Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
11/01/2025, 18:34
250111-w7rfqaykfr 1011/01/2025, 18:31
250111-w55kkawkav 1011/01/2025, 18:28
250111-w4bk4ayjhj 9Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11/01/2025, 18:28
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware
Malware Config
Signatures
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Executes dropped EXE 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
NTFS ADS 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 55 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of UnmapMainImage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Ransomware2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d0cb46f8,0x7ff8d0cb4708,0x7ff8d0cb47183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2068 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\satan.exe"C:\Users\Admin\Downloads\satan.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\satan.exe"C:\Users\Admin\Downloads\satan.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\Umkyi\xuafx.exe"C:\Users\Admin\AppData\Roaming\Umkyi\xuafx.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\Umkyi\xuafx.exe"C:\Users\Admin\AppData\Roaming\Umkyi\xuafx.exe"6⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_d58af9a2.bat"5⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\Fantom.exe"C:\Users\Admin\Downloads\Fantom.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6892 /prefetch:23⤵
-
-
C:\Users\Admin\Downloads\Fantom.exe"C:\Users\Admin\Downloads\Fantom.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,17522887087476118119,13138754894165309099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet2⤵
- Interacts with shadow copies
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Suspicious use of UnmapMainImage
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Suspicious use of UnmapMainImage
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Suspicious use of UnmapMainImage
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
1KB
MD5648da64ed4de63edc0f2da9bc60754c4
SHA1495a446759d4e2e99fc60a61228d446a7c9519c2
SHA2568c6393de0553c38a253c3e1fdb036dfaa8f622b027f64ede93fbfe00e6ddefdd
SHA5125b573d24070e9027b3dd80d3fe7d8a0700193b1efad8ea172ec5512df8dcf4f6343a0230945384b1e6f1f3dc20d073de553d9ff547121cf8d891c16f0e6ae94c
-
Filesize
579B
MD505cc4af9d390df2b779237e00c018682
SHA1ddf92007febb0016930010da1280bbb67ace26cd
SHA2564a83a373076b0549fc39bc75ca543ada3e9c7c655ff11e4e95ee13740b628dab
SHA512c745b6747f92fed4e3b606365d58395a38082d9bb630c88666cfb97e130ba7634d1893a52e1e6ad5f948299f4f9533010ff21b517a460977674d4493a6c68f78
-
Filesize
5KB
MD545d3a1b1e29f842fe6f4e9b734ab2986
SHA1ab2f749bac18e6ec9fddc7b7c5f62b432c35fb6e
SHA256e7eb89fdc83d0aabc5a2de072c250573efe0be6c0a2a0fcf304714ecab60d81e
SHA512de07937c40b1483fd5b967e3acc4cd525d153ea90ebab9ebdf8316962064c4c7e36a2ad0a039b1efa5d8c20deffc9aabd09af962dd6398b184c6171cb337f790
-
Filesize
6KB
MD59555308c7a037aeaecbf3ef4b48f013a
SHA16f4ab24f73f15bb236d7be28fa62f559862bf73d
SHA256ac0519060e2f7371aefd67e014afcbeb3c6db02bb5774196ed3c5e51db0417c5
SHA5120b73aa6ec6fa6dae30c4e9e4f815e257f0639ed89ee0d7325a00365ca0afa0f8d072cefe00ee4531dfc1c4ac5465a2125cbf69cb4687890d4c63eeb80601a7fb
-
Filesize
6KB
MD53ff7892a7fb70cea0d35b7c1348314a6
SHA1e4a3f6ed8c327aad013384f04f0619256f7e3535
SHA256c292ce3100f510327914468111202648da99ebe7711b272fb92c634029fde2a7
SHA512a1489d3358d31672285e5db0268e516fd179dce12ad469bd9ecd0ee3c21c390efbd350d081b18063346388578e6dc09e529ed73ef79467d78acc5a0fe514039d
-
Filesize
1KB
MD5e6ccb544c835ac0e0a39e41d61c8d14b
SHA118feed2b02dce7f715260d52860fea6aa63f704a
SHA256cd25a49543a787874ffa9b19fab450fa461ac5be506923f3212f1a35ed9130a2
SHA5129ec958d6d9e76b3c74c7e6381ee290337532a737595906eebe81ef3eb0c39bf88a23ffeb1a65d38c5f83a765bf95a54d1db4f5d800484b0fea75735b7dece179
-
Filesize
1KB
MD50cb52f91f9199f562aab7a9f3e7965e4
SHA1f6904e6f14775c0a7672c0d6a6d164d8de257943
SHA256e12a03b2cff41e439aafb3ab4c7c9776e35618c5332668d20c2a9a5a69df4c50
SHA5129215a4f2c84c2e5ea6246cd9ef4c10253476b1f230272b2a846a6b8e5c3acc6d5eaf1f8f526f3e87d79bda8e5f53536f3a88b1dc87f1df5bed81683f98f5a9be
-
Filesize
1KB
MD5e1ac86f0a524e233d8b496347344b761
SHA1b36c2f7d5e4656d8d0624f2ba918f50c821469e7
SHA25620802d91c7913cc850171b96f9f38c1c6c030a2c7b15bb8557482a7192c7305c
SHA512df280955fbdb9bae608554e04da5e2f8d2020eb458de3afd27eb94d918150b286942a27f96413e79d9a156aaf1ca0e911054b220b9ac57df818361a367cb25e6
-
Filesize
1KB
MD560d67c4d25b391803353454bcc4551ad
SHA106ad7a7badc91ce345b83d587f932c0c32e24029
SHA256738de7fa47cafba445b8430f2a68bcd8e6f5deb425835f664da400f3b7c439aa
SHA512387e2bbf8a28943d35e103abea60f409d865c7885206c5e24cf848e403b9aa33ffb0338bbc8cb4b27943e4e93703f1295160aec3a00ace4516031468b2c2b873
-
Filesize
874B
MD582756b32515d8003efb8611e121e5873
SHA19bc824cee8f39b8f0eab487fc87933a937c68f56
SHA2565bf2ffe7c3c8eca7596685fa988783f6c1bb25134e0968315459045ecd8abdc0
SHA512c61cf2d82084f1e95670ae3940aa215d169bc2829c7fb1a184c613d3ca19f3a854bcb75ee98a61e25c3d0a290f4cddeb27dfde5c5f37c616fc0448e07ebc8d50
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD53daf3fade661df0cd666acb1e106777f
SHA1388bc264fb678d2b99738142290ee23649195858
SHA256c2d23b83c58684a095f9206ff09e24815e67447c41b52373b40f8f15535813b4
SHA51285074f40e7fd545a603c4ac932c2b657d9db00b1dfb752593e48fa4f63e02acc1c4450e7d229d170a2c6084e6a0497de418058d8a24a8bd82ee055343ce1b9f8
-
Filesize
11KB
MD54b3c41eedf5fbd94be4dbda7c81983ed
SHA1f83b1fb11132ee6f4d1a4e46f673490be7f5f8d3
SHA2566f9d833bfb3031105b6acd4f8c025f604ac3215dde3e79146ee05e11670cabf0
SHA5129726065bc63304d3191fd30bc7ae6a6a26c26beca9d5b485c93bcf90f8b14359fa4d4b5b6c71baa021bbffa780e8506de8961ac62d71d28897473ee3809c72f0
-
Filesize
10KB
MD540d3bdf65478fb626e3a091a43f4917f
SHA18392d215cb5101c7c96394505b253118e8e61d65
SHA256100bf43da48851f934988d738f4867c61e9e5b1c343bcfa940a2539a7612199b
SHA5121d527f10e9863cec1eb0b3514f12bf3c14b9f26092bbf87a896e23b15610d125204054eb19fda50c6f758622e3405a87d551b9d50704093312c7803de46a1566
-
Filesize
172B
MD5cc27a5d937cbefccec04b76d7f01dea5
SHA135f7a5d68f682b405ae811c14e6354c7e0620053
SHA25620e34bcefee78e234567b7514e1a14bf6ea986ec6f1c3e86bb4580bf02c5cb90
SHA51292234180da1ad34920acd68b8156d6ab16c1d68d4f9e11df0f665e59b8423d945a774ab9c01fd5f22377953105d6d9fb233cab6c99c307bd2f8ebf89e5394c17
-
Filesize
67KB
MD59c209d629a5ae23c3de26600761997fe
SHA16d5194da77010bf4f80798615f78c0035ba48842
SHA2569fe51007708faa01eed1569d832cf4d4b6735e9d84e506890f2072fc0f18f73c
SHA512f9de1fe89e9c6eaa075c492259c1526a9394d5340cbfa4baebeef2921761003bcf5fd8599507dc640d507a948367fe6aa5ce57ccaa78ad7e2593e4215c5b2db1
-
Filesize
261KB
MD57d80230df68ccba871815d68f016c282
SHA1e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA51264d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
-
Filesize
184KB
MD5c9c341eaf04c89933ed28cbc2739d325
SHA1c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
SHA2561a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
SHA5127cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
-
Filesize
15.9MB
MD50f743287c9911b4b1c726c7c7edcaf7d
SHA19760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SHA5122a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
-
Filesize
211KB
MD5a933a1a402775cfa94b6bee0963f4b46
SHA118aa7b02f933c753989ba3d16698a5ee3a4d9420
SHA256146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc
SHA512d83da3c97ffd78c42f49b7bfb50525e7c964004b4b7d9cba839c0d8bf3a5fe0424be3b3782e33c57debc6b13b5420a3fa096643c8b7376b3accfb1bc4e7d7368
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
16.0MB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
628KB
-
Filesize
196KB
-
Filesize
136KB
-
Filesize
524KB
-
Filesize
172KB
-
Filesize
632KB
-
Filesize
576KB
-
Filesize
1.2MB
-
Filesize
2.8MB
-
Filesize
1.0MB
-
Filesize
1024KB
-
Filesize
192KB
-
Filesize
760KB
-
Filesize
1.6MB
-
Filesize
688KB
-
Filesize
620KB
-
Filesize
96KB
-
Filesize
208KB
-
Filesize
156KB
-
Filesize
48KB
-
Filesize
200KB
-
Filesize
200KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB