Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe
Resource
win10v2004-20231215-en
General
-
Target
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe
-
Size
1.6MB
-
MD5
ea4d996b472fabecc83c821342a6f2da
-
SHA1
3d6f8b3ea30f2da6392843b09c6a4039bda72040
-
SHA256
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704
-
SHA512
fd44c2ad95e661fb4de273cc21a3102a8f1361f7377bd1bf6228476f3e41a3c52159d991cdedd517b139c35c102d2f8539db51b30b45c37230876824d854f40e
-
SSDEEP
12288:PZak9NyN+gGo3gnqYI2xsuz+dIoMfySCbne++ZgmCWJ3Mi1EesvxuAySjZF:99NyN+F0YfxzccaSL++aGJFayKZ
Malware Config
Signatures
-
Executes dropped EXE 20 IoCs
pid Process 468 Process not Found 2372 alg.exe 1660 aspnet_state.exe 2872 mscorsvw.exe 2640 mscorsvw.exe 2560 mscorsvw.exe 3020 mscorsvw.exe 2060 dllhost.exe 1616 ehRecvr.exe 2076 ehsched.exe 2296 mscorsvw.exe 2088 mscorsvw.exe 896 mscorsvw.exe 1484 mscorsvw.exe 2288 mscorsvw.exe 2964 mscorsvw.exe 2628 mscorsvw.exe 1344 elevation_service.exe 3048 IEEtwCollector.exe 1912 GROOVE.EXE -
Loads dropped DLL 6 IoCs
pid Process 468 Process not Found 468 Process not Found 468 Process not Found 468 Process not Found 468 Process not Found 468 Process not Found -
Drops file in System32 directory 6 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\162839bc3db14c9a.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\system32\fxssvc.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\system32\IEEtwCollector.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat GROOVE.EXE -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe -
Drops file in Windows directory 27 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4516257F-CB2B-49ED-8DD4-9574CD66F8E6}.crmlog dllhost.exe File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4516257F-CB2B-49ED-8DD4-9574CD66F8E6}.crmlog dllhost.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\ehome\ehRecvr.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\ehome\ehsched.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenofflinequeuelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat mscorsvw.exe -
Modifies data under HKEY_USERS 6 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie ehRecvr.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\Version = "7" ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings GROOVE.EXE Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\Software ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft ehRecvr.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2660 69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe Token: SeShutdownPrivilege 2560 mscorsvw.exe Token: SeShutdownPrivilege 3020 mscorsvw.exe Token: SeShutdownPrivilege 2560 mscorsvw.exe Token: SeShutdownPrivilege 2560 mscorsvw.exe Token: SeShutdownPrivilege 2560 mscorsvw.exe Token: SeShutdownPrivilege 3020 mscorsvw.exe Token: SeShutdownPrivilege 3020 mscorsvw.exe Token: SeShutdownPrivilege 3020 mscorsvw.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 2560 wrote to memory of 2296 2560 mscorsvw.exe 37 PID 2560 wrote to memory of 2296 2560 mscorsvw.exe 37 PID 2560 wrote to memory of 2296 2560 mscorsvw.exe 37 PID 2560 wrote to memory of 2296 2560 mscorsvw.exe 37 PID 2560 wrote to memory of 2088 2560 mscorsvw.exe 38 PID 2560 wrote to memory of 2088 2560 mscorsvw.exe 38 PID 2560 wrote to memory of 2088 2560 mscorsvw.exe 38 PID 2560 wrote to memory of 2088 2560 mscorsvw.exe 38 PID 2560 wrote to memory of 896 2560 mscorsvw.exe 41 PID 2560 wrote to memory of 896 2560 mscorsvw.exe 41 PID 2560 wrote to memory of 896 2560 mscorsvw.exe 41 PID 2560 wrote to memory of 896 2560 mscorsvw.exe 41 PID 2560 wrote to memory of 1484 2560 mscorsvw.exe 42 PID 2560 wrote to memory of 1484 2560 mscorsvw.exe 42 PID 2560 wrote to memory of 1484 2560 mscorsvw.exe 42 PID 2560 wrote to memory of 1484 2560 mscorsvw.exe 42 PID 2560 wrote to memory of 2288 2560 mscorsvw.exe 43 PID 2560 wrote to memory of 2288 2560 mscorsvw.exe 43 PID 2560 wrote to memory of 2288 2560 mscorsvw.exe 43 PID 2560 wrote to memory of 2288 2560 mscorsvw.exe 43 PID 2560 wrote to memory of 2964 2560 mscorsvw.exe 44 PID 2560 wrote to memory of 2964 2560 mscorsvw.exe 44 PID 2560 wrote to memory of 2964 2560 mscorsvw.exe 44 PID 2560 wrote to memory of 2964 2560 mscorsvw.exe 44 PID 2560 wrote to memory of 2628 2560 mscorsvw.exe 45 PID 2560 wrote to memory of 2628 2560 mscorsvw.exe 45 PID 2560 wrote to memory of 2628 2560 mscorsvw.exe 45 PID 2560 wrote to memory of 2628 2560 mscorsvw.exe 45 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe"C:\Users\Admin\AppData\Local\Temp\69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2660
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2372
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
PID:1660
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2872
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2640
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2296
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2088
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 248 -NGENProcess 254 -Pipe 250 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:896
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 24c -NGENProcess 260 -Pipe 1d4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1484
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 264 -NGENProcess 254 -Pipe 240 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2288
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 25c -NGENProcess 244 -Pipe 258 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2964
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 26c -NGENProcess 23c -Pipe 24c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2628
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 270 -NGENProcess 244 -Pipe 260 -Comment "NGen Worker Process"2⤵PID:476
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 264 -NGENProcess 248 -Pipe 268 -Comment "NGen Worker Process"2⤵PID:2404
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 254 -NGENProcess 270 -Pipe 25c -Comment "NGen Worker Process"2⤵PID:1376
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 280 -NGENProcess 1f0 -Pipe 27c -Comment "NGen Worker Process"2⤵PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 264 -NGENProcess 288 -Pipe 254 -Comment "NGen Worker Process"2⤵PID:2216
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 23c -InterruptEvent 244 -NGENProcess 28c -Pipe 284 -Comment "NGen Worker Process"2⤵PID:2624
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 278 -NGENProcess 288 -Pipe 1f0 -Comment "NGen Worker Process"2⤵PID:2316
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 29c -NGENProcess 264 -Pipe 298 -Comment "NGen Worker Process"2⤵PID:2340
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 208 -NGENProcess 28c -Pipe 274 -Comment "NGen Worker Process"2⤵PID:2052
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 2a4 -NGENProcess 294 -Pipe 278 -Comment "NGen Worker Process"2⤵PID:944
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3020
-
C:\Windows\system32\dllhost.exeC:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2060
-
C:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehRecvr.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:1616
-
C:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehsched.exe1⤵
- Executes dropped EXE
PID:2076
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1344
-
C:\Windows\system32\IEEtwCollector.exeC:\Windows\system32\IEEtwCollector.exe /V1⤵
- Executes dropped EXE
PID:3048
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1912
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵PID:2848
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵PID:1640
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵PID:2200
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵PID:2440
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"1⤵PID:2616
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵PID:344
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵PID:576
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵PID:2444
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵PID:1496
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:2328
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵PID:2088
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1068
-
C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Program Files\Windows Media Player\wmpnetwk.exe"1⤵PID:1172
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵PID:2096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD58401c160ca224834e21e80bcc94dea96
SHA1fb87e0ac7c68caef735c5ba9928b40d2cc89f91b
SHA2563311091a8a188b174637427b3a0e9b30cae0e1b93c8b9599de7e58ec4ab7ae9c
SHA512c21fd8d71d8b7f4b5d5cd13891f2f4651dea971e1bf69bd31aadf55a30753f904b1b310e4f4c73b0895558d881374f19de947ec7edd961bdc6fefd7f9be415ec
-
Filesize
320KB
MD5792a32e90c705f133f7fde4419a9bc83
SHA1ed5576bad1e612f902f2af7f2bad7b3b4fea80b2
SHA256bd29bf9ed528b4f8f3f00081edf297db5b5ed16b5d63ef6992ad60100da7c1c7
SHA512b03a6fce79ec85cf1aca403db8134305cef38a8be3c5fcba8f689959112125792049500f522fdd9bb5249559277f5cfd946d09c67a0f849a605549bbab027ab2
-
Filesize
1.3MB
MD563f2bf28d133e554b181492feb0e9536
SHA1d07309ecaff3eb3a3755f6cc8a81818904cb34cc
SHA256755c45d94d4f6c595e7f871110d2ba9b042a9add03c509c2a35d9f409f236a32
SHA51228202cbd60e3a05db49dd5145113bcbb9241f351a087b57d42a955d13014931b89386e75d5a03e98c7bb780f885a295919149817e4452f4020831542defc25e2
-
Filesize
1.3MB
MD5d676d75bda9fb8cd785cfccace5ee91e
SHA15adab35b7b5ff625c2bf69f186a2404422c3227e
SHA256183e64c193217f7731e7c164d6f23e1a8af8018116ef0558cc889a617288c71e
SHA512031827affd2c3b34ffe44b8c9ff48fcf2331aa54321e6c3e7c87a9b5f94247a9e00610a1435252dd3a1fa632c8d7962d1a3047f672e264a3f60fb2639822635d
-
Filesize
1.8MB
MD54fae07d7e14502bff9cd43a66774d694
SHA1ad2e658efcfd44bd7132c177a76efa28c8664aeb
SHA25699ec437989c9943bedcf43ff4510ad186a5b30fbf1cd65807ac8f68cb6cb77eb
SHA512f2956b34119788b14d77c8db157fe11410d270393000afb10a9607360195bb9194a5c2efd7d3febdf8c2b49b8072828602a6db8e5b10c332848f5a1548c73fe4
-
Filesize
448KB
MD5ebcc22dcd750ce654d1ad5c9a4f5da81
SHA1288d76879301c08ebaac89410f858c87603882f6
SHA2562db5592af17264b26619185ce20e9279f0d5acaff81e5de4283308eefc20406a
SHA5129f3f2d5abfb90f828a2c85c9847bd90a907174f8b7b22b8ab8fe0e9174f52658b7d9658cdd51d5d11eb1461cf390dd513a9e39b69bfb3385b6a20e4a591c1959
-
Filesize
1.2MB
MD55476a08e52e9d56031a6d19bc6c5117d
SHA1cfdaf3f46faf552fc53a2524001a81dfc3951420
SHA256de1f6f066f3ea88be6cdc446729df06337579dd605f013a2eb751a48b10e76a8
SHA51276ad5cbb9405e3b4f79a88b8f5807871d46a05c825956aa70c98e0c146053cabc5eee55003d434565f3dfa0dc25a3740bddf7ccb074459cfb1a8a42651df3749
-
Filesize
1.2MB
MD5234e3b51c354918d468fc505e57e021b
SHA104d16ff3b01b630527a8fc4f78bdf257d5d2cc08
SHA256e42f456845ae85ad2f11580bc04d98347e2edaaf8c1fa278939889e041d1a00f
SHA5126c3c1b3e650bc1332df3d219924ba49e8d04de5f45c6a1f29bf9ab1bba55aed9a2bc8136814a1890cb51f9659ab1a29ac6378829a695ea0acd640014fafc097f
-
Filesize
1003KB
MD5662aa85cfb04d233cac91bede6a855e3
SHA15003739cc95c26a97333c2b1d3892dd83de9c051
SHA2560e77aba767543e2249e714e429009a94a54d71dfe24fbdb50a99a8b97c56ee75
SHA512fdde6cacef599031d09c5cac1ba88a802f05354d141e386b83ec4aaf0d7a846058ccdba31583250d9dd50aee474ba45d817174e421492120ef3db38fa554d9f6
-
Filesize
64KB
MD54fe88fd6e9c8637718bdd69abda29799
SHA1e329e8d4d16e961c04d411a70e1ed314b03bb2fe
SHA256e099eb0786e2fd5dd3f480688baaa1c3216ceeb8dae9649d0904917b329c1c5d
SHA5120cf84961c79f53acbb590a16ee3d8e0ab3bdacd74b1ca7685496a6b30902f3a6ac12c83ce7c91156bdfde77bff03c24ff255f6e7a4ff9d1edf85c8f54280b39b
-
Filesize
320KB
MD509a66a6e877517516a9590ce3e4c464b
SHA155298f46e154d72f8d63c5dc9eca97e9ce324fa4
SHA256f4ab02089733acf841e3325f968a7afa5005fb4118a338d78283017549a67186
SHA512a81c7bcf064be95a1acb7b461e1e6d557901f9a099c5c3329b1224ef50a8c28eb02bee9cf44d08c2e1ac68d4b96132df4cdc1e17c6dc18a26a51871545e6d1d0
-
Filesize
1.2MB
MD57c2a4f9da18463f6c861546bce697b1d
SHA1141fde3b1f00f7d12a440fbbf0561ef68bb09cce
SHA256265aa9d3731eaaa41ba7bf7c5b2eb0597572affd554f790d5b8bb6e450dc8c11
SHA512940083353409df5d4bb75ac060e254206cda10185863b2426ce3c2f0d2fedc8adcc5ef36d2963fc9f7726ec46128424a126b4067bf4c046eba718710347395f7
-
Filesize
192KB
MD594647b9ae045a19f87d2a18aaced58d2
SHA1880ba14e958174a4b027d3d99ff7e2de1e0c1aa6
SHA2564ad5467dceb8512980ebf1c48245c4d4b15764eaa2350149a4cbb98cb3004f9c
SHA512f0fcc8225ffc05af14a20bd3475d1c551a09681ae2fb4a6f0c158e697b8c983fc8aeb7722efba9806b5d77f31105cb72c7ca5c46b85e713141a8fc96167f3a5b
-
Filesize
1.1MB
MD5541bf21748b4b420edc16f3404ea2d79
SHA1f2012cadd1b9d5704180e843a97b1495b844fc42
SHA2563f493e2021d6d8d80567a4e6c051c06c0cc20015224dd65e30af3ed3e27e2731
SHA512dafae5fcb42b7f9f4662b36e55d25f1290a9d6e9beaed9ca4de3aaccfd8eca8acc970d77fdccd4f6d5f40a252d14428fe205be4d6eb857cc84b963d65b8fdddc
-
Filesize
768KB
MD5589026806fc4b325ee0139c9b8e2ffb2
SHA11c9c066520725ada97503cefd0b00f86b94a27e1
SHA2568ff156b33e363c0750c786ae17f7aa68d9c508ee51ba671e053132b69dd2ebe2
SHA51224c3491242020d7f49839fd335873c00bc4849404f4ba950fa5b68d92429b1c7d22c043adf6692270e515aea1b5b6876e76d5c09abb752369c4b4bd791a4d374
-
Filesize
2.1MB
MD5135392854238c16960a8284975d9b85b
SHA1a1b8439b098e2a8c64e43fce817f5ee83f9b8380
SHA256af5b57471dc0b50dac4d8ce35318bb29cae084bd882e2847aced1ddb024115b1
SHA512528c4c22a7c58d00c29f3f9c2f2d36317e66902cb8c55f782fe2590f846a3670e9c300b7718a83eb0c9dd54f1b7006fb60e278de3548a3bc1ebb66ffe07b045e
-
Filesize
802KB
MD5118eb98f6e26667a21eca1e322d16d19
SHA19fa056d764e98503e2c613b683ad5aeec1ece3d1
SHA256a5257985847f7958ec481dbb6e69e474ba78630395665db8f002d49017765bdf
SHA512e90362dfe3fd34c4a29642f1c96c8a74e53688db2b42279c8d15ac6abec234e10e36240d373bef743ff6135bceafc1890ce9506a949ddecbfb4866c4d5241ab3
-
Filesize
128KB
MD5a1f70d30a612e21e61139a620d07f724
SHA172642b8f86d75a2f5b50169069924cccb3267bc8
SHA25696c08d1c38461734ff5b1f4c3b268beb1a6a8f61951e9a7944a71fcab5222cc5
SHA5128239b2285828843cc0daf343dd131642ed11c3f1393f4e2ca462c43d8bfef099e0c74f88a9cc3da35dff220627257b65dbc9dc2ffb1a7b4fc33f509576119484
-
Filesize
1.1MB
MD54503afdf4f67c396ce10589b5e74a8d0
SHA11eaa6a8111838dfd3ea7e45f4bf283ef208dbabd
SHA25625957cbf70d381d0a81ca13f24b448a44f3361141491e9446523028699957787
SHA512d9628e9624149bb3542baeb5018428f984eacc88c14648c845dd9bbf2cb39656b2ca1af34b4c4f5f83f079082e88fd97a102e39fe4076c6fc8fd11a9bc7ef655
-
Filesize
512KB
MD523f3d589806ec62b19d664243a7bbfa5
SHA1882b98bd41c0f13907bf5c964f9cb3fbefcce62f
SHA25689a1b50804a28d7a8c4f6f91d6ae2334f61e44b1ece361f37271504b49bcff32
SHA5126020ac9dcef3bbb4cff2cebb4cc1162687914e9ac028617e8c3ccf3eb61844802b00fe0c5ea10eedaef2c985035d4188173ae81f4ba51701773bed09f0db9f73
-
Filesize
1024KB
MD5d409674d1267816bd0546ebb6bc0775c
SHA1cf99d8f7f6258c8d3abf42fad0ad06cdf45947dd
SHA25642148713aa341ddf037282df63aea20d848e49a73786637cd8503af7ba6cb43b
SHA51281bdea42f7da0c019997bb4b53a912b72760140c67e63adabb42423c60f49c11c825f42f4476b89407ca412474cc48128aa5830ee02b82815a2600d6ce69c963
-
Filesize
512KB
MD58a64a91cf4604190e11ffa5eed742fba
SHA1f6e4ebf6828840da95b5c8f7f4dff49c3d6e9521
SHA25606778b868c0508bb1522a10b8761a14d6007cc9c0048f733aea3f64ebabdbe01
SHA512c9be126e5d4efaafa422f53572a64d8cd38ee3655f3131eb3f58f58fe504c70c25e613ab68b5b2a24f59c6a575ac2029b414e99a39536ef17f0f1320cd09e19d
-
Filesize
2.0MB
MD5e39b30cef9ddfcaeec7edf84d1311b1a
SHA11617f29e687972f1295c226facb42ad9ce312fd1
SHA25628466d18d6b31f387487b323da1054437fe8a6a419fe4a35f915b5cf15f9b436
SHA51286dce62b15ced4613517b35fe2a4a1b94e8c07e8b81c4b0ebb236b4c072e5d0ab14faa1f88ed0528c19ca0b954f2d4b312cd144e09015123be18ec2b97d8076d
-
Filesize
1.2MB
MD53fddfcb312ac133460319ec12a283f02
SHA1bbb283080cc7a6fb3db7758b138a5a5af0a1b648
SHA2568dc56558180e7fe3f118175e8fd2a5756edb899b2e2f8c29ef3517a0779884a8
SHA512523bf011eaca164da4e6c5ddc87105cca72f9dd6e4d014479f3e68902893a6810b3644272c66510f154c80fa7510763af150b2e1cd54f4e8fcdd83dfddfb417f
-
Filesize
1.2MB
MD57244450b90ad75fd534c9f6a051a5826
SHA178f9b4fa20cd06d02856e4e8f3e0bbe04ec10133
SHA256ece8465b2c6e51ed20234ad0f7b60251180f98a0ddf5d0694b5236331ac9f449
SHA5123b2a6d4793d304bab42a4ad1053139abd2019f2a074352943ff652be32ff38ca6d6c36760a6443f47657b910d6fd2dc338451b9bc350fd82619ae4dfe83fe5c4
-
Filesize
1.1MB
MD53587fbf140669ff1b1437b8bb9883c51
SHA143f460d823dbca7086329962b507b637cba14c00
SHA2566606f2c603ba0324784930693eb34c63f30c033021a6af3593986a791ef3a472
SHA512fd515e278af33a9a5855339b00ad09ca1d4331e3380ebe3e6f6951ef5ac3d769df7bdfa2f4fb50436290f3aa6f4e7da99f8ef1b0fab767c20e53a832b53938c2
-
Filesize
1.2MB
MD53864b01a373c0957045e8a4d3f17b16e
SHA1a21367a1b1174cdfc6490f45237208b886567e48
SHA2563001217227fd5c298c0e956e06c17da8c8c13f39c67c4fdc57b876b71881ea6d
SHA512013b9f63508a350f49ffd703e637e8467178fc7851531ce8da9bcbd419708f2ca43c2b68dec276ae5421656c929b22a7f038919e5ff4bf5fc4fc76cad46b825e
-
Filesize
704KB
MD505fff14ad4012dbd0f407d3a67f02479
SHA1e5dd91fc53ffb9e87c7003db286b327a17448b37
SHA2566a36e3eaea2e82c6c0724ab28a43cbc9e2ddfaef4fc62a9bf897288df7031810
SHA5128a9656578020cc0f0e21829d4fb7ad2bd16a23fef82100aed07dc581699f40a88d8229c166ab2c969fd0f8d38a1cf47777affcf32ece4b2b244b069ad23d54bc
-
Filesize
1.2MB
MD52b614a5bd43b94f29fccf280c7148e1e
SHA19f20338237cc0dd9c5bfae272d070d1aa5cad264
SHA2567bb75d0535152bd052f91f625cc8bf4af27232ca3dc57055beb917b03605efa5
SHA5124a86e959e328abeb295045feeb8b2ee10d5af159fefa21a868192bd6f636080398d10739f141a6435f8e31269a337d5f7ae83dac5439f6f257b6fcbb3a01a3a8
-
Filesize
192KB
MD50796085491415837ead6e759e8fa7e2e
SHA175c82a92182014130cf32255e6774cd446f14dfe
SHA2561918c136775352fd31acfdfdb4258d6bd2cbd07fcfa724f199103432b03f3531
SHA51235ce68248cf23f7d583adcb8b30026376a398774ec5a7a2f0668f1343ad1f6ee26c1c9c5661e1f9f7a563dfb881ea84e06a5f8a6fb00a81ee12d730cf5170682
-
Filesize
896KB
MD55c0df70aea85f01aa5ebd6bf996a3b70
SHA1f3e175070c08d618151a8cbc814ed02e849b4cac
SHA256f5aae8f55ad3817063216abbbe754765516387e2dcb48ab2a88ec7637da21145
SHA51234d7d584d07515c6e89199b51f2db956996d2917ff6ab618f5f9a393a750492e8a15830b0bd1edb34263cf51c27a1398d0628c70ebfa52cfd0dc798a5b3d7104
-
Filesize
960KB
MD59db2e4c82f4db3c93611e5f202ae6596
SHA11e51a4c910a55da760e050ffbc59c5df829a4301
SHA256657b48ee1984e41083f5dfff6fa8af5f837a7ec63c48f5e55936de1f0c5880ab
SHA512cc8b569786b1711082574785647f006a27cd76133201e1f1f6f25e617034ee60f88be9bd9090ca2676a45673c6ffd3fdc13378dc89ddcaf16cdcef0c9099fe0a
-
Filesize
640KB
MD564e87963d969f22995d95779d61be85f
SHA1151dcda3bcc01b39ad85c50d1f6ab3e44204aa3e
SHA25671b6e4257a7e4d0a79d60099b1f01e214c13b26addc762bdad41bb59091ca68c
SHA5127904eb970eac9726827a4803117688ca962a72956d003993dafbaf6db6efcdcc783a4ab6bada6066069aa5e08094ded6f5a0f796af31af8dca971d698e30e498
-
Filesize
576KB
MD57b7d5b6b5d725a0d7565591a225f45a5
SHA10cad22f24aba279604d1713dce30843639847a41
SHA25665a56f9f238d41a7804063ab14acb404a4a9acacf1364878f9e46c7d54ace036
SHA512047f6fc0850c4443597dba46cb66ae3c98885f9ad5c258e1975740b29dcf456d625ac2da0da85319b6ff5805f2d72b9024778313399fd3640c18486c724d253a
-
Filesize
1.1MB
MD5bdde4fb477feabd7fffd0eab86865cd4
SHA1d398613e225ccc84cd3566693eea20ef64df9c78
SHA256952d02c4aa8db6d2daa4c6e5529e4b1bc1350d2efadedcd47bc8d4db65a9571f
SHA5124df54ef44fb85f469d5d6482f1efdcf02fcb0139ea74a64e23aa81349c4096f3a6bce8a1e0c5caee76d13317410b607b79ec4c191646de5efbfa25ea09d0b027
-
Filesize
1.2MB
MD56e3a2941293492a95795d743ccac49ef
SHA1f2e1196fc4bb6e1cc04747a149056381ed622d44
SHA25699016717455759057e31fa6b20c218304c8d657ce122e19a67b6bb348a6fed73
SHA512bd5fe98b2ae0aa29a03003781c383cc0f9de22ae07e40043f6291aa2c945c509a0d75a579f9ec4add3d72fcbf317b6cde8613c6a20fd11d00f7c80b13c9f8632
-
Filesize
640KB
MD53149799e5494f122dc047988d983c493
SHA15eadc571a91226a9987df162cc0a3e143274d394
SHA25650f2f586357f9d042d4ddd6356f2d98b93e4af9eaf1114a2fb6a6598c2b6e941
SHA512e587572ab39577716346d4325520d98eca848c2690169bdb50fe59edfa94d9beb026132d1a3e2595a9370fc3d2a05dff4d03ef1a77ffaeb2c61cf8f744e8dc2a