cbe90f17a55b20d1a1a85254dc56322fda6ba5456eaa6a617936b10f724edb72dc490569f2b1b48cf8ba699c6a556b18d782a999d737e7f21553f5a4aa8f
-
Filesize
3KB
MD5c22dce2c95e3fbc8ac2f569b7fb8474a
SHA19e5b1c407424004fa5c0c1d96af96a9b0e10353e
SHA256423cad4eca8206b5b3ef851278a749e5246042e32759abe6b2026d14ed2ba6d6
SHA512f516531af2f75cb949ef6fbd2bd18e12aa07f94e2b7cb1398d0b13033f84c91f32ca28dc76c6e8caa8191c7b115a3cf59fddc241bfb3e244ae50247c6eee69f1
-
Filesize
588B
MD503eeedd6926392057b761444ea01871a
SHA1e3cc8ce79e0625854e1f922ebbe4ba2f44d0248c
SHA256ba6662dd53b64810a0449f9ff4a9ca3a46f2d5ad63ba66507d00988b64bc043e
SHA512c8516e29e3b8a2b9d9f8e43d472cd4d4af6393f5be2cbe59ee6422f7238a3bfb7523c821d9ed1de25136f58905af54b724528e80562f20e2f250927851b17968
-
Filesize
1KB
MD5d4b0e2e2f96bdd13af8d3602b925eef0
SHA10636cd9e8a81a5e716b53255b9f0afd10f084028
SHA2564cf3c603c1163c488fad45f3bfc9899f4bab0f3f0c52bf6a771295de13535443
SHA512b7d0523456348979b7a9b34524c77a2a1c23b1ccda88b5d91586ba15266c4fb1361507f9d267e4fd59528b99a31fe33be63b917a50cc30e547efda964cf46db4
-
Filesize
48KB
MD5d850fbd4283334bc6a8214cdee231e05
SHA1164dd2e14e242de3270f2a768d36b729d56e33b4
SHA256e67206ab8bd532b15621cc99c6ea8588e567b4b8b2211ed020ba6d25c166fe1e
SHA51250986b5185b363d0a6b674bb3cd9db4308f2bdcfc4e36eb381a770cbafa6401c96a17e0c6f50a4da0afaabe9d08209547aadd5fa2b165e1346fd6d63a33d3fc4
-
Filesize
4KB
MD5a02394f8f25479ed529c5985951740c8
SHA12721f2ca6d3a943015968eb19b2276af9c01a8b3
SHA2566955aebcd757be32733285604886270e0bd77a2b0c2ce91531b5a17fb0658c06
SHA5122dd6c075877b50e6c7e5f778ace158814e34065844b13437eb0b9a34d7f6365bebea8a3964a44a83373465d28063ecc1ad665fe8d1ba86a0454e6ba0b78d3ad7
-
Filesize
765B
MD5b78fded48dc97b8ed5a456e9889be8c8
SHA12ca874bda004a87b0b0b62fc4e5125378d7070e7
SHA25679e83de442ac0d00e464785d9c9293e2c88ee98a176b304b01857231c603868e
SHA5120b00eb7d3f96435ea0c58d7ad6c59d5e59f9a7e408259e72c79e4dc05364d733ca239c2f44e6343f7fa8da7ec2a04ab144428adda01cc8586b89335e8a3aaf31
-
Filesize
826B
MD5d0b4c9740f9346823e21d7dfc5bd9f1b
SHA1019c25a3c797e9bd3c526c73698077ba703712de
SHA256e634695e0e798533dba1ffb41062867c6a43f10393ac0482ac64a5c8eecd6013
SHA5121979573472b0a010f1c7988427a09872dce90a9b9652396c65a45eb26a2a27838369467d1b5f34411f74c1b216b2e70b000d7decf0e04fcad17650d6a1fa07d0
-
Filesize
1KB
MD5614e7e08cf0eeea14950e992d2cd39a4
SHA1d56e2815c16ef5724d61e783fa8d04da602280c1
SHA256a0a1aad282f4ed0bfd1e6d9d1361c32d57c58907bc8a4eea323ad9b39478f37e
SHA512692d497756c95cf0e21feafbdf4f10aa441fed0713a2d725a3cb14dec45ff47868a928cf4e3f15b2185e61293104dad6dd0e64ee432e6a27552672d52dcf876f
-
Filesize
3KB
MD53e6bfa45474395fcab8c295d63fe0ca1
SHA1532af3f2b90b3b1cbc7fd7401777ae271aff5f74
SHA256973a3d4fd3db35ef04dcd3b99176f9df936f4729b1880c189f39507e97ba8732
SHA512058551c718aeff1749dbac4a6d02ff540a8e29c13a9b15ddaaae64afad0fc78b4a91805a69aa210b7c3f14df31ecf539b866fea276bad9dfb2a05a06c702c653
-
Filesize
973B
MD5913b810d2dcddc96c9912db515e52b06
SHA14f519525e5d42017a0b4b63efee0dae535463955
SHA256d7cc49ae4e62c48a5d9d4c6626020c6e439d261eaaa17719f9c2d8b269b89fd3
SHA51241f0d4a7fc8a2cc17d14fe66bc164bde8058c3420b907d4d54aeadda170a44b72cea89923988c0e74f0a40bc233517fb020caea0a0dd3db79e291a648ef58dce
-
Filesize
579B
MD59d4ccffd63ccbfa1ebab9328c85bdbdd
SHA13c3e8ea7850acc45d4c03e888e7db4bb743d757e
SHA25604344cffe2ee8caa003981ca6941c23730a3e6a27ed6bc7a1bb3add804ed04a8
SHA5124291e48c7501591dc3f9e4746c6f852702365698c7c2b34bf9f09565a963a2809ad66161c4da348c0dae51128906c577056bd5bba3b066a92a704359fe055c81
-
Filesize
1KB
MD5319191ad15159427d11c8bda7669c1f5
SHA1e302d215f6f2858671d88f061f5c3d3d245a7335
SHA25684b5f88a75bc33689c7e07f04e30ece39947a8d24953c1934000d5fed32424d0
SHA512cbcfabccf81932b9d8cd66812c6dc7551863b2a39bf2330363b2fc48d87b1bea12e9878d9a4f863a5289db6bd79187b3c4fe59f6161c11ac7e741404cfa1f240
-
Filesize
952B
MD519666991fea55b6ce99dcecf85ce420b
SHA12511d4fbfff7c777a1f648bbdb49e68e47b39b94
SHA256362d8efc2b18b4eadd65be44ce7bf25d28e2e17b58f109bb724c2c68517e33c9
SHA51211804caa55ef65220c21f3d5ef85f0853a7199d205b20e415c5d88370f2fabd1608b8dc30e9d5b19a1e003c2e8f5ea91bec9227b77dc0b4e39dbc7fb3b68d19a
-
Filesize
1KB
MD5420be751ebc4ba1db0066cd8abdcd653
SHA11f046369b9e98c4efa5e342b479d32843467197b
SHA2565bbd13fa185a62a97a1eeece5278d87f68333bc22e8aab0c26d10dd17a0b1070
SHA512f8715e5d71570f5d7b81e9bc39efe28de97ecbaa5782559644562da1875adea3ef4693d142378332cfc412077f8530fb9755efa0e98e215e572eae714fc04200
-
Filesize
46B
MD5633d34ead61d11ef8028e7ae3f22f062
SHA1964f641288254491cf203ad9966e145ae04750af
SHA2562798675ce2702d03c99a831e3794f40d08271ccf74856383c41601aa0dd6f502
SHA51265dfbd479b5eb7294899d503440997172e0fc00754e12caf56a26cbd58fa5502351abd8a1970ac132ad3ca55982dec3a231acfd0031232246386dc484c8e5956
-
Filesize
2KB
MD59c9a95e738765fc608d7c4e76b2f35cb
SHA19dc240f7154d9aaf682906a987f141b3dd4be7e0
SHA2563c33893b88336ee1a3b8371c05ce32b51010b5ec73f67af002d53ca66174534c
SHA512aab54fde37e68017852729846f7fd77db36bd38ba20ad2991ae95c534fa85c518e1d837c308db87c88412877eb5742555f512053b537b16d032d291cc3cc01d1
-
Filesize
518B
MD5831f0622bf83e0f5106b5db122509ce0
SHA1447d87d4ce42640f851cb9bae81dd09937bcb090
SHA2566668dbf76737d19a74b9ca9d44e876c495aecd253bd5f62dbad13691dfc1ba6b
SHA51236ecc5f60d4c0ae4f8e83947d88e5e2fa89802f4b10cb602fc5e83fec7c403d30b9c74df73fd87aa2d772a2eb78cdaaf1f323d7d6210607ee026ceef18783e76
-
Filesize
63KB
MD53e11d432933fadcdfb3fb46a980890d8
SHA187de2600ded2c78c5e5c418abd1f492ecda015cf
SHA256d104e85873c2648f0e7a9575412e0404d97dddb258dbf67dff7efe8b91c1544e
SHA512dc315b9fa5a06c86cff5eccc91395044aa09f4b8c3c2a475d3940150023d725e5d2e9345ad5d43f9413c18e1f5b02c58f4a3864e910637ec6214f113c68964be
-
Filesize
62KB
MD57316ffd8413fdf2934837736a562ca8f
SHA1ad2be838259510ba2a626c414b2fd419b6f5bdd6
SHA25686361d15a3ee2a09e80518c4af5f67c2eced91c3c7b19410b62c5120130736cc
SHA51228ac9fc27f1c54f79f8155524188c2ee7afa473e82c6b4bde8e227346c7c35e6b11e42090ab88c0ea6cc01822b6685e80daf31c10958164f60404af1198ba39b
-
Filesize
189KB
MD5fef9344ab43ca53984e45b9de42b07c1
SHA1b816b11ebebcefb845a5ce52bef81d4ab6977174
SHA25627774522cc4848729069300e39654e834e34809f42821d0194ae1f81a412e52d
SHA512ca804be21964c00c6f1e6b6194a1db5515fba86d23ff3b38afc142140e4199d76bfae1e3f420a07f014082026df9532a3864a8b7bade636cad05984229c212d8
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
4KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
