Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10/08/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe
Resource
win7-20240704-en
General
-
Target
2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe
-
Size
677KB
-
MD5
eccf41768b9a1768abd3b254084523a3
-
SHA1
ab5444c993452ac3daa3f9a987b137c862d477c5
-
SHA256
6cdd2124fd10c88c200a2c6ab801345bebf033e7c2e70f90d420b83307aaf524
-
SHA512
d51b52efcda9c69288f3bb70c0849731073d1cfed4e7f8751db601406a040f0f71e53d766adbcdb2929e3d767077bee3ab269ecc166bb0641524a2e0e8f2e887
-
SSDEEP
12288:HvXk1I8LKdnq1xmZw8UIftWcaoNntnPTEYHYab+ehBjukSeyTy7:/k17OdSv8Ucaod1Po6YK92y
Malware Config
Signatures
-
Executes dropped EXE 7 IoCs
pid Process 4480 alg.exe 3232 DiagnosticsHub.StandardCollector.Service.exe 2900 fxssvc.exe 4516 elevation_service.exe 1100 elevation_service.exe 4968 maintenanceservice.exe 4956 OSE.EXE -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\650a9d03ffa85a2e.bin alg.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79609\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\dotnet\dotnet.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\7-Zip\7z.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3232 DiagnosticsHub.StandardCollector.Service.exe 3232 DiagnosticsHub.StandardCollector.Service.exe 3232 DiagnosticsHub.StandardCollector.Service.exe 3232 DiagnosticsHub.StandardCollector.Service.exe 3232 DiagnosticsHub.StandardCollector.Service.exe 3232 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 660 Process not Found 660 Process not Found -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1856 2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe Token: SeAuditPrivilege 2900 fxssvc.exe Token: SeDebugPrivilege 4480 alg.exe Token: SeDebugPrivilege 4480 alg.exe Token: SeDebugPrivilege 4480 alg.exe Token: SeDebugPrivilege 3232 DiagnosticsHub.StandardCollector.Service.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-10_eccf41768b9a1768abd3b254084523a3_bkransomware_karagany.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1856
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4480
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3232
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:2604
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2900
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1100
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:4968
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD521ef5c1f67673a8a695e034218f88877
SHA1956564a5f02803153e94b7897ee2c50bfaafde58
SHA2560f7fa9c1affb00a0570282c4565f4fba7aaab7198c1f3ba82fefc0de9c3a1dd5
SHA512d3f082ca2921f80a5b2c7e30cc918762e91dae19c7a09bdb8859d9a49a710af342ab49878bf11472711f666b1e645a7f4a85970e361117a328071552ae90f47d
-
Filesize
789KB
MD584aa9fd48f58fec1dd9c3c13b2fddc43
SHA183848c5a4304d2e6069a89e9a6b726b3cdd352c1
SHA256ab921d304230cfbe34e54b7da0c1da27a735b1f230fae1188309fc2d11d83f64
SHA5120c2123f496470462c3269030ffd4508355dba7a0f55631e76d44390327277014ab2a6a55d9886ed5e95662e96f23f09ee9f177170b8ed526ee02dc8e2ba8f2f1
-
Filesize
1.1MB
MD5d530c63380596a2d15b2de1568e49f2b
SHA162938573faf9f8be6ca765420c16c59fd258647b
SHA256734dde7935039a4df1779959091dbe3c6aac57d77f72e941094e83f66d7958fd
SHA512e2355ee7fc028f9c144a954e1d518881e7ca654ab094f6e4944d2e587d1ec7e797e99b35214cc4728584337ad4fb40a8864e30b003e845912709a15d88111f72
-
Filesize
1.5MB
MD5d759962ae3b8572375fb62ab79db98a4
SHA1b6787421294841f01dd810e9af21cf6bb07e9875
SHA256bc62b480c829def71fb5cd536197cfb633fbb98519d40cd63c110c74c28fc05a
SHA512fec21a6ceb9c1b54e387d357b6ef2776bed02e126596bc9f2737bc47f34ff88e3518da7deb24d17f76a9a54a1addf46d8dc67b8173c5510ba416e7bdaa33518a
-
Filesize
1.2MB
MD5c51e23a481b5d3d1e90a1ec09ff67efa
SHA1913495069f72578bd1e11d72f79685ea0dcd5954
SHA256e66af5a3fefc6fd8fb2b5ab5d17dd272554f505fb36b0cd035d0c15ab886ceb1
SHA51248549b860125241efdd529aafa319456e5962cd076f3b97fba1096c9950790b3a7ab4aa61d9f0a6c0d478f0f68d84328121e5ab1d61d2e8dfae7a79a20167356
-
Filesize
582KB
MD5d3134b46f4272fad5647a7a0cfc729e2
SHA1894e0da040468552a107617ef3761fba1f922dcc
SHA256cc090bbc7d808165299949cb48682d222f35abba7ac909cbb125adbc018bc219
SHA51266e31f4242a6003b300af0dab409b6e23b6931dca816f65a1cabaa9a44ca53d604e3891a01d3b88cdbcd8c25aee349e8a0481235f969f6c76ef4cc8ad81947b0
-
Filesize
840KB
MD50b2439a096cd9a13a4322e4a4c017447
SHA11b8567e1a0e4181c7a003cf88aece091c3c7d4d9
SHA25652d781ded87e5efdfada50e7eb13af75f75652285e330b0832ca81d9d3ad4ddd
SHA5126f9b37d77000ec2db934a11cf209f8ca0b1b2946b8091de7f437af6cbba52e2fb1923e2a4d77a0b3c649dc97fe0479e8374acf2a3eb3315a1da1e459b360375c
-
Filesize
4.6MB
MD5983162c9d937cb4867867329f3648de1
SHA1e51c6a6e3b64544c86e0ad514d81ea634b0ecf26
SHA256640e47225c511542d794a8633ab20f41c2d8c1cfbbb1883331aa234e6374f69a
SHA5121f6b10e1491450bb0035f515ca3ea84da61a7a1b0465b8d3958101a28ffa7255c8f840e9734e18458fa493bcad16d4393a2aa5901d70d203f9c6d8d5119d5651
-
Filesize
910KB
MD5352894ad1d7abcedff579ee97c2eba26
SHA1720a00cdc64b104f222821c5a833cbd6f2638cac
SHA256982e190998bc374f7015d0edfe52e083e51ded4c0cb86839617691ee8d995d03
SHA51297ddd89501ee5b5f965e9cbbb10f804569131f37328f1cd1ee912067f7207cca0aa91b39f1092b48872e43266b0e5f70d6ab4090031f36e0ce723fb352ccb6e6
-
Filesize
24.0MB
MD51ce6b0fa3bdc88962970eb2791666050
SHA165745dec555a8b6893939a7bd86660f097e2c702
SHA2566baacd8403eba337fb2c1d2be8f29a6763f76e90910d386955d8dc1a90ab1797
SHA5127c6fd3f467bcc5a3170505ea90b2f5909133278bbc0d28ac0f76f60a84036256cb849e7442a0d881db10e2b497d8e0292f00845c1a34262c1220187a07d4b167
-
Filesize
2.7MB
MD59591f10b714dce1e05e2d80b7b31cf47
SHA1dcf819224cdb4823a3a065cde4c7afa386e4b531
SHA256fd352a7aa51f6a4af4449d7dda9473a684601e7b82267219ec2554b3cc8027f2
SHA51287e8a66a1085934a66324bf5b8464a55090282da08962a071cd0ed2d8a4681a720fe67a7593aab8610cd23ca48797da8b3be4782c64317dd884ab7f724bbb594
-
Filesize
1.1MB
MD5479b336b7bdcc1b6e6522ec170a14927
SHA13e93656b97d5690cf34f289a6703aac60ef7d654
SHA25678bfef58b97d9caf4baaee411292726ac2ebeaf8b80e8633a588a968abed51ad
SHA512f9e9c60e71b88a914ee4587383ee524bb73a58fa90f75af8ff83a95cad5e2fed2811a0f61b87bbc1be45f62c0ff8b56752fff6d73760b376edf8eadcc44b1099
-
Filesize
805KB
MD5b01ea9e01c9e334e107e7596ee98faba
SHA1ad5b4afb0b2da2f46159bd5a200464433c97673b
SHA256145dfaed919f614850c14bd556f57fc62f3c0f09d017c2bdfdbb9fd54b4ea8ca
SHA512664ef8d5423b9d99ed9e6add7e023879d7a5289c9a66aa7044c720e13870e5aa3d0c36ac9bb4e833355590036ea25efcb8760d171c6cbc369d2b00d66d84462c
-
Filesize
656KB
MD56ba82addb6f3582603740cb327a4f5ec
SHA1883c9a6e466582a2aa5457168a9398e5963f1096
SHA2564abfa7c52773276651966a8ebef2fc4f3c4f08a3e76ecaedcd1de1e344c220d7
SHA51200786baa16e5fe0a7a64ae02b5563789b7d0fae145024d776eb23cf1ebe9aca0c33a06ac951debdc49562df0086ef105f44740d6af74a19e6e98c8de5c734b49
-
Filesize
4.6MB
MD5b0d300fea893f47b531ecdff534bfce4
SHA13c9cb237cf6a20516c9f14e881ae2648c0a8846b
SHA25624b53751dbcfc288f8ba96059cb06481a13bd7015c449005c7b234766eb17570
SHA512eb44f1a6621705523d35d7a1918eaeb7da1ae3c75abb4c9d0c495dc14a0ffc968ff9e9ddc88a4b02be6297f8a69c88f7d81fa5c33d84f14e0dc434cb26b58532
-
Filesize
4.6MB
MD50696f0b76eecd3b750bd25ee318aa08f
SHA16735d5d7641390a9fe94bc335e54173d1c1b3036
SHA256677877cdee95a1132be864691eb08650ab3039587782cc2ccc8869e43ae9c04b
SHA512932ec3faa1b9819234130cd2bcd335b77df2c0d8fd2e23291d2b92687ec9fd82cbb5226fbc3136fd84f47dfb9ea5752fc6f576812b3716d1091f824c80a6f951
-
Filesize
1.9MB
MD5b42af5a3625e67ec8274cb83c6593292
SHA16680811e81758a5df9277ca1fc400118e67623f7
SHA256f85462994a2d9bcca6a8b27e0149a2d8069209ff9a6d0f4b2fc05c45e8bf56b6
SHA5120242175c2b81cc57417d579550c5479f97da8217c5f06da650b63f4c0285b591756ba6723c7198846d24a8c08a5859dd16cfa21a51966e8c0e16613ec76710bb
-
Filesize
2.1MB
MD56408049a9783427d52acb00789dc5ae3
SHA107f908fc99fe2feb7141bd281c5566894b59c00c
SHA25659e784afaee00e12aedca960712fc745a38aab422593d86b885cbce8d06a14d6
SHA5127c23467059dac610eeaefbbbeb53121c4121df1f14b1b916c9716914b103c6579741d29e91f14ae72f94e53563b361f81afd2e5cbd134b9eadf866bef2a78b95
-
Filesize
1.8MB
MD557f501103017522e37ab9dbc033038e4
SHA1c90a97f69d1d880474b28d3360eb5d72d37e27af
SHA256a97c485b28cc941d48276d402df5c6edf61ea3479f82e9533e6d31b6c2fbe1ea
SHA5120f87eaaf4a6ad658b18a0d8dc85c2bd50cb68808786f7b77e516891df83651e154637990d6e163bca2b50c893f2fa74b0a8dee067951c64a68301a25555f6afa
-
Filesize
1.6MB
MD5edddd810eda16c061488f580d74daf55
SHA1788df859ba3155560d685d80e820a6f8689f3f13
SHA2562521f8dba01e1e98ba54af8efdb2349c3d37bd416894f05efc84f055afaf2c96
SHA512d5c5ae1d38e8a88b77ab36ae526cf35c6ca237bb9df901de989c56ae8bdc2300cfa9fb57c38451a522120b9a13aea231faad01bda90d28c38d148d1f18dca19c
-
Filesize
581KB
MD5f3a0e8084d54f0475e8e7157097d49ee
SHA1563282bd14e18407be22d6798594efe5fe5f291a
SHA25609d4deb7f1b739f326c72a2264519d539675ae2a8cc4bebc5247dad1aeaf3019
SHA512159d61736d5006121b1d4c19aa49c96a8593e7eca2dca77a87094135a6b50b785355c8e1c4f2a83759144058ebf3784b3e797b8e2106ce43847a67b0164cf48b
-
Filesize
581KB
MD504efc2290d50ac9f22209ea884a1c929
SHA1e4318678b7316677d4508de022fc95a2021ad091
SHA256f041530b07d83adbd87144980d4ac493fc94e9aafefceb40cf613ee41810c332
SHA51290892a6b5cd98eeef479aa7124af1a7cb1c683f68f0ed69e101fa176faca0a0e952d33392bc36643e23c9bad083d97ef2950c3554531ea1ddd725edc0651b977
-
Filesize
581KB
MD52143a34e0b86db8592b453c1dbabde96
SHA122091079285e674e89ed879cad1d79f09bda44de
SHA25628d9e2d43acc28d03788ac6a4a31d9f54ee856786a410b1b320f7bad096d6209
SHA51244f2a8f43dc989ba6ac30d9aa18349eb21d4194d1b25d1eb36af9369a2475dc930869d886f4f8d0da0ac81ad482bb914e87e8e0c99227c88b271be24eb45db9f
-
Filesize
601KB
MD50bbcc4f9f0843c9a19350afb9968f9d1
SHA1f93c15f3cebd5d8d40744f91e818a16867934945
SHA2565f417319e9a0fa73ec5f4c0df50feb87cb442b694ba92ef5e55cc5a4569f2c6d
SHA5124365496d76714d58ae183836d7c1fb052e5b71d4efff0dbfa579aa52b9e1d49793f52fb59c77c9b5769c0b0103da3f1135b56be574a8f57a8c4ffcb5b90e58d4
-
Filesize
581KB
MD5a612c003d520eab175cacd2550202af2
SHA1e2208c5b65d22b08ed720956c96eba86055ab5f3
SHA256c18230febb836600b4ba91dda25270da69f41f4888f366edcc0d5af9a728af55
SHA5120656ba2787b4b2563488ad50374570e6d07db94d71ad91d1bd7baa16cc72556c045f0efec80cd3b09dd1e3ffea6b3f404af1be263a9435ea763a57067b816060
-
Filesize
581KB
MD5d19d76d30355557dd189f7c102b5182f
SHA1eb1b08b00f2c880abaa123a2e4d722b8838d144f
SHA256075195c1ecae2b0687cb6ac062a60d02962a2db5cb8eaa21190eb2d3a5292242
SHA5128e4a609f84b970988ff16fae2eb6c07c693f98a3ffedb0ed59a4b7acdd1b230986d6c7701a8bf3783dd6e0747b71c91c19524f4e5896bdb38ecdb22ddcc63d47
-
Filesize
581KB
MD52c63927fb508707be1fd188a2edc241c
SHA13a38b00a49e923c2304f6df15bfced6bd1ef1b29
SHA2567569bfe2d0183ce5087ac3391d6e31293c2f00cd128ed2aca3e7b7c23661df0c
SHA512dbf6ecb37f8ec77dd01227820cb846014765cc83bcd3829d12cfa6b303538a3e4ca57c6c0b1e2555c702cb9ad0891d4e2fe16bb3d77781eee9968d2d62a4f12f
-
Filesize
841KB
MD5fd5766838e2e7b5a282bb1b9450d04ee
SHA1a0ccc7989bf9b70b412499f564b267b1473e25f2
SHA2566bff3b4157378348de04ddf6aaaf3df96dac40bceed2d1c6a738d3b26bba10bd
SHA512310e9211febc715d0ba77cd6fdfe6e62aca357dd24a463ca56a66b25f0e0b5b8e0174d39816f1682983f81d2e7a8438f2c7a2ebb40f524ae0728d49cb2118bbd
-
Filesize
581KB
MD50eb83f53cb231ee15e55fb156891d140
SHA10312a29708f3c0bc1b8cc5ae27389230bf8cc7ef
SHA256b0138a662199e7bafc9adab5c358715e2071290cb07d2b3d7906b704c229b9cd
SHA512616fc451afbf44d37203ad41da2de55a0dd5199166d993c8aa610ff137f290ea20432ac96dc27306b0f76b9db54edab02861f60bd325ad202b0208f9c0e63307
-
Filesize
581KB
MD5ce42005c3dfcfdfeb23e2e38c70da11f
SHA1077acede751fe74a535c8dee62c6ec5a49781ca5
SHA256b4d945e49406aa5847a7ff65d5e05e49e944e764b1442707ad4e963a8253541c
SHA5123fb8b7e3049e9f7a8175136bd3047ababaab523838561e2fd74ebeb4733f36409640958d227a502527facfb9065e358ae10f7ee46b0214f52c25a3c83cf33c89
-
Filesize
581KB
MD5978ed0c9191144ec324100264ca4b61a
SHA133a16b321e524821f79625020499fc74646bb468
SHA25623afd5294cb3f45d3ca34bfbb1c406c23f5d1a0d6bb251ecd15405c111f19358
SHA512a89d05de3707a374cfcfe044418a4a543b5de487cc2bd4601c8000bdf1d9a0e77c265ade3b600d23a60485d971246a93bb44a6ae91100991c51d940c1c3fad00
-
Filesize
581KB
MD56970d7652c0e84809be9ba601867e396
SHA174a5898252a7b7fa6ad7265361f329e46fe71b92
SHA256cf2bd33d85ab301561efd641aef8daf74334adf3791abd5ab7e9c514aece7598
SHA512ed19d05ca67f31fb5eabd040de0df91b139895c06388cce16b1040d8e4df841471891431c162e13b695ead916ecc942a10d297bdabdad8942ccf56b7ec197d00
-
Filesize
717KB
MD5db0fb3b582b148899345f77e3b3a396e
SHA1718579033e520c228b5e2fa05968d6d4fc4362aa
SHA2565c8e4e3438c4c3bbb7ad5d07b2f39da4e39f48b65c34bc9c05cfeaad15420fe5
SHA51224bb5c7b1b9ee776b6e181235489a430b3880bf2bc4666bdefb98ab884780aa0e1d8aafca969d0d41136f6ff2fb3f3086a9068b6b24ca5648e510c6db16276db
-
Filesize
841KB
MD5b3f85b732b92ebb130f4c2af02b4c72f
SHA1806493062911f0a929c9d8326359a14a77cd6a36
SHA25614db8939b5795f72f764517ff1a8b285ead42113485244db42f714a350f69c73
SHA51265396cc076edeca26690446b83b808b1682cee6fabe3ec9adad54af12a24e1b87b0e5f6c71287a0e1a1b6065739c80d9daf64baddc110efe054e8a2f16fef4ea
-
Filesize
1020KB
MD566c829ffc13027574909effebe869823
SHA1160de2dbc40e1d924f2d4d056cccc48cfef05387
SHA256638cbe73321e24499f7488e67f1d322147e842c7555d964b7e055a5ad503ef94
SHA51239417adaf5b7a260b235863097c86fd201454158c8cd6f42f64be5ba4c6cae435385218d0fe5455bbd5112623eaa81904881d0f9d49b86dce57b3a7b12dd8397
-
Filesize
581KB
MD5af065c4675f9798032831d23246fc32f
SHA197598c9b69dc6346156756ab37b6172c2cc758a1
SHA256dde35e4bcf07a1d22df7a212844b9e4ec08a4c73cd2aaf7a01f3ec07d41e5ac3
SHA512e2461fcfc9f241fc64f69ce1bb5bb21ec669f50b4b65dd4f2ddba876d98358a6bdd850cf1ea778187be6fb274b4857d9fe8e30ed352d5154b1ba9461dfa66659
-
Filesize
581KB
MD57a06b07d4a4c9a87ed33409d522a8815
SHA16034d5b93ddb51a1bcecf85aa24e99fb82910260
SHA25619e8358dd78cd0ee5d6cebfb86544933c5165ea33fceaa50ca6193150fd7ab25
SHA512cf18f036581c33255a57dd7743ccdea7053e704dcdee00b7005b5c442fb2ea1018363e4ff2f73067ffb0150091f8264a70a5f26b6c6d2ffeb79f65e39e730aab
-
Filesize
581KB
MD505cf43da6f2a4c29253c8a99e2a24335
SHA1a3f2fd7b3555b71cb98b52741cfd58efd4b25293
SHA2562844a688e63d73c6255e567fad2d5c9f87832e58c6ad504ec7be70fcc42f57f2
SHA512bbb87b3fcc08e0fe9f534ee448ac74a5bdd75ac8cbfbca7edfa94d5026a35c233f26fe64133f6bf7bc7ff39bbf5b1de57e061bf637794750a96c3df81412d6d0
-
Filesize
581KB
MD5b2491fd76633249fc524cd096fc025a8
SHA167cfced35b7ca0467f02e9de803476c3f25814ee
SHA256f3345f752e11895de20af74721161e0fd70d9534855cff5c831c7506eef9d2f4
SHA512efbd07fc18ebd629c462c194f0cb158383fd9b4c308e5a1e6eb8a7a1fbb15b42eedbf8fe67f5407e9570bfe24d0d5cf626eda3bd4d9923bcbb9442c36aff8112
-
Filesize
581KB
MD586296fc8073c50d0311842093a965042
SHA141880d2bbe2032c23d1c18b83436343600b0bc1b
SHA2565d5c551efcbe664e33044eb437654ec2f6b4fbd02cb1a22ad938740738d7852b
SHA512aabd4da22020668d74f59bdefde0dba92e1fad6168d04d3340f1562c3ef539c885a5d0d127a511de9453eee33ef7d5fb0c00d845f908672d48fd32fd3423d506
-
Filesize
581KB
MD5665ca4179eda4749c0fb9cb4e9b46f80
SHA1b2bca0547c41bf734bda3c086fe04fbd2bc33cfc
SHA256f7f921881f92452d23a2bf20cefed28bdfcdb41464d6b2505265df7dcedeee91
SHA512c47c2973967f84fcad368f18d6829f66d6979d1546435c0bc5da8f9768e37863771d1f478dc7cc4a6033c8f96b4d001a3064463d258ce13f6297d2bd4b598740
-
Filesize
581KB
MD50e017c9f1cf547cf26fee4b5547d12d9
SHA11dfd9eff1831d9d77a03c1673f3304d00040943d
SHA256a479a05bad25f4a74d563908aafce516e9c2b1de3ac7c24287be6a80c9997014
SHA5129746f72c9043471bef84738bca159ad51d73cbd86cf72a46f5eb49a5497f8739f546173c6b031a143f3734b8bb1f7f430b703b139ace04205a77c53b82dc402d
-
Filesize
581KB
MD5be1a84363af0cedc342a9307bddbb751
SHA19df5778def7e9bc11382910428fbe8b4e4b0cde8
SHA256562bffaa1a1a552d7e34c056cffcb4808f7094e6916df7dbb87e9be974624b66
SHA51287c0518172d24c813510277c51bec1764456219c465e463d4e7a851c93da6e7c8d5a466b70208253a7e6913c3f5ddaa5e317c6983b4e212e16e7b5c5656f720c
-
Filesize
581KB
MD5ad4082e4d55d1713ca9c67a17aad7a09
SHA1de099885f1b3b0fe62f244f3027ed366b14e2826
SHA256caf70f23067db52e83af1d786b73b5f5936f313ac9c4a266cd238e484641eb23
SHA51211f2b8d16da72c9db671b283f6ec98676a3350fd84e1ca1e4596ec6864d40fc989e842601457b9886ce700977860e116c5c25ae9ab526047145e93be245cb61d
-
Filesize
581KB
MD5ad7de7aca0a3819c629665355a3ef5c1
SHA16e510ca26a7ad77b38f0a2fbe8cc49e30ae64ae8
SHA256f04a7100aa08fd4e310cf8bf064d265abc0b9558684342dd17ba9be92ccf689c
SHA512ee9803565f9334331cd7172f6d0f1cc6faa01cfb44faa88d8a51fc3d1ffcb23e9e20ee5ac9827f9e9afd9c4317b85a5af74702fcc0797f00824de0f98fb037b5
-
Filesize
581KB
MD56a11e7f63202c3153c791bcc3392e505
SHA187a6aa70af89fb5569a49c7322f28d5a52ecd786
SHA2563256d0d3435b851fc3df32cf4713e56180b09eacb9a4cb3008ca76809f028ef5
SHA512e277740c34790a053e32679e841c962efd73cb3829064052861d31be9674f184aea19597274b44ee4c3d7b1b84917c320bc0630b3fcbd8586eba3fb942499ccb
-
Filesize
581KB
MD5a5981f5df0f6d300aece454e2b42d24e
SHA198a9df3932d2577eddbe53b6024a82491c9ad017
SHA256ea276fabc1523d0b0b0cb8c8b88aed89454098ea0239a31bc59178bdffa96a75
SHA51278e34832897e085bd7d79d21f8572f5db67441a4a6fb844842146f4fd55b38c2467b219e65cf2a6bbe49240595c1b98924e56a50ac3b1a76793efe6a1a70f3b4
-
Filesize
581KB
MD58bf50fd45ace739e27dcece87f44cbdc
SHA15ece6a5a03c9aa7a8dec2c2dc6cb73665e130dd6
SHA256042a87d1fad740edb7f4e4b17a24501aee7918f4bfa542de9a5d81f3cddf0c05
SHA512765779fae58230772335718cbaf1a12c3c27a59c582b4563cf945f19f2355327b31bf1b510bae0d1e8899f7512fa19e380f258ee69ce822ee73b8ce9cad082b7
-
Filesize
581KB
MD51a010f799e8510113dd6659b72cb8262
SHA19cc059b58a1ef73eea09ff7c4b89b7783274ab21
SHA256994c0bddb1128893601db5af01a8f559b23e358858f215133a4c01ef8849bfbe
SHA5122a1c8fb1d13fa2c191fcba4e18bc714289da517eb228b302d095f98b4c6c14ef98766b1e96818d988981d1fca80c50a9e0ba05372147e262f431e0df212cb889
-
Filesize
581KB
MD5d5c55a40802ae193959ea5b2c4ce8136
SHA140b9494f8e07345a01e0eb6ff3b2da678739449c
SHA2569aeb31da11ae5d912681372b4c46ff16e450ddbdd274aebbaf6d0574eb712222
SHA512b221a6aa5a3938806d0c17f6fdfeadce7f2b4c0f6e54e001a037305c45fa2d489a7382ddbe0fa489b7b8b7c05ab62d0e92f5c78132ee0e3001c5336bf4fb9333
-
Filesize
581KB
MD5ba91b970414c67a394474cfa1046d87b
SHA175434b32723b18c8e42832464b664ae4f6af60d6
SHA256ebda51504979b874f8d10630f0f8596c5781fecb3f9174cb6f7c2007a6e57180
SHA512a11edc58a20e26f0fc02e1ea895410ce00eddfa3f43339f72140c44457011939c53434604abf70ec237d32fae35350b81c1eeb97833a09f81dea440b922451d2
-
Filesize
581KB
MD5bd6fbe2760d3f03ca4d4a5bc55843fcf
SHA1f8bd2304eed49c51de6df20445f4e76f93a63a86
SHA256d71c5b2d863dec4a740cefdbb6aca5b16485d8c6dd4fdb4cca1e33c128443a76
SHA512a6a8638ceb7393239374a4028691c8753226b892b1ac982bbea7e29cc45f566f821243b5e03ae2237dc4425d2a1b5ce620a10dd832b0c44fcfd1636f88a4c3fa
-
Filesize
581KB
MD56a9468fc9c5ec8d0b28c4cca82022250
SHA1930f7ae4f036b664c7a4c584321f2940e806c1e8
SHA25608deb5f642b1a45e9664823844cc5f2d47ad15300877ee308b96d55f6c70c46b
SHA5122c702aec168ede4e1eb622c5dc992cdacc3e9709d67844b3ec7cad746c9cd00c960418b872474fa9c4583fd75379e206e86b9e1e086addbad990a8eaeba4b8c5
-
Filesize
581KB
MD5f7b0a3fb88cba47741256c256a21fe8a
SHA1dee4233f12961699a3760d8a827bcf04411c0b23
SHA256ba296262086086ade14be08f2e148aa7a3fdb0a48d0432bdb896faaddfb8b8f6
SHA5126cd2a8e54a7a8a58fd0021de3fb2cea28ff486b07e2a1211ae109c4775038e3f8716607b34b1dba123519b1e1c662cfd2b8b0ca7e7bf85866bfca4940dcbb9e3
-
Filesize
581KB
MD594d091f85d9d96879d7320959612ba01
SHA1757823459ac7fddabb6703898eb4abf6ec8ca27b
SHA256050698dd94dade338c358fea34e0e412e47e80f3be21b80ff368f03ebb8d1cac
SHA512d857cfa10bfedf91fabe1d8ee72d7904b835db6ffac575685c098411f22b411a88074a348d05e927bfc1561654388baa2604ffbb44d0b79143608b046600b1b3
-
Filesize
581KB
MD5f4cb8c4845f0728ee8a372da6999df9f
SHA11d814e806681463c21abb70fb0e761ec7f006249
SHA256d9cd6618631239fef06ce660f29087656485492b543366d4c8735785615a091e
SHA512393a426894fc378c3d38216106bf37b9a6482e37789e4cd8011ef7c455d26e1da3c2f587601918db5259b799f1e9b0227aa620deee4792e5303dfa9baa3086e7
-
Filesize
701KB
MD5e7702a780a03e275a0a2e749b4e853ab
SHA13d6c53137bd2128db14ed0f8ef636fa93fc5cb16
SHA256fe79728b1572145260136f0c4ef6ddb2f44a8a10cc70a0ef0d4d4a5f9baed09b
SHA512d5f05491ef0fa4a6e072cf3c908e56dceb8d7fe31b804dd19fca7c4b12ed96a0d51dcdd7dfd4f76cfb49fbe141d07fc1eca202f2a44d3b4bff5c2fd2da72002c
-
Filesize
659KB
MD5a50838fe28a69b9116172535debb28f2
SHA159d533daa4da2acaab9e8ac57dcb2e6c61c8cd80
SHA256f34b7143155e09b46f366ef98c1daacbcc69f2acab891cd7af80a213ec0b03f8
SHA5120a82584a61e332fba723379e4b63dd6349cc459d6e6f88d3b928c8e91c53da4681d0f52a213bab9b55d6cd4634f6bec4c2181efe41d0b9cd5fa2ee652d091906
-
Filesize
1.2MB
MD51d4c35e4e5b946ddeec1bf2bff822435
SHA1c80fe6cfde3bd11c42d4d80684764c71dfc9688c
SHA256386b2b3356375d1b1359a839e7b02bc1ff4f9bb57ba1e71173d793fac21174b4
SHA5121affdbcdd082b50d13dc241396c38f937000cd39a3f35af239c14fab80e6195a4cb17d6811cb46fafb7b459d0a29fbee98c22a990091922ab0055bbf83bd0a45
-
Filesize
661KB
MD56a85281838895a640dba1fab99a6ac26
SHA1853286c07aab33ee1a70cfaa15aecbbacf83463c
SHA256181a9f37393b3373ed9c4cc5c18f2d1eb8e9d41591cdcd77c2dc8d9d2745bed3
SHA512182e00b7a3033e1d2347d46d93231f047b05ca44b22ea3c797b8e992a1d9cdb3c539d9b40de485b7d5c83f1cf37b53b3365937c563cfe63df8b2d611059842ad
-
Filesize
1.3MB
MD59ecd627a1c181574105710323f6291fc
SHA1ad62deeab63d77703b49b4b18e8238d75328e200
SHA256108f903b3471ca05336edcf7bc2d015f46f184843777df43ab9b42471f44bc79
SHA512a27d626c7a54257e5a595d766c8734331777e641a25ce7b13ae674182e5651278931b6c4c0bff76cae669339e4d5b64d994d33de3aa3d8d7c2a3bd2ef00f2382