Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
86s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
-
submitted
11/07/2023, 18:58
General
-
Target
busavelock96.bin.exe
-
Size
332KB
-
MD5
881eb9957ba912beb13685dc507e7724
-
SHA1
b4aad9a1adbe5ec389c15502d57440d0a29bfdb1
-
SHA256
aa7d8be213152f35b5bd6e74f60cf14d5b7a88909ac79b7b25e6bf5b60ffad46
-
SHA512
9ca26fcb63a3d6bad459c0d386638b4f1c5d07ab1ebeeb6b958adaae77fe9f277ceafd5a050bef1bb34b6b5aebc0c2a314334ecd4b610bcad296e2d4ceb79680
-
SSDEEP
6144:PbDN9i3aojIaWQoFeyDw/VG4g189vjHBqVYGpLRztkT:d9zOWQoFLDw/VNuoytkT
Malware Config
Extracted
C:\MSOCache\All Users\How_to_back_files.html
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (7552) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes system backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 25 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 14 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 39 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\busavelock96.bin.exe"C:\Users\Admin\AppData\Local\Temp\busavelock96.bin.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c rem Kill "SQL"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c rem Kill "SQL"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill -f -im sqlbrowser.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sql writer.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im sql writer.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill -f -im sql writer.exe5⤵
- Kills process with taskkill
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill -f -im sqlserv.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill -f -im msmdsrv.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill -f -im MsDtsSrvr.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im sqlceip.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im fdlauncher.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im Ssms.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im Ssms.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im Ssms.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im SQLAGENT.EXE5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdhost.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im fdhost.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im fdhost.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im ReportingServicesService.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msftesql.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im msftesql.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im msftesql.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -im pg_ctl.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -impostgres.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c taskkill -f -impostgres.exe4⤵
-
C:\Windows\system32\taskkill.exetaskkill -f -impostgres.exe5⤵
- Kills process with taskkill
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQLServerADHelper1003⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop MSSQLServerADHelper1004⤵
-
C:\Windows\system32\net.exenet stop MSSQLServerADHelper1005⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper1006⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$ISARS3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop MSSQL$ISARS4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$ISARS5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ISARS6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$MSFW3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop MSSQL$MSFW4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$MSFW5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$MSFW6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$ISARS3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop SQLAgent$ISARS4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$ISARS5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$ISARS6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$MSFW3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop SQLAgent$MSFW4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$MSFW5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$MSFW6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLBrowser3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop SQLBrowser4⤵
-
C:\Windows\system32\net.exenet stop SQLBrowser5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLBrowser6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop REportServer$ISARS3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop REportServer$ISARS4⤵
-
C:\Windows\system32\net.exenet stop REportServer$ISARS5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop REportServer$ISARS6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLWriter3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c net stop SQLWriter4⤵
-
C:\Windows\system32\net.exenet stop SQLWriter5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet4⤵
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /All /Quiet5⤵
- Interacts with shadow copies
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet4⤵
-
C:\Windows\system32\wbadmin.exewbadmin delete backup -keepVersion:0 -quiet5⤵
- Deletes system backups
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP4⤵
-
C:\Windows\system32\wbadmin.exewbadmin DELETE SYSTEMSTATEBACKUP5⤵
- Deletes System State backups
- Drops file in Windows directory
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic.exe SHADOWCOPY /nointeractive5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest4⤵
-
C:\Windows\system32\wbadmin.exewbadmin DELETE SYSTEMSTABACKUP -deleteOldest5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures4⤵
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures5⤵
- Modifies boot configuration data using bcdedit
-
-
-
-
C:\Windows\SysWOW64\cmd.exe\\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No4⤵
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} recoverynabled No5⤵
- Modifies boot configuration data using bcdedit
-
-
-
-
C:\Windows\SysWOW64\cipher.execipher /w:\\?\C:3⤵
-
-
C:\Windows\SysWOW64\cipher.execipher /w:\\?\A:3⤵
- Enumerates connected drives
-
-
-
C:\Users\Admin\AppData\Local\Temp\busavelock96.bin.exe\\?\C:\Users\Admin\AppData\Local\Temp\busavelock96.bin.exe -network2⤵
- System policy modification
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c pause3⤵
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5641⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5adf8234fb338ed122846667346c1c127
SHA1ad55a793ee363784e2f7883225a9fd698463f19a
SHA2564cf9c032e2873d2b95b6faf9c65019e4474eb9aeddfaffe85b0e084d07ee928d
SHA5128addd01a821aa0b7a542fee1f8d698db79b134e0eaeedcb840e1b303ba43bd0e0ac67c13c479c9443d818840a8f4f63c754591edef40c51e77bf13a56b43950f
-
Filesize
1KB
MD53f6d929177661dae9c852665e58801ee
SHA19f88889ac3669d87ffb87a954ef85bb44540dad7
SHA25632732087328d4f022810bc95e3398ca7f234d7a5bfaf23975812132b3f6e185d
SHA512fc35a3a9febf41af85be909bed752ee799ed6aa6d2004b8d70a96fa080d6b96b0086b2b8f4df9d4f3364da6cf676ddee59b92f285d3a1b778aa27e5b829b4f62
-
Filesize
1KB
MD5679c1ddc9333336be98958a6610101a6
SHA1b49a628f0408629d96fca880432140232100afd9
SHA256d09ac2fcdc3468663c56dc128c1b7a43f1032e651e2752b7cddcff7abe6443d8
SHA512a72b4c8fadab2d48a128ba9fc1c4e28affeb3699800a0d5f1d65ced2379440e8fcb79596ec0bb9bf59101c53051bc44d4d7fff2c37f77c4aa794178fb263b251
-
Filesize
1KB
MD557c60398cb5ad5edb2c36a31980e64ba
SHA10084f995eb1cf442a347a8d4f2a1908698725a4c
SHA256f442c0ff2f1e69d19850976e598fa8824f1a37c09f2691015a8fe86a3c557417
SHA5127c1bc3549d792cc36710f1aa81bd3b722fa4254038b01b2a161cf0b696141aed6900d99f6348036b34c7806186fcd7305b1fa011d7895b7a6ea89f4e43afe8a5
-
Filesize
1KB
MD5aadd9692a74eface9500b8d518dbac36
SHA1bf037c3ba8ed5ac1f9dedba1194bbe9ccaf8166e
SHA256e0da5b02653c85ef4d99d476c45576e83889a5f0aedb1aef0e97c0be738cb664
SHA512cf7f644caf548ec9cf17e69c3133516148a47127ff3117493df458c9fe7463b6dbbcdff0890c1949dbe2f892cfb98c07b1c82856941836a7300638173e3534c9
-
Filesize
1KB
MD5dbc634342a31ad90ffaddcd4451ac8b8
SHA146dc79b9b7910e4356cf28e6f3786b45fedcc74c
SHA2562be507198a0de9aeafe891dde0e3c8973fc820896d6f77c648ace97ee8c9d172
SHA512dcc8c668570b6609a340eaed3c8b98542b6eb2329110919ac91c7f0e693c4fef429cdc60ea1d7504b4b3cf37cc769e1afb7f35981fd7d6c9e77338af46b8f1ec
-
Filesize
1KB
MD5561c4e90d1096c3cd838f85bc02672c1
SHA1d8a8342c3526d7685d69852b09c6329189dfbb84
SHA25673098aa5ad3a9e76180d04ea36e538de1e0e2132c0b125415911763edcf1e21b
SHA512901b3dda952dcc0a532cb20769ba2de8bbe5a5aed570f369850387d92975f95cd5328a633630cf15e3e2c7c30c884b954d2062626129a2102b012762f3499562
-
Filesize
1KB
MD562179d71bf555e5c35c04de485e096ac
SHA196b8956208188c497b3773e4ce508c03e7505cdd
SHA256115a6ffd4b4f0aa332e05a678dff273e6318d750f58acea396b7ed9b3ebc73a6
SHA512c9feb6129718d3f9fc8c8015d826f307f24c40b776c9eab787e527071f4b0011c09aaa82858a3d058e7bc6c6031c19e0b442af79933abdf4a1daab375f24cecc
-
Filesize
1KB
MD5d3c407be8a859093f9845b93871bca93
SHA102d613fc172f96c38f955dcb1e25b3479afe5f0f
SHA256e1e54d037d50383d7cba9f737e981b463dffa7ca96bfc98b137e9a1e0fe24865
SHA5123ca357dffbea0934a9884eb60619e3450f87ef0947ebe0c30e98ab868de3673b114797ea5d4e862d870a7767e5616a85ba56fdfab1e24da08199078c4ef07738
-
Filesize
240KB
MD53cbe0b58d065853c145e00ea9f7d41f3
SHA175e372c6a1289fdc4b2922dba8b931b3e2e8fbe4
SHA2564abe6602d29a24ab9d64ef71a8d78fa0fdd379971115ab6f95a8a57e4ca46f3a
SHA51230da073e4acc40bd84ff74dceae6d39c9bc85389889b353311d2242c66c4147cefd9abcfe2590e65a07cb2475ba92c3507d979820fb71c73670fbf853d942bfd
-
Filesize
1KB
MD54bc38620ef3d86a98567bb9384d7081f
SHA10049243529f2c13932b02a00f60bf9941c8c146b
SHA2568fc6aeb2afe4698cfffe6819c38cac3f0142e4edc574d2aa6c5b06cbcfc627d4
SHA512ea9e606facfb9448e0efb2b0c2bb7d3df18b2462909e34c14ae12b4d20e50c5ec7d724ec186c0e9a32988f19cf35c234bd243db2074b5e9e939e2c5809009eb0
-
Filesize
1KB
MD5843a5daf6a1b5deb4d6f5d65ef5639fb
SHA1df4c63e4921d3395475ca8bcb01aa71cf23a826d
SHA256e6b47276e38e8bf09e25db2d9672b7a0b454d3ace4f349dd1ca89551a9c09462
SHA512271e34739ef0b89e4f055219032851aeceef1febcafcbbd0780c9df8e6c406d1c29b0ba0ae772f0132fc37d5a80bbc73835d79c118cd1c5dd4f129cc228240eb
-
Filesize
1KB
MD599fe4101491898782b0175bf2aa0c796
SHA1515046eb0061a7d76af5a9f56d2a9e35e2dda332
SHA2562e557acaa5442e0cf4a8ab40dd7ecbdb4ff721cbb3d27431a408a330c0cf3a48
SHA51266cc6b91c675b48197bf47b6b0c517e81ebcf2b146c3d163ab8268ef5a81f4ab8731ddddc792533627d55b141d8dabd52fb794d972e2f3dabbb506bea8c26222
-
Filesize
2KB
MD5201b321c0f7e65079f00242e7fdb063b
SHA1bb036433a4d0c205af8fe9827b41032ba887e3f4
SHA256351bb497cefa841f50d793138eef87c5d3913364c2285073f924ec7942b27b72
SHA5129277bb637c7a72492eb15be6bc2c76917680f203a63f4aed658b6479ea3e200f43ed59d6fd4dba3e8484d19f985ee282711da8fa4f92765628da2ba0c35c2abd
-
Filesize
2KB
MD5bab69faa1f826409aac6d3c268083dfb
SHA191fcd45c1c4ebee292a45917487c28420f1efe3d
SHA256a02570da5e15c1a3e46b8b938714afce394409cd1a3782c173198ab61577d5f2
SHA512806a84d3635ea17757ba1ad77e484d0006ca8cfddde0c92be9e213c9983121bc88cfabbc6ed16f59059e76fecd2938d236321b1d9e77c16819243f8561dd8d76
-
Filesize
2KB
MD57bd55978ad973eb487194ecc94865540
SHA16e85a07d993297d0536a3ad5b37c63d9f5c0ef2b
SHA25682e849a1731c67ac9f0b0eca608d65797b07a5caa4734645d5c123a225d047e0
SHA5129e7d3f38205c6f96318b693a81075595b159e8bcf4f7c42853d294d418392bd29072f2e0428f5e1238f3b69661d7b89aa68bfdaa0ee139269beadcfaef710bab
-
Filesize
2KB
MD5017889a890618a56d71a4f2a076e6c4c
SHA1c5677b3242e9b08fa9ff38175b2a7aab94e8323e
SHA25603fa65587cb2d55a2973234e7d193c27c5c3584634734a07b5f6f53f997ca1df
SHA51223488f356f0ca70b1d00651fcb2fca5d6e97d219281c0a4c0710a74c0aefb9ce98c1952601dab2dd002a45618882c0a74258fc3731a091f3194ba6fff1cdbecb
-
Filesize
2KB
MD55cb79d8a54eae80f03448dc1561fc63e
SHA18ea5b3a861a66146dfe28ff0fe2549decc09592b
SHA256782e543c8543f482acdfc247fa3a5a3a8f86b10900397ef818d2cde4bf6a910a
SHA5124e67af59321494ab620e51788b6ad48813298d164625483a6d5f0d77d97c7c90a72d83ec0bf64cdfc8e5cc76b243221102672afd737f65d679047e84c605900d
-
Filesize
2KB
MD5aeddec3b9b1cb9274eb8654a50c1e164
SHA18b484c548e711ac854943a5ed82ff89b1fb85f35
SHA25684e2cb5cea25c3fbac412cc14125d2d2dec251eb028ffbe12097535db3c34021
SHA512add8143decc7fbbc4b5e5bf8352b2bb24a8b1542217401af74462eb33d097f8e32d4240355065a5808b187a16b12c1d615b653500ee1ebb36c48a53fd43b63af
-
Filesize
2KB
MD573ba504ff47e47f401e4b36620ead4dc
SHA1aa400688544db32ab12433e887dafbd1a49a909c
SHA25676bfb1d1f6ee7e815f8d2c24e536d0b109b15538df757be382bc2407f20a71b5
SHA5126b6b0d5940ff43e76376fa6ddcaa726879e59dc583202e4bfb89768dd83f00492f65fc6696c45cd20184ef58b2f30ac5c32a775d0cbfd432f3017aa74e161ac9
-
Filesize
2KB
MD57b9191f0dd45a1b12fd90be0546db0b5
SHA1857d0ae67f17b123b4811a4a2f26930c63601882
SHA25613af3b9d20a1046ea8c175c0f5126bb707090c31b71807ea2c0ed807d3826f5b
SHA512908b42ec655f89eead700baa2841c889f8041c0d734dce54fbfcbb8600532bf1cf461cc963bc4339d82cbe054b617281e963aa73250c1639ade7048393bf4a43
-
Filesize
2KB
MD522990e0ff3a40ad39d05c7db446c4eda
SHA1ca92f32ca0650e1a240d5cb5636365e72f6779df
SHA256dee6f7e416523135682a4fba97367800c143a584569841f7c40c0b683afdbf6a
SHA512c6c7fc5a15c8b5a35148cb9dc6460032aa5ce94d6c5aa630772fd9655c3391c84198f415b6b363c68e4b45efb8523d97f030f0a6442c7b57b1acc223b2bbfc30
-
Filesize
2KB
MD51b25f66052944e7ae59a81acd12d7708
SHA1b21df2681ec74f4b18acb54ad4c7cedb29a67829
SHA25626e9b82cc1a30350afae8e68661d48b34105b57e539e1748d78254357635ffe2
SHA51209c36699816ca6a7dcdc33ee1c5261fc1ce654889859f592ee42618e6f4eda12f6a796bfcca2b0d6433066298f2bbda6e440341c31803200848b28283b5f98d3
-
Filesize
2KB
MD5032805f31bf3e361cf15dbb170ef1218
SHA15575f8973e217157c5a47fe1db23bd1e934a7d5e
SHA25696dbb39dfa332f113865b530a6aabd5174611cf36bfb961cd3a376942fcf7350
SHA5127024de95cbc99f18cc05e7ab85c3cb46e1c88306cfbf7c01e49663b47dc7f7587470a619e2ce2380873d56fa17cbe8e95f0da1e37c87f5931e6963e5c1906ee1
-
Filesize
248KB
MD54882cc170709d4936d859cc7240abbe1
SHA1dfa3e829a0353d113c7f98495d55998a4a7fc39b
SHA25677579f4394e4dbaab86554056e135b47b78f50735bd871ec31a2646c34f522fb
SHA512eb8459c0fe8a9f8b9d91d5690e0b5c997d2c09d62f083428bd6e4ae1e7ed845051c6b85fc5a373985e782ef11c8098ef520206b731828834092494659b1c72f6
-
Filesize
2KB
MD56ddd93a81e2427cbaf8e8ec95ac93162
SHA10e5f12bd5ecb6b5dd0038a4b6ef3df5b2371a1df
SHA25647c0f922bd530e0bd75cce2e0454700bb2c9a38aedb718affe86e31bf3a137d6
SHA512a3575f1b23f02840cbdab83be177b729044eb0175ec51f32fce7b7f4964388ded65855ac4d1da514314827872fd5cb2d1b45ce1e8a86db1412f61e31571e9b95
-
Filesize
2KB
MD5dc0f20d3b26e29577094249e85a27b37
SHA1e26297f113cf5ae285d3d1db4d4ade9416f041d1
SHA256bb2d1b3ec609441024a5be59b409679544ac80c07d5ecdac1eff34d5f1a472b7
SHA51266e7a537da11fa1215d0649b45af07fe2dcfb2999479cad46b438d93b762d99274087070f406e1be2da9236e7134ca2d4dfa81c6609b5607550c6da2981277e8
-
Filesize
7KB
MD53f3abad58a3a34789eddc6439de0faf3
SHA1ac53d195abb69bfe5f2eb2ffb5d0c82797a8d1fa
SHA256ed11d3256d854b4b6d628023543b364eb0893a6e1dfdaf501523cf756374b9ca
SHA5125de45bbd88ff13b1e5fae4a391b2b0e25406b32bebce57bed18f0698c0a77478704f79a301b1f4bfe210426b7da6fb7dc9038a656981a67c14674382466ac2d5
-
Filesize
1KB
MD5b3a9f7c589c449b46473749efa52fbdd
SHA167f4989ff9f6a640d35883649d2f139ff005c2cf
SHA2562d2049c6de62ba82387732a486431183ae978d1c86674cd859b8d5ce680c325f
SHA512180f4735cf12bcf901ac312d27f4a977350482f9d62d875642e2b43138b36c8891d50ed9bf6c92c02ec6ff8f4d16cd97e596347f8c84fb1092c6d7ccd8f3d005
-
Filesize
1KB
MD5ac9c46a69b550b4d3123006c6f4700bf
SHA180ca8132e7ec3b4750d27c69619a93f26e00750b
SHA256dfb3525d73ac3ef751817fb3c5a65eaab84d2696244962cea6223c94f19c3170
SHA5126abd9ec8ea777532969010d7060a7072698d93c254bdd9c77986c83c5fb1da86e5ace5faf265acbaee7c7c322362a3c9884b15e6fb4d0c5862029af7b35f527f
-
Filesize
1KB
MD53b9677c8187779d8062ced7fc4cb3525
SHA19fc9ea67207ad4e415322a918ff28383028164d1
SHA256bdc1ec76357e9e6e97efbac8843347792bbb3b6056fd8778de6135762f328e80
SHA512a0d6ec229dceafd9e6057b25d36e5b3939307ec76890c861116c7efaa70675bea8f4476abf3395514b97fd2f0d25d181f8fdff2cc18a78b3b44166cefa045fc5
-
Filesize
1KB
MD556acaa130cfa8ec21cfd23c7106eeb33
SHA1efc13eed9376a8519bfd45bb22b34bc04b25a9aa
SHA2568ed216113f14f362b843f938db97d213bb50f7ca5ff13bc641b53e219ea6841e
SHA5129c94edcaf7c4d54c83245662f042acc1c29a2761f6ce5643af6fe05bc88eeb1284b2b0e10075a594d053e08b017174b028f345ce48f79163aac7254ff308bb59
-
Filesize
13KB
MD554e935a3cd55bcd4466abe964a18937e
SHA1168d62c396edbc645f5559449a6256b7449cba0f
SHA256403c0f73686592bcaea3cf1763abd07fb757a977991fd6dbe1145ab190cdeaf6
SHA512f45aa9e462f0391c2229966a6c64f7b80ab3af94e18bca9427d6125f5e06a111ebf747a6594b2a0a79a54d5649512a6b7898ef63c370cfca30d9221bc0866e19
-
Filesize
10KB
MD5f6cc1b9a1a2f9a07f518a7756c90c937
SHA1df869bbd15019cbf8d37c3a369a688b0c487f8af
SHA25609932e86c4645a1519f5ab740d112896b004608b29265ffecb61e298ff756294
SHA51267adba7108c3aac4e564d6e4056a498856feeb800d2a9e6e3d442acb67b892e8397314bce1dee7dc010f8731306cbe9fc160ff91c6096414ec58be374688ecea
-
Filesize
1KB
MD570be677a8dc72da8654251cb77d216ca
SHA10b792055a30034d875e038675d356e1bd6778344
SHA2561dd564eb1bab5cdfbe03d7fc18c3819a1435d85e97ca08206033ae6ebc9a0cac
SHA512ac1bd167ad2f2d3b2871561900556bd8661c58bacccf28559b7923b162d8e39a0b479e4b59bda075cf060b404cf94e7f7d636e658740c4d06b8782d5b1535e9a
-
Filesize
9KB
MD572da7bdc5b92d380ce89618620291d33
SHA114dd7578f536c853369117d6d56dd782dee20bef
SHA256c8369ab8c7db041ad275fd643f042d10dbee50152706708d8a48e79917f0f245
SHA5129dc6fa719fb045b37ab66350342c939287f1389b0e79d0cbeb3b90f29bc20720fb7c98e5cf8670fdc63b8f289fb5fd1f9d92885bf93768f1f2cd6383ef47c844
-
Filesize
12KB
MD5f92c4a7b3cca87badb4cd7cf86cf944c
SHA13fd366472c7dcd1f3cf5acbc287515dc6daffe32
SHA2562a52ac420d003757d882cca8390778f8b113cf12f38d3c7903d06cda99f1b2cc
SHA5126958316f0f91b14b90bb4cacff36a96c782b04387fad372f35276a8ff6b04feb9eaa4717d2b8aace02de9112c97219d05bb61a07c7aa17cdeb527874cd39429e
-
Filesize
9KB
MD516f2668feaf2bdbf0ca27662d8103b4d
SHA11c34977a29037d7b5740eb11ffe57c4b736fa52f
SHA256ece1d85961f75974c5f3911675b85d2243f6704d06bf3c857ef95643fb3a34a5
SHA5121c6ffc807eaaeec12f39b2844d9a0ce728db67d463608d7aa33db1433d2f26d61b2399e1ff2c5ef32da9c019ab2e1c9bd814a0dabe40acfb207d93433a0d3096
-
Filesize
1KB
MD54d6c1cb2077cb5586abaaf38d074e8d1
SHA1ac94aeffc58a95bc323a00399916e3b7a1ce85a9
SHA2561f1d46104c78982b4a34fc6d7599fc7121928cc8cbb52c9dd7de902ada99f8f3
SHA5125b2b8afc79fa606c8f37fce406599615cd2bd4e459f88ca520e5b70adb7ce7b977bdd3efac64d23d4cdd7cb2b1d428e0911d8a2600620147faa2a1cb2841a10f
-
Filesize
1KB
MD5190b53de56ea3bac80777f810a6a6ecb
SHA19ce375176eb1640120a39e067ef0b7555bd6ed0a
SHA2563de2f1ff5f60f2b185dd076a0d678a3b6d0f43aa766afcf39d6e301ab16c72b8
SHA512b56644b5b00ae2282d4cb38a11bee12cf3de16aa9f1bd04c0c2b657ac1c6ab356cac9198a10e13f7f9ef25375722af4e759f433e2e91e042f1ef7fc5f2fff513
-
Filesize
1KB
MD5730e0b6d66d1d467a9edb2bde5608041
SHA17351f8ede1c802c926bb6bd9fbfab1fad492945f
SHA2564462432be7ccce97ee8f980e8b847e456b0c69922ed6186597551da2e0aa6585
SHA512cf32bf2c0794042c960f751fca1cdd9e1b0ad01de84e77c8280747659fab9f8559bb93a0cffe6f504ad676488c117e1e599eb0beb847d8aca214724bea66f38b
-
Filesize
1KB
MD5b368b47cf97a334353daf396978b93d7
SHA1edcd526a62aca292bc267f06e89b37281cc39094
SHA25640bf1a77e1678828ea9e5c7fc34bdb2041fc37559aaefff0b36da2d4efe52c22
SHA51201f6978c4bae87ed2c0dc5cd121b56b52ab63cd153adce942c6c03d5a0e61fd0cdf2efd17a6fb12cc6ba67ee4ba82c75aa7b1204dcf0c1798539e6f0a34a5a0c
-
Filesize
609KB
MD53971a908e4ffa8e21ff2e19f9d1e7a7f
SHA1353a316c4d4c3240e935fe345ec76ae4682293ca
SHA2566957d1c27bcc4b81b3f681135cc6bd0eb1616ea8c366b489903ed1283499ddd2
SHA512328a7286574137c92abb654c60735ce63bf13dddbe67007cfa5c86a53d6bc54ede076c1175bde5e20cacab1f5ef16298dab36647aebc04b1eef0f5b569b958a7
-
Filesize
785KB
MD5df8259d8f71d1740b424a16d004e29a8
SHA157b77e56448b6cb0f8152567c69231468b42ab46
SHA256195584eccb34a72d833f5e09a19b0c4328ae5c751af87aee58e8a29ff1650a30
SHA5125492a055ea3001fb1adee3042321cad746ef9275b59ca380e18c581000cbe259807195833e5570ffd32bb38d1748a5dadf46a07e5df45efef7f0276608fe81a2
-
Filesize
1KB
MD5a862d6b5ff4e783c0ba49355b60bf9af
SHA1867f18f01a3e722ce8d8e1ed88bdfa2bccc0dd17
SHA256023bdb332953617b699689223e13e0d6d831d84503336eabdd6982576d9aa2ba
SHA5121ec794f661825ff420a73e5e92d43187118f05e2e9a3cc53a8991ab831d00c88179dd2cecd36d88597e7c00b1d3811002a232a135ec235b5b50dbd52f21f50c2
-
Filesize
1KB
MD5af8adef779eee0d0ead6bae1880bf667
SHA1bd7f2fc1f44edda72ef5e3a826673474627a37f5
SHA2560cb941c9f264f3d8b858face8ca3eb32195dd984ebcd5cdbdc196cbd41fa6e72
SHA512984aee1c44fd1c4ae142147eadddfb4528a65cd7e391c7fe1ff957b3d7d5a30c43dcf76b80e4d0852dbe4c28eb9a77b2df8611bf03cce88b1a943c187f8f9404
-
Filesize
1KB
MD554fa87da79a722ef3d70827c53a83bd3
SHA160d512d694fa79ad6aa42f8b198a074d1dc22a3b
SHA256bf1de611fe16530caed0ead583b40b6c6a9d548011ac6137553a3044fb11f1e5
SHA512ce59cc3dd62eb82f2cc749a728582f961d9c8d54c7a27ae04267ef62e155067de9f35ff53c3bf69ce2b696925b7d87a59f67f71e5fbe688b86fc9f61c5ab13f7
-
Filesize
181KB
MD554c9f423865d3c62cf3edf3a7f68930c
SHA1de9067428ebcc4cd3f6decf5fae346d5be5126f0
SHA25694aa26e8d6c13ecb151b5e717c7833316d9121c65158b0f50ed661ba59102e9a
SHA5122f33779163afd91e4222348c8a207eefc45e5d77c86b7467445502e20ec3acb1dac52ef66054ccd72fabc4f9a51a16ad9fbf000f538463db0ab21b2e1026dc3d
