Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
14/01/2025, 17:02
Errors
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware
Malware Config
Signatures
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Badrabbit family
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 10 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 3 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 16 IoCs
-
Suspicious use of FindShellTrayWindow 46 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 11 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8129e46f8,0x7ff8129e4708,0x7ff8129e47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5344 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\BadRabbit.exe"C:\Users\Admin\Downloads\BadRabbit.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 153⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Delete /F /TN rhaegal4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Delete /F /TN rhaegal5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2112599483 && exit"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2112599483 && exit"5⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 17:21:004⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 17:21:005⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\3285.tmp"C:\Windows\3285.tmp" \\.\pipe\{23D2AF5C-D195-4991-9773-49E78751058E}4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Downloads\BadRabbit.exe"C:\Users\Admin\Downloads\BadRabbit.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 153⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6472 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,11224411546077929564,16412460385430166286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\RedEye.exe"C:\Users\Admin\Downloads\RedEye.exe"2⤵
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops autorun.inf file
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\BadRabbit.exe"C:\Users\Admin\Downloads\BadRabbit.exe"1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3956855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD55bfa51f3a417b98e7443eca90fc94703
SHA18c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA5124cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
1KB
MD53656ed516d422721def89cc35143d3d2
SHA1845ccbf0ddaa905055e0e620abc6383850a2c427
SHA2567a9a8ddcaaa70736e9e73d268795e255e48c3f1e968781a0acc32d3344cee749
SHA512e1f48e653c7eec9a9459ddecfaa47a309146c2510cf85f6d41842fdba59eb61bc70f63f2bfc4f001c88633ec62fb579346f101fa0b54a5e1f16ddf292cfd432c
-
Filesize
579B
MD505cc4af9d390df2b779237e00c018682
SHA1ddf92007febb0016930010da1280bbb67ace26cd
SHA2564a83a373076b0549fc39bc75ca543ada3e9c7c655ff11e4e95ee13740b628dab
SHA512c745b6747f92fed4e3b606365d58395a38082d9bb630c88666cfb97e130ba7634d1893a52e1e6ad5f948299f4f9533010ff21b517a460977674d4493a6c68f78
-
Filesize
6KB
MD5ec4bff31940e2878efc09634d787ba57
SHA15513d5d8f21eeb948eab90cfc74317a3c44f8166
SHA256244ec9b273535523064b781525876f4def63553003000b8867b22b8c5d8398c6
SHA512eb6691318926f525b58c6b2d3ddf427dea78d689ab148034a7f242d646a8bce91e7b56c8224a9affb76921b7cf063c855abf8319fcb3836f78b97c3d0c101779
-
Filesize
6KB
MD5bfb6f0ee075434fc98e8158dc2dd64a8
SHA1f80c070aba536b6af9c6fbb94d8421e730e76c34
SHA2567dfeefc45f0f50133e765e32166bcf69f08df93f2c1c855f80c637af77183ce4
SHA51265f0a958fc66817be0632a80e187adb9271e7e6a4f49691ffe46b42d42ae5df979046127732f99f9cef3063749e4c40fd295f2e0a86e74948ffbabfa35ee26aa
-
Filesize
6KB
MD56607b2d561e8427caacddd7943ea8e1e
SHA1c385c12671701ae7717941f24a5bb0ae17dd2f70
SHA25634267f95105638b2a0e142f33f9b5fd17b63773674f9bcfeb86d9cca846da0b2
SHA5128eeb047d133b2c1ce7b424d31ba2fce47f1e72604939dc374590ec9764cd3825954b7016c89f3a47e4d2d1240ef75a987010567c6cd9a9df07e81a38b7758dc1
-
Filesize
6KB
MD54883fd51b9740d2061373c5421fd9988
SHA13a6361e7c4346529d86d8b277978a4e6d685b974
SHA256beafc5360f3c91196bdb685b65f184a8610af4747c58c1e9609dbf9913ef0977
SHA512c91b2ecc52d9cee103496a77e9d9d3c953b006195b1f883f0cfc4784b2f489d0f757efd4048168346c908dd4dbe893d72a63c1f193c4b71c18e839e4a908419d
-
Filesize
5KB
MD5bf872e5518ccf9eb15ce97d7569fe0ed
SHA1365ce3335566d70574657e9a3f35642c64a008a9
SHA256345e2029237411de7b632b42939721e711d9a1b76069e801a0fb21a5588a9bc9
SHA5126af48f66710d701ecff3e29add2a3ea47785c6a46bc82c5f58bf08a1368f58440c276da578de623368b0a2fd4ac91e716f6bde32d68056648ec7eb9a545a771b
-
Filesize
1KB
MD555b3e9991574b212cf6476326d9a364e
SHA145ab8d26acbfe8ee21df3b750800792011b76dba
SHA25614d2f9d8f1c9c07ab12a6dcb065986aafcd677fdfee524d89b80f30cf490a12a
SHA5127ea6670973e3151ee7d311326db8a56475fd4e798b35f4a73a7f5c399a2b7dd6bcd42f3a7fea4dde8321232f9f3499c5ebea9837e1923af29393a67827bd0db3
-
Filesize
1KB
MD5fd177c581c820e6ea213a2d147179b21
SHA107fc3736a0d02900fc6603e56d3d9b44969cf393
SHA256a1fdd7f2b0f33603e4b7d004060b853a40ae2aad1b88d5495ad7418009035def
SHA512633507dd6ea620eff7fc74ff9b3149352e7d625f8b2faf7bf2510be31306ffe6281960f17c0dfddce8f4b9bde4fc3d3eef3ec259e54872fa0d35699fb72ad853
-
Filesize
874B
MD5953977f68c4b68f0b6a4c9551114f42b
SHA1522ca883b62c0cb4fedfb033779a038777eb2672
SHA25623c1598205f3560544e8fff7095318a1293ab705126e0806a346dd026c767144
SHA51299f3775008aa4af19d5539bf485f65efeb16094469eefaab0c231bcdcc8d8c5f4e208e77a7a7d9d342a39344d087172c131a5c5438f8d6d7849e15b101381e65
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a2a79ccf04f2e5791f57eafb289e4e8f
SHA1a56441abc35a32320b14cd57a429e34a3b9b4fb8
SHA2564ff957bc61888fe0400e1b6bcd8da2ee97aea72f05e4765e45514456f2c7ab18
SHA5122d53d160d345815578f616207254f5f6e06bf43f6cb594027aa253219f9a97795bbbcbfec0fc5d733f62e7377981e6d600e556fbb9a720bc415a1b317a628e1c
-
Filesize
10KB
MD5146e28b5b31fd7ed6b9e9929180df71c
SHA1c7db87f8b58bfacf68b15b6d198c4428de83dc82
SHA256324a6af46492a9a7081954b6cd1d52ca279d550c89efe9509e2dd60b36968774
SHA5121f671b2b34508f0bb747a6c1bb7bfd68573639be32b846f628e82ac6c87ed78096b0756473a119a1c6ffe05c1452c3148399f9cde863cacd867a32353f0be086
-
Filesize
11KB
MD54882c9cf0f0fd2e55f817a03a38491ad
SHA1954fcbee93b5b210e6f09906017d8cfb090f0ccd
SHA256217ee69c9792bccf9eae8f24d7413c753005a8b2b2ac0459ce2f6acaf008bc98
SHA512d56d5c597f1c4ef5724afbedd047a28dae8e85adbc0b00ca9bc91aa184e85fac7724c129db37ba72ddad8a775a5e393e1b12fe327dd7f1ef435a1012043374b1
-
Filesize
431KB
MD5fbbdc39af1139aebba4da004475e8839
SHA1de5c8d858e6e41da715dca1c019df0bfb92d32c0
SHA256630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
SHA51274eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
Filesize
10.6MB
MD5e9e5596b42f209cc058b55edc2737a80
SHA1f30232697b3f54e58af08421da697262c99ec48b
SHA2569ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
SHA512e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7
-
Filesize
60KB
MD5347ac3b6b791054de3e5720a7144a977
SHA1413eba3973a15c1a6429d9f170f3e8287f98c21c
SHA256301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c
SHA5129a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787
-
Filesize
401KB
MD51d724f95c61f1055f0d02c2154bbccd3
SHA179116fe99f2b421c52ef64097f0f39b815b20907
SHA256579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
SHA512f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
10.6MB
-
Filesize
16.1MB
-
Filesize
24KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB