Resubmissions
01/03/2025, 12:05
250301-n9ewpszxft 1001/03/2025, 12:02
250301-n7vjda1mv9 801/03/2025, 12:00
250301-n6askszwhw 1001/03/2025, 11:57
250301-n4qe9a1lw5 801/03/2025, 11:54
250301-n246mazwby 801/03/2025, 11:51
250301-n1j43a1kx6 1001/03/2025, 11:48
250301-nyxmda1kt4 601/03/2025, 11:46
250301-nxbzaa1jz4 10Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
-
submitted
01/03/2025, 11:57
General
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye
Malware Config
Signatures
-
Downloads MZ/PE file 4 IoCs
-
ASPack v2.12-2.42 2 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE 5 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 36 IoCs
-
NTFS ADS 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 61 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware/GoldenEye1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffb7a3cb8,0x7ffffb7a3cc8,0x7ffffb7a3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\CookieClickerHack.exe"C:\Users\Admin\Downloads\CookieClickerHack.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1640 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Launcher.exe"C:\Users\Admin\Downloads\Launcher.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\CookieClickerHack.exeC:\Users\Admin\Downloads\CookieClickerHack.exe3⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\ScreenScrew.exe"C:\Users\Admin\Downloads\ScreenScrew.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5149744438327560200,1203699326760554475,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5660 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Windows-KB2670838.msu.exe"C:\Users\Admin\Downloads\Windows-KB2670838.msu.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54815ecce34e90c0f6ca91c7e35be703f
SHA161ec0042ccee59f6bdf6b96eb9f412cc97717702
SHA2565db366717739338c23e07ca15aea2b48924a3b3ecacb214221239333b11ae7d6
SHA512751dfd6eea90fc4efb557611e8afc6ef1634c4e2bdd97f3c72638def09f644ebd8bf5696b9ed8379973106524d08c67188f7f64c0f941e8f95109920120dae05
-
Filesize
152B
MD553c68f0f93ab9a94804c00720a0bcd9a
SHA19009307d51e1fd60f9a90d77007e377c7f893434
SHA256a38f0777d4ca9e777191cc924c22eb1847ae805ab79ff224860e8c70d7f49422
SHA512a1d5b92fced821328a668fbfe9ad694b99c873ffa3ed28aa5bf1e8ef8054486289b5ddb26236cfa7c1ca0db993f306cdfc5878480b6a543aca1620075f77d670
-
Filesize
1KB
MD5b1e805d1447034fcfa38e218617a2c7c
SHA1792fc51805a47626d6c2cd6ddac449e436f9963f
SHA2566a25c49802cb06a33a748a83638e37947692bda253d21872100413bbb549926e
SHA5123119068c3d4d33eea9d6bac60fd77339b45160469e63cf3f6d461534a5a361b840e1bf0706e0a8edc3d13a6a0d496b9619779ccab468f99a2319a16486ec69cb
-
Filesize
579B
MD5f6b24ad07edab42c88540a87562c81de
SHA1dd8691937a6a089fd58b9db56b6f599022b48168
SHA256ab8d2b9c88df9ac33fbf60ee72a5d8c84d0dbb28ebc1de08a4bae02a8af8071f
SHA5125fa8a1df39ee12048ba5817c1962cb897a3454d69d78ad4c40e0f72fe04c4ccfca674a2d629dba8376f2862ca587163435318d4cd7b5ab5c64ec03703322ae1c
-
Filesize
6KB
MD5d01f6da1714517f022fed7d39f4fad91
SHA16882999125ea4005f34b0b811f4d8844cc2dc6e6
SHA2565fd2c0a914785b234012d24ec08dc41533ecdbc5f211ead289a45a73a966e678
SHA5124260d00509cefcae41272e984164fa2540ec98279a541952d23e73ff4163cb23a20a8a51d951a297d6b2c5ad0a036e82fba6d360315ddf8fc9b238455b9ddabf
-
Filesize
1KB
MD538486e367e6f36985fe57c05bd64b9ae
SHA14eb5620a09446f194299f50923eca7c30f2cb2f2
SHA25622c61daf02f07b9698ebf5e09fa720da518f500be5d094c1f71f01d618459a34
SHA512d0e5bf57558c48ae3111f18b7463c6347a8b3e9ed9f00d6a5f19404d8213818305288733ae599eb881ecb960e8018b78fd76565a9c6bee874d5689775ceb1e37
-
Filesize
1KB
MD5d7b0c2742ecfdcc0160b5c911c6dc85e
SHA170ab46537f8fa6de31283b41cee47bfe880467fe
SHA2567df64f13af9b7680663c6bccddc28c82022bbacbadd0d86a111ae47393894c41
SHA51260825c268dacbbbf63c7cfb8b4e7b6a7872c76d565a3f46cfef41416eb717d364091221c7d8926c155e5c17d9a761c9b5e4d2dc2564161e4d6bc6207e93f24be
-
Filesize
1KB
MD5e3bdb60e3f163ac291b22483c2685918
SHA162b2c518e499173f2a0bf8d33adf1e4244b42058
SHA2562328fa7cc430441e5a03d0b119abb9e2637b8c1ad8b838f47091346b934f4126
SHA512c3ab854bcedea77be7873543c96284c6c832c7f984b1fabc5cf94f2e2f9e785527975c601799470bdf3aa8d253db1f15aa6c929d508f91d89b38f09c6c48e708
-
Filesize
1KB
MD51e70b8d2308e6bb0a7cbdacbb281c958
SHA1fe309cde9b502433c07b3b7314156b63bfbd59f6
SHA2561f86c7d609df6cb1b2bb14541de9c365c03ec7e04c8bdc59c325d669e79a7655
SHA5126b97068f273ccf8ec1c78eae432b5e1876d2eecd5c22c61ea1260e979a409b47285f67a3f68209a1303db0b9e61e2344ebdd7e21ac4e04d846eecd263bbc06e8
-
Filesize
1KB
MD511dd6befa70b44e1994d8c7c138a63da
SHA1d33133519fdfbf7151278404c30d384c8202a762
SHA2568a646b654a3c5e9d03dbdeedd280abf30f5756fe0743f2554c407568ccee8a6a
SHA512d292087d40432e9858fb9256d17d1e16d405f12697563a996968a4e8a5fce881b94de347abe28af6441e59776f91949512f08edaaaac86030396a96ffd1e9e02
-
Filesize
1KB
MD54a19641e79b25abca4a1512238c44d9d
SHA18b75b5728b09239ac3db90f886d5da30b33ada6c
SHA256e0511e72f69c18985a48701d5a1a6cefbd342a3926a149c414b7390b39a14105
SHA5126ebe3491c6ce5cbeb4b007a1c44f2f57fe257866badb5a8f586077d13bd7defeb5585dc9e92b98438d7fd09da6a1da6cdb8bd37b87fb94742795c07e6fba554e
-
Filesize
1KB
MD579d2128907a70c4fb429ef1a2f5f674e
SHA1a75a72c7e7607e213aa2d487083160739ed2e8af
SHA25653a32b796288017ea8b04241c18bade963c4572b9b907a463e31bb8894ae9adf
SHA512b91c85e11ac24cfad79d9375225aebbcf48c38f43758dff077f9a061f0bc296454103a1f39da8fba85663c69034e7eb937f3a0dab241b7c96c490e3d283dc431
-
Filesize
5KB
MD544b25feb1384406106ad20286c86d1d4
SHA17089cf5ff9f87233258baf54902cbc8c38acb175
SHA256f6c97de7ad1fe502f92cf3136dba7c105d82b8f4ef66600e873657aa2a37ace6
SHA512fe307eea95d88902023f485e1757064819739defac8a7115477ef9210cb6d579cf4603b2b7fa7da500f680e852ace9754c3b2f74a498fcf22a7b02e1accafafe
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5e01c3d2ad7aeec76641be4cb02bea9c3
SHA1669f8b0c117a5465a4084d19575e071668ee8e2b
SHA2561cf5d3c6f9a34fb6c91f8e6702362ed1666de495652b04b0b708e0f7679b0232
SHA512b600959c41ba3f3f18fd270825e6309cd3bec7cf14a31f98ca1e5f19e92fad8536d0aa941a94ae1ec5835df40f6e544d6205993ac89397761efd0c4005c0580d
-
Filesize
11KB
MD5191a941babfbae2fbf0ac983c64c7511
SHA159503cca70880b1670aa399a17834cbab5e7c9ce
SHA2567ae0bbd359b74d5224d67ecdab0af4b2f69b73b6e6a3f4630b9e03ca853a608f
SHA512e4f0bde212b2dbd4b55a96fc144a532d4ab91360868b36616af85fdcdf5f425a30e462e2bb8004b822a8ff217b77b7daf276df29b04e5efb8c345be4c986cc84
-
Filesize
12KB
MD5e10cee9ff8307e45ec9f20fb506660b5
SHA10e8142456e994e25f1e35c8abf2017d64ab981c1
SHA256c18a053e980207e5f8d2ec63a420327c890412fd9232c4202bf7266550b79d11
SHA512f969043e4797d421048cdb7e6391028cfeed862220044a183b033d7dd9d2e71c81ee22e055f4658494698ff1a52a9a6fc2cf028191c2950053c0554b41653b6f
-
Filesize
12KB
MD51f64661b216cfadf1a58033a5b33907d
SHA18939b2f3439ec3a8210a09ef17c57609c262ad37
SHA256f168a44d4629f235892dc42aa18671244856de8b12eed3e8b7b50e9096a2ecc9
SHA5122cb4b8ddd1dab577b6de769826abc0641e8ddecbd0c6a6bd205d00cec942cbb9c5cfcf8059199db3d5eb42a083cce3db78769f97a99bf7f794624343a44b765d
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
111KB
MD5e87a04c270f98bb6b5677cc789d1ad1d
SHA18c14cb338e23d4a82f6310d13b36729e543ff0ca
SHA256e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338
SHA5128784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13
-
Filesize
728KB
MD56e49c75f701aa059fa6ed5859650b910
SHA1ccb7898c509c3a1de96d2010d638f6a719f6f400
SHA256f91f02fd27ada64f36f6df59a611fef106ff7734833dea825d0612e73bdfb621
SHA512ccd1b581a29de52d2313a97eb3c3b32b223dba1e7a49c83f7774b374bc2d16b13fba9566de6762883f3b64ed8e80327b454e5d32392af2a032c22653fed0fff8
-
Filesize
197KB
MD57506eb94c661522aff09a5c96d6f182b
SHA1329bbdb1f877942d55b53b1d48db56a458eb2310
SHA256d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c
SHA512d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070
-
Filesize
68KB
MD5bc1e7d033a999c4fd006109c24599f4d
SHA1b927f0fc4a4232a023312198b33272e1a6d79cec
SHA25613adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
SHA512f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276
-
Filesize
40KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
752KB
-
Filesize
4.8MB
-
Filesize
664KB
-
Filesize
624KB
-
Filesize
32KB
-
Filesize
304KB
-
Filesize
296KB
-
Filesize
548KB
-
Filesize
548KB
-
Filesize
548KB