Resubmissions
01/03/2025, 12:05
250301-n9ewpszxft 1001/03/2025, 12:02
250301-n7vjda1mv9 801/03/2025, 12:00
250301-n6askszwhw 1001/03/2025, 11:57
250301-n4qe9a1lw5 801/03/2025, 11:54
250301-n246mazwby 801/03/2025, 11:51
250301-n1j43a1kx6 1001/03/2025, 11:48
250301-nyxmda1kt4 601/03/2025, 11:46
250301-nxbzaa1jz4 10Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
-
submitted
01/03/2025, 11:46
General
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
Malware Config
Signatures
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
-
Downloads MZ/PE file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Program Files directory 55 IoCs
-
Drops file in Windows directory 4 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 51 IoCs
-
NTFS ADS 2 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 27 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 43 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb2af43cb8,0x7ffb2af43cc8,0x7ffb2af43cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3380 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\NotPetya.exe"C:\Users\Admin\Downloads\NotPetya.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #13⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 12:494⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 12:495⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\1CCA.tmp"C:\Users\Admin\AppData\Local\Temp\1CCA.tmp" \\.\pipe\{774C8696-D2C6-445A-836C-5468077D729A}4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6700 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6820 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10939085693118305776,17210751912685582982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fe68444a298dfe7ce3afb15e1e04dc2d
SHA1ce8500b8bc9f8033bf5f6b28174d04852e996cde
SHA2564fa17fcbb66e9306869abf881cf02c7b890bd34c34852c8a8f0e276bab375ba0
SHA512ed3aec46de266977a45e00363f3e258e53e9763fd5304861d2a7582344f6364f9dba20d5a13e6c2eee42e6bb875eec2f3e900f45cc64bf911e7055008c2374c4
-
Filesize
152B
MD5648295913e8e74a91d84a0bd6dfa0efe
SHA1e42c17ec7e237fa16204bd204ba0d47c2e7aa057
SHA2563f46ccf49be312c1e7b3cd94ff1d27970975d6a80e052769daf31c772adb260c
SHA5126e3f03fade65388ad14c2443300f79d028986a7863d32ad731a3b1aef4bc4937e7cb150c814947befdf4d2a8510f70368ad35621ae854b9037e46488df7423e2
-
Filesize
214KB
MD5d20fef07db1e8a9290802e00d1d65064
SHA171befda9256ed5b8cd8889f0eeab41c50d66e64e
SHA256f9cb4624d03224bfce50c4c0e484418acd462c249f38b4684e72b27a1f30144d
SHA512ad5b2c8df60027c6dd5104bb8c2357b04eb24d69245c607ff99a6f2a887f929428252ad793d9aaa8c903c7b1e1bf9653cd35f79747d5281e7e3d2c21fa828537
-
Filesize
1KB
MD595acbf3dcc5692b1f5cf22c73e1c5a76
SHA18a13754e893ec4a7f83be3cc5aca927bafafd25e
SHA2561b3238b38342cf00b492377a4211017512ba27c3c75ac69df7aacddddd82d9a3
SHA5127bf126eca214c066f2ec6c80b669dc897950f583bf3db366abb742f81438841648178854cc8871224b224b673e38399039ac8a85c3fbd8d427184696897c1738
-
Filesize
1KB
MD57a7cdef1585972ff3ed42b4f89bdad25
SHA1bc2f9ad2f407d468f64eb1a68d3d86ac1c9d1231
SHA2563b895caeecb122c91f6800afa17abefe63d02387efe8f4b02d959dbe538091cf
SHA512de93846263427b833ba5eb3f32250225aef507e2072185e90ce8a3af3d5ce427b5f018f69b3fda7864d444795a118a26afb7b49014acba0c92ab96abf92f9069
-
Filesize
579B
MD55ccceb06c5668d53661fc823f86a4188
SHA1fac1cb2b15040645954e40d2e847d3e35d341202
SHA2560c386acb38728b0604f85b0de270dc63ed1e50219fd8e9204b4b989319999664
SHA5128ef95be0c2e821a8f99f47602256c2de35d3c01cfa1cd402d0836b45b4ed74b392f60b0e863cb16161c0cd07264cb8ac6c986c3d470002267c8812a15e8a2aec
-
Filesize
5KB
MD5a5be76a5a187e288b2f51d006fcb96fb
SHA17c2d783b18c7bcf83a21b9a25e727479e63606f4
SHA256cc825c6a53458ee5181b24ca0ae72d79a59570334918a024363b5a5bd2eb1b8d
SHA512c18a2d50b237bfbdd8c1f23ba5df396b9f40239d53444c3d09743df6c2c72b16f8113ecb800ae62a8792244c20729559484f0b2aa01b2743e2c9e5908b718f12
-
Filesize
6KB
MD52f1fc92fa4a94a1c3c16f1dc946a7fd8
SHA13b456ace2c575b4e26f80db7a0c7a3702944fe53
SHA25661126af2aba967660327f31085bc3aaa53eedc867030c1c30428c4703c7faba8
SHA512cdb3912e7631ce516d589c5cfb7a8c205195a30b5995617eb0025d58c1c8b2c687206ef81059869a2a67c359b1a206dcc22a20979bb94b7f03c0b519ddcf09d8
-
Filesize
6KB
MD55e8b3591e36f07e7a152226b58b1191c
SHA19c88d5747f910ba6bb9f555fa570b6e882adef5d
SHA2566940a90b39edaebff2ee2f091f386b43f6c5e64041eac1b7f828ecae2ed5c185
SHA5126c94c98aca3f4214523a16e6b860e65be9b0f66ec85db760238034577b6a97c07776a05bf55096513fbd01fb230ee9dbaaa020790e63d30af11edc5a8210c4a4
-
Filesize
6KB
MD5f9441c438e35e0537266743cff98336c
SHA1446620870dd990b7fa66e1093b84c447e0cde9be
SHA256ef900dc670a5d392ad551faaf885c85d7f9484a34b10d08a4c934f177d5b32c7
SHA5121f00ba7971573acfe763f3bd356debda0967d7234d9034166a8cd88296df79b33341b07d5a668c531f3ae65753d3672b9dae1ebef293489da0a63b1fc97cf436
-
Filesize
7KB
MD5a949dca4594c8bcba70c2ed549812efa
SHA18ede00bc389e5cbbc2edacb4a9657848ce9f1b19
SHA256e7855aa7d0d74359622fb9e044b26c69233779577cdd096cb92fb13428e38acf
SHA51281548532d2517427e1e1fc0f39e794d77697576daee1cfac95063d1ba6d15e87eab9d112827a9d9c7a539560a853d8fb0b868325c11fca3e730298ac1dc0d721
-
Filesize
1KB
MD539cc881db69307527f8220f5dff4596c
SHA15e7bfc635930441ec8c6a53a703a430eb63f54cf
SHA2563d807cac03c3f53b785ea3c396ce357a32b78f18ca790540ab343e350ba3b751
SHA51215e52282ec83ffd2601170cdbdd73034870d3230205f3ea505ec47d922b70e23824eb36b41bc2e00c9bfc6621917c4cc6627dbeacb2b05b7f2620d6e8dd5c4ac
-
Filesize
1KB
MD5807241f9a7bd2c7253a3565ad81997a4
SHA16118ce8295236ca2d08aeb28e8e5b0525cd9c7fb
SHA256456abe937a41c8dd86cab91839b05fbcd7fcf1831c182605690fdd197cf73db8
SHA512ca776406d4d511d200c9260752da4ee1bf7a8e1aa42c6fc96321655cb22e4101166f9c9bd1dc2b6ab067a0d1b2f49d7246b62b6e5ab9e8552468a5795b7fd7be
-
Filesize
1KB
MD58b50fa3d4490cf5e2dcc459e0d54ab4a
SHA16c4c52187f72ae729afefa9d25a6f56bfb9de7d2
SHA2568e6a4f6cb2ec557b67ee3c1fc628cac9ca4700bda0541d98ba7e3b5e89d2096a
SHA512143868f30136ce05b88605231353f81050469d87bbd6c4b59b6eb08b53b44ea331f3de830243e2f207806369ab4ef93aaab032c77ca27760bea31355e3badfe1
-
Filesize
1KB
MD576cdd62f837e0526a3ed42bf04ad7a91
SHA11d1147cf2ca5e53372512ae7d2a2d82763bb462a
SHA256fe41da8b15d81565cae1979588d83c61acda45a22c4ac5d1f8ee76dc668cc65c
SHA512bdf4968314d37f4709482ffc9db905921ac63912bf7e1d531b2211442c556649c015dea76a2413746460c67fddc91a65d1ec9b089b0b4943db72c3425a5e31e0
-
Filesize
1KB
MD53040420ae26466910b1e18df44f6bf7a
SHA1a83bff0d60745b0b6a339dad9ac562b3c752ff62
SHA2569efac1de6451141c106f1fa294d4cddd26902e36708a4d0ccac6f034efe170a6
SHA512fb9e1d92a267fa20f0ec8d04c74a0c5448874b73672c65e17f7215e985b4ce125a396c783e419831bd203d395522ed9947a6c415182c100f36794e698a4bfb32
-
Filesize
1KB
MD5d2e33f536aa224a7cb1f01cbbb387ec0
SHA19de73f6ed6f2009b89b902b7722c3ca2f9b8433d
SHA256c93c6ede674dde51991bcc1baebbc2dcc508b773eb7d8741d00efbab6ae7a4e0
SHA5129a6b6cc2ce738e57074d955d9540084a211fbab26eb798a32d289e2e1378912c639261e03d7e855b2c42666606d62ac3c7b7d14bb5f6635a4b0ab7f881b05f62
-
Filesize
1KB
MD5131b009e0203e61fcfb84ab8d8f31e9d
SHA1602553c30ff0abdaa9d9958a30422d2146a04330
SHA25610a1ccbdb06cabac7bda34f9232549c2969d2f67b7e97d45e1f1ff5a2bc10551
SHA512cec765e43ba7a5ca29bfca027bc52be2699e3c34a03a8ca7e903a56461a642fc8f0ff1887664a8b05a0f8d2492535bfdfbfa4f45ab6b9f320a439f983256536e
-
Filesize
1KB
MD554a8792ebc812f72abf091de956c0325
SHA18df99474aec11c465a0fabb36ca554b4738cae66
SHA256bbb906b948ead23d8a091654c8608bad0f5168abb8d24e4cea7d9bf822ae49d0
SHA512144bb1de6dfc6134db5e947ca222713f2f91b22c928884494fb325393f42583c4f4c670b4ac1b4f2c4011fe6682086069e976317652b0d940be9e176e3d7e1e3
-
Filesize
1KB
MD56a0093d1a3b8abefda90f6c8d22aa787
SHA1afe2136d1c938ed6ee0389fd1cb1216ee7d5ddd3
SHA25638d5fc0181aa291e320b752ff2bc57a25983701022660c0d6a927863c774de20
SHA51232c6436eeb1ce9193fb90b1febcab96d0262ab396c1f2a37a3d0c1e10ce53448a05dce9c1f4d0c58bfde5113829528776e84639390f519cb5ce13e593533af04
-
Filesize
1KB
MD55b9e84d1eb87e5a2c76c4bf65fc1fa74
SHA1236e5b839c3f2a163450544d565aa8f6f3bb33c1
SHA25617e12ac5746102fade4c0d7c0c9d4930f49e77e3b1fcde4ac61efe974cc7d234
SHA512a722cdadd9cdaf0e7af253cafd2c5056afa364449a3f76dec36ce969958db0094168dd5c8b2bad4d7afe640d1bef199a6dd4898c87373b842b6d40406093bcec
-
Filesize
874B
MD53b29f000379103a1736322898f2793b1
SHA1e68c2175eb8ec28befaa47a9e11d15340998baa4
SHA25675ae2fa4207f29025339b7c506a0dc36e631b90ef839ba5a61907b131c5cde5e
SHA512df294c34f02549e1aac0c20fc5e786afc3e3fb1e521f802fec913be1b4364618317b104e4daf3d861667654cac6b24f92658e4cbe2cf8195edb8360d60cd3680
-
Filesize
6KB
MD56adfd64ce758fdbb377091a4e0dd0093
SHA1203c5d0694d490e14ef745bd491c148dccd99c5e
SHA25624249249b87b24df857347dfa9abb652c86fea852d67ab1d0eaef6ba39be2cf8
SHA512118f816003b46d93be2fea25f1c294a6e9990a5d3782ce97384fbfa3f37bedb1bb7189cccbfd4452f808704bea836b17442afefc4d37444891a95155f78bb546
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD547aece8cd694cce86d542458decb57bb
SHA1b1dc0a4faebc2287ea5ebe3ac450f5fb8126a981
SHA25634ebaa458e3845b734cba42e0bf2056fb71b95150e4707efe31edb8c564b11f3
SHA5127bea15aa0efea14bab7a3df623365283618967b9a3cdf71d51c9df4685f0346dc826402cee19ee6679f9d6234a70dd600de82bc0d306976d974f6ce0ef7917fe
-
Filesize
11KB
MD54f9a086e0382a21924d02d3fb1ed6108
SHA1e6b867a394287db60bdea47285bcc00c39a6e281
SHA25638aa40cb1934ff277e2a5f758f8b4815ed45d46a928c9e273826d815b52459c3
SHA512c8c428ce5764bac43989511c8edd09c85b8585010a8022149f53e16377edfe454eb62be252dd344bacef7253f003d377d5867f37fd6fff8385c08b22c413a35d
-
Filesize
55KB
MD57e37ab34ecdcc3e77e24522ddfd4852d
SHA138e2855e11e353cedf9a8a4f2f2747f1c5c07fcf
SHA25602ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f
SHA5121b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587
-
Filesize
306KB
MD5f865edbb0f45c47b5c85ebd796290b51
SHA1b87f83bef23cccdf8b1bdc456c11bca523de4edf
SHA2562416260eadf0d674f89097a2d29083d7db3fcd2ed6758849c984cc325baaa0a8
SHA51295a6e4d46efa085f8534820088cac57546da81e8819f921cc0c2fe1a7cd78a56f841acc60004627774f4f311ff7bd786fc3c5bc6a7cbf818e9aa10a965cdd34a
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
390KB
MD55b7e6e352bacc93f7b80bc968b6ea493
SHA1e686139d5ed8528117ba6ca68fe415e4fb02f2be
SHA25663545fa195488ff51955f09833332b9660d18f8afb16bdf579134661962e548a
SHA5129d24af0cb00fb8a5e61e9d19cd603b5541a22ae6229c2acf498447e0e7d4145fee25c8ab9d5d5f18f554e6cbf8ca56b7ca3144e726d7dfd64076a42a25b3dfb6
-
Filesize
353KB
MD571b6a493388e7d0b40c83ce903bc6b04
SHA134f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
SHA256027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
SHA512072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB