Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
21/02/2024, 16:30
240221-tz5l9sbe52 10Analysis
-
max time kernel
277s -
max time network
284s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
21/02/2024, 16:30
Errors
General
-
Target
http://github.com
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of FindShellTrayWindow 50 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 11 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://github.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa583846f8,0x7ffa58384708,0x7ffa583847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1808 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2240 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Satana.7z"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Satana.7z"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Satana.7z"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\7zO465B6DF9\[email protected]"C:\Users\Admin\AppData\Local\Temp\7zO465B6DF9\[email protected]"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\7zO465B6DF9\[email protected]
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 3405⤵
- Program crash
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15054945708693731481,8591322804551418850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ransomware.RedEye.7z"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Ransomware.RedEye.7z"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\7zO45446E0B\[email protected]"C:\Users\Admin\AppData\Local\Temp\7zO45446E0B\[email protected]"3⤵
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops autorun.inf file
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off4⤵
- Modifies Windows Firewall
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f4⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4736 -ip 47361⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa395e855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
Filesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
Filesize
1KB
MD59d4aa6698a747d662083af4604e2cb20
SHA1a6eee365487e775930ef7812b384674a19253e05
SHA2565299a7493b5f1fbb569d212aba1e878318fb834e4a07328ecc4d32fb4102c6da
SHA5122f57a30d4a40820deff1b50835f193e3587c235e3827ad5a04a7a423d61d1c416d46fb21175eda6767458873ea7248df43e0f128ddba29d4cf7c90070e928ce6
-
Filesize
2KB
MD55994db9d5be871a533c504301a9fef2d
SHA105e4d46a3098f905ab327c96d414a4e719c3d56d
SHA256cf73082ac0ec874254b0468417e3c61c4a9e929cd24fc778697e012671237d52
SHA5121a5bebf8bef97e0af9c7808cbb56c570b4a094cfe024adbe81e809f367e2dd88e06f70112f4e9232613f6176988e300a15fc39beedeb6430c5a955f72e063ffa
-
Filesize
1KB
MD5b20474de2a83250f21068708db184a58
SHA171e86d825c04f32d8fa5232249e687f4b87ab864
SHA256ee04d22ac4f76f027a3a72ae96830d019cca4445c3c8e7b0e2bec60917b15421
SHA512d1246fb942c5ef1eacf1a6bb70efe471e5e8a10615b34ff7e6be96a584f87df84838c7c7b934b8b72fb25a7874ddcc92047e0e6143fd8ab80275e256034d5500
-
Filesize
2KB
MD5d4505b20633b5154de2b1f4481de0fe6
SHA19265b618df9352655bf3e48b5f12ad589d54c82e
SHA25646ec269e0e7332006c78b3baa9fe840109ba13cfba47944b39fb379ee9ca03aa
SHA512b26fc6c57b367021d489bf195e057598969a568ba36547a6ff682acb4f91c1a58dd77311dbdecfdece0806a1a15f71b0dfa6c44b1d89cf69dbf0dd5b7b261615
-
Filesize
579B
MD5be85a012866f82533b134a3e7c03581c
SHA18f361377763dc0f643a3c2746149ca5850c5d8c0
SHA2567c0534066657219aeecf9763515dbb8eeb5b0cc4509d25ed75d5347476f443a0
SHA51238aa3dc3c36a5319162d52fb0bdb7588dfa9fada5247c49ee53d870b7d928ea5be1387e176e8caf3dd6cad9b6975d432eae587c0103f8dffc56f17ef887ae621
-
Filesize
496B
MD50e557fd09056f9df49a20a929d205c8b
SHA1edc669a2aac84bf172c284ef7cb3d60415b3570b
SHA25671054cb01206f902efc24f30cb2c8b033d10fd228a8b51f67545273a64819901
SHA5129a8a96abe70574a762726af8d9b834bad6c8258bd40feff65ea9e8178f6f9d580fd4bd899b81c63e86468f8629d2af203e7dccabc72e08efb6d1a718dacbc07e
-
Filesize
6KB
MD50344c140f3c459823a49f7524f49fc98
SHA170d63d934b2aaead9134344227c22bb63bb9161e
SHA2568c9626cd0135d9e19162990952b2f742a0f771b4d348db797588f744f864b01f
SHA5125c12a6c6af664d141abf86b93e065422efb3ae878afc03e5cf61f0fb5306629ea0c7cf5b490d147d27155acbd8a3032181c0426788494530c4aa0512ed7e3e14
-
Filesize
6KB
MD58e7d421184d95ddab9dc8f55d3d27cce
SHA15944277aa547513e4b3b060c79784b89c4fa6882
SHA256b8f0f8e592d60ab2ea67eb69b3c3c5dc6c371433d37b165a62e313d0944e4f15
SHA512bf1732a721daa041b335277e144842dc7aa269c5889b023b7c7ac6589292a5ac62ec5c00f571faeea3bd351f63c1b7d00e9c97f89748c892eef75064dc1f9d1b
-
Filesize
6KB
MD5e13e5f8f19f157e2b0a7ad6e42272bfd
SHA11f317a54ff152e59ce073c23252adc98a459156e
SHA2561a58b533244f87000182e23d46711b1fdc930d09ed4833e5febefac34f53fc54
SHA512b175bba5e4163a06d33f15fa0aa916a588f389a1d0b135da0689486584802f30d710eaa34f6b5f74cbbae61d61de9624e4661961c87201fa91aea64b5cbea244
-
Filesize
6KB
MD5ea4739c0c6f340bbb6b2446d8e73da4c
SHA1c92b74e4ee25d21a76e5e771fcdd31cb19ae9341
SHA256f38049122b018fed87d874a31d958a27d41a67115a14721d70792c557e2c6ba9
SHA512703e32562f3fbd6bef32e2071363851b7e3998c1533b1037ff80741953c9d033fd444233f944c1dca5573c774a4125437599353cca3a7655a84d96d94f6e2c5e
-
Filesize
874B
MD5b3ec9ebee5eb6a74f09a7d63c84d4988
SHA1efb41991e466e93d002a8b97e149759316b5468d
SHA25682711dbf6846f29b456e43e1b381c1671dff0c4ab4aa125d12166a9aa960031f
SHA5121633bdc5ecdc7d51da043ec4a6dc8d0f62945b0d0f423047a532ae2e735c2d19b84d8264ae7816a82ddffe5f84d89810d86c12708a8fd034ad4dca6d94aadb0d
-
Filesize
1KB
MD5bc44dde0c295ad1f28fd4e2e966c441b
SHA12bb53054659a7e339254f9e6c38275e147493423
SHA256d290c1e85d128db95e63394b5cd06d35f6f9d7e15b00daf7f38eb8ae4fd5f852
SHA5123aa0178ddcc8de671ee560db092b115445199448f03116d2d85e8d9333a85b2efc3f582e9ec82d3a3ad81acf6e040a46da56f5adfba5c6346769f7c33bbfd09f
-
Filesize
1KB
MD52f1f8643273304ad9c3d5609f87b6c2a
SHA1d063c5284df23ee107673d1c58fb0584847d35f6
SHA25602115ac7d23223138174422950a7283b3e14c6a2dac8ba1b93ce4ae4311d0965
SHA512d53038322f277dd186490c55fb885ddd53d0bf098999da5c7b7b4fa741360e03e3bb47b283b13f2579cedab581c5bfe1c887655c25abdc24c00899cf42c4743d
-
Filesize
1KB
MD59498968ea2e5c5f0004086597ef1484b
SHA1be657ff387ad5fa63431b356e614639bc11d43c1
SHA25646c4a367bb5e5e5cd8ac4e66324e6dd105728f4ba156966cdcf7830f47c62c4f
SHA512d7e1e9a89fccd3d21bd8b4303e1f9c7fcb2e4c1b480ce8e62ca96a10a1a46273c8f60447aa4a7ff97e95a93c474ef13a743018ff2d69476b076dbfc44ea27b1c
-
Filesize
1KB
MD5b246e6a332f7d4f2de9c68a14b9ef87a
SHA1dd325f8f4c7f3963a18f50d3e5d28d1d263175f6
SHA2560f7b1be5b51d3c7a5a369acaaa293c482cce3a8d01cd3e1144e47f6b86118d21
SHA5124f24d97ea4ad07fad773e19fe2844e76bfaadb1eadc89a52d45715b4a895bbf13eeb8c6d21456da79088b28a378726e48a9f6eeb6b52d2505e76747096a1f06d
-
Filesize
1KB
MD50864d496610eaef3947e70d808902840
SHA1c4dd6d4450d00535f4ef36ec5bfeac8a1578ab53
SHA256691e69717efc791ef13364a3631952110b6a98bfbe540639cb84acb17751c678
SHA512b5d9de35bf9f9a970f603b8508ab96c636f4a687c8476e73087bfbd2bcd0a8cc77a5d959c3c373aab85a8817fd84b541eb6684f8775e0d0081c0c107a1f43c39
-
Filesize
1KB
MD58b2e6c8a63865ded0b0c9c846202c3ac
SHA1c7d65d7ea9674dd60a3d98b3b571942e7879916f
SHA256806ebbdedd1f795f8820c0eb29b60772e483dd783b776b133baa67e00e22125f
SHA51223b8e8cbf86e9a4850ec45557691434b34b8a4c1247891810caeb7883237f5b76dafdbbe73156fea6736ff2190fab42b71ed6e67d2c2cb06f26112dde8da998b
-
Filesize
1KB
MD55b93d5ba7be8a576a4e98010322f29ab
SHA1cf6bb02fe897d5d5feaf8b6d38ce73fca5ffde11
SHA25666823b7a3fc0c2e301feaf3cd4193f27829cc325a061f16f57e3637bf837f4db
SHA512c0fd7bccd001b5f001c1248f327d2066539732e82fc018847a0c2db1b8aa7deda6861c1b8f4fc2cc126f6c19e63ab2c0e117f3c415900a6b150d1852b6ea253d
-
Filesize
1KB
MD56c2e01031e7cbb15da04d00e5689bd94
SHA117b604f14ac0b20408c7a22146aa4c0bc24e91a8
SHA2564e76edfe7daefc9698a2a517f9a47c3a20026d576ada7ced209e029a69228775
SHA51225198413393215d8ff7da9ca6645f777f0cf31d519a7376394557c303b4a412a2b8d862ebdbe31f60f95f497afef38688ad8e12e08d782c0339574ee48173b04
-
Filesize
706B
MD5e5016a53a909e2e956e316b2b94709dd
SHA1063a5929d962d07c98dda9bcc0212fa79f7aa7a0
SHA2566bdfacc75cf27bb6e96f76547c5cad1441a56b9d73425365752c76e06ddf31e7
SHA512280fa39d160e39f677dab8b06fe568ae94c5ad34298ba9d9c4e84a217bfdfc1df669c57bbfaac341e1b1593901a00f6e43a824eaf0ae88accdd8f5ca9eacd20b
-
Filesize
5.5MB
MD51672a928daecb0c2162fdee76c24a423
SHA12a70f8ab42aed168e9eb718c89c3a03c0815d352
SHA256d0f0349a590b4c7c31a9d743add0dfc5551a905701f7e04ae7880315601f1b0d
SHA512ea9847c76cd76903c3863afc69753c8ba19d2a4def067d5ab37a498600c6f6c866ca82d6fc444b322a5e818fee6447f05b33b71f5204b766eea189b888094168
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53d0b06e9594feb48e2767f887fb93f39
SHA1e6d466d2751258168845e24d771f0156178e7af1
SHA2565584e22e3a17219c3b41701313a80167133db8a49819a35e1094b3c88862a17a
SHA5123fe38880fa8d9f8ee593a617ec88090a2b16573a5bae182dfe416c59ecee3af79c95d91d81cf43fd10099755d1e570e0331fd1ac5660ac98fb23bd13f0c6473c
-
Filesize
12KB
MD57730a6331f1320ee4df9486054b769d1
SHA1cb0472729bb5dfee0e92f0697181c04239023898
SHA256ffc068ca29bfe6037648542a7043f89cfbbe4b4f97a9a26115e5a00bd9a32646
SHA5124d2a658b8f4a20388727abcd61338070b67291599574ed21fbb1c60fe77481a8213efce1f2d09502c4ba7b0dfb2af358c7b1147852bdfacdb69806625615802b
-
Filesize
12KB
MD58199ff9518c3934f3b51ea7b1204f3a1
SHA1c6b99f4d1f77568043933f2c52c0f6bd6995784b
SHA256ac6b95ef759abdaa5144265cd6f3b4b66254ecdccc96c24f396cfb0a04b7449d
SHA512f12fead4f864efd96913eddd714b88c36aa3a45edc21a6ad69396979dde5bb8d6c11f49e88b0e1695ba22f7c688f8833791063a9623352000d3f69826e6a9b88
-
Filesize
8.4MB
MD55be87aedc7586ae5bd10db07c22df1b9
SHA122e387842397c0865118effe867990e443b7bece
SHA2566e6f988969c501bacbdb69dadbc2e8d390c03907d29f4cf2889fa69658c1ef54
SHA512f3848b28820a03ab8e66ca8b988a470f0532e8ebcf67cccfe470697e0bab79384cbe4515ea84a0cc6a7229519469ad3b16e73eeb08d4fbd4aef9e0257da3a804
-
Filesize
4.6MB
MD56f81afb28f109c14d48ae43acdd58bd3
SHA1cb730d23d4f3b1c0b3dd44f4efe78ac8f15bc541
SHA256bc0c9a220a329dbe4fbae29db78e6f9b8f0f68cfff1e2ce4948a5f20a7b15758
SHA51284fd40115b7f750be8624680839471cba58ad865901fd0abe991792464e765102de1e445b749539d84ef2ce0cf4d5d23980f516d7499f4f8afd1a1f760be03a2
-
Filesize
4.6MB
MD5281388e3f06f2514b416c04bfbdaa590
SHA1eb9b5999ad94ff6fed2b2622c3ea471c4741e7be
SHA2565ee4df6b550b9283391573147297e62e8999919e2c849b592e059c8d5d917123
SHA512c38248c2b9cef0fe7efc67d0fbc84830f1c14169f47e5ae7852c0e2fb2e0e705d24ecc939b73db9b8b8a3a0f23e0165feaa47ebad1a472cb5308fd6159deff54
-
Filesize
49KB
MD546bfd4f1d581d7c0121d2b19a005d3df
SHA15b063298bbd1670b4d39e1baef67f854b8dcba9d
SHA256683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96
SHA512b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5
-
Filesize
10.5MB
MD5e6d83978be75f29cd18b45572b546ee4
SHA1a4fa2a40a1b3007cf98ac00576c7fe7f0154a70e
SHA2566da7f5d56d606ecd715e59c71a271321b19e2208805f183671c8e1d224bff974
SHA512d005765479ce8513b1a7c0000770d1e24d0448e4d81939d5ed1745cdee7848b95346f02e5bdb1e41992f1e84aa0ae7fc9b35a77b51c9ca55eb99104205e1b210
-
Filesize
357KB
MD5f0b09eb6e13489cf104cfbef26c7ad4d
SHA1d5520b00bf143b7b9bcfda38b995ba19b06ef118
SHA256dd0efdaa884f5223e40cc32b901ff25dfc280fdae607986e3e8be8dc238b1904
SHA51252cb4774e34feff137d35288f077336498e4745267277dfc02cac5d90cddd099173c3aee6fe99e8c69d3cb514e1dea35f6da7514bf958131f72b8a540278e257
-
Filesize
32KB
MD5e926219a491837414708f52d5fcb56a2
SHA1ac8d6654b40d02985aa3e488a8e362eb43977fa9
SHA25610509439880384a806bb8bfc1cd5fd91adef680fcc57c962d11e80bde95ac3a7
SHA5128e6d64d135564dfde2337ea9408f92c492fcc7feada5fc159d09334ff583610bb8bf3972822d084f621feec070e06390fdfb92fe1b286485f35961c5fe9ef496
-
Filesize
24KB
-
Filesize
10.8MB
-
Filesize
10.6MB
-
Filesize
16.1MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB