Analysis
-
max time kernel
433s -
max time network
487s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
02/02/2023, 17:35
General
-
Target
flstudio_win_20.7.2.1863.exe
-
Size
921.9MB
-
MD5
0ae3105f25de01b112b97939194b813f
-
SHA1
f1248621bbcf5521d5a262497abf8ad409914bf6
-
SHA256
68f6f136e48d99b3e2f21705b911c167210f49b96030ba05202d0245de982834
-
SHA512
abd0e8828c29a3e7d8382356709bc4ca256b141a02c316888941f2b1493fd7c46d6153c97937971484ee9127b01a30d90d48f859107d53019dae8bd96b7e473f
-
SSDEEP
25165824:7ekAOjXmPZRsfItOa+fnVQe11EeplDSXXYOV:7WugZPMa+PVQsZTSJ
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 64 IoCs
-
Registers COM server for autorun 1 TTPs 6 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 15 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\flstudio_win_20.7.2.1863.exe"C:\Users\Admin\AppData\Local\Temp\flstudio_win_20.7.2.1863.exe"1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -ExecutionPolicy RemoteSigned -File "C:\Users\Admin\AppData\Local\Temp\nsg4A29.tmp\tempfile.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Image-Line\FL Studio 20\Asio4All.exe"C:\Program Files\Image-Line\FL Studio 20\Asio4All.exe"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" -s "C:\Program Files (x86)\ASIO4ALL v2\asio4all64.dll"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exe-s "C:\Program Files (x86)\ASIO4ALL v2\asio4all64.dll"4⤵
- Registers COM server for autorun
- Modifies registry class
-
-
-
C:\Program Files (x86)\ASIO4ALL v2\A4ARegFix.exe"C:\Program Files (x86)\ASIO4ALL v2\A4ARegFix.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s "C:\Program Files\Image-Line\FL Studio ASIO\ILWASAPI2ASIO_x64.dll"2⤵
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Program Files\Image-Line\FL Studio 20\FL64.exe"C:\Program Files\Image-Line\FL Studio 20\FL64.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.image-line.com/redirect/flstudio_trialexit42⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ff99ff846f8,0x7ff99ff84708,0x7ff99ff847183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4944 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5836 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff75c4d5460,0x7ff75c4d5470,0x7ff75c4d54804⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,13930544255245603427,6247293504013939697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4ac 0x4c01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD50a4b7641b322a99c2af195822091f356
SHA1152be1c8de6fa46f2cfdf415ceb4186a9280a47b
SHA2564b94132665288139ae217886040e58a447f27b1b5eb90f3764b6158116547455
SHA51218aef041495a473da9c82bba6f31f7b142c73f115911e2bd4e57871f28723afacd023fd4c31c2e959af318b82a47cfe68ece0dd400af43db36e501438a6f53e8
-
Filesize
1.1MB
MD50a4b7641b322a99c2af195822091f356
SHA1152be1c8de6fa46f2cfdf415ceb4186a9280a47b
SHA2564b94132665288139ae217886040e58a447f27b1b5eb90f3764b6158116547455
SHA51218aef041495a473da9c82bba6f31f7b142c73f115911e2bd4e57871f28723afacd023fd4c31c2e959af318b82a47cfe68ece0dd400af43db36e501438a6f53e8
-
Filesize
27.1MB
MD524f779a370e3d244ff8575fbfe49df99
SHA10d0347dd7d49ab53f0df8de70d83368fbe786ca3
SHA2567dac2e9ce8cf1146a9259a9373cc5270daa785b33444a29c68924720d1fc9c3a
SHA51266d1b43ca5a5469e9b44053baf0e1c842c1bdca76a47c065563ae05f948018f411cb213b57d17c1afb7c7c882ee7a06ec584c9f97f9ed6f404d268539b654121
-
Filesize
480KB
MD5b401a583ae2a296a6d7c46de873f96bc
SHA1188690a8287de3adc3d6db5e389d85ab97bf3f29
SHA2564afc777815f6ae4f85ec5fbf46f33f3b10342201b346e9406ac313ac40eb5c27
SHA512260008d713e29c4c6c049c1351e44832ab023c8710a61bf914f53e3e65770b6d6858a733dcf8a48dcce0d713fe7150468640bf60542748712859d9b7ea5d4f1a
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD5111a8c85ccb7e6eba795d82d5a09a832
SHA1b1a29bd171263e58589c834aa9854ae349b0069b
SHA25682547f0c9dac76b3e167737bfbc46f5939e413facb8147c6bc6d9d11939b5126
SHA5122324fad19cc4f7a3bd25edf75a17f8b70621ab4e28d2edab995663cdaca0983ed74de746f025ccefd28c8950640137a9a6f9649eb569679f7035ddbb9588b8a6
-
Filesize
944B
MD581fbd0b1ad857b108746cddf8377b755
SHA12efffa12b6f4572af60b74a115a31fb0e8efb8f0
SHA25650f5ee4cb0019d210b03cba4157b2945241664c314d5ab6439ff838a2d84f28e
SHA5126fc35f9188961fe1b00462f1bcf396202473afc39a4c6246d239fc64b5d6e42f6392e4b029747c2ba12f30c1fef1ac84e634b99415877ef0c33800ebf22298e1
-
Filesize
944B
MD5f0019bc2bc66920665e03498715a8364
SHA1cec1a82576d060649527425a58ecc18715ee844c
SHA25695367e6f7a4b5ce8ad79dadcb3f3c52608bdc85981a1e3a11e48695a554189fd
SHA512ea31b00cfde5f5f3f2f376f0fb4161f589ddbf10bd856002a178711d4b60cf894c7f3a163d0fad1de599112c9f28e5c1903ab735f969c7cb886b61f7efc3d476
-
Filesize
944B
MD500f79c6f17c6ad72f6781209716d48c8
SHA1e289d624ced08f11ddfc9edd6e4ae18396328f57
SHA2562f704902858f9878c50d4f860ce9cf029d47633098715c13aac7798ad7f695ee
SHA51291e7133482995c0e894493294b0e48ab0eece4d3960064bfdee1a34bead3e4f353fd85b65c1e52290397d61891fc61403fb4a6f9e1bb9b95e165fe22755e51f5
-
Filesize
944B
MD599b0fe1a7769f75a2c80f7ef0b5e7c62
SHA1a28972f114734346c2acce5000e1267e85799828
SHA256a43e737c3f0daa715260ec049e2d5eb93f85bb82370fbef13d3f060dabde6be4
SHA512b740ff925963a884648bd8de0fe97811124d7488a2e834e6182e601bfb5c2147b5265838622ca1d6083b738885f4d458a5a1066d3eb9e40b536b2cbf9e819715
-
Filesize
944B
MD5cdf113430dd2b0560c16a4927250105c
SHA1d6d8ec180136a243cfba776439f1a5a303cdb18a
SHA2560fe47567ce2c2aee76f3a3befe6491b540b1367a2b4d9cdacdf5f7eea981a93d
SHA512968843bd781bf4a65d9c973b2bc7d576c7b5cb8585fe97c5082039f97b28659f7a4fa0cce654c6f1cf121631fa04de059c186aff30bdd98c19b86f358b000bfd
-
Filesize
944B
MD526403455115fbc3da2573a37cc28744a
SHA16a9bf407036a8b9d36313462c0257f53b4ee9170
SHA256222a7adb94c5e82df6466a4afce283e905c69f7feb18b3e34583b5cbbd88b352
SHA512be96d478e5d804b8daf805ad28d5eba644fb63a59a799273e029c8047a036f8aac74098efcadee0e4f405dcd1c0a689a1e8eb23f51a93634ed44f5a7c821beb6
-
Filesize
15KB
MD5f894e7068ee5f5b4489d7acdde7112c9
SHA179ec857791ad4ac76673b05e6fc44e55315424ef
SHA2563948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab
SHA512e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816
-
Filesize
15KB
MD5f894e7068ee5f5b4489d7acdde7112c9
SHA179ec857791ad4ac76673b05e6fc44e55315424ef
SHA2563948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab
SHA512e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816
-
Filesize
1.9MB
MD5b44657059d70a6150af0919a468b8b34
SHA188c5f4bc1c6de8a85cded7725c07e2d81dfdcea5
SHA2569d98ed265d50b5bcf62ebc3c0b809d9f4d9ff9cf42e261938e6f0cef21733b62
SHA5127731dba4de7bf44e10c2a531eda6c8c4e173e2ec46009802366454cee2739a7eccc971069659681edb42a7ebe6d24b611dedc2bf9cdcc9cbe99785ae1b2f9ada
-
Filesize
1.9MB
MD5b44657059d70a6150af0919a468b8b34
SHA188c5f4bc1c6de8a85cded7725c07e2d81dfdcea5
SHA2569d98ed265d50b5bcf62ebc3c0b809d9f4d9ff9cf42e261938e6f0cef21733b62
SHA5127731dba4de7bf44e10c2a531eda6c8c4e173e2ec46009802366454cee2739a7eccc971069659681edb42a7ebe6d24b611dedc2bf9cdcc9cbe99785ae1b2f9ada
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
772KB
MD5a63a7b6e7969179c67cdd1f7db3fe622
SHA1c35aa94d212bfbb4e9f868d25b9fe5b8bd6bd801
SHA25637ad075156c508f9ecad57bdd8c00aaaf2f02e2c7291853f411799788dc25259
SHA512c0fe0d2253a633ea5156359fe33f4fdb02244441ae21631038b040300a0079ce4ada49face2f5f757cca5fcfb51320221b720e0a71335e6769f2ebd9d705b8d8
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
15KB
MD5998189882c9f1be220c9faf0fd2bde15
SHA1787d50c46c9a2a48565f684fabc7503aca8b0493
SHA256f34385901206a3952fe2724edb3b0b123fd897119c774ab68c8745de6662d990
SHA512e0c52ad851b476e7bcbadea8f993e5c6f9f70a9b46e2aebe8ee353a372b0bd5af95241240f880f49b9d91d240a4a2b7e7d2b7c8a18ca1654e607fa8d2772dfd6
-
Filesize
11KB
MD524523fe14bb9ba400a3950016b187915
SHA16ec152b4e4ac04038d4608a8a206070185116036
SHA256c4aaf80e3990185eeb5ea56bf841dbf5f3d02269d715f3bfdfe8b54aa797a7b9
SHA512ae73351d27109187f7c4e312bc30a165202f29d74c65dd0feaee75dab72b97d27c6482b1e95771063afec7e9f2ca03a27a11cd25e39228072b69c33fffef7257
-
Filesize
14KB
MD5adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
Filesize
23KB
MD59210597fba3dfab3c69b1eb490205419
SHA16e3ca39043756ed1cceaf2d4853e7cb6be1c64cb
SHA2567696c255014a543f720e189ab3fe48f62fcf43435465062649c96138eedb222f
SHA5124877daefdd34725791fba7c8cc2d85c4e91080ca7787a71ee9ffde71704ac40799b891f03d1f1805a31af6ddc35e335f74c9d620e87d517670a378c001cffb06
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
6KB
MD51cf768cdc98419962be6449925b56991
SHA16f3a40a5e0bc9907eb3d398bc29d15d32f56d557
SHA25651d7a5d1f57067fdab6cee8878bd7cb4883eb67ac69d8118a19fd56d7a65bd14
SHA512c8c8575c86e548e9f36e979a58ea63a6b5ab033a89dc5ba5e41616cfadd0bb0a66e61383cec91f60e975405ffc3368d3a044fa5316f80b9d9952a816d4844c4c
-
Filesize
111B
MD5f7cacba08813f15322eadbf1c2a394fd
SHA12d963cca54d20871f5b9975f9164a866d83e4250
SHA256f733a70f6385a9f5e1d3e1c10749f78ed79a3918d4d7d1205c76b45eacf534be
SHA512179e13b9319e08017a92fc47d589b7ba4fee2824d2c1d25a48f509b3a71ab1e51249369f64804a1073ecbbf4f27d64a0a0459d1abb45f98edcbdb22c61bbf42e
-
Filesize
120B
MD52a701c5d056394e5c23495ee20ff1dd2
SHA16605751f1b989a6a9182ab91355b9deda51c2651
SHA2567c3bdeca15abc72e22bb61106a1f26d992243d6806dcaace5139086979e51005
SHA51251d1d18c934f10358d14fb1993126e3717b14636e1b6bb261a08cf2c342cd4c0df2bb02e94cd5aa0ff2a56eae90c16360a7e1f3039a1c759d60e48d99a1e30c9
-
Filesize
113B
MD57c9b6abedb3f5cf35e0e6b798323f2d4
SHA12e7bc89eac789a8125432595876e0defb9ee0ad9
SHA2561ffff655058197c0d8f683c7a78addbcbcf338678847da3d82a02735190f25a2
SHA512dd3a2133131f1c6c35f80204f4f27d924b7140b236401949433355daad86978526efb4b4e0f1311c56c16fb72a59acc78c5fec83db93b0864897b9db779d9748
-
Filesize
122B
MD56cec58160804ab57d8fda61a0a780f6a
SHA10849117a1360dc3086d4e7ae78a8afac16ef032e
SHA2566394916c331dcd2aeeb9125995fcc3697d0d2e41e67a030ebc9e22de567035d3
SHA512496dc54263af3549f7ed9d612f8abaa476cc573b18256dbad8395f5722d777ed3000d63f8012eef3df380403bf1a68bc98070c1de978d12747ea144d93daf801
-
Filesize
152B
MD5078a5b9c799428eff1123e4ff248ea04
SHA1988a1e2b41ac3c92e0fce66c5e5c881b47f353b4
SHA256d334c0707c69848b494cf1918de8562a22de1dd4725a7535e0e1ee5ae6b102f9
SHA5129c334f19130d450cd8baf648a65bd8d992ca027eff3628e18cb8a3ed58df1db19420d0949e122d56fdccc611a3f9e58063df5b6dc77bed355d8970276386e182
-
Filesize
150B
MD54e14df40fd47f06aec7f41d966130adf
SHA12b191d6a4dd3f9e9dc2e1cabbc1d349e423ce77e
SHA256b4affe32385742904ce138e3466bc5b35d50f0f52d77a5b20889893ec88930cc
SHA512865b19147bbdbd26ad00209973bc0201dc324e5077ae5595c52d022beab6cb496d222e64590baf94558e87dfcb6aae14efe2e2ad34192f00325c53f43fef9373
-
Filesize
143B
MD5e03e5393247f537e82d707eabfb2f632
SHA1d029479365c2ada596a5463fcb11d7867082dcd7
SHA2568538174af838736e9168e74fc7161298a539ede040ef36feb6cd07a27758a4f8
SHA512f7a55aa2f58fab8170608b246eb827fe3426533edc4b5f096cc27b34b8dab28ffa625b3ac82000d480f2b2b607e5c93a6d024fae519ddcb2c1212be2afb6cd20
-
Filesize
143B
MD57a368131348f92b708c9f0375d2ec532
SHA1077688ca79711f833fc9d22e4600a75230a6eb9d
SHA256914e9a80d5e98229b0b86dc1951c34e0a385a38e1b85e17428c35e3fb770ed9d
SHA51295100371bea8f84b383b30b5c742c7982dd2220eb1f362dae91f84b47164618889655c5499db74a8254045583ed5db656b6fd7180655e581dd4d8fcd294ebbe6
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
476KB
-
Filesize
672KB
-
Filesize
1.1MB
-
Filesize
820KB
-
Filesize
820KB
-
Filesize
820KB
-
Filesize
1.9MB
-
Filesize
1.8MB
-
Filesize
1.1MB
-
Filesize
476KB
-
Filesize
12KB
-
Filesize
50.0MB
-
Filesize
3.6MB
-
Filesize
4.4MB
-
Filesize
50.0MB
-
Filesize
3.9MB
-
Filesize
188KB
-
Filesize
5.8MB
-
Filesize
288KB
-
Filesize
6.2MB
-
Filesize
5.6MB
-
Filesize
4.5MB
-
Filesize
4.5MB
-
Filesize
32.9MB
-
Filesize
5.6MB
-
Filesize
6.0MB
-
Filesize
3.7MB
-
Filesize
3.6MB
-
Filesize
3.7MB
-
Filesize
3.8MB
-
Filesize
3.7MB
-
Filesize
3.6MB
-
Filesize
3.6MB
-
Filesize
5.5MB
-
Filesize
8.9MB
-
Filesize
6.1MB
-
Filesize
3.6MB
-
Filesize
5.6MB
-
Filesize
3.6MB
-
Filesize
3.7MB
-
Filesize
3.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB