Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
84s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
10/09/2022, 11:38
Static task
static1
Behavioral task
behavioral1
Sample
aaaaaaaaa.txt
Resource
win10-20220812-en
General
-
Target
aaaaaaaaa.txt
-
Size
3B
-
MD5
3c3662bcb661d6de679c636744c66b62
-
SHA1
68bb04bd54b8f6c530695e0b77de298276a0511d
-
SHA256
98d44e13f455d916674d38424d39e1cb01b2a9132aacbb7b97a6f8bb7feb2544
-
SHA512
98923710a30301e03d25bc9ea565d4cfb738b7390dc91871cdd368bd58b959e57dac211730538be0433f85a1a3011bbab9a91b1232022694b7f66ac49109f4a1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 6 IoCs
pid Process 4100 DiscordSetup.exe 192 Update.exe 4384 Discord.exe 2392 Discord.exe 4016 Update.exe 224 Discord.exe -
Loads dropped DLL 3 IoCs
pid Process 4384 Discord.exe 2392 Discord.exe 224 Discord.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rescache\_merged\4183903823\810424605.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\3877292338.pri taskmgr.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings firefox.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 4196 reg.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2064 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 38 IoCs
pid Process 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 1496 taskmgr.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 4384 Discord.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1904 firefox.exe Token: SeDebugPrivilege 1904 firefox.exe Token: SeDebugPrivilege 1496 taskmgr.exe Token: SeSystemProfilePrivilege 1496 taskmgr.exe Token: SeCreateGlobalPrivilege 1496 taskmgr.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
pid Process 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 192 Update.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe -
Suspicious use of SendNotifyMessage 41 IoCs
pid Process 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe 1496 taskmgr.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe 1904 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 2672 wrote to memory of 1904 2672 firefox.exe 68 PID 1904 wrote to memory of 3304 1904 firefox.exe 70 PID 1904 wrote to memory of 3304 1904 firefox.exe 70 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 3048 1904 firefox.exe 72 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73 PID 1904 wrote to memory of 4032 1904 firefox.exe 73
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\aaaaaaaaa.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2064
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.0.1221205435\64058728" -parentBuildID 20200403170909 -prefsHandle 1512 -prefMapHandle 1484 -prefsLen 1 -prefMapSize 219938 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1592 gpu3⤵PID:3304
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.3.1891808887\1291533890" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 122 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2236 tab3⤵PID:3048
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.13.1395829157\1558099394" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 6904 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3440 tab3⤵PID:4032
-
-
-
C:\Users\Admin\Downloads\DiscordSetup.exe"C:\Users\Admin\Downloads\DiscordSetup.exe"1⤵
- Executes dropped EXE
PID:4100 -
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:192 -
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe" --squirrel-install 1.0.90063⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4384 -
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exeC:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9006 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x468,0x46c,0x470,0x464,0x474,0x75c3850,0x75c3860,0x75c386c4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2392
-
-
C:\Users\Admin\AppData\Local\Discord\Update.exeC:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico4⤵
- Executes dropped EXE
PID:4016
-
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe" --type=gpu-process --field-trial-handle=1608,18303675659133119154,465852867847620690,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1616 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:224
-
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Admin\AppData\Local\Discord\Update.exe --processStart Discord.exe" /f4⤵
- Modifies registry key
PID:4196
-
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1496
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5ea40498db49354e7ade5ac4d884ca901
SHA152cd6a1e7760e0920496ddcd93de32dfdbece0e6
SHA256e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff
SHA5128a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047
-
Filesize
3.5MB
MD5cd8a3be4d5871171fd0b107132d97be8
SHA1415258c10477a49d0c046a12123ff7abe957612e
SHA2564a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA5124acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
-
Filesize
112.5MB
MD541fb1601776da84d51b49702c58ff45e
SHA12d6e9c7a611e4c5a43b2b948e264543014c7b55a
SHA2561e7bd4f22e932e852f2da637800f4241e9ac7cd2888a26cf1b600dca68b872d7
SHA512aebe8795a2f3c8bb3d8d7b782a173a1c2f3b866e00d9a4089aa2d20baa32708443cfd49f31024d292a95cf8b2e4148c1ebddfd0c7eb9c962e8c2ba984f7bd744
-
Filesize
112.5MB
MD541fb1601776da84d51b49702c58ff45e
SHA12d6e9c7a611e4c5a43b2b948e264543014c7b55a
SHA2561e7bd4f22e932e852f2da637800f4241e9ac7cd2888a26cf1b600dca68b872d7
SHA512aebe8795a2f3c8bb3d8d7b782a173a1c2f3b866e00d9a4089aa2d20baa32708443cfd49f31024d292a95cf8b2e4148c1ebddfd0c7eb9c962e8c2ba984f7bd744
-
Filesize
57.6MB
MD57a11c2a55c6c91369f292683bc878043
SHA1bf0729d52d82438d3fe3dde815157895f8535734
SHA256773ea40939b01fff147f974d3dad9bfaf1dcb6309e2edcfa3c3015d7c56e190a
SHA5127f2ddcca1b9c6b62452463e6be5fa87119ec48202c6f7ae4cac96418fdc157e46fcf1901e98be17bc3c04df338876787f948b542e3de2cd4bfec626fa1cbbea7
-
Filesize
36.2MB
MD5af516f9c8409d8094ec93b16516422a8
SHA135b68976113fa8da0d410e92e3251ed0debafe33
SHA256d6a39d04118d5a1d0e4324170b94796c9e4d3c71b3effee498f9bd8b74a6bde2
SHA512f70ea31d06d485788704706b5dace3a2713715952089eb1d20743598666163c75e5ac1b000001a891d0594e9aecf198b498c2233ddc5e748db46a61afeb471fb
-
Filesize
278KB
MD5084f9bc0136f779f82bea88b5c38a358
SHA164f210b7888e5474c3aabcb602d895d58929b451
SHA256dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA51265bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb
-
Filesize
138KB
MD5da26775fd7a54d4e8755fd667b5f70db
SHA16ff37c107fed247d3717c855287d5de3142a9531
SHA25643b28df6f3428378a0a630492a3405e613bc816cd2a390c56e44cd6b49dbe5b4
SHA512b16ccad1fc8c7dfc08d0d8877c05d41c494b1546836399e06bd04354b3e387c155d9d74812cf01e20dde946fdb2e547549599d8907d828ab1cebffa584d8db15
-
Filesize
202KB
MD5d4bd33dcff9d6361b6c985d958953373
SHA138f866b35cd642d4acb4f7efadc6d9f899b55d30
SHA256abb69e43745fbd63be2933204ed98c387ae703487283509c65415867e3c867ab
SHA51278a687ffac48b7d422bb33f43bbb8b7511879b287f20484c6fd591343428cff1d2cc07521b982eb4cba5a22324ee7f4dab031fdeff05462ca43b81a528c878f7
-
Filesize
2.5MB
MD5734423195bbc6da0080993cb09a8df34
SHA1068ead5b628b2a01b0d70262584fbc775667d2a5
SHA2561026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c
SHA51230b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088
-
Filesize
9.9MB
MD580a7528515595d8b0bf99a477a7eff0d
SHA1fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA2566e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459
-
Filesize
88KB
MD5af5c77e1d94dc4f772cb641bd310bc87
SHA10ceeb456e2601e22d873250bcc713bab573f2247
SHA256781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4
SHA5128c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c
-
Filesize
4.9MB
MD567f916ca62254aea146598b68c5c7430
SHA10287c09199a0d161aa7969b5358b72505ad75fb7
SHA256735d351b7a7bf0dbd5fdaee9a68a431b3c1db383403ca3c60fb3d4977ed94993
SHA512ea8cbec8be6b1dd622189cf5d905c3d5dec5f4b85db0f17fdda4f3e7fe67f35de0e79d30a1d2e1f64d2de212d8391e52c54dceaad736e141a6b3f7261b275819
-
Filesize
8.7MB
MD5e266461d8e76cc8114d1f361d0be08f0
SHA176d59c133cdc6817997dc4448a3ffdef9a9f65bc
SHA2564bb6da4ee8ef4fff6aad93ea60afad58d5e339791ca0b54d21a00b45536db0fe
SHA5121efc14fc68e290303add03d7111914647dff0a8b0c6be0444436ae663e9a4da0721856f61a98f9a89ccc4564ecc2107ba4021623d5675a9a199b9ea391784c43
-
Filesize
85B
MD5957c7aadfed8c96fe3b05cfa73253981
SHA1d291942f0270c076a1065dcb89b757ec1f50a956
SHA256853c396ec96ad7f57bc2475196aeadaa317515332a8603c9a9c959907f9a77bc
SHA5125168968c980f7143fe032d574ffe02695545c2cf686a2ae9d382448d5839558f5f548407a83ff427274f1bb21fb1e3fa15b33ade5a2aa57bd16f163e01270a96
-
Filesize
384KB
MD5208ed640e7006f54d6117297d9f8c8d5
SHA1a7489be0fa434c7b05ab9ce8ef022011022b9b46
SHA2560c23ae30a3959cf21b9346ce86b9661059710f132a2922f1f89e846b06ba6175
SHA51230aa53ab521448f0db9e466be5b4d2267a84c780f30de0255875c3d93151bd2e870ef43c3370166e182507f5871559666296fc26ab43c2a40767744ab0a91d66
-
Filesize
2.7MB
MD509c96e8861f65ce00c62bbf757538bc7
SHA1dbe9e6b0d1f78729acb8b8c710c1ff8208e2c295
SHA256d1c25d5ef0e35caaf0a5824f65273655363fb119b8daff406e97e6b1b54c5cd8
SHA51298f8590a2cd7c9a51c9d0c7909b59642717bfc02b82272da2ad322ce1d8bc8c07323d4364b4f31e890b899fc548cc4b52921787d4218e472538c094728c3c58f
-
Filesize
161KB
MD5d88d23551a4d7230f98fe0cbd363695b
SHA18e28eb4153e00aa5345bdb539b925a777588a26b
SHA25672c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4
SHA512ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284
-
Filesize
33.9MB
MD5bc301ac018d7bfbe095c8cc62dfedd03
SHA113b5f54924e7b18d7f3a7f8e0e6fef328a735e6b
SHA25622ab405433e3fe048e637e0e9fdc2fe3345efbe08b5e8acd737d363d03edfb1f
SHA51224595a1c403b196848f030264b25d3e42a3519e9e6431689e44bd8ee1aa7edfbbe28166480870dfb82c6bb2c20d390c5c599b07c3c3a3e270b0c441776e30b05
-
Filesize
80B
MD52d3608933b5d865b4799e3af182236ac
SHA158de01c2ee7bd258789cef995e21e433e39bf39e
SHA256d109be8ae4fcb48a282d930048c2601fab2cd0f73fd281991ef526d2db6f0aec
SHA512a86dece33c4e661e3f34ad104b0d421cb08478dabcebb6dd4993e5a95849fe44928f586179dd17ab00066951ec000e306d1c33c1e07e8ea533efd4fea7a3e42e
-
Filesize
1.5MB
MD5ea40498db49354e7ade5ac4d884ca901
SHA152cd6a1e7760e0920496ddcd93de32dfdbece0e6
SHA256e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff
SHA5128a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047
-
Filesize
78.4MB
MD523fe2955f52b7d3225aad063ef707d3c
SHA153c53411b9ef1eedceecad3415fa0b927f9004e7
SHA256dec2603d14cde8184fef536a8486b85374f5205df2f3be666deb1962024e4517
SHA51241bdfcfae2e2fa81ad0cc968bea507074348211300e898255fe030568373e1a27e0760f39917254b9c04a320a01944860d35afd7c44553a68fd1e72682b1d308
-
Filesize
80B
MD52d3608933b5d865b4799e3af182236ac
SHA158de01c2ee7bd258789cef995e21e433e39bf39e
SHA256d109be8ae4fcb48a282d930048c2601fab2cd0f73fd281991ef526d2db6f0aec
SHA512a86dece33c4e661e3f34ad104b0d421cb08478dabcebb6dd4993e5a95849fe44928f586179dd17ab00066951ec000e306d1c33c1e07e8ea533efd4fea7a3e42e
-
Filesize
1.5MB
MD5ea40498db49354e7ade5ac4d884ca901
SHA152cd6a1e7760e0920496ddcd93de32dfdbece0e6
SHA256e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff
SHA5128a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047
-
Filesize
1.5MB
MD5ea40498db49354e7ade5ac4d884ca901
SHA152cd6a1e7760e0920496ddcd93de32dfdbece0e6
SHA256e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff
SHA5128a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047
-
Filesize
40B
MD5a403ea555adbd9cc5ae29cf746fa6aa4
SHA1c006dcbab82a3d9584e05b22a630537a57e40ab9
SHA256b6c0ca22897055ac33f59459b3c690b708a36c04b95c2ea12d916dad6e911394
SHA51223878022b88458692eb87366b76359deee192a60c384d401dff39f98c623fef81ff407bdba415eaa0a49baeac450152eff86eaef1d009a9fbb871abdfb990b7d
-
Filesize
79.3MB
MD5d2b7dc955ef2c5c0dfeac6b33e322f7f
SHA102b8ecb01763420497be37e2a1da7ba06932a3cc
SHA25699f427a688d6f00735c209c0de1aaa615aa630f4fbe9108f36212df9464cc869
SHA512ec78ec449a9c906b71be76031c7001ea8e17c4663b9eb3ad13f21d2eb6955308f1ae822740ae71f575efd6789ae0560fda2e3408d7312e46ca88f3cc8375cc00
-
Filesize
79.3MB
MD5d2b7dc955ef2c5c0dfeac6b33e322f7f
SHA102b8ecb01763420497be37e2a1da7ba06932a3cc
SHA25699f427a688d6f00735c209c0de1aaa615aa630f4fbe9108f36212df9464cc869
SHA512ec78ec449a9c906b71be76031c7001ea8e17c4663b9eb3ad13f21d2eb6955308f1ae822740ae71f575efd6789ae0560fda2e3408d7312e46ca88f3cc8375cc00
-
Filesize
3.5MB
MD5cd8a3be4d5871171fd0b107132d97be8
SHA1415258c10477a49d0c046a12123ff7abe957612e
SHA2564a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA5124acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
-
Filesize
2.5MB
MD5734423195bbc6da0080993cb09a8df34
SHA1068ead5b628b2a01b0d70262584fbc775667d2a5
SHA2561026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c
SHA51230b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088
-
Filesize
2.5MB
MD5734423195bbc6da0080993cb09a8df34
SHA1068ead5b628b2a01b0d70262584fbc775667d2a5
SHA2561026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c
SHA51230b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088
-
Filesize
2.5MB
MD5734423195bbc6da0080993cb09a8df34
SHA1068ead5b628b2a01b0d70262584fbc775667d2a5
SHA2561026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c
SHA51230b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088
-
Filesize
384KB
MD5208ed640e7006f54d6117297d9f8c8d5
SHA1a7489be0fa434c7b05ab9ce8ef022011022b9b46
SHA2560c23ae30a3959cf21b9346ce86b9661059710f132a2922f1f89e846b06ba6175
SHA51230aa53ab521448f0db9e466be5b4d2267a84c780f30de0255875c3d93151bd2e870ef43c3370166e182507f5871559666296fc26ab43c2a40767744ab0a91d66
-
Filesize
2.2MB
MD5a9aa0c3bee97045e84b7a1bfbfeb96bb
SHA17f401d3bc8b9393022bc41e415cf052de7ca6414
SHA25633fe8cc59fe0c36da93c089732593ccc4066f0b1330893ede9a9d11ac31c24ff
SHA512820449893276ff9320d148006e392e46dad47682ae40f25c263e88bd5a1d4a6e71ca06720d0b06d7ccfebc45cb5f41af1f6d5b57aa66f9f14ce73bed359aadc8