Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
30/09/2023, 14:31
Static task
static1
Behavioral task
behavioral1
Sample
e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe
Resource
win10v2004-20230915-en
General
-
Target
e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe
-
Size
1.3MB
-
MD5
67753ac9fe4f92b79506a40197db937e
-
SHA1
21221e792df2118cd16fa491c871058cef3105bd
-
SHA256
e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815
-
SHA512
104bb766e506a3e3fd6efe6dc239d334a0fcd65cecbc2818ddddd7dcc4aeda6fef5318eb17ffc580aa44c5f591793d79ef699504c066857418b92f4e9aa5f41a
-
SSDEEP
24576:/iry1KswscUUk//tmUsDnpEYxky/+oBc63Fc:7pz//EDnpU6d
Malware Config
Signatures
-
Executes dropped EXE 17 IoCs
pid Process 464 Process not Found 2564 alg.exe 2444 aspnet_state.exe 1408 mscorsvw.exe 2816 mscorsvw.exe 1864 elevation_service.exe 1732 GROOVE.EXE 1996 maintenanceservice.exe 2272 OSE.EXE 2368 OSPPSVC.EXE 1528 mscorsvw.exe 1468 mscorsvw.exe 2276 mscorsvw.exe 1676 mscorsvw.exe 2812 mscorsvw.exe 2884 mscorsvw.exe 2268 mscorsvw.exe -
Loads dropped DLL 1 IoCs
pid Process 464 Process not Found -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 3 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\23192646cbc56ce8.bin alg.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat GROOVE.EXE -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre7\bin\keytool.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\unpack200.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\javacpl.exe alg.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\ktab.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE alg.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe alg.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\rmiregistry.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\klist.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe alg.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\javaw.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jre7\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe alg.exe -
Drops file in Windows directory 14 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenofflinequeuelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenofflinequeuelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe alg.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe alg.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat mscorsvw.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings GROOVE.EXE Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform OSPPSVC.EXE Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\OfficeSoftwareProtectionPlatform\VLRenewalSchedule = 816acb9f0100000000000000040000001890320100000000e2e045280100000000000000040000000100000000000000e0967d7f02000000000000004a000000350039006100350032003800380031002d0061003900380039002d0034003700390064002d0061006600340036002d00660032003700350063003600330037003000360036003300000000000000000077da4c9402000000000000004a000000360066003300320037003700360030002d0038006300350063002d0034003100370063002d0039006200360031002d003800330036006100390038003200380037006500300063000000000000000000ada4eeeb0400000000000000080000000000000000000000ada4eeeb040000000000000008000000000000000000000058192cc10100000000000000040000007800000000000000847bccf10100000000000000040000006027000000000000 OSPPSVC.EXE -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1936 e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe Token: SeShutdownPrivilege 1408 mscorsvw.exe Token: SeShutdownPrivilege 2816 mscorsvw.exe Token: SeShutdownPrivilege 1408 mscorsvw.exe Token: SeShutdownPrivilege 2816 mscorsvw.exe Token: SeShutdownPrivilege 1408 mscorsvw.exe Token: SeShutdownPrivilege 1408 mscorsvw.exe Token: SeShutdownPrivilege 2816 mscorsvw.exe Token: SeShutdownPrivilege 2816 mscorsvw.exe Token: SeDebugPrivilege 2564 alg.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 1408 wrote to memory of 1528 1408 mscorsvw.exe 39 PID 1408 wrote to memory of 1528 1408 mscorsvw.exe 39 PID 1408 wrote to memory of 1528 1408 mscorsvw.exe 39 PID 1408 wrote to memory of 1528 1408 mscorsvw.exe 39 PID 1408 wrote to memory of 1468 1408 mscorsvw.exe 40 PID 1408 wrote to memory of 1468 1408 mscorsvw.exe 40 PID 1408 wrote to memory of 1468 1408 mscorsvw.exe 40 PID 1408 wrote to memory of 1468 1408 mscorsvw.exe 40 PID 1408 wrote to memory of 2276 1408 mscorsvw.exe 41 PID 1408 wrote to memory of 2276 1408 mscorsvw.exe 41 PID 1408 wrote to memory of 2276 1408 mscorsvw.exe 41 PID 1408 wrote to memory of 2276 1408 mscorsvw.exe 41 PID 1408 wrote to memory of 1676 1408 mscorsvw.exe 42 PID 1408 wrote to memory of 1676 1408 mscorsvw.exe 42 PID 1408 wrote to memory of 1676 1408 mscorsvw.exe 42 PID 1408 wrote to memory of 1676 1408 mscorsvw.exe 42 PID 1408 wrote to memory of 2812 1408 mscorsvw.exe 43 PID 1408 wrote to memory of 2812 1408 mscorsvw.exe 43 PID 1408 wrote to memory of 2812 1408 mscorsvw.exe 43 PID 1408 wrote to memory of 2812 1408 mscorsvw.exe 43 PID 1408 wrote to memory of 2884 1408 mscorsvw.exe 44 PID 1408 wrote to memory of 2884 1408 mscorsvw.exe 44 PID 1408 wrote to memory of 2884 1408 mscorsvw.exe 44 PID 1408 wrote to memory of 2884 1408 mscorsvw.exe 44 PID 1408 wrote to memory of 2268 1408 mscorsvw.exe 45 PID 1408 wrote to memory of 2268 1408 mscorsvw.exe 45 PID 1408 wrote to memory of 2268 1408 mscorsvw.exe 45 PID 1408 wrote to memory of 2268 1408 mscorsvw.exe 45 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe"C:\Users\Admin\AppData\Local\Temp\e956dcf8b25ccc0d1c61e40075cbe18cef9e22f1b58f79998bbf2638642a7815.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1936
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2564
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
PID:2444
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1528
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1ec -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1468
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 260 -NGENProcess 250 -Pipe 24c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2276
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 254 -NGENProcess 25c -Pipe 240 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:1676
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 248 -NGENProcess 260 -Pipe 1f4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2812
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 1dc -NGENProcess 1d8 -Pipe 248 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2884
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1dc -InterruptEvent 270 -NGENProcess 260 -Pipe 264 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
PID:2268
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2816
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1864
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1732
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1996
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2272
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5ab74d40873e1601ab472ef6332b643a0
SHA189eadaade6dab0bcb46a825f51d1463b451c4a60
SHA256dd3d84774c8a3c543f6774cd2b57947498a3fb818bc2ae3be3ca7a5d52ee5b38
SHA51293902aa5b14d9537e512fc913d6923107fe9b9ced801be08540725af55496f42ff91353eece1395b0a8a3fa30d1a2e8d22694b277709ff4cc73b2f3e750de984
-
Filesize
30.1MB
MD56efaccbf306d7b8d3fd5c68dd187bc6e
SHA14b42b647e9f76a25bd78d0658f0832c39e47c429
SHA256da21ba4c2f979fea4dda04b0ef60e3c415c5e27fe920715555e9ca225c9ead63
SHA512bef092bdd5de6cc4818ec869bfbf61333f16191f0d6a00114914308855ae53ca5fe156e1dcee3942b62eee016045f41f33ef48ec04c1fa560e544471c4ffc8c1
-
Filesize
1.5MB
MD5fd362a473e67ce9cf58fdc0a621aaf7e
SHA12988208f1ff19b24eb76c8f10a1607e3fce04bb0
SHA2560fdaa95f6fe97094fe2dda720be8e2c8632c9c866719ab5c7f9bdb6a81ffe494
SHA512588b712219b2df9ad9b248e1dbc5f8e398ec738a59d1cb049887c913a77b549fdc36ad17ec46824064bb5ac538efd5b9f16814954650517d84dffca75e7239af
-
Filesize
5.2MB
MD559865e9a2fe685f117a2b443ae3ccc3f
SHA15c81cd0f2af50f1ada3cacc52991d300123582e9
SHA256ac57fa63092ad77d02bfc918e0249ac7c9ac4b0f54fd42ebcb4946001ee50500
SHA5123160d12feeb4cada206af8a1563b161c151cc5ff4e6bf86bf067c50948ead5f031fc77dca46d9cf25506c6ece38810d7a900116e1cd2b32b82e100b6b0a3a968
-
Filesize
2.1MB
MD5443bf4aff7aa75d111f1e1b5b4c27668
SHA18a7fa237bcf82ea91b552759c06ec794a5755f17
SHA25608ae0198b52114483e4279f27e1ef4ffa673da49032f36a46439a07f13a01e67
SHA5127d42d5d66641946808e98db6f25a07169a802fc71fab011435b94a13a89a43952d281f6e417b93c0f857969981331e4a41deea9bceed6ff18d56fa959d56812b
-
Filesize
1.3MB
MD5bf4473dea998882da2ddb14ccbab0a8a
SHA1e2124f4662aee2796370f0f749b9646ee296ed26
SHA256d89d90dc1bb9b5d69c1ecd57cc913986e3a7f15e625b07ed23898686e955ae64
SHA5124699af0288a1d2b4b9d7dc91fca9e1233f1c5daf73439dd29db0fd7d0c363fdd64ebed7e14b4573888b0bfe253ba2c7d24a10936ee11f9a66e286ba44e9c4236
-
Filesize
1.4MB
MD5ab63c6315b8f0920e83f99db8f6eec4d
SHA1aaf4d4817c9e3a5faca36848fcf141650d598910
SHA256909146f5b9406b797853214db8aaf117c41dcb7317261669aa65b4c14dc35ac3
SHA512699e984d1b6c8354187ec04f31ed42c95b2fc13ce660913a89fd44aebf6f1a7635540540b9f45f67308441dc8d68de58d3803d62039d971dfb284fb553c1f3de
-
Filesize
1.4MB
MD5ab63c6315b8f0920e83f99db8f6eec4d
SHA1aaf4d4817c9e3a5faca36848fcf141650d598910
SHA256909146f5b9406b797853214db8aaf117c41dcb7317261669aa65b4c14dc35ac3
SHA512699e984d1b6c8354187ec04f31ed42c95b2fc13ce660913a89fd44aebf6f1a7635540540b9f45f67308441dc8d68de58d3803d62039d971dfb284fb553c1f3de
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD59f88bfc3dd1753d00e02003a9a5c9788
SHA165a9308adb8558d724de978032af3d1d2d914f2e
SHA256e3a2f15d1babb05e929aa67459f1dd09e8a869e600306358e26f90c7ede7c979
SHA5121fa5e25010adea46a4130a8d24dc13c9b30168e3fad52f0cf5a98213d73c82aa35d96d06d6cedaf951d35a1df989ee4112d777f297ba5f78ebb228a762ce9966
-
Filesize
1.4MB
MD55a41735bf2ab30615eb3f961ecd5916f
SHA1a01efd6293fff996675efd61dd02a0ec7c96a0a4
SHA25603bcdc135a4d1f22940727ccc0dd87d38514fb785c5478473bd38d8accfcbf82
SHA5121bddb8f912c190c53009005ccb79e20ee99c321d277895e87465a06520309458829a66e97555f7da7076c6c5272517068e459975d1948c3cb1736fa6deb4458b
-
Filesize
1.3MB
MD5bf4473dea998882da2ddb14ccbab0a8a
SHA1e2124f4662aee2796370f0f749b9646ee296ed26
SHA256d89d90dc1bb9b5d69c1ecd57cc913986e3a7f15e625b07ed23898686e955ae64
SHA5124699af0288a1d2b4b9d7dc91fca9e1233f1c5daf73439dd29db0fd7d0c363fdd64ebed7e14b4573888b0bfe253ba2c7d24a10936ee11f9a66e286ba44e9c4236
-
Filesize
1.4MB
MD55a41735bf2ab30615eb3f961ecd5916f
SHA1a01efd6293fff996675efd61dd02a0ec7c96a0a4
SHA25603bcdc135a4d1f22940727ccc0dd87d38514fb785c5478473bd38d8accfcbf82
SHA5121bddb8f912c190c53009005ccb79e20ee99c321d277895e87465a06520309458829a66e97555f7da7076c6c5272517068e459975d1948c3cb1736fa6deb4458b