Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
05/11/2024, 17:44
General
-
Target
file.exe
-
Size
3.1MB
-
MD5
80780678447355a2bc3157723d80033b
-
SHA1
3ca0030f2582c21959f2b5d25cf57a926a4314a1
-
SHA256
def526b2c332d0019092a86b5686c4ed246779cd8e3235aef94c4901dfc7d361
-
SHA512
90fade4ec430ffd1f165d6cbef9ae8d4d9f93f17200c0907f85e5c653484d72e0c7471a32bd42544dff4350e96a4c16521c87e5779b8b068f9f8c85a662ee546
-
SSDEEP
49152:tRCiNmW7ggey/6JYzvfqTkGkJHi9Eu+0yp++IhT/W/oa/EiS:6sj9eM6JYzvfYkGkJC2u+08++IaDEi
Malware Config
Extracted
amadey
4.42
9c9aa5
http://185.215.113.43
-
install_dir
abc3bc1985
-
install_file
skotes.exe
-
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
-
url_paths
/Zu7JuNko/index.php
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Extracted
lumma
https://founpiuer.store/api
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
-
Downloads MZ/PE file
-
Uses browser remote debugging 2 TTPs 4 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry 2 TTPs 14 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Identifies Wine through registry keys 2 TTPs 7 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 5 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 27 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 60 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1004149001\freecam.exe"C:\Users\Admin\AppData\Local\Temp\1004149001\freecam.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\1004154001\ca599d31b8.exe"C:\Users\Admin\AppData\Local\Temp\1004154001\ca599d31b8.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 14844⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\1004155001\f3edb45431.exe"C:\Users\Admin\AppData\Local\Temp\1004155001\f3edb45431.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"4⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98b23cc40,0x7ff98b23cc4c,0x7ff98b23cc585⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:25⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:35⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:15⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:15⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4308,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:15⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3636,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,5321036821563336760,8694305411522764528,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:85⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 15364⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\1004156001\9d195f995f.exe"C:\Users\Admin\AppData\Local\Temp\1004156001\9d195f995f.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM firefox.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking5⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc14d9a4-e8eb-4499-b4d1-8dcbe1c568df} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" gpu6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020c21be-2f84-4110-b080-ba544e762a9b} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" socket6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2952 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c16dfff-57bc-478e-97fd-1355198c975b} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {900473ff-f08c-4649-a4a8-4b06b54eb782} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4848 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bafb70c6-ec57-47ce-b70c-25a15210d7c0} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" utility6⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -childID 3 -isForBrowser -prefsHandle 4892 -prefMapHandle 4884 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {786ce8df-90b6-479a-b318-6a808b045412} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 4 -isForBrowser -prefsHandle 5108 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bbe5739-3488-43d9-bb76-b5e0484f45dd} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5544 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da6f6791-932a-4c5e-bd9e-8e26ae39bc0d} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" tab6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\1004157001\fff9efc9cf.exe"C:\Users\Admin\AppData\Local\Temp\1004157001\fff9efc9cf.exe"3⤵
- Modifies Windows Defender Real-time Protection settings
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Windows security modification
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3480 -ip 34801⤵
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 644 -ip 6441⤵
-
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exeC:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exeC:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Modify Authentication Process
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Authentication Process
1Modify Registry
3Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
676KB
MD5eda18948a989176f4eebb175ce806255
SHA1ff22a3d5f5fb705137f233c36622c79eab995897
SHA25681a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4
SHA512160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
18KB
MD50c6a9ff454d94d6b55aeb78e04ae465c
SHA1c2ac2be6ecebbf57cf692bbb98cd13ce43b80685
SHA256c2926d14bd0526bc75d4413b30ff4e3bc4dfab97bc0d9f71fcaaedb3fa40ce84
SHA512999673a90e1ce20310f72f1ecddaf9dd630d6245bd22b7e746ac54c4d433c3a71bbdb76f41f517ef59c6ae5867bd0f3e16604be4a962caaa406fde1483f3537b
-
Filesize
13KB
MD5ac2f2e7886d4dc6e9e816e62669db0ec
SHA1da605af109d062ea62f9985918a66d8ae03f7560
SHA2563d9d5923e429f3af8fb8ba20ba13d2145a9dfbd9746954b3b4f1b2b712eef6e0
SHA51258d6d1962a5242164bec7f9d3e2614dedd267b5e10faacd4199415ce615476a6ddaaf4ad89efff028ce080b968d8500b51ea42ad26c1975a6fc1f0264eb2d2db
-
Filesize
12.9MB
MD5704d12a2e64a9b3ebe375594a11f3ee6
SHA1e6e45cd1926de46bfa0832de19ddeb29c8c0f629
SHA256b5975c9eb7e34161ae63eab8518b130d4fdcc1526ca512d2e5452c6d701fe912
SHA512b72689628014a48976672427d0470d8e024dac4d3b266bc9398a8dadd72f1b4d4dc1a4429847a45956ae604cf072cf5419cf3036a4e6d5373517db38a9d3ffb4
-
Filesize
3.0MB
MD5bd02fbc4f962284aa8c9b6f50781ea8a
SHA1105abaa0a053bf102dfbc24dd2d93ef7173d46dd
SHA2562e82cdc1ce6a5b075cf2f50c00b4fdb458daa0351502ef654c3d6bf868b51504
SHA512ca060eb94ef596bc235f3c9bd9e1bfd412a6cdcc8c9f3ed69a2359e9d5059ef7cdb19df11337e791e0a04059b95f5b1f6dc2c133cb521cb30e7e8e9112dc25ef
-
Filesize
2.0MB
MD50625bfb508155bf72c447f0819c545a5
SHA1fb030eced8eb89cb25dbb78712cf38476bb959a0
SHA25642321395d0e8e8706391651a061c178878218698ebc6c1a6e2aaaa0d38c23b2b
SHA512b19347b046267d036c735bb4c60d66611caab634c878f8d6b104738dcd617d22de377f87cd35a1b2a25be42e30a8ba25cbee4b6293d5d048a0291815c7ba7c05
-
Filesize
898KB
MD59bdca68b008c8506e9070aa48676d172
SHA168852a9063ed26d8a19e22d68042585df7b0858b
SHA256a1fef53b423845e83b565d6f2990d458dbceeeab88c083e1078c01ef469335a2
SHA5123d7135f3a3a7ce6c31eddc0b2c89ca9fc2734e7855e8728d8602ac63ef6bfbcdc0489984e940551215eeb6537a04b434ed23c26bc09afcab6d1db614c4b4f835
-
Filesize
2.6MB
MD56d60ee79cbe29830a8f4c2f7541d3e6c
SHA147e98d4e24a51a9ff43b306b34b2f943ff2a4c25
SHA256a9cc4f8bc22bf66ecb50dabe3cfa108728c53b8dda35878ecb98d547454c180a
SHA5123ce4021601ee733110ae1b8c3970ec2355c4b99f004e506c79980a26ffb0d4b20dd10266c306e1033deec5278e8a11f7f38651a98529cd85a24a0919e449341c
-
Filesize
3.1MB
MD580780678447355a2bc3157723d80033b
SHA13ca0030f2582c21959f2b5d25cf57a926a4314a1
SHA256def526b2c332d0019092a86b5686c4ed246779cd8e3235aef94c4901dfc7d361
SHA51290fade4ec430ffd1f165d6cbef9ae8d4d9f93f17200c0907f85e5c653484d72e0c7471a32bd42544dff4350e96a4c16521c87e5779b8b068f9f8c85a662ee546
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
13KB
MD542e739c9d5f2b184b92d67be28389c5f
SHA18e0ba7da34d58a0671dffd0cff3080c80eb1fdd3
SHA25689e68374dcbce5735f64bb059ce3d02b8f5a46ca360f094daa31ccdde235da71
SHA512579a6bd904a3f857d74023a41f85449f180362601a924f20e1a0ebdb52f4b212a253a722024e551d353e0d9c65307240033d75ae4cdb82fe8bf85b91c298a813
-
Filesize
5KB
MD5095acc819f745844f86fb189533b3205
SHA11ff8a162ff74775c78fea0134614c366a326c109
SHA25639ac146e2aae4b93f42b07983ab7c02740ef96a86387fd96c1d14b04eb326b1c
SHA5122a26c1cf2cf466f64e995988383a5a931c55a54031117ec4e383663f5b687d7d50dbee7e5d8f21b2222f9fb51031294a33cd3bd6d3f7f18b80238ca5b31045a9
-
Filesize
14KB
MD5b6e83f8eaaa9792903468429f8375f88
SHA1c2848cd1144787bcf8663ee0beaa4b6bf4e2b083
SHA2568a1bfa49a7579df08a8ebf532663f8bd81aa10e850d3a02940e57d745d4c88a8
SHA512d6ca8a41db3e65f3b0a25b94d593e1af39974f63d18534a6203e4dacca8f3603ac3b7ae10199ab8bc75f4a80ea27f2862d4ec8708508cb68f74d72c917046b68
-
Filesize
15KB
MD53099beeee8e04d8ff4245fd9a7a57f56
SHA1416c1bef163af1a4da517595d7db2a0bd408f660
SHA2565a8f752157bf559b71c80cef6cafc4ab4e4c4b0da478ed996ded711e7d4d98a1
SHA5121e7933f3445fabe60fd3064280500def84dac38b8a26887ece5461f3a8c4027f5874120d1b375bfde1d273f9f5af657fc33463cb2ff62c8b8f5cde2bb54689f4
-
Filesize
15KB
MD5359e75bd7109a922d68226ddcb82d201
SHA1a506a152d7cd50e9931f4ae3c8a22112225e9186
SHA2561a741e0ea1d16c7993e0596bc58d009352b682090c9e288df307456656e78aab
SHA512420d6196c167f5a90bea03f3fa17bafc73476859abd260be8f126d3d1bfe53e005e1cd90edf695f90702376a51e18a057ed8641eec17f9eccba94c85a7acb799
-
Filesize
27KB
MD516a5d67f942e65f3d3abcde53228f377
SHA1e9afef1c89bb631722126ec5f29087c7d6584f31
SHA256c0f5ea8148f75291e78b104facc4d19302ddc63e945999ac5f7dc228f277b749
SHA5122ef9c2d44770c269e69cddc960b6b5bfdbb84cb74ff854ebbce09502de6b0509690fd69a9dd4ee3d1f8c4f32ce53c0f7b56744a0717fd7135b03740b2ee1f285
-
Filesize
982B
MD565808c28a2392bd5d393f3d9ee37b5ae
SHA1de61513078201bc13823d86b5a9b82b5e4031cda
SHA25638ddc161d9f877bd670e2a27fcbc80baf885ae122341c9e9932e2c138c89f0aa
SHA5125357d2f1eb0224f4cef9560c42b2d82e014722a52b33b7d922ffb5776d0c003676a48f31668a4917325cbba545c00ea2b338848b0123d40448ea40c97ef54958
-
Filesize
671B
MD5ef98afe323b103fbebf4b8cb57c962ea
SHA11bf998379ee12f85dfd7157f9064091c31d07434
SHA256324056a4b4090ea0976d3f6c5d3eec4176e687b89bdcddd19724288f3987308a
SHA5120d26a2f8402b0109496390778cab6c1ece2d0ae0d6ab263165322e8182e70999c29e9be708ce0745723ab701809d82c5c23684d43ddc35c061a8331dfd6e4765
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD525b4f92d5594f562058743204d6225c3
SHA18da92f1efb95d865192132b51714e2c988c9a9df
SHA256ed2f0bb36f19a26bbdc878c840421e7a16c38636f3f1127bf47aa239690e4e0c
SHA51292739a93dca04713b9e2f7e3d3cd136ad32b2b6c0bf9b20aa2e5f7f9a84418705a8dda28a54d05349d81cc6666a5512df3c18dc97bf03bb203ed93eb2b601198
-
Filesize
12KB
MD5590cafe56d185dc8e46976addad7e465
SHA1bd14621c4a400d2442b039cbddd147d78c58c604
SHA25608ba1fb15c276b947a170672851182d58eaa37268b4d96464ec9c92a9f792c10
SHA5121a9305cb06bc2f4b19c4dc9b43211b2653b832d4250a6061cdd4910dcbf6144dc24d352e81db93492d68e44f85cc6afb742062881011570fc205cc87582fcfbe
-
Filesize
15KB
MD5192e9fabc9d652b590f05f6f84d721ff
SHA118b38f00c16e3d39ecb0d79ae0110ef58fa93749
SHA2565db2e0713c8d104453fd94002a8731ec43d384c52e5dbc0d084d03f7563f70ac
SHA5127d4201f30b25ea1815468274d7d39debce6cb12313bdd5f2a33181124ab3dfc3d0ae17c13d93ea64ddc666369e257b1b7e07c7b0df76aba9c0d8d0a8677ccae0
-
Filesize
10KB
MD5803b20700f0afd0bfffc194166817609
SHA11744a4ed7d3ddfb4d84f887a5024de14d7f18fd2
SHA2567968010fa9dca951b59527afea08044c66476393111af0948050bb9a2fefb185
SHA512ad040635dc824788e878909b332cb67bb62855e5162ffe8c568467c3c468d1e845de1f064a692c43e4fef2a92cabde11c6661a0dfc1d8aaca25fdd708937fba4
-
Filesize
584KB
MD5c37ea4d2891c38fb503c2dd69de9c04f
SHA1018dd13bfacf0c3c049e4bb51611bd85ea4eccc4
SHA2562c9ad1f3e7f2c8f95654da10b42a98caa5ceff6aecc6776800d6e44514c03ff3
SHA512bce0106caa0312e515ee7bb9eba3381489ebded92e2e70cf5aa276a8b437a35970b6f21caa4ead251ba7870a9182b3cbbb0daf197b053047c0d219852a756c78
-
Filesize
1.8MB
MD569366f520454062151924146ab8a1385
SHA1f7841fed9892fbfa2d4fc3a9a2968f513cf7f5e4
SHA2568854b6f4614e39eeeba67fc71d0f27ecc9d848e4a8c80e92862823b90b4308ec
SHA512d2d7599eea5ef6f2207b9e72c43ed3497911977ae2e135a208de5fe9d042e1ed3cb9bb9ecc2fa63acb758fee51bbccfb97fe2df8b794c3939180ba5c66580110
-
Filesize
7.1MB
-
Filesize
972KB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
8KB
-
Filesize
416KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
416KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB