Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01-10-2022 08:36
General
-
Target
UrbanVPN2.exe
-
Size
30.7MB
-
MD5
7274b344c614f2fe405dbffadccfbab1
-
SHA1
d2bf8dc3285ce0a5f1a87234e9ac21bee9c72a3c
-
SHA256
581eba8772a2cf1acabba4094c391034812bb98a5abd91725dfd917c44d8c44c
-
SHA512
aacf19dfa044a710a774475f61853a408c552a8e5858e349bf3e1dac96bec639c8ca555b027b1dd6515f925959ff7b66e2d0141afbfdfdd3019b71ac93437854
-
SSDEEP
786432:dtiCbhe50g0+efDnNqc7r1fQFfCxkdc0yQJ:I50kefDnNqirFwCx0pZ
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
-
Drops file in Drivers directory 3 IoCs
-
Executes dropped EXE 6 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 51 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 16 IoCs
-
Drops file in Program Files directory 22 IoCs
-
Drops file in Windows directory 47 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NSIS installer 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
GoLang User-Agent 3 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
-
Modifies data under HKEY_USERS 53 IoCs
-
Modifies registry class 27 IoCs
-
Modifies system certificate store 2 TTPs 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe"C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe"C:\Users\Admin\AppData\Local\Temp\UrbanVPN2.exe" /i "C:\Users\Admin\AppData\Roaming\Urban Security\UrbanVPN 2.2.8\install\FEC3FEE\urbanvpninstaller.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\UrbanVPN" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UrbanVPN" SECONDSEQUENCE="1" CLIENTPROCESSID="4904" AI_MORE_CMD_LINE=12⤵
- Enumerates connected drives
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BACC3A8222E84F974E1277790CDD65ED C2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 80EF4D6AEDBACBF1E1ECCBA04DA3C7FC2⤵
- Loads dropped DLL
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 87A399D1B0F855792195DFBB1131F6C52⤵
- Blocklisted process makes network request
- Loads dropped DLL
-
C:\Windows\Installer\MSI1F5F.tmp"C:\Windows\Installer\MSI1F5F.tmp" /S /SELECT_UTILITIES=12⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files\TAP-Windows\bin\tapinstall.exe"C:\Program Files\TAP-Windows\bin\tapinstall.exe" hwids tap09013⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Program Files\TAP-Windows\bin\tapinstall.exe"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap09013⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
C:\Windows\Installer\MSI2CFF.tmp"C:\Windows\Installer\MSI2CFF.tmp" https://www.urban-vpn.com/install-desk/2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.urban-vpn.com/install-desk/3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8ee1546f8,0x7ff8ee154708,0x7ff8ee1547184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3180 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5828 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6ffa35460,0x7ff6ffa35470,0x7ff6ffa354805⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7898059812680372197,12108434630828999306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:84⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 63FB4F8F199CFE37BF4EACA28BA90DAA E Global\MSI00002⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies data under HKEY_USERS
-
C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe"C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe" /configservice -name "UrbanVPNUpdater"2⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{51d04ecb-e9b4-aa4b-919b-24ba334a5437}\oemvista.inf" "9" "4d14a44ff" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "c:\program files\tap-windows\driver"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oem2.inf:3beb73aff103cc24:tap0901.ndi:9.24.2.601:tap0901," "4d14a44ff" "0000000000000140"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}1⤵
-
C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe"C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5da5a9f149955d936a31dc5e456666aac
SHA1195238d41c1e13448f349f43bb295ef2d55cb47a
SHA25679ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224
SHA51260d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77
-
Filesize
727B
MD5f7a919c7a59a11573d2e94e532802caa
SHA1a21ac1bb6642221d412cfa8ec1cabc8afc0fd526
SHA256636b6338a7e4c1a8041f369af1019679a9b447861c04515d7b8f383c6bf0dd7f
SHA512ae8f604cffa5f967c47165ec126c03a3e490ef7ff2f386996afeb5a0dc7130c170723cd2df332da12bd1a47322690ac29bb000f8280e2383d00afc2d734d2f95
-
Filesize
727B
MD5f5c29ab5bdf98d9eb64e1468fe980048
SHA1ffdec5955a44b961f0ade5c955bf273198a32fbe
SHA256b98eddaf2e1ffa9dab0a6deb7596e926652e8d3112e3724962fbf855f69a22ab
SHA5127a530401c1441c94bb132e874f9673bd0c919cb1b039353e3e4ebe7e8176ba9b80c0347b595cd661f67594c2f509f125bf1222a7dd9534ead90eadb823c59039
-
Filesize
400B
MD5783ef52e3587c3119551b5cf067fb522
SHA14847e56cf457c2f02ff61b8d5ea8713d71785b6b
SHA256f560f1f0600d88e4208ac40befeae45e041aedd818892ef2559125710bb7b934
SHA512cb944fd71f357dbf4e2749d30ef9936525720d1c7c6d323a5fa8bb56441be79b1a73ed17ab702a0c3409971bb7346dab6cd51ff202f26a94d8c423381e3a7ce8
-
Filesize
408B
MD57e1b523993e9e4f7eea67a5a93bfc7af
SHA16f9303416bd0031b78532b34841464a1c7f9b458
SHA25661a4f4a6175ff42b40a2346c45c71f49ddd51b8b983591a9ff04439bd43b37aa
SHA51287823e34cc07931c25d967ab76c60bb2b223b5948c02fb5507d2b0d64254d018710b7c7b8de48b814ad4e1e745698e66e3c419799e62d0259c00aa0665f5242c
-
Filesize
412B
MD5d356340fa47e250177332da616b0772f
SHA1884e415fb73fa5894bd94292e30e798321824352
SHA2568f3a7c2d6ce28d4d1483c77e3d3bb539af3cf95b8c9ffbf8fe31716af3929d6f
SHA512911461346909e26c55ae9b98c641285ef0c509abe5a07158fa3096ab30aae1613e7c61cafc30dda2cb991525b3d5a5758f8c41423e523aa54a911ee28932ae41
-
Filesize
85B
MD5ceebc6520d671d472de70b37af5d96a8
SHA180c52fac6c7ade5586ccfa5288982470c5c9e01b
SHA2567153c7925afece634c7fa55d2a08d0e46e71e96fa9811c1bdd847b724adb04f3
SHA512673cba803347c602dd76909ec7a51813ff599316d119bb42949aa4a2c42883edd460f48dbe0bc4a7b7a02033315c6eac871a03a5f78cdec23add493da439d148
-
Filesize
84B
MD5fbb55d095b6b7838aa0cc8adf87e6aaa
SHA1ec33732b715d6cc2ac5e8d8fc962718d179ba129
SHA2561ecb66438b10db707c806c6d77b8afe8fa9ae471d7d6259a21ed0bbe6aaf3d86
SHA512da0d596fbb21cdf5192c60ea819da59ccc6718f328f5944216cbe4975ee5a8034d1d108c68ad257b8ebcb24241e84849f8d0618fe62950d4096e698a1b5ac91d
-
Filesize
4KB
MD52d3032f4eec9b98703f345fa51a69cad
SHA1da53e3be60924ac13e2d1f6ca79f8f7fb0f76bba
SHA256efab284da588a3a736bf8c8831de8e84154f69a71a67c1fa9fb027783d7d88c2
SHA51223340045ab4ec30b66509f3c60105c584b51baa02eda7e9af509bba6054e7bd0225e6a54d1b1851aa9835acf3483dbdc809c04016d82b71b15356b48b9304bfe
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
912KB
MD5b15dbf4b35cd1460ba283795e24878c8
SHA1327812be4bfdce7a87cb00fab432ecc0d8c38c1e
SHA2560ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147
SHA51295edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4
-
Filesize
912KB
MD5b15dbf4b35cd1460ba283795e24878c8
SHA1327812be4bfdce7a87cb00fab432ecc0d8c38c1e
SHA2560ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147
SHA51295edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
Filesize
912KB
MD5b15dbf4b35cd1460ba283795e24878c8
SHA1327812be4bfdce7a87cb00fab432ecc0d8c38c1e
SHA2560ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147
SHA51295edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4
-
Filesize
912KB
MD5b15dbf4b35cd1460ba283795e24878c8
SHA1327812be4bfdce7a87cb00fab432ecc0d8c38c1e
SHA2560ac07db6140408e9586d46727eb32af8f8048cad535eca9052b6ef1149e63147
SHA51295edc60c9658e0e8631604459969a406414902f297b7a14f2be6d3bc18878636167d202530d4ee3b4d7af189a9139a2183929250920196c48c08eda3d6dfdca4
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
196KB
MD5efa1291d4eb0ff2050967dd63bfdbdc8
SHA154ba41d5a6fb192267b36127ff573cb112413fd8
SHA256da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4
SHA5125fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6
-
Filesize
196KB
MD5efa1291d4eb0ff2050967dd63bfdbdc8
SHA154ba41d5a6fb192267b36127ff573cb112413fd8
SHA256da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4
SHA5125fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6
-
Filesize
24KB
MD5993c38c176078ec82cf3d5e21e24cdc0
SHA1153b97b354ee42cce9dce40b9559577bf37ec303
SHA25634a4cfe3fbf3172596a779b960b6f92702137ec2d005d144a5d5fd41b7d64221
SHA5126e52a2be3d012411cb51148a13e554e3b87d3fb278f898e0bc510ba4c23172623c79857da66c2f10b8957e542674c1fd7a24d99bcde8b1e37031055060910e59
-
Filesize
8.2MB
MD5ab35290adfaf8786c0235faad19c3f88
SHA1d595ad8a78d3220f062ff5b90b0724c2346bc1ce
SHA256ea0f099451ecb46149d4474e0752acf1f84a034d09fee87d56b5a54884260156
SHA5121aaa1a987672a7fcf9c7c8c0c2322ea59a47c126b3765188e87e99cc622acaa26c75f99ed6e2c8cf43db5150495dd8c126431fb34d8587f0dbd7539d220f7d04
-
Filesize
206KB
MD5899944fb96ccc34cfbd2ccb9134367c5
SHA17c46aa3f84ba5da95ceff39cd49185672f963538
SHA256780d10eda2b9a0a10bf844a7c8b6b350aa541c5bbd24022ff34f99201f9e9259
SHA5122c41181f9af540b4637f418fc148d41d7c38202fb691b56650085fe5a9bdba068275ff07e002e1044760754876c62d7b4fc856452af80a02c5f5a9a7dc75b5e0
-
Filesize
206KB
MD5899944fb96ccc34cfbd2ccb9134367c5
SHA17c46aa3f84ba5da95ceff39cd49185672f963538
SHA256780d10eda2b9a0a10bf844a7c8b6b350aa541c5bbd24022ff34f99201f9e9259
SHA5122c41181f9af540b4637f418fc148d41d7c38202fb691b56650085fe5a9bdba068275ff07e002e1044760754876c62d7b4fc856452af80a02c5f5a9a7dc75b5e0
-
Filesize
206KB
MD5899944fb96ccc34cfbd2ccb9134367c5
SHA17c46aa3f84ba5da95ceff39cd49185672f963538
SHA256780d10eda2b9a0a10bf844a7c8b6b350aa541c5bbd24022ff34f99201f9e9259
SHA5122c41181f9af540b4637f418fc148d41d7c38202fb691b56650085fe5a9bdba068275ff07e002e1044760754876c62d7b4fc856452af80a02c5f5a9a7dc75b5e0
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
782KB
MD5175d9b039177b405ee04c81f4c9aa4af
SHA16b523f7652761f4a24cf12ce08a32479ed03e8cf
SHA25634a742397244bd2848291f7d1087eb43462a69272f22249e24c2aa71e79d14f3
SHA51280f39a82a12899601da3dfc3092ba7465554b360a741fe26c0e4fbe3fac9b62ddde1f8c50f972eabf982427ac0b120edd67e8be31161a4ce4e2f8ef0dd53b26a
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
196KB
MD5efa1291d4eb0ff2050967dd63bfdbdc8
SHA154ba41d5a6fb192267b36127ff573cb112413fd8
SHA256da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4
SHA5125fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6
-
Filesize
196KB
MD5efa1291d4eb0ff2050967dd63bfdbdc8
SHA154ba41d5a6fb192267b36127ff573cb112413fd8
SHA256da78931d835e91c59cadaebc95fbae56020ce5031523a6a175fefa4582334ac4
SHA5125fcce6422b0ee6827a57c5d0c476e36a5e75a880550b8041a0f3db42b630f483654508a797421ff4316fd84db549c8c78536a25d5da2de9eb60365720517d5e6
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
231KB
MD5fd9c9125577e39e220c1e1b7c0206820
SHA167850a3ea6b672050f137e82cabfdcc4391a2423
SHA2562877c6c075a9b7f67dcb335b0779385af7ec29895ba03455348c982a86ef04c1
SHA512ba3a729b77a218f427ee7c185008e4482933b70e77bee1deff31c5ae16664e6da5f6a5fa1388888a3b96cf1d396380ecc92e3ca4cb227f7f1a5d5ed1e7022698
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
495KB
MD5cfab78ac0d042a1d8ad7085a94328ef6
SHA1b3070cc847ba2739450dc9bd05040df83e7d85d2
SHA25617b10df05b4b92735b673914fe2bf0c0d7bbda5b4a8f9a7fc81a0efaa4380168
SHA512647b909f1e833dd08d99aaa29a3404e64c58356dfa0a3abeb788768d74abb0948d2b612a6da62f2617270cd85110e8aa2b26e5e4558af0d0b84f920c40533438
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
Filesize
602KB
MD578b793e3f44b2c7849ffe70083c500c0
SHA19dcbb160c9f606bcdbee9ad572aaab1ad1b24d61
SHA256fbcf7c3645d90621bfbbf38e660a510dd0731b02b6e7820b075116e944301174
SHA51236d0fadd2a55231ce159519ca4bfb56fee038ee82bfbafa375faee17e11e2149ffffb4b364bc80e4ed950325e0c31e6a02244c591a0b983c7ccc039e94a3e9c8
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-