Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
22/12/2024, 02:28
General
-
Target
bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe
-
Size
3.1MB
-
MD5
aefbd9e285960b704524b4c33b0c9567
-
SHA1
688eb719525b89f93db7d22bcbae38a13e7a973b
-
SHA256
bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb
-
SHA512
9186ca00f1451b750f59bc999e696964866639a06018e4ad241dd5ddf85550ffdd370d91e72f45a04644f555c150021383e16b29f7c0c27cb8b7cf9465e0ad8f
-
SSDEEP
49152:iIUtVtTZ0pIj3/bL4zoK79ucME+bkhG+WA73nilkwo:iIkVtTZ0pIj3vK79ucL+b9A73R
Malware Config
Extracted
amadey
4.42
9c9aa5
http://185.215.113.43
-
install_dir
abc3bc1985
-
install_file
skotes.exe
-
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
-
url_paths
/Zu7JuNko/index.php
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Extracted
lumma
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
-
XMRig Miner payload 10 IoCs
-
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 20 IoCs
-
Identifies Wine through registry keys 2 TTPs 5 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 34 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 5 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 16 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Kills process with taskkill 5 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 43 IoCs
-
Suspicious use of FindShellTrayWindow 16 IoCs
-
Suspicious use of SendNotifyMessage 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Views/modifies file attributes 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe"C:\Users\Admin\AppData\Local\Temp\bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1019835001\ac7623e0c4.exe"C:\Users\Admin\AppData\Local\Temp\1019835001\ac7623e0c4.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\1019836001\7cfad91fc9.exe"C:\Users\Admin\AppData\Local\Temp\1019836001\7cfad91fc9.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM firefox.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe /T4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking4⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking5⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.0.1404455840\1731484669" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {642f6ec7-9cae-4690-81fc-76e89f092ecb} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1336 fdd9b58 gpu6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.1.1516400380\477590206" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1496 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a725f10-bca8-4577-ad7a-a2555a04f807} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1544 42fbc58 socket6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.2.1935291538\1541497046" -childID 1 -isForBrowser -prefsHandle 2024 -prefMapHandle 2020 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e42d31-60e9-4c8c-ac5c-86a37a758a71} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2036 19a8d758 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.3.2112403813\1832497782" -childID 2 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b871d18b-51de-4178-9d8c-779050455489} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2672 13649658 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.4.1327232127\99305627" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3684 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf45c3e-aac6-4bd4-8a42-06dedccf6ec6} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3704 1edd1e58 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.5.1583383412\1572636511" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf9167f-89c1-4e16-afe1-f30062fe38ba} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3832 1edd0658 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.6.1957647338\148252624" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ff248d-7985-4a29-b4c4-900a77f93718} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3996 1edcf158 tab6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\1019837001\191490ec7b.exe"C:\Users\Admin\AppData\Local\Temp\1019837001\191490ec7b.exe"3⤵
- Modifies Windows Defender Real-time Protection settings
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Windows security modification
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\1019838001\aba28f5646.exe"C:\Users\Admin\AppData\Local\Temp\1019838001\aba28f5646.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"4⤵
- Loads dropped DLL
-
C:\Windows\system32\mode.commode 65,105⤵
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e file.zip -p24291711423417250691697322505 -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_7.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_6.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_5.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_4.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_3.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_2.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\main\7z.exe7z.exe e extracted/file_1.zip -oextracted5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\attrib.exeattrib +H "in.exe"5⤵
- Views/modifies file attributes
-
-
C:\Users\Admin\AppData\Local\Temp\main\in.exe"in.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\attrib.exeattrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe6⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeattrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe6⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\schtasks.exeschtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE6⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell ping 127.0.0.1; del in.exe6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\PING.EXE"C:\Windows\system32\PING.EXE" 127.0.0.17⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\1019839001\ef0449806c.exe"C:\Users\Admin\AppData\Local\Temp\1019839001\ef0449806c.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\1019840001\97466ab734.exe"C:\Users\Admin\AppData\Local\Temp\1019840001\97466ab734.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\e458d263c0\Gxtuum.exe"C:\Users\Admin\AppData\Local\Temp\e458d263c0\Gxtuum.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\1019841001\df1fc80896.exe"C:\Users\Admin\AppData\Local\Temp\1019841001\df1fc80896.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Windows Media Player\graph\graph.exe"C:\Program Files\Windows Media Player\graph\graph.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\1019842001\64f8e9067b.exe"C:\Users\Admin\AppData\Local\Temp\1019842001\64f8e9067b.exe"3⤵
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {4B829401-F28F-40D4-943C-2212B599566B} S-1-5-21-3551809350-4263495960-1443967649-1000:NNYJZAHP\Admin:Interactive:[1]1⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exeC:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\explorer.exeexplorer.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe3⤵
- Drops file in System32 directory
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\PING.EXE"C:\Windows\system32\PING.EXE" 127.1.10.14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5b89b176bf1ddf66cc495fd1c39d125b9
SHA161c3e15c2c1c8e08b3e419f6c14543eab66d44fe
SHA256aadfdf42b1315a1a58dfc0227e37083ffa945236a70a50e187629225b93bf1dd
SHA51283a830b2134ec2911bbff1b953da575c5de5a778dd99200787d6161ce146ed2b84309c4622e6493602594bdef411fe761f1f35a8d29c4e5ac51c5edfc801c93b
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
1.6MB
MD553ea153b46a6f91b66cf345e06043449
SHA1cc47258ae2fd9802fe2e0abd8e60b76b4427f709
SHA2568503ba97ce009f436b110bd820d5150bfff2a0860c9c2b7531f0fbdac15cc515
SHA5126c2dfc4d3bf8ea3454d10c1a1df4fa542f535b67472920aa3c75f55ce9444557d4a41a0864da86667cd2457b495c02e68f7a2994385dfc776bee7dab6208e4dc
-
Filesize
2.8MB
MD58ea0abac189af983f6146d5d449ba1b3
SHA1f7329dbea54fa4f0827b7957e1893f6fc66fd88a
SHA256afe849d1b68d20fd3497eb2591ef7a44f94909abd8e912d683dd618c584981ec
SHA51234539dbf55446b1c15fbbe57e7cec1d573d955a7a95391ace83670a2886b479123a8a659a1e64779aa223d761d0a7c0ee001a01a9f27dd38a7486bb66fdb41df
-
Filesize
942KB
MD5daa8d515648afb5c90988946b5281157
SHA1f63b38ba6869ec18dd9906967e195030e7b72b13
SHA25679e712459f65d39971e842a08b72d56f642203930cd6d5c866e42afbe266e096
SHA512aa9b85e5e116116a1ac1284c35a62ad4236a1eb223645d106212f1c5bc9fc779af0250b87684ba42dc70b0ec1aea3e29703eb93d63cc1bc601389459e6f642b3
-
Filesize
2.7MB
MD5ba91936401701b66241f22bcff1e57f8
SHA1730b7231ab593a4fc9c8b194a04f3daff64ec85e
SHA25694799ac4701cbf18dcf7ac3fcf7486a141015ed95f64019d7b2493c6eee12f02
SHA5122246e9f4d51246c969ac220b85f617685b37409c28cac68e65915dca2568276bc89308be762718de52afe11ebb5b8e68f7a01924be2cf15e391f6a90858958d5
-
Filesize
4.2MB
MD53a425626cbd40345f5b8dddd6b2b9efa
SHA17b50e108e293e54c15dce816552356f424eea97a
SHA256ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1
SHA512a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668
-
Filesize
1.8MB
MD515709eba2afaf7cc0a86ce0abf8e53f1
SHA1238ebf0d386ecf0e56d0ddb60faca0ea61939bb6
SHA25610bff40a9d960d0be3cc81b074a748764d7871208f324de26d365b1f8ea3935a
SHA51265edefa20f0bb35bee837951ccd427b94a18528c6e84de222b1aa0af380135491bb29a049009f77e66fcd2abe5376a831d98e39055e1042ccee889321b96e8e9
-
Filesize
429KB
MD551ff79b406cb223dd49dd4c947ec97b0
SHA1b9b0253480a1b6cbdd673383320fecae5efb3dce
SHA2562e3a5dfa44d59681a60d78b8b08a1af3878d8e270c02d7e31a0876a85eb42a7e
SHA512c2b8d15b0dc1b0846f39ce007be2deb41d5b6ae76af90d618f29da8691ed987c42f3c270f0ea7f4d10cbd2d3877118f4133803c9c965b6ff236ff8cfafd9367c
-
Filesize
591KB
MD53567cb15156760b2f111512ffdbc1451
SHA12fdb1f235fc5a9a32477dab4220ece5fda1539d4
SHA2560285d3a6c1ca2e3a993491c44e9cf2d33dbec0fb85fdbf48989a4e3b14b37630
SHA512e7a31b016417218387a4702e525d33dd4fe496557539b2ab173cec0cb92052c750cfc4b3e7f02f3c66ac23f19a0c8a4eb6c9d2b590a5e9faeb525e517bc877ba
-
Filesize
2.4MB
MD5d885d67261c943df482d8e68105f2dd2
SHA1d65578f07c92c0a4656d5f06a0927ce783cc5943
SHA2564969c228d2854670fbf34fd558a7c8b675084e2afa774cc30c1a31b18a6db72d
SHA51234cb1a5fc6819cb4808ab85ecc88f0ca1bb760d35b271bc28cbf680c0c5ff21b60d9bc708497df077a6366f7ff57fcc79c8465048c2d39e5c2225743722abc73
-
Filesize
1.6MB
MD572491c7b87a7c2dd350b727444f13bb4
SHA11e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA25634ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511
-
Filesize
458KB
MD5619f7135621b50fd1900ff24aade1524
SHA16c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA5122c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628
-
Filesize
2.2MB
MD5579a63bebccbacab8f14132f9fc31b89
SHA1fca8a51077d352741a9c1ff8a493064ef5052f27
SHA2560ac3504d5fa0460cae3c0fd9c4b628e1a65547a60563e6d1f006d17d5a6354b0
SHA5124a58ca0f392187a483b9ef652b6e8b2e60d01daa5d331549df9f359d2c0a181e975cf9df79552e3474b9d77f8e37a1cf23725f32d4cdbe4885e257a7625f7b1f
-
Filesize
1.7MB
MD55659eba6a774f9d5322f249ad989114a
SHA14bfb12aa98a1dc2206baa0ac611877b815810e4c
SHA256e04346fee15c3f98387a3641e0bba2e555a5a9b0200e4b9256b1b77094069ae4
SHA512f93abf2787b1e06ce999a0cbc67dc787b791a58f9ce20af5587b2060d663f26be9f648d116d9ca279af39299ea5d38e3c86271297e47c1438102ca28fce8edc4
-
Filesize
1.7MB
MD55404286ec7853897b3ba00adf824d6c1
SHA139e543e08b34311b82f6e909e1e67e2f4afec551
SHA256ec94a6666a3103ba6be60b92e843075a2d7fe7d30fa41099c3f3b1e2a5eba266
SHA512c4b78298c42148d393feea6c3941c48def7c92ef0e6baac99144b083937d0a80d3c15bd9a0bf40daa60919968b120d62999fa61af320e507f7e99fbfe9b9ef30
-
Filesize
1.7MB
MD55eb39ba3698c99891a6b6eb036cfb653
SHA1d2f1cdd59669f006a2f1aa9214aeed48bc88c06e
SHA256e77f5e03ae140dda27d73e1ffe43f7911e006a108cf51cbd0e05d73aa92da7c2
SHA5126c4ca20e88d49256ed9cabec0d1f2b00dfcf3d1603b5c95d158d4438c9f1e58495f8dfa200dbe7f49b5b0dd57886517eb3b98c4190484548720dad4b3db6069e
-
Filesize
1.7MB
MD57187cc2643affab4ca29d92251c96dee
SHA1ab0a4de90a14551834e12bb2c8c6b9ee517acaf4
SHA256c7e92a1af295307fb92ad534e05fba879a7cf6716f93aefca0ebfcb8cee7a830
SHA51227985d317a5c844871ffb2527d04aa50ef7442b2f00d69d5ab6bbb85cd7be1d7057ffd3151d0896f05603677c2f7361ed021eac921e012d74da049ef6949e3a3
-
Filesize
1.7MB
MD5b7d1e04629bec112923446fda5391731
SHA1814055286f963ddaa5bf3019821cb8a565b56cb8
SHA2564da77d4ee30ad0cd56cd620f4e9dc4016244ace015c5b4b43f8f37dd8e3a8789
SHA51279fc3606b0fe6a1e31a2ecacc96623caf236bf2be692dadab6ea8ffa4af4231d782094a63b76631068364ac9b6a872b02f1e080636eba40ed019c2949a8e28db
-
Filesize
1.7MB
MD50dc4014facf82aa027904c1be1d403c1
SHA15e6d6c020bfc2e6f24f3d237946b0103fe9b1831
SHA256a29ddd29958c64e0af1a848409e97401307277bb6f11777b1cfb0404a6226de7
SHA512cbeead189918657cc81e844ed9673ee8f743aed29ad9948e90afdfbecacc9c764fbdbfb92e8c8ceb5ae47cee52e833e386a304db0572c7130d1a54fd9c2cc028
-
Filesize
3.3MB
MD5cea368fc334a9aec1ecff4b15612e5b0
SHA1493d23f72731bb570d904014ffdacbba2334ce26
SHA25607e38cad68b0cdbea62f55f9bc6ee80545c2e1a39983baa222e8af788f028541
SHA512bed35a1cc56f32e0109ea5a02578489682a990b5cefa58d7cf778815254af9849e731031e824adba07c86c8425df58a1967ac84ce004c62e316a2e51a75c8748
-
Filesize
3.3MB
MD5045b0a3d5be6f10ddf19ae6d92dfdd70
SHA10387715b6681d7097d372cd0005b664f76c933c7
SHA25694b392e94fa47d1b9b7ae6a29527727268cc2e3484e818c23608f8835bc1104d
SHA51258255a755531791b888ffd9b663cc678c63d5caa932260e9546b1b10a8d54208334725c14529116b067bcf5a5e02da85e015a3bed80092b7698a43dab0168c7b
-
Filesize
440B
MD53626532127e3066df98e34c3d56a1869
SHA15fa7102f02615afde4efd4ed091744e842c63f78
SHA2562a0e18ef585db0802269b8c1ddccb95ce4c0bac747e207ee6131dee989788bca
SHA512dcce66d6e24d5a4a352874144871cd73c327e04c1b50764399457d8d70a9515f5bc0a650232763bf34d4830bab70ee4539646e7625cfe5336a870e311043b2bd
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
1.7MB
MD583d75087c9bf6e4f07c36e550731ccde
SHA1d5ff596961cce5f03f842cfd8f27dde6f124e3ae
SHA25646db3164bebffc61c201fe1e086bffe129ddfed575e6d839ddb4f9622963fb3f
SHA512044e1f5507e92715ce9df8bb802e83157237a2f96f39bac3b6a444175f1160c4d82f41a0bcecf5feaf1c919272ed7929baef929a8c3f07deecebc44b0435164a
-
Filesize
7KB
MD52db32a560c1f7108c8da14a229635b03
SHA1bbcc64fcdc627a999a70fc749286b2f2df259519
SHA2560b79bc50bbb0895030c2f3c385164ba1953c789edb5e4ad5bc530690eb1b8864
SHA5124a64499a0906fcacbba78024244b27f32e5acf64af37e2ae519bbd3a158d5aff6e1dea2b17c1bf1798c9051f1d462ff7da68f50784dc84e1c14bf12388b5426c
-
Filesize
9KB
MD5a63512d4f6bd50aec9a11b8c01d95a89
SHA128c68731a6bcbafe2116590956349610637e52af
SHA25637e9c5388611da9b96b2290f533948db4e6d9fa2eee8bb9e6ba131b4e05d9f1a
SHA512c12f1a62377c97c98210105ff6d69c3ec4485a043858a01e3834a627d19499001fd42f1dd48cb61c4a2213decab3cfb36317053a6f6846df27ae13ea246791cc
-
Filesize
733B
MD5e09ce3ddc80106774b52cc9d606568e0
SHA164f3fe68deb4d33aab731efced476492f63a5b4e
SHA25665956d342fe48d0d138c66a74818ce0052b4836163ad3100f2e4f482ecd32cb6
SHA512854cfc4d82f5a1286ba59a0fc50b68719387bbd27675f6851c5b6a63293b512d3a260527e7344684141148e8bad6292082a2fa79a3a9b3b5c43d8548d746a057
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD51bc14334ea7f433e14ddf7ab2282f763
SHA175da0e0d032398a2c5be22bd1d7caa386ce23a1c
SHA25606818cc703a6949bad3d1e6e8c10425361177c2c3f8eef0563acd1a27085cc5c
SHA512914764dffc47cf3c7e4a8f4e4b83c220f915c3fa9be9980917d53ecfaa0214d895d4d3228163bc56c029acdf27d4d14240cf274d4507a2fbab30b117b667ec51
-
Filesize
7KB
MD5aa56e24c1d87437a0b895e4e5a002f95
SHA1284dff224bdd5be53937672e821da6df74894b14
SHA256a65bf546e804f96d1c04160b3cd8eafa7f46f3fc107868b87d21115a83bae2b4
SHA51299edf381af6317694187aed0edc80aa8ba923515cbf5461d14fdd715fa0f84440e3265fdfdeb13b708043e5bdd25852c8d5bf0e554dfaf4c9e5d18f4ea906320
-
Filesize
1KB
MD55835f0279417c266b251a9cd88e51520
SHA1fd4de2afab73447e6ea1260d8da2a7a9dc2323ff
SHA256cb030bd678dca6c4416a59e2fc565f1a3960405a568a491dbe0a106eb9a94502
SHA5122610aff062067346750d6cff11e55444c67652ba778da32c9c6f10945f7e5b82993024b3a8e91d80998da225d1d120fbad4fa5b4bf9753a3cacfc305b90dea1e
-
Filesize
1KB
MD550b17bfc1f70bd67092f0cf9fcdfad8e
SHA13674dab80b2b4a404f3edbb2d2ce4e987eeea5ea
SHA2565b42f5677a26eee608c376bd6b5c9f78d93658ceb87b8c22c0ecfe4045d4d81b
SHA512dd8c72c342ba1f1677fa5516313629f2635ef87dc85c21ee72b904721aa7bfe37982d3daffc05407950cad0dbc9acd34d69b77563a4a4171ee4202699635356f
-
Filesize
2KB
MD55a91f69ad894a24b9c1556a5ac43f87f
SHA144525e7e350b6842e0e0c120493f4dbf21839687
SHA25696d5cb1111533082fe0818947f820ad67f008639d18a64badb3b91254cfa4b55
SHA51250c80363da3f84bd012635128102ebff9a32aa8c0006349c7b9baeb1b5bbae7dbd2a7c82b9bb85e581bb9799c92a4a8d919db09ac826bf99c1e4ce8f20eb0279
-
Filesize
184KB
MD5eddd6ec486134bdcccb635554aa22c10
SHA1731c9cacbdd85c2f7945e8c2dc84123bb1b8be46
SHA256f785ebbb63fd343d61e656f5f92018d4c25bed03fe11ddfce7b7c61c9ce7b5e6
SHA51274824f4b64a0bc96f69b3151d3e1e1b19ae11ad516a2e83c4f2adf121949adf944bcc29dbf34e014e4d9e218e8bb83f1a90f8967a50541160fb8987af3f3615f
-
Filesize
3.1MB
MD5aefbd9e285960b704524b4c33b0c9567
SHA1688eb719525b89f93db7d22bcbae38a13e7a973b
SHA256bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb
SHA5129186ca00f1451b750f59bc999e696964866639a06018e4ad241dd5ddf85550ffdd370d91e72f45a04644f555c150021383e16b29f7c0c27cb8b7cf9465e0ad8f
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
5.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
2.8MB
-
Filesize
5.0MB
-
Filesize
5.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
416KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
416KB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
2.8MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
3.1MB
-
Filesize
416KB
-
Filesize
8KB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
416KB
-
Filesize
3.1MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
128KB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
7.4MB
-
Filesize
4.6MB
-
Filesize
4.6MB