Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
113s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 03:11
Static task
static1
Behavioral task
behavioral1
Sample
78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe
Resource
win7-20231215-en
General
-
Target
78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe
-
Size
5.9MB
-
MD5
399445b6d3206ed89cba61889fc0ea28
-
SHA1
f9ca1d168a7cceda30f645f4aa819ba86b06dc56
-
SHA256
78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad
-
SHA512
fb7cf453d67ec27a94decc434e733ac75c8138e4f07c65a9d99ad4eb6e569a5ca605c5beabfea5531802bdb605b289ec696572a5defc4eccdcddc63afb09d9ea
-
SSDEEP
98304:rsyFZrN+m9sLZK8sblPp7dhb0W2/PTwxVGPQWKBFxNuaiWRiPOKr8NFjPdbhPPo5:rDFZbsLZK8sblx7Hb0W60H2QWGFru3WE
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs
description pid Process procid_target PID 1744 created 3568 1744 Namespace.pif 60 PID 1744 created 3568 1744 Namespace.pif 60 PID 1744 created 3568 1744 Namespace.pif 60 PID 1744 created 3568 1744 Namespace.pif 60 -
UPX dump on OEP (original entry point) 13 IoCs
resource yara_rule behavioral2/memory/3596-108-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-109-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-110-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-111-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-112-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-113-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-115-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-116-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-117-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-119-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-118-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-121-0x0000000140000000-0x0000000140848000-memory.dmp UPX behavioral2/memory/3596-122-0x0000000140000000-0x0000000140848000-memory.dmp UPX -
XMRig Miner payload 9 IoCs
resource yara_rule behavioral2/memory/3596-112-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-113-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-115-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-116-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-117-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-119-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-118-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-121-0x0000000140000000-0x0000000140848000-memory.dmp xmrig behavioral2/memory/3596-122-0x0000000140000000-0x0000000140848000-memory.dmp xmrig -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation 78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TechHarbor.url cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TechHarbor.url cmd.exe -
Executes dropped EXE 3 IoCs
pid Process 1744 Namespace.pif 4048 Namespace.pif 4880 Namespace.pif -
resource yara_rule behavioral2/memory/3596-107-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-108-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-109-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-110-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-111-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-112-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-113-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-115-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-116-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-117-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-119-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-118-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-121-0x0000000140000000-0x0000000140848000-memory.dmp upx behavioral2/memory/3596-122-0x0000000140000000-0x0000000140848000-memory.dmp upx -
Suspicious use of SetThreadContext 3 IoCs
description pid Process procid_target PID 1744 set thread context of 4048 1744 Namespace.pif 108 PID 4048 set thread context of 3596 4048 Namespace.pif 110 PID 1744 set thread context of 4880 1744 Namespace.pif 111 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4388 schtasks.exe -
Enumerates processes with tasklist 1 TTPs 2 IoCs
pid Process 5076 tasklist.exe 3080 tasklist.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 3392 PING.EXE -
Suspicious behavior: EnumeratesProcesses 29 IoCs
pid Process 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 4048 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 5076 tasklist.exe Token: SeDebugPrivilege 3080 tasklist.exe Token: SeLockMemoryPrivilege 3596 svchost.exe Token: SeLockMemoryPrivilege 3596 svchost.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1744 Namespace.pif 1744 Namespace.pif 1744 Namespace.pif -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 1648 wrote to memory of 2144 1648 78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe 85 PID 1648 wrote to memory of 2144 1648 78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe 85 PID 1648 wrote to memory of 2144 1648 78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe 85 PID 2144 wrote to memory of 5076 2144 cmd.exe 87 PID 2144 wrote to memory of 5076 2144 cmd.exe 87 PID 2144 wrote to memory of 5076 2144 cmd.exe 87 PID 2144 wrote to memory of 4800 2144 cmd.exe 88 PID 2144 wrote to memory of 4800 2144 cmd.exe 88 PID 2144 wrote to memory of 4800 2144 cmd.exe 88 PID 2144 wrote to memory of 3080 2144 cmd.exe 90 PID 2144 wrote to memory of 3080 2144 cmd.exe 90 PID 2144 wrote to memory of 3080 2144 cmd.exe 90 PID 2144 wrote to memory of 3784 2144 cmd.exe 91 PID 2144 wrote to memory of 3784 2144 cmd.exe 91 PID 2144 wrote to memory of 3784 2144 cmd.exe 91 PID 2144 wrote to memory of 4632 2144 cmd.exe 92 PID 2144 wrote to memory of 4632 2144 cmd.exe 92 PID 2144 wrote to memory of 4632 2144 cmd.exe 92 PID 2144 wrote to memory of 5068 2144 cmd.exe 93 PID 2144 wrote to memory of 5068 2144 cmd.exe 93 PID 2144 wrote to memory of 5068 2144 cmd.exe 93 PID 2144 wrote to memory of 4996 2144 cmd.exe 94 PID 2144 wrote to memory of 4996 2144 cmd.exe 94 PID 2144 wrote to memory of 4996 2144 cmd.exe 94 PID 2144 wrote to memory of 1744 2144 cmd.exe 95 PID 2144 wrote to memory of 1744 2144 cmd.exe 95 PID 2144 wrote to memory of 3392 2144 cmd.exe 96 PID 2144 wrote to memory of 3392 2144 cmd.exe 96 PID 2144 wrote to memory of 3392 2144 cmd.exe 96 PID 1744 wrote to memory of 3336 1744 Namespace.pif 100 PID 1744 wrote to memory of 3336 1744 Namespace.pif 100 PID 1744 wrote to memory of 5008 1744 Namespace.pif 101 PID 1744 wrote to memory of 5008 1744 Namespace.pif 101 PID 5008 wrote to memory of 4388 5008 cmd.exe 103 PID 5008 wrote to memory of 4388 5008 cmd.exe 103 PID 1744 wrote to memory of 4048 1744 Namespace.pif 108 PID 1744 wrote to memory of 4048 1744 Namespace.pif 108 PID 1744 wrote to memory of 4048 1744 Namespace.pif 108 PID 1744 wrote to memory of 4048 1744 Namespace.pif 108 PID 4048 wrote to memory of 3596 4048 Namespace.pif 110 PID 4048 wrote to memory of 3596 4048 Namespace.pif 110 PID 4048 wrote to memory of 3596 4048 Namespace.pif 110 PID 4048 wrote to memory of 3596 4048 Namespace.pif 110 PID 4048 wrote to memory of 3596 4048 Namespace.pif 110 PID 1744 wrote to memory of 4880 1744 Namespace.pif 111 PID 1744 wrote to memory of 4880 1744 Namespace.pif 111 PID 1744 wrote to memory of 4880 1744 Namespace.pif 111 PID 1744 wrote to memory of 4880 1744 Namespace.pif 111 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3568
-
C:\Users\Admin\AppData\Local\Temp\78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe"C:\Users\Admin\AppData\Local\Temp\78dc54014ef568d2ccc8bab5f167efb51043e69d7d4d3842cced2e07b4fc20ad.exe"2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k move Applicant Applicant.bat & Applicant.bat & exit3⤵
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5076
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"4⤵PID:4800
-
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3080
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa.exe opssvc.exe"4⤵PID:3784
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 270444⤵PID:4632
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b Travesti + Mime + Pressed + Struggle + Enters 27044\Namespace.pif4⤵PID:5068
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b Versus + Aluminum + Copyright + Developmental + Wrapping + Roof + Cents + Dl + British + Encyclopedia + Central + Election + Roses + Trustees + Anxiety + Affecting + Herein + Sky + Pubmed + Attitude + Remainder + Lotus + Seriously + Cursor 27044\c4⤵PID:4996
-
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27044\Namespace.pif27044\Namespace.pif 27044\c4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
-
-
C:\Windows\SysWOW64\PING.EXEping -n 5 localhost4⤵
- Runs ping.exe
PID:3392
-
-
-
-
C:\Windows\SYSTEM32\cmd.execmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TechHarbor.url" & echo URL="C:\Users\Admin\AppData\Local\MaritimeTech Dynamics\TechHarbor.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TechHarbor.url" & exit2⤵
- Drops startup file
PID:3336
-
-
C:\Windows\SYSTEM32\cmd.execmd /c schtasks.exe /create /tn "Inf" /tr "wscript 'C:\Users\Admin\AppData\Local\MaritimeTech Dynamics\TechHarbor.js'" /sc minute /mo 3 /F2⤵
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Inf" /tr "wscript 'C:\Users\Admin\AppData\Local\MaritimeTech Dynamics\TechHarbor.js'" /sc minute /mo 3 /F3⤵
- Creates scheduled task(s)
PID:4388
-
-
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27044\Namespace.pifC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27044\Namespace.pif2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4048 -
C:\Windows\system32\svchost.exesvchost.exe3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3596
-
-
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27044\Namespace.pifC:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\27044\Namespace.pif2⤵
- Executes dropped EXE
PID:4880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
227KB
MD55de4c9207a29d37893dedbfdd979b361
SHA1b885f5121a29b9111d71a209d44876815d1a71aa
SHA256ac6641c0b9f061de64fb86c04948e0c8634fa7dbd1c00cc9327c4417e74fecc1
SHA5123d95de1ff1bc29fc6ef3e5293837baf401534f2f4d9153fc133d2e3d253b5999239874272f7ce4c4050ae5a7b70d2e807de233b74fdd9b4c815fb736ecd189a8
-
Filesize
1.0MB
MD5bfa84dbde0df8f1cad3e179bd46a6e34
SHA106ae3c38d4b2f8125656268925ebde9eca6a1f9e
SHA2566de412b8674ffba5d78ff9d36abffbe2cf86fd08b2231592fca2fcf41f1f2314
SHA512edd4c839437570003e1cc4a04e6cb7bf8c70c0ebdae741e69782e9bdf47c42441cd8d709170898859b94b3248cccf0e9dfa5e183c110b93ded935ce69a0ff82a
-
Filesize
97KB
MD5454e7f4ae1405e1fad974e6a6e907b37
SHA1513db44f23297130ad80bd8b24a12dc60cb6e674
SHA256c7db0e996c0025a895d5c1839a6d87f9abe5e983439b02df237e8c3c167334cc
SHA512d7a14f8f4941979a19288b333c2696e111469ceba348d83bd6eb52ef76fe247fe4520da2ee31f23b53f53d3ef2cb79c5dcb5faa859461a6b6c3d36fe0b19ba8c
-
Filesize
367KB
MD5edd83b4f47ff36b7cdb544de8cb38046
SHA13959238f4f5c632b3ecb08713b579a9c8683843d
SHA2569bb0bc61ce06710e1676e428c6408791e1a93f38e8e94d3ac9afd664de6d76d2
SHA5124093548f692a3773df1a24355b11b334754289e1f6677bf0ac42605ead4b2e595587dd71e3908be2e7b4a7698a0cdfd0297662d8dd8c04c782772bbeb5d371fa
-
Filesize
474KB
MD545c7c3cc40634594ff1449d7b1687700
SHA117eb7c4f109e7ff50fa01b66cc16a2a8ea59adf8
SHA25636cdc54fa30f94ac87d9ec7c5c79066ed966ef98d38615a739800baae9d70fe6
SHA5129b68e1072d03f223214d1b808c354989e3127a34235b111012ae5c7f3c304999adc9d2d522df007c379df8d488e49a71d04dddc16b0c2b4c6210c73a57cfea55
-
Filesize
360KB
MD51fc365b6418eb41b09c916956d7ad9bf
SHA115b19afcf3e7b335d9a30465d519c0948e826811
SHA256811d67aee05c536e89bea2d33fc859222233f6f07b63599259e3081d21a1ce06
SHA5121ac0066f34000c8544f51c922945365970f0559c50e47b0a25ef1cca01fd89d08cb0b7ce25f2a6581c3b54d74259112e01c132e5386e9b6bf336b33441c70531
-
Filesize
14KB
MD5c7a2a4258afb94c506c2109711a2afcd
SHA1aa35b11a537e7d5f3ebc2633fa29696a9b2dceb1
SHA256dc14732e5464745062608cf99387bfd64949bf1b152b7254cd039fbeab2f797d
SHA51200d2784a483f869a4f0687d575daa444954aebdce14cfde618c252bda9626dbabc327891ac57facbd2575f38060c3052aa34835d3f2b9d954267ba74d46bf010
-
Filesize
320KB
MD51902f92d7c78f7c8d6d008c1c927b09f
SHA170ad91572c400a930e4d6866c3d7c4d353559fe7
SHA25611b5220a2f729eadcc9da35deba094f6766ff774c0667ad65d004ca8bfa93374
SHA5120a7e5b09f4a35fffd7663409314d8e040e8898df012371372294cc9d742ebd10e4dc372a8a88779ca1ca1fae8cdb012c10439713e5af629fb34cdcde50ed04f4
-
Filesize
423KB
MD5554f67cff817130204dd4f04774f1530
SHA18b84138a591511165c330b43301a4658787f49af
SHA256078b82c8078339259795cea185687d0c8e8e8dd3a6a5b3ac7d3b460d200fc737
SHA51295cbb30248a2a4bf697fbdcaa16bcbe5eed0ac8ab5f47fc36b7bf115f7d7c11064a3edf367d4f0258689eba4f3364310c65738275588fc0b957e62c08c0e3ef8
-
Filesize
425KB
MD5ada006a4b15635144101d53188f250ca
SHA178e00f0c01cc165740aa774f434d03103d0f9f15
SHA25643f084f442acd7632f408c7cf3772ba8e0345197be185d06eb41c8bdaf7c2b21
SHA512bd07b871bf9f47b743af74c562974f4463a595c2f2675161d1d114487b8c05541d94d2adce9b87c52e600ef4d44c75f459ee49a6d2de2ef0dedbc8be217d7539
-
Filesize
444KB
MD5da3a1239b249580f66a7034255211da3
SHA12b87270309c149a925137613920515e99793462d
SHA2569b1926b039b6a827b52bc8c50db57db0d3f4fdc237f6085eef3a3e73d7fecd93
SHA512981e6853f28927deb1ab49132c99e2446b07162fd5a70c11ae9f7a812dfe9f84526b5c1e0ab42ed26785e91fdd86786d453b6810eaf560438e7e4b51d00288ee
-
Filesize
477KB
MD53a9f9eef544c19bd84d1d63b2ca93a3f
SHA17905104c38d386aa50114deff9c03d4fa0314120
SHA25640bc749df4749c37264f188222a114fffcb5c0391ef1d699bb7cec386bcbd6a3
SHA51279906de23726bb3dd5c30d66d5950db84896e93c1e43048e7853c97ac1c260958669c4adb888420c1fb3170200b7a8c837e1230734e31f5da09b01031f5ca32e
-
Filesize
206KB
MD5a6bbfa73857946d79d9f625746a08352
SHA157e0b42516c787fb3646c2d2a1db761fa874b9d1
SHA256dd1f3d4a8b19949285544f504cec675128faf8d2cc515a6924c1e5e9520799a4
SHA5128f36aaf7d5b376423d4de19454bc0b558f0e61adedc6378fe0cbc890336d162c35b77fb0f4f88b1de4e6a9427e87b9160a7c9eecd2521202ea91434723675879
-
Filesize
468KB
MD58fe1d037ceaa6333a85f3b7633ecff48
SHA194ae7e5275d8a758062fb8a51f9cc67cb138ba4d
SHA2563aeb40dd579417569f1119d78079ea351b9a73259508e11931bc3169ea5f5e9e
SHA5120e9efbb70308150507a2227fca6c8d1abce744b455a315a0052c7b35afc236d67dc7c899836bc05e13546d4ddad208899912ec754c8b287378100f70ae59df81
-
Filesize
456KB
MD59dfcf9ccb5ac0203354fdf58dc33baec
SHA14a4371d394f3bc69ec8f3910c00dbe4cc61dd744
SHA256c06851ed399730a79b3c59045c11d5bcf84c366e0fda1c8259b6888cdd8a406f
SHA5129a6c3331b3cb3525d8c5bd007b2e0aa60239692414f2c08638fb79717fe35ba3a48ce27f4b91995d28de6b70af17c5afb2eaf323ed4bea4c7a256751980b1cdb
-
Filesize
475KB
MD543af00354c1d2787e0d991d5c6ce936c
SHA14dc62946f96ceb0c4defa7fc24cc057b9f9af793
SHA256268d8df8545fb0b2cce1657e438ecdc4092475bbb8a55b9117edb6ba304d079b
SHA5121e554a271b71d0bae62ac0dbb6304376110887a968432e456e7902ee88b1c4668f37c4a4f9aacf9333ad1aed3330d6fb324c7131ca9228e9d43cba287ff398a7
-
Filesize
376KB
MD57f43086cb2215836f6cbf7abd9f0c253
SHA1f773f3b6ace1f112aeea4e94accf61cd8bc11b30
SHA2560a3fb5216f9c924408ad5f6036c886d15218d5208cf3f8994c5dd469e7f9d613
SHA512b678e44f92416ac1770178400df566b1e8f26ad526bc2882d29ac6712f44c61f473c9af0c5226eb0f1957d6661d2f03505fee7babed2b667f634ebcf2dd24d6a
-
Filesize
271KB
MD50fa036b73472ce7c479de73c33e65aa6
SHA138241dd1d0d934acca96c244f44d1eae91208215
SHA2567a6e27be0bba340ed401c1471edb85ef9c295c615c342149941beeb68c8d9767
SHA5124b6dcea17d5359fce4afc5121520fc7f1b9f9d39dea83cc9bfb016b28081886732dd8db73280f688d29b7b0fbc03c6b95f72d4cfa61fb9cc6572d4ca6877ddb0
-
Filesize
329KB
MD5f06249594ab86c765e34d0a2ba2c54f5
SHA1db2b30c790991fe723bcacdfd6686f1c8053d6d0
SHA256ff105eb942b2d06854d5255251330d24f12808a28cc43ccf9e95be82b894e587
SHA51265d72d27ef579bed61ef1aefbd921e6022a2aaf54abf0d44a4541902f08d37b0eec906e4d357d0c6fa5d8adf0d4674b4efa1f1cbca50aa8af78a863f3d9b7f67
-
Filesize
349KB
MD585246c632e3bb15f07ea52776f8a2318
SHA198001daff2e92aa18e942461b71bf4a6d263b0be
SHA2565307b1a6e264a97fdb56d27e89922d4730223f3733c774b3df143a02a1aa5619
SHA5126f6490fd52306c1a5698b27db82832b1953727cf9cbeab01028aac6ce0debc2a5a1a2aeb287fa5486d805ce7938c9f5f55fc86d6fa2bccf85aeb2eeac161e9f9
-
Filesize
299KB
MD51910ea959a52fcccd8caa897bc44de55
SHA14418d1edfc06e8a32298a89a3f57a701b183c384
SHA256786c7642ee59c1f336021d93a1951a60734d9af62015360ec4a9abee6a04e5b2
SHA512ec4846e61ec1a01fe66f23cfaa89d9ce8347762bc58140747bdf7af77e0b4384657d4d390d009b434102660204f633ee2e014fd7240ccf97aa79389a71385614
-
Filesize
201KB
MD52cfd496db68e4d0a68118e5409f53578
SHA1fb3eed16fb3796aa7932809f3a700d314f7746a7
SHA25642f442e80de07c62c4a005adf81bc94da2caffe2e6f6e100a14441f768834e7d
SHA5120088b7d71f815d2072faf5d11dc09b0537cfa6184682f9937387808a1c602dccd705c7cdfe89ec433f87ccba62316779623201ddd5a9abaec40e433e72fdad7a
-
Filesize
268KB
MD568cad1545442efb9d390f7d7e65b21eb
SHA16d1fa184b8cfb43d13c2e0569f2a33983d6959bf
SHA256d91fcd8904a6ffbba6dd2020f0e3a24112179951e1b5119932f591b979cd41f3
SHA512bab7cf58ae836ddd18e44301baee32281e62d55049a949045612577b50f0be6820a7a1df92fd2edf2afa272ea3f7a2fac9565e3301630fa65c73dfb68f3417c6
-
Filesize
163KB
MD587a940f05be1ef6be3996c94b54b5283
SHA1d73bb0d984daf1a890341e2b9484f4a8b5ef0e04
SHA256f837bfef7de530fd6366387a73a7fa31acc30cc650928fa45253ef38ff258fa5
SHA5124b04eeb4f6e99f5d7fb9b4aea811b3fe20d95d86c137372755e0ba3901f8f06bab3e36f712e1a862f91772967d8d615d98b379ef5b2df692aba9e690571bfa8a
-
Filesize
444KB
MD50645680a1f48a24529ad99de8a56a538
SHA1cf312f05ab1c2d9a74a557e250307de7d9139087
SHA2562cd2eccf0accb7134d48d2c85492d317b72e589e407f32dec709ec2c74e32b5e
SHA512a2922b80ece684ff716ea0b0449659e93b18ddf9a7a34d9876b17a7cfbc646a14446b8cdfa60432cba5e143b242f5cbf89d730c432a510454e543e0662f85fc1
-
Filesize
412KB
MD55e525955eef238706f1507a2087dbb62
SHA1cea2aaaf068aba9a261feb762f9d3380ed5c3a03
SHA2567c4dab920b00ea64ffdddd809c8c9f357041f3981ca19c7a723bf3c17d3c8bda
SHA512b3e130506cde685b367bd4e0bfb92b3834cabe995cddd16876e101631803d182a3a4bdb3b99f81e816084aeea36b0d7493ba8f7f0c81cb6315e14ad5b203ffe4
-
Filesize
229KB
MD5521ee977de5256327ef863d45645ec12
SHA1bb61df61b47f168414d1d89b8dc65d2faa6b958e
SHA256a7b34ec6512cdad329cee59620018a68f67365548471851dbadfc08bd422b477
SHA512071553fdcf9d173818279c11a302124cce14a296f41a420f4e8366184398a0b7395320dc318b523a0a60cc8b8f85743d0b074f820b01232854cceda09da67340
-
Filesize
314KB
MD58f09ac36c6b6c020487f2da47d8bf6a0
SHA1feec85ab465fcb1fce476ada2d2a9c9fa0a9640a
SHA25676d541c0cde985caa7c4ac32ddc69d1a132d318a37a365b6db59cef1669a426d
SHA5122f982a74057e66799f64d25d048307c3e78cfc7b266d2c9542cb66a21d31f1f13f08ddbda6bf6d6863fd82be53b185d406f65617426b6d872bd47bb80976c600
-
Filesize
138KB
MD5c10bf1ee265deff67c87da932a09325e
SHA13e93ca7b960291dab7cf1574c2c2339f0799bcf2
SHA256a229d1511fb83d66f353e18175b9147413c9737526d8bcf045cb682fefc5fd5e
SHA512db6c1506563c3e7ce0bf125c3bcfbfd5155394e45adb4bf34b8813bde6606ec193180436f5c6a1de4b45674e5dd4812ea8e580254115dd07485fbcdb08a57240
-
Filesize
137KB
MD5f04094ba14869accf45669808dc6d56b
SHA195d50785a4d684a80d78172abd78c21e5c18342e
SHA2567e90f30181b332b0bb4bf36c27aeca8cb2e6617ccc2eda73fdddcde497e954ea
SHA5128b33f1bde44bea1fa10557aecb8ffa48f48070d26ef6d746f0fd1134fcd56f1a10180d84eb9330f80cda42f40d1a97ba4ffd46ff9aabe3ab78f995e6c4da0b61
-
Filesize
429KB
MD50c009d026a090c1fc4d981c997fcaf70
SHA1f9a1af07e90bcc43fbffae4f1877ec76e108fa0a
SHA256d29a2c6f7416fb3e72fe83febb1002f78e9b8c25f4084af128ea20e1c2807e52
SHA5122acd6ba6cd68b4d8b0c633f7187472b6cb64870b0332d4564296b4bc499e844f0eace9732fcf531abcdefec2d68d841cd793509169af0677eac08bc96924177f
-
Filesize
429KB
MD5b15f3891a4a81efa08a5a6609165d6df
SHA1293c32a9824def9f8e12e8f6437e22d74fe1a0e1
SHA2567fa855b98e0eb12ac26182e78129f627105fe09e26d41475c414db897815d9ec
SHA512f501ebf6ff17a1e2555511babd38077a4837fe7a10b9d65302986c1e304c80a4c68ecfc2921a280c0b0df081d21f11d161b002d805824c27f32c3ab727c6a5f1
-
Filesize
471KB
MD5240e8d79292eb95bb7f44d88e8182678
SHA108c336a4fe2324f186e1caf29618724b96669e97
SHA256eef33141cb101c2bc8051520ff9c9aea3bad84e633f202b7265865255e60b4dc
SHA51260889f21a80a726cc2984e756bcf7a3d1a3732d7845fd2038ded20dab2c5d8ad60ec8d9cd2aea7c97e674263fde5bb4dc9982059b88b08d203a74e70e2dc0ccb
-
Filesize
14KB
MD50c0195c48b6b8582fa6f6373032118da
SHA1d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA25611bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
SHA512ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d