Analysis
-
max time kernel
154s -
max time network
157s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
02-01-2025 02:40
General
-
Target
https://www.mediafire.com/folder/hj2h9evhzff89/MFO
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://brendon-sharjen.biz/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE 3 IoCs
-
Enumerates processes with tasklist 1 TTPs 6 IoCs
-
Drops file in Windows directory 10 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 37 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/hj2h9evhzff89/MFO1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac108cc40,0x7ffac108cc4c,0x7ffac108cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4912,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5088,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3516,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4952,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:82⤵
- NTFS ADS
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4708,i,4108574087161044180,13241450930603624334,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c move Six Six.cmd & Six.cmd2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "opssvc wrsa"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 407983⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\extrac32.exeextrac32 /Y /E Referred3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "WIDESCREEN" Trip3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b 40798\Inexpensive.com + Convenience + Layers + Pale + Guarantees + Rap + Verification + Statement + David + Forest + Officially + Reasonable 40798\Inexpensive.com3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Personality + ..\Sleeping + ..\Morning + ..\Penn + ..\Threads + ..\Graphics + ..\Harrison f3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\40798\Inexpensive.comInexpensive.com f3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 53⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c move Six Six.cmd & Six.cmd2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "opssvc wrsa"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 407983⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\extrac32.exeextrac32 /Y /E Referred3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b 40798\Inexpensive.com + Convenience + Layers + Pale + Guarantees + Rap + Verification + Statement + David + Forest + Officially + Reasonable 40798\Inexpensive.com3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Personality + ..\Sleeping + ..\Morning + ..\Penn + ..\Threads + ..\Graphics + ..\Harrison f3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\40798\Inexpensive.comInexpensive.com f3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 53⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"C:\Users\Admin\Documents\Nobis_Roe\DansMinistries.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c move Six Six.cmd & Six.cmd2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "opssvc wrsa"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 407983⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\extrac32.exeextrac32 /Y /E Referred3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b 40798\Inexpensive.com + Convenience + Layers + Pale + Guarantees + Rap + Verification + Statement + David + Forest + Officially + Reasonable 40798\Inexpensive.com3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Personality + ..\Sleeping + ..\Morning + ..\Penn + ..\Threads + ..\Graphics + ..\Harrison f3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\40798\Inexpensive.comInexpensive.com f3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 53⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\Nobis_Roe\jres\bin\client\Xusage.txt1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
40B
MD546b257e2db3a3cab4fe4e8b36a53c612
SHA12327a773bca75530bc9bd7c74ef0ec3acbf99adf
SHA256e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f
SHA5126c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2
-
Filesize
649B
MD5440d615b34155f8cde7ac14feaf41749
SHA1d4c89010a48a4821d039dfa4dab4d79781cf1123
SHA256eb55d132be6e9a075aad58d5fc24d1a5d8d545fa99b6426111ee0a7016deb6de
SHA51218423fc1071da8f28106e931d1fa7cabbbf8909a2297b7650fe7fd8f50eb210adc664e38ef795eb026b5b75efe27035854b9b4aaf3efa4a717539a274e9678a1
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
1KB
MD58b4988044c6023d683435c4c5722a3aa
SHA14074fd60bdbca48ad921545bc29304749e80bc94
SHA256fbe02a575d9dfdb9eb20527020c354f796c0a16f85a9ddcd65da47dcf962376a
SHA5127c6206fea187ff638ec25844339aef515bfff85389df45a06d05638154773a14a4be1599a2c38688812732ba186915cb6896999300d137acb935adc93d1be67e
-
Filesize
1KB
MD5eec75d758274f73b51d741e5125533a8
SHA1cb1cd5405eb2992ead0740660145dac6200037d1
SHA256ee344e039af86f09720af74f912c716d960eff18bfcf4cd1550f86c635ebcc31
SHA51290bda010febf7397c99726b12cfda111dbc7713edb9de785cd9f24b2d041c33916a92f1ab0ddca329ac2be0812aab9fbd92014b908df6a18ecfef3c0c1def47e
-
Filesize
1KB
MD5665305cf4a145556aec06b2fb3cb395a
SHA10886f76f7b3fedd71432c666b08d56dcc07bf341
SHA2568424e4531631dd15858f297b5417a922348e426f4fb1c6f022b728701532b175
SHA5122c0005ceca0b643c8361b5e3fd85373d45b7f443dad17f2171e0d146df6ee5e315694d4321946c17d36ec7e9de479cf4356352c723148ac808c7192ddc531e34
-
Filesize
1KB
MD558c8815f71c0cb192be594fca96da31c
SHA158bf8eca93adb501547ceada51dcd7040d04ca37
SHA25607ba58752315e27a4feb4ea63563e12e61836df0fe6bd1af5f3759a99aa861fd
SHA512f7f99e2625bb18f936f66a990d3cbfac87027de8ff6020446255291f3d716c93687c553729c00182998ad2855054a2a2287ae218cf47468322d5b0319395231e
-
Filesize
1KB
MD59eda8111e5180e3a001fbc87200b834d
SHA145e28cd26d2b79d05daa93c88856ab1725e30340
SHA25619081d4932994cc2a568d95e094b5445e1b01764c0eb65078a9c07c853a4b097
SHA5127b1470060eab1a64b4fa71dc3b9908865101a5b3881e6a0305638a124062168201d60b290b0c58fbad67fe987181e456f1806b7e72397b22ef208194b5952bc4
-
Filesize
13KB
MD594fad0ebf560dba40820ada31bc4fcc3
SHA146f70916da3d94fa5f23d82554d79d83c31ead4a
SHA256152633f660cc52d08adc8bc3c327ccb0b28b6d6468a41f384f113b89a012b3a6
SHA512a2c296f557945bc6cdd4472d8526aff700763218902d6ce723670fd55f47faa7a1a5be8f558935abfe0c267a12e9112f1a9dd06479f73ae5e188be5997277be2
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD531e9aa50570eed9f6b272ff33391ba09
SHA1d9210858ef128e7fc37f32e2e360a11a405afa18
SHA2560a860c4c74e3a603b256d9091c589fa4f42ee118d0986158fd07e05a46078d6f
SHA5125267f0a6ca5bc117a77f1df118b237602fc145693ba801e1255469059a3f794eaf80d5c846c7d02fa6a5f0d74a44dcf60b0897d3366b018a7487d8b6b554aa96
-
Filesize
1KB
MD5e7d81afb076eba9359ba6b5a2c3839a0
SHA198aa6f3ad3faf8dc56e8b33eb2cb2624f122d213
SHA256570880fa7db73450cf327f2c96f013f8470e769ccd6254da93b42d9439c20d84
SHA512f8cd2fdce0fa4ae3c9470d7ff08bd4bee1de9da09c957592604aaacf61e3f6ac408437e2afbde361a3142fdc6dbe647287539f51204765ea1705a0000a519cdf
-
Filesize
10KB
MD59aed37000c8cfffd2ca157b51d8f6619
SHA1910516b8ea1e87c4387ddccbe20234425e198b61
SHA2564fa04ffe7591e9ac6922c773f3b3b9ff1f5f02e0d3837d0d7ed5c63a40a9a47b
SHA512c5030dbc5a96077741c5d8246836fb733e7095c97f6cd7beab80d2ca4c0aa2c0ba287021b06d35fbe1f73dac54e859457d15aaab699085bd90495171354fad1a
-
Filesize
10KB
MD5d77aed7e15d1b1423460378e30d62195
SHA17c8b3491332879b2c4db7266bcc92d2f98baa46a
SHA2568c7cfa307f0c4f1467a3832818e181c9ab2b0c4575542ab6f269a752df32a9ec
SHA512aee7c4617cb1a3db2e4ef58818b22f57761e8fbe651a73a9d59ef2bacb380a95083743efd711613b8486d5cba833d5d95047b9db86d243d5dfb595292148eb1b
-
Filesize
9KB
MD5064f278fb2a72bf97f28f04c95491734
SHA12da7666a2216051cd03fa9be103b8c4a5c248dd9
SHA25688dbdc9f331becf1b4a47793e633c4709959fab94009fdc4c150ee1e33076b09
SHA5125763982ea64e86a5bcf5b1c958590ab17e3209d28ee880ba3c5d761052bdf8e903755521ceaf753906ed9f27f1004068ac37a05e1f747da2e6086d81058817e4
-
Filesize
10KB
MD55d22e6fb9dc4fed43473ef1afdecefd2
SHA153eb1ff074e3ff648db0980817f169236d361418
SHA256cdb5d8e6e57838c929bf9689efcab45fcad53364725de3a3c31b27025c4aeebe
SHA5128906898493c0629de3a5a292ddb4f239bedbf39fce75546ed11ff6791de36c71e37dd23cdbf6d075e7327749e5e68c2d50ba0ce4187bf5f5c1e4814a16bb3474
-
Filesize
10KB
MD5d4e8477ba87fef8aa8e4ce1a0369dd38
SHA1378cf33079788271b50518a6c83ac34dba6c303a
SHA2561b7ded90194d5921d343f41fff81539c05fa693cf3e82871b7d7bb760e863872
SHA512673356a2e84e8b692c39764e67f14419f93f41347243a59a8dd908e06c592ad9bdcd998d0bb3e73dd0313977aef2ad1c9c76d39081e2b087820724e0f62a714b
-
Filesize
10KB
MD50c59c58ba9e6511781babf847d452847
SHA1e7f07b82fa8f696b14309efeef0fd013fcd231a3
SHA256fb8d57368a3100f02b27a4b1a675be41f1611b3ad0761654b2c3390ef4c0fa56
SHA51219355bd8171aa8923cbc4d68cb1361c41bd7dc7c29bf079dda31db0d5b57a40279e489de5b30a1d31e99dc8a848cdf82f5138990cf129c9c1ea99ad298305088
-
Filesize
10KB
MD53c2eab018a59492d85174595818e7636
SHA150ff51ce69519cdab74e8ca3660d31b9c02f99ea
SHA256e29964b9e5ab7adebfd36426e010e9f7e172de623062ffb6d5b1447d435ecedd
SHA51205caf6d1b423d4694e7a1a7448f1d1350fe625d7c7c6b60b1101249bfe7df70d2901c4cf50bc63cf8d8228fc732d05bf68c661ee6f5bbcc8a7f69d9417c846ce
-
Filesize
10KB
MD58abf56c4297283da2100f8be9befe8c7
SHA196f0f9988e3a19763361bd97b8d1f84257585513
SHA256c509a42c1edf390ed9232810a7d8d685d3b35eb8de830b40f6896d5258691d8a
SHA512e021db8ea3631e516f6f2cdd17b8695cb1f20cb743ce1658b115c5106e2213763b65f285775fa5e3573349e15453da0f24e2e0aac96019aac910f76edfca6f38
-
Filesize
10KB
MD58bc04ec2643653c7b0d7f7a9bf68efd2
SHA1c6d3f675e6275a081509164ac77a40aee61cf490
SHA256b6cea309ea5626842886fb350d63b223ccfd75dfc56e51d3f3d5395a67dff845
SHA5127f0963c148a19835ec733a97a30df014abfdab861f880c842a5972e534b77e9bfa0da49ad11b2811ed1d8d385256aef31778dfa413bbad3e68f8de8c3c078c69
-
Filesize
10KB
MD51cba1d28d0e9e13e91fb37b8efcc367d
SHA17f7539bf5ffc49296b12de244297eea5528104a8
SHA2569d56fa73f4d70ba9911dd78a64b3eb225a789ba236328aac4859d2e186da9dc3
SHA512480b6b4f41a08b94938ccec519dbd458cc226dcd605efc0bc275dd4a74cdf45ed8065561041e386b68790755090b2d674355bd4c71b6fdf81f61897d03b070b5
-
Filesize
96B
MD584500e05f88a16142546f0f8f13c20d7
SHA1ae8b2c8b1d7e5503f5f3fdf98f4f71a261b528bd
SHA2560e8fac4b9d3136530ea429d1f6c55d8ee45961a111a8044fef854d53ea6d1a9b
SHA512ee0ea350209b6c89597f95e9ae4627714da05d356fe2734d60f8469d96fdab3de851a817b6b8d4ae23db99ce35bffa1784b25597729b2f4cf9bfd1873c81c5f1
-
Filesize
228KB
MD5077c7faf1d9c414e4239c6ed688dfa6e
SHA1c766920fc8c727d4ec6ec5c509b24ce68fdc90cd
SHA256c4dae71b855d19bb115dd16a7830c6b86987d82d2cbe1f1f9c6ce43d6736d6a4
SHA5123a5d0cc8e7c791042365ab53ff5b5e3103ad330bb7efc185f1f55062b35e69fab228f42028bfdd2a3667723f1a31e9ed43a400572ecaf93dde23f7f25e1ab3d6
-
Filesize
228KB
MD538dc79faf93d323740a55c915ed05099
SHA1e666b54009d7aa700a40bef023f2155f651b2b04
SHA256f404506a8d67b24f48013bdf3f773af25bb811f724124807b60e42846b538f6e
SHA5123613189bbad73397c47562051d9c20e468bc5fb28fb886c14f7a1d284d13412f1d802c17568346edbbb384de6ea622745787f23f61ebb3bc51c924d1f7b7003b
-
Filesize
228KB
MD563425f7e2043754af8269ee70b194908
SHA1c1b2c370f25344e3e5ace969902eefb5cbca66b6
SHA256878b72a5e54e26d395e8ea9a517aa2e91c5a5a6fb49cda5abfed91db575f9198
SHA512ca258b56a747a405c5dc0e23a6761f027895020a3127590b6a4319c8278d1cd43133c1a1f1ceb9b595cc8d7a8583b73bf4e936abaed4552bbe16faead2066f12
-
Filesize
69KB
MD5602ff4f50777948bf160905f9bb99917
SHA17951ed61f2f00d3c9dfdee6f44995319368240f4
SHA2564ca54b37a7c0e49bfc21399ca95af8af7f2b95a4ad0994213b8137cc1285bb02
SHA5123fbb08a525e0ceeca8d9982c91e040acd9cdc4cfb565d2ed618836cf2dbbf4d754ed585c8209e57bdece9b38e387acee857250ce3175862bf9ca30175674c7fb
-
Filesize
925KB
MD562d09f076e6e0240548c2f837536a46a
SHA126bdbc63af8abae9a8fb6ec0913a307ef6614cf2
SHA2561300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49
SHA51232de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f
-
Filesize
499KB
MD525992b0fa01f9ee7a8400e7ba5774086
SHA1c491cbb1d302b6178212cba6bda9a02445dc9ac0
SHA25689d43d73b4e9975be7d9085ce4cd3df3066f1ce394458f28df5604f40c20b9ae
SHA5125c41ac23a04a1aea205e06657b9f448fd92e127845d84c30af1156bfa761e57baf03ec18ebb3e14e009aa1348f714179c5150de850e1b32dc23601a4a9bc7008
-
Filesize
67KB
MD598db9c0d8ce6a841ff8ee6db81d53640
SHA18386deb84a395f6325121974273134ab749fa897
SHA2564aa6f67498bee03ee7c6429b7957cc8e28d03d2ae34f853210f663b0c93803b3
SHA5120a3e821b12e9e7c53a57a25024ec9e86ba7cbb1e3267f5c88275a63e761bbe17e82d7dcc052135c0177cc5d2ac270f9bca8f46f0af85079025b8fb78d5277771
-
Filesize
114KB
MD5ce87d7e3d282b8fc48b7c4edd0a45c64
SHA18dc20271e96df07b482e2bdba0005ca6f63bf2cd
SHA256609fe04526521dc6b43671f2f054224e0809c948ffaeb3ff806c1ab5d9b934d2
SHA5129f9ad6b0b108ae858edf2b3c38ee73d072997cca0f1a717644f9dc5ab70585f47169c4d56de81b9c20253e4000c629c46fb3c33ca96cd8e0d955a54e7ce13d64
-
Filesize
102KB
MD59a3d819592ca62e82b697c3ebc6d839d
SHA1ea7650b90512dcab3857b962f85b877d5a3d7bc6
SHA2566bd506626f01e413fbcab6a22e903555fb651bd681381c42e74442a2daec6355
SHA5123a094c8c6b9c23934e8766649a51a38d635f7da7d1579c4ed554ceac3c571f1063d830b791e0b92e5c16406780d51aedbbfe5255a9f3dc468542d6878c300fcc
-
Filesize
73KB
MD542e27169ccd07959e4e7e03bbbc0ceed
SHA15a6cf9d9e8392ab8ba291dd79370c7573246c0c1
SHA25666400f2df9a3f70e09c296b6055269b1a5fbc380ad80869fad7a26f965dd1227
SHA512c47d0a041a7461d77159749a65872a15cbaa20b87bd30b88ed5795aa3ea22c0ab75b4ac4851bdb3bb18b0954b989322c8dbaab6a5f554a0ba31dd69612b8691a
-
Filesize
96KB
MD517508867d6c83603770c181e2d2eb1e7
SHA15c7fe4ded3d3cb893897af92f506d380137989fd
SHA25684f2782e4dcca2bafb97e6e128d64941fd4a78828c8a1ec220a2e42d470127bb
SHA512abf710cca37219b28425a98990c74cb6975a7d1e505a97b88ad28b1c30a15caad36263bdab5d2973533861ef5c4651b385599400107f32820ac0c259beccec7b
-
Filesize
28KB
MD59fdceb91cdb6f2f80cedac6126c97b30
SHA1e4417155926d5502ade0062be0083f7b8136cb9e
SHA2567401d29c0e1e8ada03e51c5615db08e3eb86a37c80c1d11cd43925b2dcee8b9c
SHA51281b1e42b0e7fbe2d6fe989a0e20f4a9fe9fd1f23620435ecbde09243f3c46fbaa00a2c9caf6c9c5154e55b1d8feeab9b6975fe429175c45389ba37e2aeba3a1e
-
Filesize
63KB
MD5558f0cb7e036d1b8a452689e0e2e7073
SHA19fcecfd5e68211f0243efa98163c702cc4791883
SHA256c25086710cfef07c1f1bac02f60d4f634066b3391ca84a7673a70b1b44f42749
SHA51272ec4371c9b4f507227bcd2d1aab8984a4682a2d50ad6fe94d00b3f6fe8228491abf3bf17b81c9298a3ae737344b770f2bdeeb524258de3b561433c2def8334a
-
Filesize
84KB
MD50fb688aadd69ca6b26fb9cd776539098
SHA17f98c2355b5e38bb6ab5fa4286b4718fc303f666
SHA25638f15bfdfba5b00b4d453b7cb025a87534aa2c8bd08544d1a34e6a3d4677f490
SHA51280ef9a4ba9289271b8c3191f3995a21e3820b7764df227ce886e33b86e608b632bd0c24e7571f59b0b8efe663fae59120ef49f2eb36aa361110d9393234930a3
-
Filesize
96KB
MD564d5bf5409f125d915bb10cfbc73b9ab
SHA164aae274928edbf29aa736bfad02a76e05478ba4
SHA256db818385c468f7c156a0ab56dc80736239375a17350b449ac46ce6cba0b34ed3
SHA5124cb65c1c361d91e550102a29bc8854b3e1d6acf0b8a4ef7548a16ac17ce4c096a26795c47bb7d077795b0b1918f107574ebe275ae5d2240b3f60bb2498307a0a
-
Filesize
78KB
MD571a45ee28a4f9ad2385b983f0b4f4834
SHA17b4f3a4d5a1b6d9f41eec42c3d2c998c704e81f1
SHA256205525bc5877072c775effd6dc8ddeba5aec0c8f766804eeeed21365fd197211
SHA512723c9ca7a565dc772a9da0d424cb67fc426a45e08625856d6c9120f9700e1d33f9e0798f025423830e1f8d9a9ab3181ffcf51ff4746838a7d151f1b202782742
-
Filesize
82KB
MD5ae012012211695fcd98109d56eb071ea
SHA151acfd62cf132efd6c16d62567324b4de13be813
SHA256f9fc34a7321e5c5a81ce1f107bf5d9333d7cde73cf73aff7126c3b3b30bb9a6c
SHA5126d16e5a7b03900424b3f4c123cb8beb873910f6c4fb5f165b9fe897d6e87e2dcbcf0819556b88039b90bfc570094943eb87166ff05aed1b43ecfebcf7761afe7
-
Filesize
79KB
MD5dd683285605e204e3d3bdad8e98471a1
SHA1e226c6bf973aefae91b676153a66b4e892a53917
SHA256d0253763f7042db5cd3f4302920113a527f5735bb8d4a6d92af2215afd1c3542
SHA51249d47aad5ec1934b86efc1ece911a298c2b2952b0633f42a7b8f153f12209c16d5f1cd65ed9ccb2ce236b844020d821c9253142067258ae370ea8e566a53541b
-
Filesize
57KB
MD575f2e6d81339383121abaa38818c6923
SHA19099de8de46e74ae546ca361afc396d40f656700
SHA2562e864abe8e05a792f68091278f411fc8080849a0657d63a4fd4b1fabe043b297
SHA512a7e65f739fbf198df06b5fe5d6ef14dc36bee22845423ffa2995aa522c6e89cf97f56143f6c6e1a5fe5ff56e4c65c8a647ed7ec9d02fc246db3f845e19f51fb4
-
Filesize
105KB
MD5fa0b02a8aa85ffcc152f835e65d6e114
SHA1e9dca44a74ed3f352670635327555dc4c1c04e03
SHA256ad9a9618382290f28b24eb76de01d9d3be4f1d8a782cf44114640f18d3f42a2b
SHA5123a8f088e6f7be3fd42c661375aac2ac7a6d54a57f1c0142b33dfc92d29f3bb667abfcfbe9df793685f07cb4baa09483785897995115873ce5e7a8228ce7443b7
-
Filesize
477KB
MD5247ea765483211b63749fc72acdd038b
SHA123cc9d208751f7c3f6b7071e360972176bffc47b
SHA256ac501519b5412aed5387103fdd031bfe8d0f5b3d8aeada6e9fcc369136b1a3c5
SHA51273565fd47db1adc668773209843fd4aa48ec4c6b5b807b537b40061d3990015f6dba19e4f49cd095a1936b57c9433d7da7a2ac313926d41edd28012009f431f5
-
Filesize
16KB
MD56ea35882934000b0fa201730629e319d
SHA1c44656da94c255b8a17be5b1e3f3d54ae88cf012
SHA256aee7e52c626a32de21e70a3389c4b92352fd14ae5fd1c2a6ee4268c390483784
SHA512ae64d7a04628aebc5eefa723a42a41a32c1426f4e134a50016063c0d5ea1a42f519faac0858ad5e17bd01c6ec215089e74ff7a2039ddb84aee608f8486a0a960
-
Filesize
87KB
MD5218a7ae99a9443dcdedafcf5339e01ff
SHA1d131cd56b6107943b5b2aec9deb80b73854b0286
SHA2568ea903cf2128a826c4e737a325eac95e42ce0c9e7cc4b7a9bef4e393dd0721be
SHA5124765ea6e54708547c0f4cf9b353fc4a1d68d44ef7c909c66ce3d307ff9ad174e80a9f7987655ad77c8d1c1ffaf5182f312a17af499ab4cdb589a8a7be721441b
-
Filesize
68KB
MD56fa89a45d5ddeb9dc068f8f6f4b89869
SHA1d6519d0e799e758e52e1330141c66a2e70454bb0
SHA25641eff479c1ecc7b5054a5dcf3f75d531e42cb5261e5c6896fa6aa7fa9900a0d8
SHA5126297fff22c6604ec83f90058abaf38c7661b2fb79cb11c1870e2b21074e53522cc98f3f42f3d6995cff365c222c6cf597fbd98cc4ee13456913a904e6bfe74ac
-
Filesize
66KB
MD51f76cf409300b07b3598b6ecf3372379
SHA1e7bf2a9fdd140486f5ff7699c2d56ad3f5e13b5e
SHA2568964c99a2d8df3c56cea5783b0ad3dbbf5799f1957ab5f9395f5efc0654da3bb
SHA512b08b00cc2c9582647f3b390088c86d6ad9d8ca683fdf576c3b598a1b4f0adfc95c1c93c2217cbdb57420df002c65958808bf10ffc6a244cd5dcea46c952769bd
-
Filesize
2KB
MD541958c5e501a5ec608d3de0a7f474808
SHA103ed2d2d98a01e1d3db490c733fc0c7578aee9df
SHA256e97c68a6d6d7d6a750d113affa394c05fcd7ba4abce2282f08d1151d0fc24396
SHA5125a06a58bba1a278874a37c59916a31d8bd48a4243363a371295b72fd270c9d7bd5c6d093aff8bdaff08f886e652609c3d9340cf58d0226c3a73bde5405850a52
-
Filesize
76KB
MD5aa8adbdf71a017577bb4ba27da22cc35
SHA1c6a55c713c748b29f60340a4e8fc6d592e07f2c5
SHA256aaf1471c381bb8d8ca4552eea77e9c22d41008ad587aaf61c5f0287d9b137441
SHA512bf3ce6e99386dce918258331cb242aee05f043682294ef9fb6696f381a1c4bfc9476ad7ad5d11371ea836b76ddb7b657612e58c9a876b0471074289002d59631
-
Filesize
33.4MB
MD5d17274bd7d60ed5a616385404098bfd9
SHA17c7095d54932146fb344b5d370cb2fd72c4f0225
SHA2568ca53dee0a91dbd42e72f9d84f04d5bddef98a1cd99c3d8d82695227f4cf687a
SHA5124cacac23d82b1cd796baff7c2fd1236355345ad126c72553d01ceeb94bee5bf9552752db7d85c9f15b9e039afeb1eea0d8ae1e9289a147a3830099608804c81e
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB