Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/01/2024, 22:33
Behavioral task
behavioral1
Sample
70bb0cb883fff431982f79554ce8e027.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
70bb0cb883fff431982f79554ce8e027.exe
Resource
win10v2004-20231222-en
General
-
Target
70bb0cb883fff431982f79554ce8e027.exe
-
Size
8.2MB
-
MD5
70bb0cb883fff431982f79554ce8e027
-
SHA1
07848e737a6a53d5d934a3049b929ca1184b99a8
-
SHA256
3904aeda3f5ce781de53b11513850ca321c896e25d4b88262f4a84d7f644df8a
-
SHA512
ffe627bc15a46fd883e153fef54659604e4b08762707eb92520c2ab8f1865ae06a8d590827326ba363999fec96a210ed0c4e69309029171207b162050be115ad
-
SSDEEP
49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecl:V8e8e8f8e8e8E
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe" explorer.exe -
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe -
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload 18 IoCs
resource yara_rule behavioral1/files/0x00080000000144f4-33.dat warzonerat behavioral1/files/0x00080000000144f4-40.dat warzonerat behavioral1/files/0x00080000000144f4-42.dat warzonerat behavioral1/files/0x00080000000144f4-46.dat warzonerat behavioral1/files/0x00080000000144f4-59.dat warzonerat behavioral1/files/0x000d0000000122cb-72.dat warzonerat behavioral1/files/0x00330000000142c5-75.dat warzonerat behavioral1/files/0x00080000000144f4-71.dat warzonerat behavioral1/files/0x0035000000014355-92.dat warzonerat behavioral1/files/0x0035000000014355-95.dat warzonerat behavioral1/files/0x0035000000014355-99.dat warzonerat behavioral1/files/0x0035000000014355-108.dat warzonerat behavioral1/files/0x0035000000014355-115.dat warzonerat behavioral1/files/0x0035000000014355-110.dat warzonerat behavioral1/files/0x0035000000014355-122.dat warzonerat behavioral1/files/0x0035000000014355-121.dat warzonerat behavioral1/files/0x0035000000014355-120.dat warzonerat behavioral1/files/0x0007000000015609-227.dat warzonerat -
Modifies Installed Components in the registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR" explorer.exe -
resource yara_rule behavioral1/files/0x00080000000144f4-33.dat aspack_v212_v242 behavioral1/files/0x00080000000144f4-40.dat aspack_v212_v242 behavioral1/files/0x00080000000144f4-42.dat aspack_v212_v242 behavioral1/files/0x00080000000144f4-46.dat aspack_v212_v242 behavioral1/files/0x00080000000144f4-59.dat aspack_v212_v242 behavioral1/files/0x000d0000000122cb-72.dat aspack_v212_v242 behavioral1/files/0x00330000000142c5-75.dat aspack_v212_v242 behavioral1/files/0x00080000000144f4-71.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-92.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-95.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-99.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-108.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-115.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-110.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-122.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-121.dat aspack_v212_v242 behavioral1/files/0x0035000000014355-120.dat aspack_v212_v242 behavioral1/files/0x0007000000015609-227.dat aspack_v212_v242 -
Executes dropped EXE 10 IoCs
pid Process 2060 explorer.exe 2924 explorer.exe 852 spoolsv.exe 1912 spoolsv.exe 1724 spoolsv.exe 332 spoolsv.exe 640 spoolsv.exe 2176 spoolsv.exe 1704 spoolsv.exe 2032 svchost.exe -
Loads dropped DLL 52 IoCs
pid Process 2260 70bb0cb883fff431982f79554ce8e027.exe 2260 70bb0cb883fff431982f79554ce8e027.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 1620 WerFault.exe 1620 WerFault.exe 1620 WerFault.exe 1620 WerFault.exe 1620 WerFault.exe 1620 WerFault.exe 1620 WerFault.exe 2924 explorer.exe 2924 explorer.exe 2412 WerFault.exe 2412 WerFault.exe 2412 WerFault.exe 2412 WerFault.exe 2412 WerFault.exe 2412 WerFault.exe 2412 WerFault.exe 2924 explorer.exe 2924 explorer.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 1600 WerFault.exe 2924 explorer.exe 2924 explorer.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 1332 WerFault.exe 2924 explorer.exe 2924 explorer.exe 1660 WerFault.exe 1660 WerFault.exe 1660 WerFault.exe 1660 WerFault.exe 1660 WerFault.exe 1660 WerFault.exe 852 spoolsv.exe 1660 WerFault.exe 1704 spoolsv.exe 1704 spoolsv.exe -
Adds Run key to start application 2 TTPs 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" 70bb0cb883fff431982f79554ce8e027.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" spoolsv.exe -
Suspicious use of SetThreadContext 6 IoCs
description pid Process procid_target PID 1684 set thread context of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 set thread context of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 2060 set thread context of 2924 2060 explorer.exe 33 PID 2060 set thread context of 2896 2060 explorer.exe 34 PID 852 set thread context of 1704 852 spoolsv.exe 46 PID 852 set thread context of 2180 852 spoolsv.exe 47 -
Drops file in Windows directory 5 IoCs
description ioc Process File opened for modification C:\Windows\system\udsys.exe explorer.exe File opened for modification \??\c:\windows\system\explorer.exe 70bb0cb883fff431982f79554ce8e027.exe File opened for modification \??\c:\windows\system\spoolsv.exe explorer.exe File opened for modification \??\c:\windows\system\explorer.exe explorer.exe File opened for modification \??\c:\windows\system\svchost.exe spoolsv.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 5 IoCs
pid pid_target Process procid_target 1620 1912 WerFault.exe 36 2412 1724 WerFault.exe 1600 332 WerFault.exe 40 1332 640 WerFault.exe 42 1660 2176 WerFault.exe 44 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2260 70bb0cb883fff431982f79554ce8e027.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2924 explorer.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2260 70bb0cb883fff431982f79554ce8e027.exe 2260 70bb0cb883fff431982f79554ce8e027.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 2924 explorer.exe 1704 spoolsv.exe 1704 spoolsv.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2260 1684 70bb0cb883fff431982f79554ce8e027.exe 30 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 1684 wrote to memory of 2564 1684 70bb0cb883fff431982f79554ce8e027.exe 31 PID 2260 wrote to memory of 2060 2260 70bb0cb883fff431982f79554ce8e027.exe 32 PID 2260 wrote to memory of 2060 2260 70bb0cb883fff431982f79554ce8e027.exe 32 PID 2260 wrote to memory of 2060 2260 70bb0cb883fff431982f79554ce8e027.exe 32 PID 2260 wrote to memory of 2060 2260 70bb0cb883fff431982f79554ce8e027.exe 32 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2924 2060 explorer.exe 33 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2060 wrote to memory of 2896 2060 explorer.exe 34 PID 2924 wrote to memory of 852 2924 explorer.exe 35 PID 2924 wrote to memory of 852 2924 explorer.exe 35 PID 2924 wrote to memory of 852 2924 explorer.exe 35 PID 2924 wrote to memory of 852 2924 explorer.exe 35 PID 2924 wrote to memory of 1912 2924 explorer.exe 36 PID 2924 wrote to memory of 1912 2924 explorer.exe 36 PID 2924 wrote to memory of 1912 2924 explorer.exe 36 PID 2924 wrote to memory of 1912 2924 explorer.exe 36 PID 1912 wrote to memory of 1620 1912 spoolsv.exe 37 PID 1912 wrote to memory of 1620 1912 spoolsv.exe 37 PID 1912 wrote to memory of 1620 1912 spoolsv.exe 37 PID 1912 wrote to memory of 1620 1912 spoolsv.exe 37 PID 2924 wrote to memory of 1724 2924 explorer.exe 39 PID 2924 wrote to memory of 1724 2924 explorer.exe 39 PID 2924 wrote to memory of 1724 2924 explorer.exe 39 PID 2924 wrote to memory of 1724 2924 explorer.exe 39 PID 1724 wrote to memory of 2412 1724 spoolsv.exe 38 PID 1724 wrote to memory of 2412 1724 spoolsv.exe 38 PID 1724 wrote to memory of 2412 1724 spoolsv.exe 38 PID 1724 wrote to memory of 2412 1724 spoolsv.exe 38 PID 2924 wrote to memory of 332 2924 explorer.exe 40 PID 2924 wrote to memory of 332 2924 explorer.exe 40 PID 2924 wrote to memory of 332 2924 explorer.exe 40 PID 2924 wrote to memory of 332 2924 explorer.exe 40 PID 332 wrote to memory of 1600 332 spoolsv.exe 41 PID 332 wrote to memory of 1600 332 spoolsv.exe 41 PID 332 wrote to memory of 1600 332 spoolsv.exe 41 PID 332 wrote to memory of 1600 332 spoolsv.exe 41 PID 2924 wrote to memory of 640 2924 explorer.exe 42 PID 2924 wrote to memory of 640 2924 explorer.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\70bb0cb883fff431982f79554ce8e027.exe"C:\Users\Admin\AppData\Local\Temp\70bb0cb883fff431982f79554ce8e027.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\70bb0cb883fff431982f79554ce8e027.exe"C:\Users\Admin\AppData\Local\Temp\70bb0cb883fff431982f79554ce8e027.exe"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe4⤵
- Modifies WinLogon for persistence
- Modifies visiblity of hidden/system files in Explorer
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924 -
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:852 -
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1704 -
\??\c:\windows\system\svchost.exec:\windows\system\svchost.exe7⤵
- Executes dropped EXE
PID:2032
-
-
-
C:\Windows\SysWOW64\diskperf.exe"C:\Windows\SysWOW64\diskperf.exe"6⤵PID:2180
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 366⤵
- Loads dropped DLL
- Program crash
PID:1620
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:332 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 366⤵
- Loads dropped DLL
- Program crash
PID:1600
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
PID:640 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 366⤵
- Loads dropped DLL
- Program crash
PID:1332
-
-
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
- Executes dropped EXE
PID:2176 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 366⤵
- Loads dropped DLL
- Program crash
PID:1660
-
-
-
-
C:\Windows\SysWOW64\diskperf.exe"C:\Windows\SysWOW64\diskperf.exe"4⤵PID:2896
-
-
-
-
C:\Windows\SysWOW64\diskperf.exe"C:\Windows\SysWOW64\diskperf.exe"2⤵PID:2564
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 361⤵
- Loads dropped DLL
- Program crash
PID:2412
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5caec75364d239e5e56decddd4621f000
SHA191806b43c5f259eca80e54191114d6227ae49e6c
SHA25621f4f901c53884886e56919e2e8bece1e4086aa4e13b480c3409828a7fcbf734
SHA512aa42e0f67150c4b40da1e4aa83d948420553430e642fe0d3da44f998569663793da8f40ca3feaed10cc695ac523b3aab6c4722a23ad2bbc5446b309a67e85466
-
Filesize
6.8MB
MD5f1f827859b614bde534b21e0c268dd32
SHA14aa4cd8316297a4855ec770a24ad281266535c5b
SHA25641f361e78637142ae221ede837876fbec52c4976f565a63c25218cd201e729d8
SHA512610675b3a8b452c240155a2dc822166c77158749e7b0f742e8aee2ab4da77364b5e6b69cddacc031e15ea8f19bfd768990273ea65a828ab4aa69dadb562a55d3
-
Filesize
2.1MB
MD5b99b81f9caeaaa8908f9aef751b258d1
SHA1bfe715d505d32cbe09ae7c4aadfbbe6b4265be9e
SHA256db1f10b30209280dad0c66520330c183a9481d47cbb03c31659d896e87aa0241
SHA512afa782b14c5ebcf720478c619df323ed48ccbdd5ff3b8950392ea4b1b30e4d242de5d75f1a28e80d022cb2ee434d41fe0f9e7ece75491dcd61bf7ab9de85afc2
-
Filesize
1.6MB
MD59895ea52f737cb028c8760014e31ce29
SHA15aaeff866784d40caf7e24f650cb81d7c3eb3fcb
SHA256aa5ae645508ba34ec3e46388352b53bc22974e49af769084707c15241acd7019
SHA5120ab5b91d18d613b7d54ff81bcf960caafcc2b57d29cc20243993206f4cfc53fab95e025e8c1c5257063ec5d0c60f09fedd0c573e20870caac644ec2e034a2710
-
Filesize
8.2MB
MD52bb8263e835b92af0b69f688a209ddf1
SHA19e15cf4230857e0ec17e99fc402392bc319bb69c
SHA2561248ed11d94243acc7253b593f3f7b73595001a938ccfe6ac11705211b8613b2
SHA5120f75038ab8609965430bf1b98c10c2b253cc0bcdaa6767db1a5b971ee44f4311441d44d678c47535113a25f1ccec853d387b78166ee3ffdfb3e901958703d091
-
Filesize
5.4MB
MD5f5e5f476a37fc0c4a82acd0c63c5b7da
SHA17c120a6e7861cef9c6d51a9f5c3619bb7006de33
SHA256a5d9bb81ce6144a890e4ee3bfbe6d3b2345bbb3792789d92d280fb6abb89b5fd
SHA5123a32553d0dba0375483a4ddc2a2d41f129104497fbb5a0ee9f8aa77622128b00fde4c1199ed5bd785071613ab93f10ff9bc2c231d1a576afb375e0aec3ef2532
-
Filesize
4.5MB
MD523d2f4f268a9fa5417a1311958901055
SHA18bcbce2dfabb11e00c30b17b4513b1d1ad647e0b
SHA25646948aaef2490daec10c92e2d06134cf236babc1cd710accb51621eed402a710
SHA512d7750cc836be3a5af90429280d01c3b8d0f7b42d2e08900bbd9115fccc552ee63b126f7c44ed36c7cd9907904bfc00a10c912519d36fba462fa2dfc640563fe4
-
Filesize
8.2MB
MD53d0ac05576ff3d7f12d82b9fb3fbdb8c
SHA1bb2b64651f1fb8243c8232c2b4f907acd81fbc49
SHA256a3c236d14459483531ac0023cfb0d394a2dfb267d6d89400c7b8438bafbf0478
SHA5127ec1d07b2a9753beb8dfe53410e110e3418dae00185ed6fa6445a885cf0a905582be07f64f2f20d8bc3cd565c78ffba41d38c200cec5a896027a7aa6a240b9e7
-
Filesize
1.5MB
MD55dcbc279a0744724cf2a288d7cfdcc6e
SHA11d90053baa675af7577f6733386bd5de9534f328
SHA25603136d16c91fd3ed54c11484d70efae2eb29533536653825bd45906d557f56fe
SHA5125e6b337711943ab242db9d1e69f22e8f289d67948c840d51c0ab514196a6dcba44147dd74ea879e1c3539f8a735dbc00f30c6e6d14e6c8fa79361d12569b5cc4
-
Filesize
1.5MB
MD504359c324c02984afb26a133774b2c69
SHA13dd38e4a7d3d4757221d8bb176b3092ecc82c59a
SHA256d6e0de458a6acae9eb7a0e0ba92931600e19b90e65774558481285c01c0ea8d9
SHA5120831b6b925086fa6246bddb7278ecc708ee7a446eb8d543314823bbb775ddf35e30fd929a43646bba6e99724dcc4cb612aff273689c5e2063a8b9a76dd7a0e78
-
Filesize
5.6MB
MD518cea08be3b1706e5d210008142a2176
SHA1716b3af33a17a841c29e45f6d99fcfdf1351deb3
SHA256c0d73e37b3ee6e66ec4d48a871480e48014eac1ad39128032386a62bfc3e7a46
SHA512ace46916001fea2136b4f18c2053854406fcff20b0a9958b9a696b81ef8ace1c350b897ed1e67b757d77ef20304b195fb99f6bd9e057f950202cdd2654b5ab12
-
Filesize
7.5MB
MD585cf161cb515c75a27ccee5defaffc70
SHA146d11fadda97f0a14ba548fe6d187d73dd5649b9
SHA2560b324ff3f8314287ccd015996cc0fa87e2e165bb2ef8977709fd79e62f75c19c
SHA51220bf4173b0e4b4fe5bcbe4e4a47bad75bc2a8256ebb02d666bd87acce80c2a237a154b94edbbf5d4e370f8d3d06057f494cbd819f02da3ace801bf4f5ddb4e5b
-
Filesize
8.2MB
MD5faaf82e1fa3c0bbfce46acf28b1c9690
SHA1340b412bf3d9893249239a6738759dffaf5ea299
SHA2563f42ef7ec0dc61bf1265a2f3ac4e6001f9aa42b4cd1700092d48bffca1fa35fd
SHA512444619659e649c7a0c77c963b29a9f7de58674db8a39be68635ba06b284180b25afc1208f290d81c01eed31e0e4db59cc419f6b3bb69fb8882c5c7602a76c8b0
-
Filesize
7.2MB
MD569b5bd69d381d995944e76fe2452eda7
SHA11367081e960c257a6bbc4ab71bba2d37b4b38e00
SHA2564af6ca5346d50135322e6476acdcaff7b4dfb4b6ed5e67c87775e8d7f9b39797
SHA5128179f2d082cf0dcc3d57726fbc681f593e9540c55e7750762a12eaa7430b59d786074cbbcb259c8b13875fbb30f4d7747c1b650584a0d434222b2c02a3d4e34f
-
Filesize
6.7MB
MD5096e0e4c487eae7bbd70de050cbf065d
SHA159afb93688f99b99642c0fe0a662a361805f8a65
SHA256f9d0b134428003ef1ea975c03e631934a82d38e6d456fe6b0d39fedb4133aeb4
SHA512e631cb891a0a9e67c4767fbe11bac7873de6c863111afd11d81863b43235f1d03dfbeb709d7d7eadc06ceb0ac580eac65541e67ae8018abf1b4823674f9b6401
-
Filesize
4.2MB
MD52422c0c4fe4d0c7036122afc8e358250
SHA10950f67bf2fca2692857a3d5990da6b02b692da7
SHA2563c0ab43ee498839aa883a8f422cfa808b64f5eebc97e708a134c2fa9e21de1db
SHA5125916917225312c2812a0c1760142bb16ad0432c178c2ff80e81f5b518bf6990619a9a235eb5f86d93736d65f13a943a4004b03dd3d83d6b60138e0a5e11626cb
-
Filesize
4.8MB
MD502a6893fc734e26731b327e14392825f
SHA13c8547ece48deb41f4e6585f7f65c48ad38281e7
SHA256474a18fd5b59f65587989c1b698a3b0dee61125d012d6b8fe8f82199280a421a
SHA5127af38e27ab3d1d44dbde2c7da6c99507629faf7cba4898a8cf7a3b293f8d0b93e05ff34b66a6b5889fde4edb74d5a3ae08aba299501349708228776b7f325f1a
-
Filesize
8.2MB
MD531f71dade700c19399ec70b19136ab00
SHA1e70cefed451f0c482819a90609f59d40c741ef27
SHA2563acfdfc2ffa85ca7473b34edaa62e649301381dd3361c94e58822856e41b0b3e
SHA512b4ea02c1017a45e6960745af046d5ab9fa29cc0031c16254abbf2205ef1efd550eb8e8b3ee5cb649cdb8a3d7ebc71e1e5c8e00874d433ae96326c2c888f7e7ed