Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 16:02
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe
Resource
win7-20231215-en
General
-
Target
2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe
-
Size
2.2MB
-
MD5
75a727035552c8e261158b231d53be05
-
SHA1
87cb2191974988344287dd54b229ce96e5b7c884
-
SHA256
f843156b9b3e1157e8d8996efca95148bcbcaea3722498974dfac6a4dd36f243
-
SHA512
b080cd656b0fcbb50f92f00725e743e1ea23d00d754bc653dbc385b14054ff53ba0b1af12014cdf22ae80df51ab60c9643f05d16393ff5a1511fdb83b6cca3e6
-
SSDEEP
24576:ZOObVw4TaN1wdkukCba4oXtgLhU3wEdmh58EsRjhm0Ijr/eax8JXO02q3A:ZOOh3aN4kuLbegmtGDEjhMjSax84
Malware Config
Signatures
-
Executes dropped EXE 7 IoCs
pid Process 4792 alg.exe 220 DiagnosticsHub.StandardCollector.Service.exe 2040 elevation_service.exe 3232 fxssvc.exe 2900 elevation_service.exe 4952 maintenanceservice.exe 908 OSE.EXE -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\63215e8c8ed1090.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{6FB5F2B8-50C9-4E27-9F75-756369A42747}\chrome_installer.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zG.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76312\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76312\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 220 DiagnosticsHub.StandardCollector.Service.exe 220 DiagnosticsHub.StandardCollector.Service.exe 220 DiagnosticsHub.StandardCollector.Service.exe 220 DiagnosticsHub.StandardCollector.Service.exe 220 DiagnosticsHub.StandardCollector.Service.exe 220 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 652 Process not Found 652 Process not Found -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 3008 2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe Token: SeAuditPrivilege 3232 fxssvc.exe Token: SeDebugPrivilege 4792 alg.exe Token: SeDebugPrivilege 4792 alg.exe Token: SeDebugPrivilege 4792 alg.exe Token: SeDebugPrivilege 220 DiagnosticsHub.StandardCollector.Service.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_75a727035552c8e261158b231d53be05_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3008
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4792
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:220
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:3528
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2040
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3232
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2900
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:4952
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5cf554f86757492aecf48047a3e81929a
SHA18a1b141b953d837f1104ca93bca68f8a1ba56c7b
SHA25673ee172699b39f10975a201d9ad3c2921a54eec67a7970c8aa3669e3de48bd50
SHA512db58c441696909c7cf607232100207fe29632632391ccec97747e46cb696279d28974b1a1c8994565c2a4fdb0c3d76f338932c0513a1cd20a0f4efb46050ed3a
-
Filesize
864KB
MD5c46d2c3aa6e4a42c34e567f0fd513ae6
SHA1075438f5c119221192cb8950cd89064cd87099a6
SHA2567ca7281d765bb93905b4a74a14619f0b285e2bcdec53a1fe5686a99383baff3e
SHA512170869720e6a145630f4c4d3675ebb90749c562583f229b762e0e5186bd3fd1ed5e1fda7a86152a76a881a429c28e811898bd9bbab7ab106edf4cd742ba0f4cc
-
Filesize
1.4MB
MD515c52944e715b3531b0056af9d81a053
SHA133da7d7645d7f221ce0a4f5fde7e604de45bf7fd
SHA256ffe3a410703aa50201d40d84f02da30b6bd55361335188bf61231b4a0742214a
SHA512f12c393cf9c1d45711e041a6185a4d0cd40378cc9f91db6ecb00ab338e9cb3e842ccc6eb76aa5177e020001048b69ef00ac15e1bb2c621db5bcf2bd216f6f296
-
Filesize
640KB
MD5ffd680bd1e6bb2bc7125b60a9910e33b
SHA1f6c05d4bad6168a4f82cf3ea4342e73f9784c5e9
SHA2562ad02114c69707d3583aec2d5cd2ac02d222695b5be8e0b069296d36a8f9dc0d
SHA512301f992f91350e6d9e9db8c9b3e1d3e781ca7d3aed26f24622ade674d942e8725add3d115c4d5bd44d3343c0b88dcd008cb9d6fa7690300e38b3b068934fe941
-
Filesize
634KB
MD5d2e0a0cc86c21f4c720ebf1614adb972
SHA1e534109918d34259cf94e360066f3cd17953e816
SHA256da53d243342c5a158f3e73f51de733924f2d96c0d21b6779dd0ee379a47b452d
SHA512caeef47fe725df5cba2abed90cc976537fb7714bbe5489ef1bc963da24b313692355af864a4695d4328e1227ef598dc703e34161b31d5a227e6b56368924f116
-
Filesize
717KB
MD55f7d71b3d691490f40f06e806817b803
SHA15a9c87f3c5c463b28a5237ca32e0d0637f435781
SHA25625a2bbbe5025c8baa86f5408ac0422e2a3219ec7e9970a2b7e9e0456710de924
SHA512b5945fe5e1f75ce12887a9ecb03755d7a266d5316870341eeed52d5a195d2b9d12d458ca1a62c56eb13676791305d6458ad454b13700fe35ebb58a68f07c4fe0
-
Filesize
668KB
MD523d4def99bdafa5e90a7fc209f70f644
SHA18b08d71296e541c30b28b8246adb492b18c64772
SHA256330e12ac45425f723d2158d083f09920cf8753ef5f2a0746d9228aa9311ca78a
SHA5126222d5a1d90feea9601b222ead5b763a909231656c55e9b9496bd7a7d15424c6475cfc24d31eb98bcf6963a8068c16c0db7d303fb8c9f0b94944f1e59c4e4e9e
-
Filesize
602KB
MD59c17ea6cb2f6b029879dc90f7182363c
SHA18889df0ef2dfc10c1d74e7a4d6dc0bb0d25f5e4d
SHA25625116f62f863cf9903e8a1288276f9503a3d3af9c5c97c2a382cae8a1405a80c
SHA512bba22c155dbf82c01894f1c979ef5fe9aba65561c6c6fde15da7205e5950f682197f07d4d4ee00ca003c38ff52b2ffb86dd8681df7047175a6124db575cfc61b
-
Filesize
599KB
MD5fe2e68a2fc9609fb4bc1cfb7e0156fd6
SHA190f0b51e5217f03f46f05b459d2ee7205df2a3a3
SHA2562e0028b9de46bc8d522b24beb18db4d6b15b57fcd437f254a326d0d94dbce055
SHA5124179cc5654548258bf580355270c39c7cc22aa77cfe02526881f1ea77798fa51a55b676569d1496a53a55b8c04b890c22e984582c632645ddf15f88fa4ebcf0e
-
Filesize
588KB
MD548bf5a607ddf4826cac57d1b0650ee2c
SHA110c3ffa884857a77ae2b49c0a581eeab8410d890
SHA256b6067faa5f508b6fa258f16660134c1d88739e07966ba398d4d7f867d427d766
SHA512d0d185f4abb44c25ce6f5a0f45274f79f81478a21e7c2468e1764b6c85ed0028372dc01357ce81f6f915611ee9b2d4e7aa05105eaa82d21aaa84797945c24a9d
-
Filesize
773KB
MD51f754ab3a1fcdd945f16c051aabe528a
SHA1dfa62b277ff4ea8a47abd3e7429ed4677b27f0a5
SHA256099863e8f6d063cf3d0f516c06e20dbd5dfce95012dbbc9356584bc52ce7ecad
SHA512cba9f8db3b25dfbb88dfc2493a31573f84f658938f1daa16749bcd1bb6790c5ecaf325e265f1a9599e24cf3ab0ab175991807147d19880e3f399553be4435b4f
-
Filesize
681KB
MD507592813d1082b972bc8430dc7093dfe
SHA132d7f871b4f7f73ebdea92e48d0b6c8e6bc08c73
SHA25610708edd703932a3d0c36e1854a6174686332d490195ab547cd43e0c1dc25e18
SHA5128f2348ba423c48d6b23ae0ef212182ffd0d6e1027b4d1aa4afb180c3e484896d074fd902481ac74f31cf29733279bc5bed64be51f3bd599b6297fcc0a5cc8647
-
Filesize
690KB
MD52fcea48bedc5561521630ef9abe369b2
SHA14c70ca0c4a7f5e8a1ae4ad29c1914d323d48a652
SHA256924838abc999c50aa1d2d391e3e61e2d18b93fa1c9f49dfa3229d86d30e81bf9
SHA512974d3dad8c69d3bdebe85a956cb12d60a38261b567b31285f97922b774c46ba5fc03657f03020ea04c926727d46baa47531f47475400a29f0dc1b6313dd76929
-
Filesize
1.4MB
MD580c920922efab35781cb5a794f7ee9d0
SHA1f053a2f806c651ff972e6c8c4b4825abc9a70ab7
SHA2561ecbfdc8a9d7b683a66f24dfe6f30311c80403df8c51c083cec423a71001b8d1
SHA512e08f7420eac82d8c029b76b869cae9839d0ce7da3e61178fda4863291a1cd198492cc085c759911f914c82d3805083fc7cceaad21a008c731d41faca6cdb7a8d
-
Filesize
752KB
MD5a5b5f8edca0d403b54cad6f36a929f9c
SHA11f0a76955eb821cf56b3765e742ea2dc2655a6a9
SHA256ad17da5e528990533e4f20a00d1692b39fa275efcb5a47f54a69e9a2ec743b24
SHA512572f1ed1b61fbbea2473d8aeca730a4a9a9a75f313f582eab1e6543af7bc3a8e0ccbecba0a63f12e1a3acb900753cad2e86c153552ae8c3e56cc73769aab3785
-
Filesize
712KB
MD5efb2d094b164f6963d64b5d37552b58c
SHA10452aa2a887217a3c417999208839d69032e9eb2
SHA256c6fa97b1d95968264fa860a6b7c4502ae947b788d3c76d8bc1263b9370097355
SHA512851021a3c57165d5b26c70d7653a807e13bd7f06de4806b3b002be53e18ecbc0f9f9786752eacdba5b0e93132542d4f77e700feda1b5f8c511dbce9289e5c59e
-
Filesize
1.2MB
MD5ee489016c559ca850cded53e892ecc09
SHA1c83a9cd67ebfacfb58cc03f6ab82e39a291f7950
SHA2561ba99d4cdee8fef8a531d126a614f20dba02601325a70c6e554a5695be54bb30
SHA512163b3ba9c62dcdbd7d618f124739c6d32437eebc230cf25b7b42637d9996654bd19064d13a46559c6fc3753357893364f4775b812e909e560836ffb305fcd13f
-
Filesize
976KB
MD5eb7a1329e716432e1068549ef2358d81
SHA127e729a9379a17631320f23d424bd79e7553d870
SHA256afb5d9d55406249b1d6a2b881d6d112bb5fcce55fb5dbe4d1e6bec6ac7c71450
SHA5126f425505c7de2275f2a8f583cfbad50072fed073def393bb28522cb28df22658be44bda715e0a2e2a544157cf1462777514969cfcdb2a77f4cb7a40d341681a3
-
Filesize
2.1MB
MD5ca9d82e71f53c79304972d62c9b20038
SHA1cc6c470d8416ad885a75ce1fa28209a23371b112
SHA256cfaa3f827b039437bc09205837316fba803e0e8ba47c8597990499fac9f3455e
SHA512e6ac0b5751792d7b2d2f4470dc66cacb4e6760540d9d4c43cd7474374cc204977ee1ff1f0bc67d01db91f2cc6d72e9d0695f8edaee199e5165c060f5cbc92749
-
Filesize
786KB
MD5c4a7d16480ab966d47d3a43222af23fe
SHA1165e26242e3030a7c8551d9cdfe40a4df4f709c6
SHA256e6a21fd821e5d894ebf6db6802a032e706e9928377a16e11cc2a4a6eeeaffa00
SHA512bee14604141b5ab2133e12ceebfc46599374e724eb6bf64ddab36ee083a9668f3639913ed4916e2bcbf1858f312f2d30482c22505addbcc6ae318f030198a28f
-
Filesize
665KB
MD5a9ed60c642d4f6c8bf5b088657f735c5
SHA1a5fc6f5f0eb43ae5190373eebc56d8a27af86d26
SHA2563f7af77a1dab72781cfcfefa9bab34195405bb5f9ab664ff408753b1a0018dae
SHA512a6569323e88ba07635b39c5e0881e7471de4b0a8744c16624ab1c8eb7d3af66443d6bee82a2ccc8fbcaf3900296125f963dae0821f0853890e82fb25d40bffde
-
Filesize
534KB
MD503b6ce67f87a85d63492d22bba552a3a
SHA1290e80460feed1b7255cdaad3189b79acce7fb9a
SHA2568baaba2d3152f60c1fa42afa7f63c0ac506c2daeaf49871d1d682276aca4c7cd
SHA5125790392da771018967130b78f59d4edafdb2dd1b157939e56d04e5bd4b1cb187b3c7a011e89c83031dc7fec5f0a6b97100b4cb9d389ba91b7c268a693acd417f
-
Filesize
557KB
MD5ed7ec71887c3f58b76c6631c531a0ad3
SHA1126fe06e946043b29ccdb38ba37460af960f9330
SHA256e071fd7cfb09ce98b43bbee40452f0ec917e30da0222cd81c791c33480a79284
SHA512c3ccb30766d26518eb61569eb2a7e0edbadc9dfab752cc469e6fbf4489cec5a284073ac96eee08c7e16fd97f54904dee2ba93bd3fba701b95567db05a87b3997
-
Filesize
893KB
MD508b0a744932d3e7451582aaa7da0d3ce
SHA1e4a623c58da46c762ba9129ba28c93881d44042a
SHA256044ba87698eb9a98bb4e16395a2e641f8f7b1c2e3743fc22418bb870130467f2
SHA51268292e4d1815161e4b617dad9ce29f08e6c629c6b69eaf43d8114d3f6ae2db4d845daa673f95e46fb7af3e38caad0661fbf740ce9b1767358986d64e095d67f3
-
Filesize
866KB
MD5c99a97bf03c9e50fd15c514cf4b3ac03
SHA12328d26cdc004cf11fa680ca09fa6f2a50cad5ac
SHA2566e27ba0ad698658faeacad2d8734da53c5a203024bc25ce14958abec4483e5b7
SHA51207e346845e2f0cf08dd978c415ddc24af70b43bf714d7f3c02538a46345f7e4263d90045130d18dc52ad9114b15d1cc08dff4a334bcad6765e4f1cfd4c52a4e5
-
Filesize
978KB
MD59822db113a78b55aba27294b4423f94e
SHA1d7aa731003f6a83c22d6a28ad1328ff6d86d6e40
SHA256934b50d446ccef793143603fdcbf2481519524ff7a68d87b31297644eda05c7f
SHA5120c0879162b17e3ea1191e51577df83aa04ea9d81103e67e71440a859e313dfe779e3d0b7ee683dc7f8459e0b888e0e6bed7207fdca7e75a9536bb79335476b1a
-
Filesize
1.1MB
MD5ac9be3aafa57e482fb7b3d4eb9c93b26
SHA17cfd623dd4f1d38174de7ee1e22e14e9034b5c5e
SHA2562f10b1831e934ae7bb58465bc36e1bea028df32610a21a625e877e5ecbd44669
SHA512496cf5d4538ae1d2e7f9790167311648d4f23bce3e342f5b6894ffe66cc7fcf56d6c273400da13f0e4c2e084f0dbcb7114ea4bc9087ffae3adc5fe357dc46149
-
Filesize
849KB
MD50ac1e92c530b86bf7bf162ef15c0729b
SHA1609689e259ff1befd591a2209776629445a6d0cc
SHA2568c565aee82279ebe5488cc77153c78e98fcc97328d678818a23218bf90fa0e3c
SHA51295bd2461ea46923b99a5e51e27d0aefe0cc139c159a343c1203054c6b3b96bf7dbc3b5cb5f9213999a758444b0f8bd7f3017f1a1e7ed8cb0124c5d4a13ae10a0
-
Filesize
428KB
MD5d64d035326415c2258bd8275f14e11db
SHA118d1d2458365022f66ce697864b04e38bc74dff5
SHA2565a1c367dc46aa608c0561878bb0e498d79dea2b6673fff30165a0eb9f49416f9
SHA512a9c253e8f5333a7c03d90d66b7ac803afcd7b7b86c1c81e8f3bc68f8111b71c4f48501e574434b334b8171a5a7c8bc11399e358cf582289f0a78b2de4eda33be
-
Filesize
655KB
MD5428092f7d4b2df78c57367033e2fbfb8
SHA1bd89c1dbe150340d6c8e7c65d4ab2f110676223d
SHA25672713c429297b7b13627b6793d03465b0e6a7067d76aadc59d198fc77c722c3f
SHA51286c628c7e602022d38285f0d14f63ff6dd22f92b1ef81f72ae4c3f20019c9152f08d34d85cdf4daed08c46b56befddee801afd866bcd02abcd17a04fa02ac3b6
-
Filesize
812KB
MD5d019fd2b89fadded102ac061b9b307e7
SHA117c092eb2de2bd47700addc4cde0370696c1b55b
SHA25697c3405279c751b095670f7c14ba4e9b121fbec0044997af5bf7d14096870609
SHA5124bb4abe92dccf7f11f19c72affda0be48fe2f93cbab77a550c4b402607bdb415903982f4b1d95960683ef53e5b0f6b6db67080879c1f00b4d106ac64f03bb741
-
Filesize
708KB
MD50cfaa4ea6ae3ef65e320d038bef0e475
SHA1a7b9c0c746cc981b08fa8e42fb0e6ff74c85bada
SHA256b6b107a1783f0bf21aad32fc13a7668f73250e344bca485acaec891e409a5102
SHA512f7b04f5f220b2aad2978c0b38906a729570149e6f676c461db8e5b3003ab132dcb36444cbb9401c7ea7083edd4565bbd36e74e67464398d9cfcd467d8bbb241b
-
Filesize
638KB
MD5619ff01575612f7a8229d2b8b3a18d41
SHA13450088143fd22e0bd3964661a988918550d38bf
SHA25617aa03563a962687f58fee36606a744453ee2147bdb339d27f29d57550be4093
SHA5127b0bb4fc3669712e3013965e8a8f50879b8b472e3b7e42da13a2404a6a5795b68009faea9babc1f9092c4b09fda9c40bcf9879cc5ac40fe115ca6f61bc07b376
-
Filesize
728KB
MD53b2af9bd32a0a4d9148ff17bac25a784
SHA1aa911607d2e858a682c7cdd85b68686f73dc4c24
SHA256ced454e307ebb26137cd18b1ece5e5c9ce70dcbebb6fb022d7abfa34cd3b87d3
SHA5127a4bcbeef0f4ce0ffd426d6203c76fdb7136f99b448a928ec5d53f56c4cef74987df1e342a1562b029347f2260a2b74debd4a3896d3baf1a6f419eac0e3f539f
-
Filesize
502KB
MD5bee32ea2f52fd4383133e8041df586d6
SHA161dcb439598ea8b897c1d56095e9ffedb74130b6
SHA256f70794b9339da302b22753a4324be7a16fdda011b17f9a7a42b8f6b3370d3478
SHA51298ea7660fa0b1308759b1d56117fc00da2b500949043a7ff49ad19af7a3a1a650c6c6051f7c2f3a9fb41493387f040a1e2944c85e57d4200dd3dfdc4220d5917
-
Filesize
468KB
MD567d32a8a1fcf727b86afbdd32b120c5c
SHA1d5b4217824b7645142297452b6d0e23167fd0f1f
SHA25665678a072611b6741f29b8934b975901a6a98942477e0b54ac5f077f17a9afd8
SHA51241753c278d36340963b02620e7a3c0fba7ab8bae014c56e5001cea774ddab24b33650283331d3c33f704e0db91fabf04908b99e9ff6d1a2fa0fca6021557c03b
-
Filesize
879KB
MD513a05ed708787a61ad573fc2dada96af
SHA170d839d314cbcfbc9ef388853ddc50e83456d71d
SHA256ba63bf5bed4b41a5ce65c8eaaa8342925b47c93e3ab5f5c46af2bdb5a9608851
SHA512aa16762c7b0f96dab8fa457b25d3aefbb794594ea469162570da34c9459771fd96d69b7a25c7bc71bef02f6779966734b438fe925f6476dd1c37518bc5192de6
-
Filesize
672KB
MD547dc49563073ef27a57c51052d842afa
SHA12a5f361ac176d8455cbddcfc0e659f7b9dd662cb
SHA2563f0fb0a5cbba974b5c4f34771ffbe9b3888745a28f51c53d9ee1dc5af1228513
SHA512f983857622b46338f2458b9a31b95b466f0df67f5433d582439d5fe408d717984c5350938ea00e530b0c97fa9f304bb6ca9718ed2ff8e2b6cb460df81254dc52
-
Filesize
915KB
MD5e6cd2c02ac6f4e53a1d17f2d97933558
SHA1088d71172bd5af7281db0bae72135820e304df57
SHA25652af0bd04d74f2258c6a96399cc9940b91ff7af4fa9273ad57225220a15b9cf9
SHA51297856cf31808ed662087bd571a0a1620f8f3e2c559918b12bb0247ebf95ec92ef6863216d48a8206a022f00b0c18c26c2fa004cb583ce2341eaa210145cb8677
-
Filesize
701KB
MD559e8c8909d440820e8ae6a6346922cab
SHA1d6bbcc77483dbbcbb542be34bc704ab15efd0eab
SHA256bcdd61d7d050bb7438dad3db5746566cce83018cfddcc7f2dafa7096e9cb0f95
SHA512ad2bfc77c20cef5d5089e72531bb3dac8ba3dc3ef74ecc64ec141a32d2385103a9c01fbc124879a080863f156f9494c67fc281b416e0e8c204aff25fb97519f8
-
Filesize
739KB
MD598f1715412da4ec384865a031c59f820
SHA14ce327d56adfb102b79ab2d7e608eea6650101cc
SHA2561e994a8246122d2c5393c19d3e06e5c2b92120eb93b06eb66e1fab2eb82dce48
SHA512bfa0e0ba6a4cff04838d1c8c6f2bccb0c45add42f319bf5e55d2639206d4befec4c92c0c4edb3741b7f7176eeffb5c86ecf1976ecff497762674ce575959db24
-
Filesize
691KB
MD5d38cac22d20972a5425fddc830c9ca13
SHA12a9368d489e8c0c835aae4c2fbea1b9709b73c73
SHA2569fd15da8ef719c881d3d80e370be864ea8a36587d011c682b2807693271d06db
SHA51262643aab0ce769cdf7e790cf94186f8ed03bbf8cafa041fdb138ad34076440ae49ef88780f7916f529a8192c811ac7cfd03ee1f371d8f46bdd275e53e27f9a9b
-
Filesize
509KB
MD518bf2e987bd83e4856699c3be5f8ed98
SHA108a2d6fa9db1bce714d4ef8c5f2b84d8f64d5caa
SHA2561bd3acd41f4a1a69c5a504b90a22343956c6cb3a3b27f981ba4b19879b4c1b14
SHA51216d2ff8b3cb8ab268b968036d55d0a62efb4ce0c62d31c39097573bffeebbec81f07984863e4f9fe4fd4259b972d4c16b278169d2a9d68f69ee9e970a3187812
-
Filesize
331KB
MD5d1ec4ce44a03414385f897587dedda91
SHA1fac7ad3fe1911a5c13f13da631bfd8380825b7b9
SHA2563ded6cba2312902a365640fead29561269132c3573f5f10ad17e6e3b7a895d05
SHA512df9a083763b218d35808d2f61d4b983bfc1e626652b1f38f1f5d67dcade0b92d53a1c1b99087728f8b7d9eaac54296a25ddaa709bb0e5ae9c30fa3161a524def
-
Filesize
349KB
MD5dcd10413ca425187a9e9fac857c18842
SHA1d309568132aae1c36225517304488679c947f588
SHA25619feef1b321e56e8c69b8c604e19cc7b32f9e40f82d7895aa967730fce69e5e5
SHA512219fbd909c638d4b2b5e793e448862d75d888ae6d81672a1445de142656ee4f40874c16415cecfc386a95e58913ce0285f56f7cc77eca3d3b99fcb4afe140839
-
Filesize
393KB
MD59a8f6f842d200ca46f9588e2b9f31eb8
SHA10953e4052a5b1c06476a6ec102362b5f549e1ec3
SHA2563ecf06ab1cadcc228b98b6f150ea6faa9fcacb98e6578eb4eb343689e61b4b50
SHA51228302ba2af14ccfee2a061b3011fefeb034926c0867d2277bd6d3158c8f6c1646551aa4c1d5e0a2c75e752e0de36cd9c7c14932abb92fe6b2e06f0d80db2c982
-
Filesize
260KB
MD513faaa7da39bc96fea0551dce85a2326
SHA142e49c57bc28c2adbd8028ac6053b0b7f45c2656
SHA2562c681575de786c17b61653f832d74fb23513d2884770aa0363463241f863cd9e
SHA512eabe9212d4bcbd46728d559c07ced69036c32def91617416ab74992994ccb9f41c14871ae32f3401bfdf212316b547a10453e5c012fe17f4e7d3731ac4e5c057
-
Filesize
384KB
MD5426388c398ace787806f19e589bfe8a1
SHA13894191256da91c61244bde4fa909b5614d75b4d
SHA25674539498bc3d37649e5099c10fb8cbd892a6733fe7e39dbcbb01fd5bbb60a5a8
SHA512f4a2d71a3d436f06e02f6710f1132b484da38d3436461b7175507a3f82932098ca1bce95523da18f9f495a28e18e5337f26477d506f615003aaff4dd5fc4d70b
-
Filesize
230KB
MD5bc4ff92dde8a1a61184e44ff627bf362
SHA172c9205f6fb20612b6001024342af2d2987d3ac4
SHA2561e8d499422e8535a95eb0b086fff0c244c043d2aa6817b41719485058f856123
SHA51297988f28772419421efd224599632ce4d6f7e8f2f5613122869eae83c4236c136ef1bcbf0d6a36bb2718e04c7df04a394a7a9af374a6c9aaab60516c0ac17cdf
-
Filesize
239KB
MD51420b9e76d6e775224a21aa1253dcfd2
SHA193b087aba41bba8d20374db8b6a8b50d4b77bbc4
SHA256c9ee0dbe497c3348f43939acca40e58c192c60ea297d2edd775cb5ffc3c2af8f
SHA5127ff2b41be5a63a7874017a15109892d6c7cc084addcca0c3849c511b8df14d4768a434609cb3c299ad6b2ab8cc5dc20ff6838d90a331f610b15255fe3727bf41
-
Filesize
487KB
MD50e406ca07c3a9751773a2da6b636b5ce
SHA133462480dc27c2997951cec1b859b3b638d4179e
SHA256cc052d734d6b14b10b96487fc8c1644d18b2e3146864dc1728709a8cb1b2c8eb
SHA51288b9ff632bfb980642af75df6d38aaaf8e3fc6637b7cf48bc5a9f8c64af9a5d22cc351b3d047dd612e40f2e228abccd6c76023df9603d01910f8fd1df5f7288d
-
Filesize
204KB
MD58d91acbcb8118639ea41966614b66afb
SHA1bec1cc6d8a34c27fc38953c0ba143430822ae1a5
SHA256f901011368c9d91a9cc1ef55f30367ef0f0f2d651329ab08f63e793d97469a8e
SHA5125b6ef16ede6b79383aa8b3182152fd48ac916400b510bef93d9eac6401133b6d594f39bd357dd607176fb5134d84b7a49f887220df609b8b698cbc7946b06f22
-
Filesize
284KB
MD5a5375d04dbd5bca01ae7e411377b066b
SHA18d852de890cf3fcf3b19bebcdd17c6b6dd5932d3
SHA256baf39bad8f4be0641bae0e990959ed181dbceb4f4cf0cf63388b078c08977745
SHA5124603950bc53f4ae6f581beb0404d95292ec56a4e97c1cd34a159eafdeedcd08a07ddd7b3189668b8b5d4454ff33d30248b457cd0f6068e911480b9e4873df284
-
Filesize
359KB
MD5f92d25c0febba26faf17460ec48808a8
SHA1c205bb4882c9a0f9d2724df6bc2a1694d197aa48
SHA256b6171b54622a18cf508d29153ae28e45a0450c44945518636199275696ae5578
SHA5121755a69608c61c909d358070bdc0454f95bc2b9889ccba54ad332975176cf0cd6d63987d6560203d830f68f61cddb46f38dbf397645668266da9d0d3aa95553a
-
Filesize
276KB
MD537ea0dcf905c71dcf1a2dd5746ed9d91
SHA1910da661e0786eb10c2c33b5ec99b8330eac5005
SHA256c8b4f5028e850745cb8d931253aba319c93e6c11d97e2ca2d972db1daaabcd76
SHA512f59208a02764b471b27f493ab0e138da8482586df79d0baeec30cabeaaffdb1224f6ef17356580a80bc0f9bbdf7499c4741331e771e0c605cc4216e79bf96d9c
-
Filesize
340KB
MD5537e7ba9cbf9828b4c69871bc4022524
SHA166489e34f176b358401c03dd63693ba8363bc0eb
SHA256b283c082d2d3cc40f5b7476f9fc630eb79bc00e9410ed8f57a6d8958030c5728
SHA51290a758d904856e2a0c4809c1e10b586e27b8574d55ac984f6c585fb6314ab3deac5ca1d56f9cf7517940162e480959f69115570508c939a45e77c7c89de81a96
-
Filesize
297KB
MD51760305ad6c2134cc117c499c3d06178
SHA1634bfc0b7f4f1b74050bdc3704da15646cf23519
SHA2560475aff913c3062e604111f20a9aa1c61fcfde26a4155cab1c63eecb4e5d1241
SHA512ff1844fe3033ad027db2f3809a2814f581fa4859d527ed980a04b5cf3e0d61ee1239b12b2a67e4f0db57d3d773630e53dbe7f1a8242c8d44cb373335d1f3afa0
-
Filesize
689KB
MD5ca23f17e647bd8d1747cbfe72341a191
SHA141626393fce6ae3f32384ac4b301e6ecddb87c65
SHA2567f7b56b1929ff93cc828578597b5b02f93efe62a87d57c79542719e77bdb8dbe
SHA51229b7bc8b1e093320ea69115c87fe36ed68da2b7c1f7c9b75773b12230ec6d26ac9f22583a57864ebc4643b0729c98ac905c025fab5be90df03f2e3210f5ebb1c
-
Filesize
1.3MB
MD5655f2f625baf1fe04b324399ab6120a5
SHA11c57b14b9c37020a02b7095f0f8f09f83bf4bf8c
SHA2563895186b6bc2c0a0e9fc8023d2fcbed4bd86fce75e543bd33e602b1ed476c7d2
SHA51292cbaa9648da21f6a112d039e5d548d1781894b4700d0a9c385f0b89b4ad86907bd63da11dd3dd21e5fcd505a16f249e089989a0bc217aa2e9a319d95a938563
-
Filesize
1.2MB
MD575d104b88df7100e273b0f5607b9b579
SHA13eb1a16b058e60eca83f4645e6a79629817f6bc7
SHA256bb98b4a2b8cfe87583f1cb537358774764ba3151c176bd9c10585eefd37b959f
SHA51226e5bb6d3ea0f07a7e2ae72c216ec7b5f7858c123a4b6c94ad2be9ccc6616021633402f3cbee7c7b3f13a514ad59eaf25baf523369eb9605c180d804e61a6734
-
Filesize
1.3MB
MD5e8aaa479a71e0f66fab470901b98a062
SHA1f5fac08f0d5a73e94060bf1f9c5c47c6fd827a5d
SHA2564f7ad9ab5bcf4dfe989df23d53af23d3e82c6e0716f3fa7b70d4b7dd20b13566
SHA512f76abed04aa1707fdb87e48a114d5b7ac3286ee721a70351e0ab5fd30cf760f26155ba0e4251e3d80f9a747516a66ddda7ad38d4ec128dc86935308cfb3de160
-
Filesize
1.3MB
MD53c836f74ce102dcd80c9dda432c88895
SHA1ecb3a069ce8d2cdb573d41c525004e3881b50200
SHA256705ebc4a033c88a350fd469dc570a982c5b7a29110e1f29896f3365f3220369e
SHA512aed765d4b3224c46661a534eaa21d68daa676590321008cc2abaedae1e8bd95cf3099664c3d2ebd604b9fd6a6a9b1d9d6c025c0ace925c6c3def33aa87257280
-
Filesize
727KB
MD574e4c25bf5aa6e10c8c161fa0c6d15ef
SHA15fb7520c3d36c581575c174e0822d018d5a56fdc
SHA2567259ca357f3a19b2df3f9b54eb63aa2c0a5898b3518e714a298d9f2f69c3b3d1
SHA512cb68678b1177f90d0de3edc77eaccb4c049f15cb92ee5e3c13b7e655550d7f55973acbbe1b03279f34525534ef7a80e60c18a701897d9a7fa5d9c6caeb7edaaf