Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
-
submitted
17-01-2025 14:35
General
-
Target
https://mega.nz/file/l5I1CYCQ#mVQyp51V014kSme2DjJgSrGAFiNbPPWz9OV0emxh4TQ
Malware Config
Extracted
lumma
https://comptetscant.shop/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 57 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/l5I1CYCQ#mVQyp51V014kSme2DjJgSrGAFiNbPPWz9OV0emxh4TQ1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe947846f8,0x7ffe94784708,0x7ffe947847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x228,0x254,0x7ff63a4c5460,0x7ff63a4c5470,0x7ff63a4c54803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6448 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7476 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17020441456867255951,11705191718603770866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3e0 0x3841⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\" -spe -an -ai#7zMap18256:122:7zEvent142101⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\" -spe -an -ai#7zMap26614:182:7zEvent150321⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\setup.exe"C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\setup.exe"C:\Users\Admin\Downloads\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\#Pa$$w0rD__5567--0peÉ´_Set-Up#@\setup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59d9e89a46ea1c979d600d8ecff95392f
SHA1a03b20076c4a9bd34d03af90e43d5815943d187b
SHA2567d5e0d521951eff280f780f5134b8f1b4c614bb4e96ce15577201272a1e4478c
SHA5127bd673c3e908e62928b35bb2ca183a79e575775a1b76b1bd3e584c9da331d4a4c213b3de25fe209090504ce0af3f3823a27767196ed81cceb7f881106e068429
-
Filesize
152B
MD55e66a3d46ce02326d71914c69bb1ff5e
SHA191ccf10b11a8c2d127fe825840b0f5a3c5a51513
SHA2568408d688778cfc5151fd454f1182175674719a8a5709dd36aaac95512c7b1054
SHA5123fc4c3299a000fd48b25ec9fa88d87892fe60b3e82005195d0afc80e028ff270e1429bb2a4fc07cfcfd5d8c23a44283c92a11f9ff11d28ec951331e3df05326c
-
Filesize
48B
MD5b51ddb63475a1c32e9a225264558c66b
SHA13aaa19b9b7b711ebab646952161ae1d2ad3fc3b4
SHA256db1921054873e0b7f03fc050b54574417e6af8806d5ce369505ab5d9734415ff
SHA512b873933b52d41c24f6fe8d1db1dbdc4a21a5a86186e9dd02842c1f7851d107a50bc51dc9d093ddc3421d590a9c277a34c53e640b8c55e5398fce50ed8324ea9a
-
Filesize
72B
MD5e494c3eeaf2b93fb4fb3e7fa5f89dd5e
SHA1a6bec0d1f87b94bb87c304deeaeda7f6eac50571
SHA256172d4e6d52dbdad98ef8013b5d307bef304912d69e0255357c09886c7a4b77e5
SHA512cb91be8e325e1b072d9f6fda570b2d8a86c0d7fd0ea75a493b8f3feddf54bb73d96dea4adf3080f92b93898cf066143a07be6456dee6530e17b50a8bcb93a4cb
-
Filesize
1KB
MD5035fc8666a7c359adfe961456d591520
SHA1193c4f4d2da7dfa27ddde951bc51bd7114d4910b
SHA25666fa108b1c01a26d8db9aedadb409438e1502f905bc836f7ed156226d51fea5c
SHA51252e095f01119c6a1f46b21bdf59a3eaa41bde0b00d3363a2062ee1e577b099c87982a8ee7334aa3f1f9ddabc8d46f4984c939c52d871ecc658cde2ca577e31eb
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
690B
MD51ac2dc41ea18d9f3bc22da2ea1bcc2fb
SHA1a4c0f0d3e6dec0fb6d2d7add5032c183c27a96fa
SHA256296933f8c3cbb4fdbbda7337d8ddb28935fbb71d02d424ecf75bfdb2199b474f
SHA51249a6f511e266af7314c7022660ab28adbabd379ff9156ba7153c7b29b112eadd4d8d7cdb5bdddd509e9b607a657906fd0dcd4c50e8ccee6a08278bd1db9629c0
-
Filesize
5KB
MD529ffb27ff7dfcccf8fb1d0aecb078bb2
SHA126ae51e02a7ac9e637c7594dcf38e0dbd7607d16
SHA2560d7b797b52c811cbfb0d20d8df6cd04955d3e101e4bc25231242c1f0b8fc0ce6
SHA512124ad80bf0d772751c4811adb849ef8724a147e1eb885cb6b408caa0606265f7de45f71ebe048f9e725d6f8051c28cd77410fe3398744d7d6ac0fe9cd5185368
-
Filesize
5KB
MD5c45c545802787e59bf0c4f6cc0363c61
SHA12fcdffd3eb78af746da3b4f351cf9f117d12be8f
SHA25614e62d80a50b58edadb383be749727f45cf8c2ed32b781c1c85522b051ac3b10
SHA51212f160273cb5e1069ed04a6bf30839f5b07d7001f2189bc6363dac10b7214321efd9dcbde965b8a83fde535c98a8639dbcc838a95effb7b8e2f1104717fcaaaf
-
Filesize
6KB
MD57a6defd02730ba980b900cfb92adbae0
SHA161fe0c05de1c350cf27414ab9c77d1373c3656c8
SHA2561bd08406f92ac5ea60c4445a0008de7bf01a5f8cc1068760772c6afc03c6fbd2
SHA512beea3493ccc3f333b8c4742bb62bdbd951c5b89f22c6bc2938b375af025a3892e3c5d309eb2fd1292d0f44490990cc8cab10dad2ce827e31cd3f450609209fbe
-
Filesize
6KB
MD5408b626895fc290bb7b6efb49cb8df59
SHA1635f91b8d15317635feb15d05028f6f93de5a1d9
SHA256c9e0e8b6e67b736fcb0b480f4fc43e2f44252a4fe41f1503b50a85801f58c411
SHA5123089dba91b9d2301616e97b9487d26d4a2b5c8f43031afd4fa8e7290a0dc21ac8df8ab54c42ddcaa507ce1799651f7c5f5b92803bc8a71336f2d9868b7ba825e
-
Filesize
6KB
MD59832d6b9f56a786259bc657e4c6aea3f
SHA1666071b6b0bd4546aafcfbb82a07afed0ecfe800
SHA256d24667247d12b5d1de24689a8afdc4a4101bceafa4c253e63b853af435a766d5
SHA512a46c38e23e52f9fccc62dc663a0731ef6a7996f5c0a574a89e528199586945b617b3df6be7b2fa06c0c191279df1743696ae33af6c609dded876626fa904e1c2
-
Filesize
24KB
MD5ff5dd20177add5f2fb07a017c096ccce
SHA17afe60457ca44419c3421847c4202a50fd4b80a8
SHA2560e18c1f1f59aefdb789413aefaeaa005421e9369195f7c35929008ec30b50cb0
SHA5123bbbb7e4af49e8a92b5dba457567a249db23b50a1b4a79c33bc38a14e5dc4ae9dbf480b6f42abfd3da28af57c06aeaf4b0b7f3da39b712ca49981c8c7973c77a
-
Filesize
24KB
MD58bbb70b63ea38955801783c83b928cf0
SHA191e76aa432aa9b323f7f8efb7dc94fe0b9587496
SHA256e31be9b1110c9d3f71b40293c8f3d21fbdb1d53910d91dad2ed1f29c363102cb
SHA5121172db8453c8902fe6ab8e417ae44da691b72e8e05a50c85d5bda1ae3cd6b54407b1393d9707cd152bc37ad56b1c380ef23dae445f8f27e35844f6233132804c
-
Filesize
72B
MD5ec692b4f63f20e1c42476c831b3425d7
SHA1017f81c90c804e61d14ffcad41bf3b36b4b945f5
SHA25609cc84a64846de76be2323160f93acfde70af906fc971de6ffcc9aebe3e163e6
SHA512e635ff63077f305916fc130a2552cae795b92ff2a22587a0db226d21aac66fb5dfca9218884204b9216ca2e0921df0da27c5515e8ee255df9d694aaacd19f7f3
-
Filesize
48B
MD5babfde847018b89af9bdf3ebf8d3fc33
SHA111847e7cc4332b0cd29419a3efb17a4b3e678557
SHA256c0dceb57d39ad6d4d4950ed20cf68c16850f77a94a76d5c4f57a6a4d2b88ba0a
SHA512906006976a344ac42465218c38f6d8b7b636c349d5d899405d7dfeec27b31b36e67a9cde2dd43d6095495ba5bf775d8502f8848a19027652b9017c63f66e22d3
-
Filesize
872B
MD5b2fd2fa17f1836b1205f9e2e5f65795e
SHA179ca634685dac6433579f048280d451af84f6902
SHA2561a839d70fad7c2dc0b36f19bfeaea1f011b21113fcf307b4914179f6e837dea9
SHA512ff76dc3e01f4271b2729334a659a326f421481bce299f4b4a984495a94bf8f804a4b080347e9547e8df0a2d8cfd048bcf260719afbcdbf5fa151394341517a12
-
Filesize
203B
MD51a5ef01cc1c3dfcee2478f7e23d35478
SHA11c73b7b545d0220cc25430e8427ddde8b7d3ac91
SHA25655be93948d05b0bfa759a95fe48506bd5d19496107f5c4a4ca3c2091015b97cf
SHA51210ff1f8ed03cbe8e6044b1aa62cce73973ccc984ac32d539bbe6f62394306b817ca1f6ff4dd3270bbadf951e73957495c43319814ef1b507d2c7d140e097cb8e
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD54c2a936e4f5c78e0ce21fd09ad00642d
SHA1cbdcd347652b5770ebc99e2ff097e7ad10692acd
SHA25650ed6b702362d248166bf7632b804eb642e2f5b6041720a747c28871aef4a30b
SHA512b01bb39cb73963cd68a51d186dd96d770a623ef5c3f2cad286c07b65445579e6c6047b08170457f4ea5f78bedf8724ffe0754b60c62b673d8976de4e51ea3a60
-
Filesize
8KB
MD510cc7e792c41f869eb343e2602c99a45
SHA1ad6dfe048604ddee14a9c90a85a3d375b5982ae0
SHA25616720db00a6ebd48807871127dd94ef5974deea3db37fe5913ab27bd40d22617
SHA512bb3fcda1cf537113f9ad2bfcc5ce319043ae8f89c81de28d317839459da3155ea0c2c403193fca0904c51cae7e4e59b7ec85a9e9a9f90befa1d5a9c58e30c154
-
Filesize
10KB
MD587d54a1a64f86b87a8624f0e8c8a2724
SHA194aef403f9c16c2823a03a1c9336a3d14dc2a7be
SHA256bca43557517b960603d842c48252172477258097670eb875884b78c2aa979d25
SHA512f111b682fe47ba07f8e1d0fe4988f30488c0439c818079cca6b274ff7d323b4ff2e7792ec18ca131260476d6d4f4026e8a977d4b9f4198360f79552f807afe58
-
Filesize
11KB
MD570f3dcb9a5127cef816eab17c82c21dc
SHA1d1b12a46050ea0bf1442602d4dab5e827e2fd3fc
SHA256989da3c66cd69e6ede72c76a55cd4bdf1600a52f464d8b64b214117a05c8773a
SHA512619c9b83f216c7ef5b02cb9668c3c067dec0c10675e44cb4e277bfa39c387e466dedc644caeb2903bf85cda7c840c14de491cb279d24dd6fce2cc0eb1834cbd2
-
Filesize
3KB
MD5627ede383f9c2d919b16b3ca54dcf55c
SHA10b083e2dec73933d47a5fa36b84224356da9d589
SHA256d4c3f7d6032a747a5de60da964b512fcb5fe9328d62b2b96a1b3d5784d862c1b
SHA5124adb627ba8a88039e428da6c0d904097a48bcc43ccb05209dce054c71d269abb3022fe1841713fa5188ea4c86751276c5904d305c075c53b3370cea6e249046a
-
Filesize
3KB
MD5a99940f2e1c599e800513ea70fd02988
SHA1f7383d8795a23788d9a10e503ace0da8c1cf2013
SHA2569c10a72d883e633bfbf79f26693d1dfa515f6c6edd3d9d68437c0267e0cda199
SHA512e07638e30f09aa6dd2517ecf70a3c1f9047f146054fb99e5c1e5b64d9e0732c9289e31504aaf6b15ebb9ddf67fbcfb48833a0fe753d544fa8b27bb842688cfe3
-
Filesize
10.8MB
MD5437e0c7c131718c16a2d34368c3ea31d
SHA18fc78cfd7cd9d53fe2fa158501ceb2562d8b4df7
SHA2567b62eb49af0f5c49c71b0371aa9fbed5e22e5af28ffb28523110d2f8c735dcd8
SHA512d933a313ee04d94b30182bdd0052720b68ee5bb775447b7121512690a2aa75c3eef9a127f66d1b72fc587c91edb19defa54eaf1f2176f6b725a3aae3b4252cdf
-
Filesize
10.8MB
MD5ea37985516cb78ad59627a534623b827
SHA10905a23747eda9c05fdb8b9b2289a8b117fefc0f
SHA2567bad5e968304e285506d4c98c0821f169b606a4a1795143c791373cfa6a88142
SHA512c2658b93ee77f20ae11b93fb8335034077523415ec0074d21343465586330849247614ff0c7f60d8d6222941dc0e59d02f795019c768636577591504cec7f33b
-
Filesize
2.4MB
MD5ceea78710c5247be6a4dda72a209f3d5
SHA192d6cc42c820df8fee42748e1f778d3265cf582a
SHA2566bf12cad0c848c4ff37152c30d263188d07da8c5f17dac4f49c2ba0691221add
SHA512e2164edb3eee4bbf97aca6da81b1d2cb7b35bd2569d72c8f0a9fdf42738ae83100a399c7c831229706d857a4d4adbd5ea5cf1ab50b7c0feb43954bb9a7f44471
-
Filesize
3.6MB
MD524f93fa5964ef5dd8b7577a30eea068a
SHA1a1746965394b757266ed4f051b7be482dacb5236
SHA256123d867c7fc13d165309bdb720a13c8301625b00165923a482539f29fb40c2a7
SHA51204d292eca8153b82279299583e8845ce143af8340dd5eba546aef1fe2f5dcee636e0133f85572b12f6bbaa8c2897909497d11facd7e29aee6c514cd3bde9e180
-
Filesize
328KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB