Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
18/01/2024, 21:22
Errors
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Annabelle.exe
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file
-
Modifies Windows Firewall 1 TTPs 2 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 6 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 9 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Annabelle.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd2a246f8,0x7ffdd2a24708,0x7ffdd2a247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5800 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,2567974759979050090,6226632390451501840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"2⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f3⤵
-
-
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa390a855 /state1:0x41c64e6d1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53e71d66ce903fcba6050e4b99b624fa7
SHA1139d274762405b422eab698da8cc85f405922de5
SHA25653b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA51217e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388
-
Filesize
1KB
MD53145b2c9647437e17b01830e320bf0ad
SHA192c611d0f740a6f1f1929e34260966095370d9a9
SHA256a484f75272962484273dcc3a2a29615ff5d0a1a026c4585deac38c0ba9aa705d
SHA512edc615cd7d133c56609e40021049a641bfd47c11381ba51d7b0b2205033a7815cae98583e6907a7ec81ce574cd865dfab4248f81646f0574e28ad247e474ee08
-
Filesize
5KB
MD5c590dadd2b386912d2c180189a6ba3b4
SHA158d73f51ca8b4a5e94af7762cef6cbe90d2ac6b3
SHA2565d1caf48a5e76f3b49c9165bfc0dc569fa6755787c4c70d45a33dfcf6fe63745
SHA5127427e14869ce5652f05fcbf730f739a700e037662efdd43e8a8c2195531a3fcf7da546029df96f320dfb9b2b41f048e826a667356b78d0de75136d43b9e42dbb
-
Filesize
5KB
MD5d42b952306f654e4d6f6fc868bbc3252
SHA17c8e205cadb1f6ad7e7efa6e28fd25b15f3756b1
SHA256c3911ceda2359a47f381f1d18c4347bc50b938937f3303b42b3445eb23005086
SHA51278573ad8c2beb558b2881f697eb6e8c70ea69bb3c4e5392f1b25ea75c9754e772be79765e22b9bce5e4aa3a0890ad9c7662106f8a90c7cc841ef788ed6e943e5
-
Filesize
6KB
MD56645e56423c756577bcba311cc40c298
SHA1916daa7a6ce621c07dbe89de3f39e5894cdad5ca
SHA2566b61e82ed16d11ffbc6d9501dd3c94a40dde483be47337df959baf6d9300ea2e
SHA51296adcf994b5a40103f63dfda272ffe33d01f412cda56753174fa47cec84de1ecff60e5546706240ef269bddc65d737da9ee71a6511ec49b6c027912cfc222e09
-
Filesize
6KB
MD501e6a05fb37405909a51d87dcc600a4a
SHA113c9c1a3e767c8bbee254b7dd63b68c56707b8d6
SHA2568ca9d5901853688ad82f81062189157e98eaccd5941fbe930e764a017ac7e243
SHA512e7f9ac359d32fa82a6fa324c08175aae4eb1d96ac76cc328d5539840fa2fbe576b7f8fb95add16a82a034c4a188e53b613eb0cd5e40d7f6ee6614eac09883f15
-
Filesize
24KB
MD51b1b142e24215f033793d1311e24f6e6
SHA174e23cffbf03f3f0c430e6f4481e740c55a48587
SHA2563dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b17c7a7ec3efe6c4571dd350b79b4391
SHA1f8efa24df7b529fad6f44b8b8e962fe69df7c96f
SHA256c5af060519a5be626d6c43a8a2e79fab1c9a080eee61332b9597ca9e7125ad16
SHA512fdcb643f3977bfe5bfc0224a4ef382bca01e8ad9395818d8d6382a132ed4e7be08cdea6ed525fb268c55bc518240b16e2041d79587a720e3e2c4fbe5fa8cadbb
-
Filesize
11KB
MD5439504ce4947ea60554908b59b39e9a4
SHA14c2b02fbd62d56e5bedfbba0b56c7b7e798e46a1
SHA256def634374ee68a6279491aaa515c459f7ae69ce9f2eac5e90092e2d5549246d6
SHA51234ca2cb928c15f2f353ad529e3ba09e198f4e7eb3a5da36eb68259b0df55c841babe1418ac4f43b148f1ee1c219a8eab3a634bdd2b0571bebd2e784413a14901
-
Filesize
11KB
MD5fbee6324fff5137f8a9b76b176f2e786
SHA1bb91ae1a30051af85ef1c8a26207cd828faf19dc
SHA2564f7c151f83c32cb20a900a67389ce79ad2ecb89f3adf6bea5a99311a292713a9
SHA512318646d45567df4723c5539c3218548b9c5a7a9ee22c50b837eeffa5978759cbca1b26ebfe36920a8c6b083b0b7b601aa2f5b75e8433b2783fd462bad1f08c1b
-
Filesize
671KB
MD5dc2594a1ff00a4833bfcc5b1d702fd0d
SHA1a8dab235bd200b9a45cc3d82eb1206c2b98dac84
SHA2564be389f803d638ee3bd7c1805201fd4b1a29bc6b7188593b1b435f9517ac5598
SHA51274f5e2eb11f89159abf90b54577e25d289dabd8b5318e6c87506043ba429bf932ca2189cfc322e5d846e91b3be9e7f9b1c51ae95187d8800ae912d12d8affc24
-
Filesize
308KB
MD5729dedea42d5f4efea34ed7abdf6c264
SHA1c48ffc1c2400aa4f63147ee0147e8a9681a92c12
SHA256aaac8224c93d38261f8d39bd0ab51381b4456ecd4626daa5412dd4f077102e74
SHA5126f037d68f989e9dc65a709779bb3cac0a8941e85709b006305322e81dfde25419ab1dbda57d35203381535853c282ab6c0f492b7cf26b3f8fd0e0205b67df4b4
-
Filesize
698KB
MD53d075415ab38d3c0736fcbde12a60e11
SHA1e2db58af40181226e7ee97822bfb0608564d9c58
SHA256fb7f9c08a277bd1c4137c7e71ce9638474557f893c8c5c5084d3cb5ebc18bc6c
SHA512b8fad268752bf35446507e218ab409a51f95b10e6cdee25961bf9b81598244df875183f47cd7a45ba796d60965c8d38b0dcaf61f496d030a1bbaaced743e52c2
-
Filesize
577KB
MD5602220ca15c0316e1b18147a480b8c7a
SHA18113cea86c0832a10922165693953a2a783750fe
SHA2560b9b2d2db9dab4f0a0c2f759bf10ef7b4d492f11db7e8179411b85af1e4b80fc
SHA5128a7c84adde2a37387622e09ddf1e8dc3035a82e73fc9da63f9c05ddb86a3a085bfef67e04ab2930996b7c1126139783ac8bdbb104efe67a56b4f1ac341d8662f
-
Filesize
456KB
MD5d87acb07a9e8ab5f0039bbdb868689ed
SHA1249435bc3bc894cbfdfad772c18460fbfc79ee4e
SHA256269a38489046a8fc881af927f37b4a005d241672b8a3bec0a7419bf0399f2b52
SHA512383019632ee3bdd9603e23bb83928dbac3b0efed2d5dad2885c0afedbe14033658835aa980e15ccf91e14700ffa18b4a6ae8658d7702c15a3e8ae8cda325864d
-
Filesize
604KB
MD5d842b493f2f6711213cd5a632f2098b8
SHA1df09325a71b596c81599b6aa9e7a569a95cf3f7a
SHA256953d53d7f2d3b871c0c487259ee833499779acc0a8951657aec6725250134a87
SHA512dc9f2c3f83ed0f0cff53941702cdcffd53e78cffe89d06814c8024c4bd4cb57e15258f51471f6436e1afea94e128cecdc1703d79f8ac862305c43f3cf51bdf14
-
Filesize
295KB
MD517fab6c05f95d074063d2e692364a681
SHA1ea741fffdc80eff60174601dbbfff3077e204152
SHA256cb88ed570d8029316a41ce96f65fd49e8a8ea2aecc5ec25fc843ecb0a3abe0b0
SHA512026df667d6f29df16be731897a760710d80aa3ad1a939c171e466d7ffe38d970a0bb92cdbe87e5a5f88798a94e63778b13601b892327b894b9c3bfb2ac0c384b
-
Filesize
564KB
MD555db5fdca86d1145df7753b7855131a8
SHA1961ffb7750127014412af292eb6ed0f5246f4c35
SHA25693c9c1a323eb11b2c03f5c2b020fce07f5a1b44c817e7be0f7a02fc1c7ce0888
SHA51271e7f17ae974dfde0748eb7897d63ada243f74974be7f93274b4ca28c820fd82d1ba3184b6ea54763445d67c03d6997dc1bec99e340c85e19ffab0164e89166b
-
Filesize
376KB
MD59560ab8b44d43b49ccbdb242b3c523a7
SHA1adfaf4a41cc8c827cc8a46a8d774207bad3ae273
SHA256f4ae2f6e13b10c2aef65ff1e43cd0880d7f30825f332e81a47ce3dedb3ed4b88
SHA512f0180d1f7fbc3a941c22110774b0b8877fe9fc8349ebd3cd86f944a99f99c52b4abfdd9b3d2a404c6fe3ae43f3218946049ef843f0075e6e6cd7aa056ee0b9fc
-
Filesize
255KB
MD58eabb8ebd20a052da066455a5a540f56
SHA1149964e37118dffbd213705608dca4eb2d66f378
SHA25688739e733605ae26233057305dea6968be790ae2128909aaecbc98a78f255ca0
SHA512d4d23106144efbd57e1913c7a932eb2496b6942b3224ffa93b63b2bc3a6c80e8f25e77e5e67990fc2e3dbb6e47d620c628fc79e5869e01c748ebaa595c8b4d28
-
Filesize
722KB
MD5918ca7e332641289d602da130c949acf
SHA144f7c8b0a5db69bd54389fa89821ab52c3761a67
SHA256422272d87749ec3db5925dc32eef9d378871ef565a171129646bd672e3b9f6ad
SHA512bdd65eb1e1ee3738b06b8b39e1a6adab38eb611e763d73bf9cbddbf9950100cbb0313b0faa1ba40717276bcf553750cbc782570a36fee57be241628a9b372ed0
-
Filesize
2.7MB
MD5e7320f59a017f4b171cda62207188c61
SHA142a12481e7bc271613ac2ab729c250d0484850d0
SHA256bed70229a1c2e5bd501b8a9759d2b625adbca0f8a4edf846eb1a1e19c2ade474
SHA512cb6f2df0f9aecc72931afe5703df8cac09ee4417087307311059a9dcba267b3f67f3b98e4d50b9757f4e11a81f289e35fd5a057d78aee4627a57967a078a42cd
-
Filesize
1.7MB
MD541dcd7874c49cf4c16facf7a908c8174
SHA1614cb9745fc4928389a43ac607046c8c991cac06
SHA2568635b68661763b5ceaf3d009cc321449601b6683119786007f7e19a29f60dc51
SHA512c211bb89fd1827f6c922a57dccd40bc081da8fe4c04cc0abe52a3c67f0fe394b896d477e2464bec2f4d389295e804f3dd3edbf2b7e789a202b0a08ee57d0e943
-
Filesize
4.2MB
MD591f1062e85411ae8e2dec0dcf34d2cb0
SHA10125a00323a0b6cb7f13c47e146bc768c326bb06
SHA2567060afd3840accbc2a688f080340f95b63fa9f4644804e315ca8ae856ef2e4ff
SHA5129d96fa9792cce1d3c93af8d37aa0a70fef2739fdaf80b93ac894fd3512ffc73dcf97dc54ba48ed3e2fa8da8147b0aaeac51819385db149f4273c2c3109e892ef
-
Filesize
221KB
MD5dfd5ee48ec9cb4670ccbbc05c376e3a3
SHA1650b0d24a71fa0bb68428742d7bc945fbdf7e026
SHA256de06ac8a67094aa92954fc9c6a8ec2aef3a9beae6477136b2baa10f189ce6b90
SHA51228835714da6ef6bd587b06513c298e3e234314080825ade769674d088d34d2c3edb2308343bd1c3fedfbd17a72aca356849be808eb431fcf01218fd5f4fa537f
-
Filesize
64KB
-
Filesize
21.6MB
-
Filesize
10.8MB
-
Filesize
16.0MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB