Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2023, 07:27
Static task
static1
Behavioral task
behavioral1
Sample
119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe
Resource
win7-20231020-en
General
-
Target
119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe
-
Size
1.3MB
-
MD5
f164f84f616092d2df64a7c2bd486a39
-
SHA1
8a429e6a4f5bfe81f099335d90d720fd1f3a8a3e
-
SHA256
119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d
-
SHA512
9ecfab65d90fad0f3773e4cf32f9c52e3ce6c6bbdb55c02af1e065912ec3b51b3b4fe86ce60e2557b1cc443436fbd969fb3d46474bce5fdf4095ed1021210370
-
SSDEEP
12288:KE9B+V9ltuhohhCRu1uPxope7YS+Paleow7vwqi2VNN20zhCUeGI:KE9Balt/hhCvJae8VowLwqi2jU0zh6G
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 2904 alg.exe 2160 elevation_service.exe 1276 elevation_service.exe 3244 maintenanceservice.exe 1416 OSE.EXE 4620 DiagnosticsHub.StandardCollector.Service.exe 1096 fxssvc.exe 1132 msdtc.exe 2776 PerceptionSimulationService.exe 2668 perfhost.exe 3520 locator.exe 3024 SensorDataService.exe 1856 snmptrap.exe 4024 spectrum.exe 4136 ssh-agent.exe 1508 TieringEngineService.exe 1572 AgentService.exe 456 vds.exe 5116 vssvc.exe 4656 wbengine.exe 2296 WmiApSrv.exe 3372 SearchIndexer.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 24 IoCs
description ioc Process File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe elevation_service.exe File opened for modification C:\Windows\system32\SearchIndexer.exe elevation_service.exe File opened for modification C:\Windows\System32\alg.exe 119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe File opened for modification C:\Windows\System32\msdtc.exe elevation_service.exe File opened for modification C:\Windows\system32\AgentService.exe elevation_service.exe File opened for modification C:\Windows\System32\SensorDataService.exe elevation_service.exe File opened for modification C:\Windows\system32\TieringEngineService.exe elevation_service.exe File opened for modification C:\Windows\system32\dllhost.exe elevation_service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe elevation_service.exe File opened for modification C:\Windows\SysWow64\perfhost.exe elevation_service.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe elevation_service.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\locator.exe elevation_service.exe File opened for modification C:\Windows\System32\snmptrap.exe elevation_service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\6fa3692eb759df4d.bin alg.exe File opened for modification C:\Windows\system32\AppVClient.exe elevation_service.exe File opened for modification C:\Windows\system32\fxssvc.exe elevation_service.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe elevation_service.exe File opened for modification C:\Windows\System32\vds.exe elevation_service.exe File opened for modification C:\Windows\system32\vssvc.exe elevation_service.exe File opened for modification C:\Windows\system32\wbengine.exe elevation_service.exe File opened for modification C:\Windows\system32\msiexec.exe elevation_service.exe File opened for modification C:\Windows\system32\SgrmBroker.exe elevation_service.exe File opened for modification C:\Windows\system32\spectrum.exe elevation_service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_136968\javaw.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe elevation_service.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe elevation_service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe elevation_service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe elevation_service.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe elevation_service.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zG.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe alg.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe elevation_service.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 19 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" SearchIndexer.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 668 Process not Found 668 Process not Found -
Suspicious use of AdjustPrivilegeToken 41 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4348 119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe Token: SeDebugPrivilege 2904 alg.exe Token: SeDebugPrivilege 2904 alg.exe Token: SeDebugPrivilege 2904 alg.exe Token: SeTakeOwnershipPrivilege 2160 elevation_service.exe Token: SeAuditPrivilege 1096 fxssvc.exe Token: SeRestorePrivilege 1508 TieringEngineService.exe Token: SeManageVolumePrivilege 1508 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 1572 AgentService.exe Token: SeBackupPrivilege 5116 vssvc.exe Token: SeRestorePrivilege 5116 vssvc.exe Token: SeAuditPrivilege 5116 vssvc.exe Token: SeBackupPrivilege 4656 wbengine.exe Token: SeRestorePrivilege 4656 wbengine.exe Token: SeSecurityPrivilege 4656 wbengine.exe Token: 33 3372 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3372 SearchIndexer.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3372 wrote to memory of 644 3372 SearchIndexer.exe 129 PID 3372 wrote to memory of 644 3372 SearchIndexer.exe 129 PID 3372 wrote to memory of 3832 3372 SearchIndexer.exe 130 PID 3372 wrote to memory of 3832 3372 SearchIndexer.exe 130 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe"C:\Users\Admin\AppData\Local\Temp\119f66cce7308a9ae2b0daaf886a57024df7e13cdad09da85908e828169b6b4d.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4348
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2904
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2160
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1276
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3244
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:1416
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:4620
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:1900
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1096
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1132
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:2776
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:2668
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3520
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3024
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:1856
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4024
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:4136
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:680
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1508
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1572
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:456
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5116
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4656
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:2296
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:644
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 8962⤵PID:3832
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD507b75e169e3ace47365a9a323900379e
SHA1968511d29d6c16b5af0d68197e919dc99354f415
SHA256a0fcf082308e78cffa964eb785450198d35b6101e82483867fae12c0e5764a72
SHA512ad1c914578621573a7b55a0961b1885ab641734138252594e3e6421d01eac58044698d7f758a672bb5299f32b361912cb2127d765c5dd139fe75403a55f0793a
-
Filesize
1.4MB
MD5df65f5339ecf752428cc79dae503a479
SHA1e4a029d5f9b1484dbfa367c6b93a3346f9a1b797
SHA256679a742b983bfa6a9ee0b4e7fe0ea6e6e42cf0bc78e750a03c0458ac39bc0f59
SHA51269231c2f36b3c311a34b957471c0a7d23d0b9fc3a7da83e49f4a274a8606f0ede5d15f164a617c0b816fb6ee07bcb97f6f9cfe2d18ad368e1f10d19fcc46fc82
-
Filesize
1.4MB
MD5df65f5339ecf752428cc79dae503a479
SHA1e4a029d5f9b1484dbfa367c6b93a3346f9a1b797
SHA256679a742b983bfa6a9ee0b4e7fe0ea6e6e42cf0bc78e750a03c0458ac39bc0f59
SHA51269231c2f36b3c311a34b957471c0a7d23d0b9fc3a7da83e49f4a274a8606f0ede5d15f164a617c0b816fb6ee07bcb97f6f9cfe2d18ad368e1f10d19fcc46fc82
-
Filesize
1.6MB
MD51f3f0ecfd44224e6f125c69245ee690b
SHA19f3f7cf5c0093c9aff1bd4b8a035024d06a33e97
SHA256d2fba7de28549405f1db7ff1c402e683c6d379a95f366a908c9594fc289ffc0d
SHA512daf4e5646cfe941d68e551f38378065809723c2bacd867934aca9de50741c66a67c47b8dda269e183679d14e1e6651bba6f132d964bbe1f087860cf5ee1601c2
-
Filesize
1.4MB
MD51bd7027feb4e7c01a44d2544dcaf7170
SHA1961d4106741e0f8227ea0e5a08edc54f7d510b62
SHA2561da847919cb51b4aca92d90ed8ade71b888a9208440ed1df64827c34e8b46ad9
SHA5126226d194fba6629e7d0ac2fec0bba84c5b05158f1c1964a9c801e16a633a4bdca4304a145e6c16a93fcf3af786650758c7ad66f300ec614a9384ee17d1103211
-
Filesize
1.1MB
MD5f3ec33c275490ec3331ac27f9bda7d71
SHA12bdb5039f3601483a80bbd1f416162ddf19f6bd3
SHA256053e66e11e37c68c593971d4f2506ba7f35427d37ba844705239b40c5da5a413
SHA51285b89056f2d6586aee56202880cbd8e8e79e9f26f29932764430fa3d7eef1c1b8767b91d62d766531cacc62ad51873c2fbf1cbb7b7c6c6c58a0e75b147830e82
-
Filesize
1.2MB
MD52769feec219eec93934269ed8c305065
SHA18f72e3730c2e78aad066476f2aaf8c8dbfdee8a7
SHA2563f4dbc2645a0d6022485ee055c4ae7d71372f8a0d2cacf74f7c0f8386a4311e7
SHA512462431a69092b5b6882ce1fd06415a833399926d9762cb4cf11c68bcd9f0ddaf3f41f15a481f98e5551bfe820ed9ac3584b0d087d07a108ec87222448ed67bcc
-
Filesize
1.4MB
MD5feab2c70cf461c400a00000a4c1c9b3d
SHA11ae44cdcd3880ec4501e45f5f33b302fe2fc2bb2
SHA2568a0be4ab330de31e7993a6fbc71a61cda2bd7f2646aea4dfb3cbeba3a070c473
SHA5121ddd7077acb4f04d1b2c30194d11a442822539ff0e31b7ea2986d0b29c3f2fde75aee9a76d50e2532aa9cb9851fe7f82af0b49becd7be1a86feb39f9efa6b7c4
-
Filesize
4.6MB
MD5745f1bd567debe63dc2403db8824115b
SHA1c94bb661eb469124baca3988f82ea017953c279d
SHA256b88ea178fcec4c07756dc461131ea3442719adfccd5cc82e038dbda994fa9f84
SHA5122021cd4904699af2ba852f2361dac5f46d58a911633e36755712db00637b47cb5d9e357335ff56562e12831b63505788896ef82405d9a2eea793a86f178f0b52
-
Filesize
1.5MB
MD503c69f605ce3dddcb5902b71bf8e7a50
SHA1e4f0f886623160490351a2a4b70d6ac47c13300f
SHA25620cb0ba611851dce084fe1e6eb2b765862cc817ee9c88cd9e4b7c0a2e3135804
SHA512655371586dfca52891b88eebb922c29d62f784e1bc7eb1b24ff594fab71207adaed2ffcdbf60bee0c7d784cb479cc5aedb1c1d7a8390931e2961a235c3e3003c
-
Filesize
24.0MB
MD52f0e5ebbded05e31e1430e3fb7520f87
SHA1150b33d90390f7750ae0291b2be3ae8f3cf1c6d4
SHA25640d8938d2e4a32a2f3820d63333b246e73960d34eb764cffb08b9517426fce44
SHA5129f6e84176eddac3b90ef557a2d11658e1c2662724641f34111673f23754d5aed54361649ca20f6eae8b0d0214166aec5b891bee270c7002ab6e8b6aa665bb541
-
Filesize
2.7MB
MD5316f27932088581d875335c6c7c6dba8
SHA1748cb67515dbd6f14ae8881fea3636a6623a7e91
SHA2565aa35ce229b78d8e4ab33831f4d1d8bbcb7efd0a154451053ef4ee30c15b7532
SHA512f6b1274c42adc6cad5d0e4a67a97321b18550269cceba7963ece4021a27fb79102f7ccd0fe7805f98dd8f25b97f85bed7b618652b52bd8f512ac7b1914969af2
-
Filesize
1.1MB
MD52b26bb9b514b12765412fb40276b27ce
SHA1baa47f1a40dc575291a9babf7b72c7a3067e038f
SHA25658a91227c8dee0df95a3890a6b603653901bd051336d2888910e3e4b5904f8c6
SHA5123d82738260037f48f9f08076d71590202a4bafcb59e6bb90da32c86229c787aa8e3143dbae3f845125211536febe8221a3a4d5f120df87223cb79ccd65f3358a
-
Filesize
1.4MB
MD5ed0e26504fb429f2d47999be41bb69c1
SHA1c18ead732cd769c40c5f4da66482f1fab8e3087a
SHA25656203b4a4cbaa7a58071991605d595fd870195e72dedc3bbb56705e45f0f01cd
SHA51251553f59d34dbd16c274ee32c51ea5b9c87a72b3dec9122209c0cb1dfbb9740c8080e1eb2265846a7cf24892cf7fb8e9c24989af9bd24ecfb774c99e84ea18f3
-
Filesize
1.3MB
MD55fb966caf15985cf6aa31d03b35b6df5
SHA1b85ad014df4cd5fd4a6dffc50326ad1ab5b4ddde
SHA2567f55e69a7fd568d0233a95cf601be8158a15e90da70e70105387574bb15b38a3
SHA5125b3234b9637fb3e55c0dde4e04deb4fc3272cdf98deee2e3870c16262ff1a40d41e106859e9308cd5cb97f9c9e684460a6fe47ad5c55e6b8cea2754c26f322a7
-
Filesize
4.8MB
MD532e2798a00ce67705f2a625abbd49668
SHA143d0b26642dc1807889d8ae9c60d98dc94d3b3da
SHA2565ea6eb9dd64879ac37dbb2c3fced451a95f5563260f412e0b07d134c34babafa
SHA512afe32d3b6f467bfcc34c4a39d10eab968946081d04cdea444a670c6354a2bb8bae8167e7d5d4257c89a2bddb29741bd3bd92ea012b08e4bb9dc269eb7e132e6b
-
Filesize
4.8MB
MD593c8fdbff212a525ec732c722b939892
SHA1ab876971ab0391f9105cc5edecb3fa16d46ca6a9
SHA256b1afd6921f9d8b41ca03c7bb7547932685f15cb480c28eb37400eb2189b98d8b
SHA512d40f7f1e6551c559763f2b54f1dc7586042600469879e53c1f31a0af4bdc3aed657d7ccfb3a1819e006a58719a22d322c91d3a6e5c00e71f2cda7d1cda778721
-
Filesize
2.2MB
MD58da89b2a643b7d769c226c8c0f778dcf
SHA15a50d1bd46cdef926565b74d29bc4cbf58846984
SHA256cd2da2c41121cfda0f16c118f55e5744db0d03e9a7d2c71635394fec832debd3
SHA5129f140ea91c3b0454232dbddc7d761320fdb47cd550a96929b618e9a4da13140aad3d79e10ecabbe19f5702186cd8f9ff22ddc61c2ed5919f2d68c0ac7cca21de
-
Filesize
2.1MB
MD5cdca171d9dad8f561a37f88bc9c9d532
SHA1fb8d918a6157b27898a4eb9ddc886aa02bb9377e
SHA256d8ffd7c9ff9705dc421c0ee646e1d741431c2bc17fda232940ec58e7fc87d27b
SHA512016c57ca50c8694ef9b0c5e9a9cd5bbffbf8e3a3e4369e39bbaf22edde50303a0f9b2d5edd0fa337c3640f57bf1919c8b5e3c0eb4c146bdbe6bffaaae492d8e7
-
Filesize
1.8MB
MD5cfa65afe2cb1dc085f299db6c219b6ad
SHA192e440ffdd38b575a505340da4a2ecbce5447359
SHA25627b9215ac181f8af1c23b10344f4e26788dd79cec89e46fb85bf4e672adaa3e6
SHA512f7adfd8159483257f49524906517849ce24fc82944519c38f80be9f1689112813c586ea370db23a90141196a6aba60184c8ff64a39bd13e759c55affbdb3c530
-
Filesize
1.5MB
MD51aadeb777d77655c70aa5fad1a5c4800
SHA187c407a7ecddaed71037907c78d9aeef726bc668
SHA25697171901e5b4fbe11f05f685acddd6b910b67b604e8061c6b26593e65ffe3d9b
SHA512881ef708db33a2a3854cecb0a4d5542473133369d32de0c46f15d28278522eea9116e0003df610475d6d159145e28a58d58b28bf04760d4806a836b9c38636ad
-
Filesize
1.2MB
MD5d79e6baae6d12b76ba8c8a3c7d97f15f
SHA15b9c18857aa44875e46c002db54097a45d969a7e
SHA25616c4b023db9d716159c822ed2d1c6e0906cd4d2e658017990f1b59ba7b2d8d22
SHA5123eac6a43d48b427921758944a9b5431d9ba70a14449ae63d6ccea050d9f8ffd5473ddfed7ebc76d45853d61638f0b97d7b26b8688c321f09a74f218a45f953af
-
Filesize
1.2MB
MD5e30ab0b3382d429eb50f1d1b88f7092f
SHA158e41e52b7e0043e1cb847f0587b5ae2046b3b64
SHA25695b5ff60827d48a3487e5a973462c611af0a4a089775d44f4585f64167682a85
SHA5120ff0b1ac0c07e8cab70f0e3eb88ec6c55be2a763757030b772717239cf839e54d862ce1ca87a4589038238df71f10a85240b2b54c619c068c83282e69825c2cd
-
Filesize
1.2MB
MD5b99d7eb997ed415491158eca178b0d01
SHA155bac3354e2d025fa4f9a47a6476af4c6b27fe54
SHA256850e9fcb240638278a1962a4ba49e5f850ba4b238e41cbd18de0ee3323342ba5
SHA512e6ca7ada922c5a059d72da27d98a7e208fa7d5920c41f42373843a152ad4a050108a1bcf51f7602d34f3f01d3c5fe0165a8a441343ea2e4c0d7bbe9ae53079b2
-
Filesize
1.2MB
MD52609b4a74e14a69cb33477744d8c7ee3
SHA1d686f7e03767c115ee5b4651ee497cce296e1ce0
SHA25695849a333072c706c3aec2e1b78994230ccd0862032bf0bae8b7f4445896be3a
SHA5126c04b5f3a87a3722c8255c68ccf7e434b2e5af60a30f251e69f185e87f27ef07dad34cf2a9d62b4051fe910144360595dbc1df5a15718cfafc06f14817171c2f
-
Filesize
1.2MB
MD58d84317ef444179c93481eff4e140a6e
SHA1fa6d773eee75969f774bd52fc242a06145e3af00
SHA2560f86b490368348988aab284dad12f3c1762944c5bf7b657ee78bd38949601310
SHA512ac74ed0181f3b770c87c021c2617d6767e0f15a1326085e6008964633311afe30b6e9b6b50794f6e80e9bc8f499eddea9b1a472e7a996bc9cd72361e8fdc6907
-
Filesize
1.2MB
MD5ad27b3166c4622cca7e1dc72cdb05e49
SHA16d842dd583a1c736e6efcef7376f9712ad2434cf
SHA25637c499a4bef0c331fcc7c6cda803e468e531e553eed1712f1e3996283c9b3ca8
SHA512948477c7678eca668ba4d6055d0bba5385468cc6ecf5f267a4d1207bded94636649bbcf5910f6cfe80a7b5802488f706b1f0b3e4288d6203513b49ed86aa153c
-
Filesize
1.2MB
MD5053277b1a4ceb7c79d56e2c137a15ad7
SHA15d136bb204891ff066c1db1ed33742cf373cf56e
SHA25626414f2e186d996e681de1bd2daf66aa63207f8e45156bab04b9df911e85d740
SHA512ed67afde7665aa6a7da64c5017cb7485fc84f1c591b9afe23ac04386254529a769494ff92c20d19c03ee6f0bc9fe7e55d815a052b1f01495aff3f300bfbd3907
-
Filesize
1.4MB
MD55dea5b5284ae5e9dfed35d9e75a1476d
SHA1250496d818d2659bf98411290368c5aca3d8b0ab
SHA256aad4b48eba50d94bf0f7fec7358a19465248e2b56414e767c442511c0e7501a4
SHA512f7e846a98f878eeacad95afa444815443918f5b64ee376c1ef9b8964673cbd4e4963bf96f25348b3eba3b5c05485c0610f8a999ae3b8c8910b33d9423f857ec5
-
Filesize
1.2MB
MD5dfc3384318335b888ecca48c9845cc33
SHA1aa0ad28ca379a639172611265ed8edff533244ab
SHA2567bf23109750947c05cf25ab20bb15a68dd6f8e64ddce704aa4af7ae068227be9
SHA5126f38845b9dc079fd40eb29c9351e25145790b3915e194822c7cd7e1caf9374708a6ba0477702bdfc4471cd430091df5d80d1277cb99c1feb60c9d5f20e68a06f
-
Filesize
1.2MB
MD5f5554f4cc036101ea2ef1d9b8fd4789b
SHA114b99ca7c33b831770aec5a4b1b6686624b99c46
SHA256b6379f9bb7cd0f9d0b450410e716885294f82ffc413331ab7420fb2326888c09
SHA512512d93e01be12cf44e8e493edae3e146dda68082eedc9ad766454c1e2dcdcc2d5cb8d4933dfe24fb541779ff2180a5cb2ec87afac6420567e4904119d97e18d9
-
Filesize
1.3MB
MD56a0a80f438e939382fcb50c0519812d5
SHA1f0db0fc50963c99e0e5d040c3ddd7c3fd68681ca
SHA25611bd82e03a3f32f84f0c9af84f99a1f7e0417cd3b4047fcb47dc22d95afb89d5
SHA512c634eeaa8357714c491f229ef1445f915d3f75d0a14a994ea51ade9743ee02dee15fce8d9974e83afa76f9329abc3cf8de6a0368fd818d90da75146016298ac2
-
Filesize
1.2MB
MD584083895d92f078ec44950a3f331eded
SHA1ff8654ddc3c4fe0f4315d4b7dbc1743d9b715c2e
SHA256aa8ac1971ca95e4f328f7e98c1d1ae7858af5a5174174c9f5ec386d66fe9715d
SHA512b1b01ef2932cf9f5d629557e208eb85e90e6db24ce5c2eee8cc92d89304807ff3d94fae9f7eb255a7abf7ed4439c7f6e703bdea3b93f6574f4044c2811332374
-
Filesize
1.2MB
MD5b0bb4acae9c8dbf71d1b858c4aaa5932
SHA12a534bc4ac667ad8bd02d94d4d4ec481ef49d555
SHA2567c0d5d1e4e982a1170bac4974471b1d8315bb57a1e588dd492f2617b6b8f42c1
SHA512449bc59d5f84361cdc9bf41f5daf3bb0910a516a27e86873652c512cd1e23fe4ef80a421735fcb5989a78ea90095c600fbaae6cc0fcd867703961b52ecf8e44c
-
Filesize
1.3MB
MD57b8c7fe8b5f9944a487417e882e8d0df
SHA1a1f09b1e60f17de89a53499e8b74afb9640cbcea
SHA25611fe4d068bccea7465a2d881d0016ecdad50ba9e10aabf4e7857977db1b23940
SHA51282cb01f6b33f3fdadca3be0425caec62049615e92841006714a9ed17e7ae0440e95aea2b21462b1f03d0eeb3c40d54ef7d021463c045268a352b9e32de2e54b5
-
Filesize
1.4MB
MD5363b41f30324159f646b5929406deaeb
SHA1a8a1ad6838b913d9d9344d6b3a82b273bb964a46
SHA2569d584059c56656abdcd7f3387e517de7dcfd8f2e6f77ecf3eb96b47ad8ce397c
SHA512eaec69038becbbda9fc49f0a41252b1477cb6f8b50fcf382a37413f642bc9f4c79c0cb6e94a49eebb328639c4699421973bebcf94a7b7df3d9c0e0f30471b4cc
-
Filesize
1.6MB
MD5df4a1ffe4ed19c898801cedf9aea11fd
SHA101ffda7d17210ba029c5b2638c6fa7e9735ab213
SHA256fd9a1e94bf09469fa8f5cb1dd601ca79b44c1c60683cfa5e09f5c6e7890ad69b
SHA512d5d73a69a531342e73e7b5736de3f8299a359daf6593e5635d6fdfddf8f3d4fe742a475175f167703400fb9205088418500a46dd2d19d9b7ce99af66d4af1fc5
-
Filesize
1.2MB
MD5af0c78e8f61143774eed87fa12ca26c2
SHA170e48b23089dc9d6cd79edc491d953015245edab
SHA25671597173358a15aa275c0eea4aabcfc02cbad17808d669fbf48ede60fe70193f
SHA51203e611ce39ecdfc6367c89d49bb7a378ec587072699b72351615cc34613c1356f7d3cd08b6ccc7eeacb8636d04dfaf6e843599ed1c9f8fa1cea2c50fc53127cf
-
Filesize
1.2MB
MD52b94041bc4f748a56478ada975a2d0ef
SHA1191b5080b0c570f77e2b4823d1675d809e74dc4f
SHA256e4fdf86b9433f2a1ae3e0e4408cc6493ffabc75669be6e1b6ec71df547652224
SHA512d358d337a23a4df4a1cfdd5213ab3f9e4f42defd2d3755c60a78ad30d4ff5339f3ac705075fdde29e53618effba9b67cde5edaef77c8055032dc71cd583e4cad
-
Filesize
1.2MB
MD51909d755b468c853f86b4a29dae7e430
SHA1bf5ddaf955795adc6764dcbe9f7030f588e1f7a0
SHA25666c17ead1ed9f9b41f963c03a26164f99b24d33446dc50cc99a0a843bc81ae85
SHA512127f95c04a5456e85a393e6e385f02cc029a72705656cfca9952e6daa9f8027fd70462b44b84ad676691538bf3c4d2c2c3d5ee04755817f8e9fc3488361bea33
-
Filesize
1.2MB
MD5ecc23b7b082d952c8ed05e49faa78ffe
SHA1e24350fafad11adae2b9d699367fc9e5964ef897
SHA2564ef43a25f294c633822e598af7ced7caafb48529a12f614f5bea2f7f86a49b4f
SHA512c76a131d300cea2569e3c369dcd622e5b80f5eb8189e42a40a550d40608831aac1a136a148fca3ffef3d48f3b55010200416e2b1eb5ef83eedaa030483205f39
-
Filesize
1.2MB
MD5d69152abccee87652f2dce929e170e6f
SHA1b5449ce0997a48833dd46ab6d290289bc14299d6
SHA256ba1fa0deb8b58226b850cf51d4f730fccc1aa729d34d2347996d8eeb3fc68548
SHA512cfca3c1dbcfbde05ccbaad12949e55bf0815804ee287511dbf50eac358a171ee24a4746235cc3c6e9f64fa3435b8b8d8524cfa56f1969ecef2c41342ef380896
-
Filesize
1.2MB
MD5e068d6e5b6ef90afb32cf3a8a44805d0
SHA1889ec73a700215678a474d6630604ea5317b7ff3
SHA2566b2ccfd365277cc23ec529326ebfc16eab370705069c301b2a8800dea6bd6278
SHA512588f735e3fc70bfb393592b2fa927d068779a8ffc905df058eaa4faf9d5558562ac50fc888c60120a9b66dd21494fbd504704ab1a07be56dd202dc839e65415e
-
Filesize
1.2MB
MD59ca8d15465d4e69ea88630c8336f29b7
SHA169a06c003009b8c905797f6f4908aa435695382d
SHA2568128bf98d98c2b4bc193aee39fe5b1e5291a469837374faf0ca38defef3ef96c
SHA5120b3233cef55f9764330f94e98493d2ba8ed7f1ee34abd6d2103f84d7c09cd1127421f00265d88122a8fe1f7112a0c70400decd612ea49686ed54c687355c1a59
-
Filesize
1.2MB
MD5704319fd96f498c59dfa1106fdec4db3
SHA17768bad5bd3cb73ef7ee0bf2fe426bf6f3380d71
SHA256d884bcbecb083db5df558ec9c2203a9e94161861c141450e2b3b89ac043b4c8e
SHA5125c161695cb64d43d03238d1e3aeccccdc6ce98ac8625dddd6fda04fc924cf53830611ad87254d91a94b447801b462f8e6360d86c8c1cdbe7f030f8e51793e61c
-
Filesize
1.7MB
MD582aa5afbf3ff7657b33f27069f94ae6c
SHA1381f399f2ceeadccf69a37410b6bedabc671a305
SHA2562f24ce14ac294a98dc07a79329b9797e044353eab8af1dbbe6816bd82c34ff27
SHA5125e9e7ccea4383e4f715b9226a3533e8d1346c011f1920413fe465efb0cc3928d6563958c97e08389e4e3f5fad6c55adee00f614eb239906f7450c1fb81c41fc6
-
Filesize
1.3MB
MD533219f49b8d697bdedd62a8e4afb23fc
SHA105345819de2aa55b455f2f8f65032a8ac919b764
SHA256289e489d0e8da08220e935b4a8a313f607d993e83021c0f647fe8e7c5b133be3
SHA5128f1f5b82006fad8981dfc12741feedd6692ee1c6f8e29c162f4dd63748ab65cdfd16fae122b5a909d13042d9bb0bed8cc9eb6c7baf755e9dee0cb918405730e9
-
Filesize
1.2MB
MD52368a3bb2a65c54e7d629eb44428c4d1
SHA1de241e4bafd62d6c5d4788a0ab662989fe731c4c
SHA256d064886888e2d84dc9848ec560877ef246969d58029a6b64d72ce82fbebb3088
SHA51294e65a8ddf9f099dcc5392c036e4908cf1bddc598dfe839621de674ed7f9cce04a7b357e2a9f4579c3ed490369b1d798fe3593dc52a42fefcdd0e8109e7c37ab
-
Filesize
1.2MB
MD57b26f50bad55181e1ae2a5cda19c1dfb
SHA18a98491ea76bb031b5c95bb4597acdf472781154
SHA2563c0a8628f96152418df3cadffb2bd0cd85e57b7ee0b9e012fe1a7ddd29813c4b
SHA512a4ea2fbc400666f5fe6f809be7b9f4f7c0c316d92a79c2cb795c750f6db072674b4e42b2132bd597131822712e0188c896d4ca37c5dfd7578b23312d990a767d
-
Filesize
1.5MB
MD5ecf4d63d0f9a8c2a436738c63226908d
SHA12b77f23b640dac0bfecfc8044c8f8d74fb019998
SHA256c480a5fc2252a48e2a45f4df3fd489b3515bd7251636ad0bed1ad790597efe54
SHA512ef13e81a573ad1a74e1c38db180c869abfb38501d0c51a8bfaff1e22331c60948fe155b7338b8347a3d39e258f19a303d885a1e2de556d37b0dd8cee98e79817
-
Filesize
1.5MB
MD5ecf4d63d0f9a8c2a436738c63226908d
SHA12b77f23b640dac0bfecfc8044c8f8d74fb019998
SHA256c480a5fc2252a48e2a45f4df3fd489b3515bd7251636ad0bed1ad790597efe54
SHA512ef13e81a573ad1a74e1c38db180c869abfb38501d0c51a8bfaff1e22331c60948fe155b7338b8347a3d39e258f19a303d885a1e2de556d37b0dd8cee98e79817
-
Filesize
1.3MB
MD52b2d27300ffa518025cb46f7ab347e17
SHA17f8c5d4842fdbe50dc224ec06fb750595790501b
SHA256b6c5e8f747ffa092020b899cf9b7cb7bba4ec7ff08e6c49b3617020c169092c7
SHA512eef954604f96458a7972b2eaa4a9eab65b4cb7ce8d603279c6816f134732964df559835d090261e8334d77cc286cf7f9920f33b0869ef41f7178fa37b16f4e37
-
Filesize
1.4MB
MD5e598dc34351f111c03decf7f464b6333
SHA107486004ebe9526d6a78f767c49680fe48004df7
SHA256fb801511b54b3b4f8655c2ae364693e53b407c8dff9dd351d8de5a306ca2ba84
SHA51290e210737063f97fd98579816171baf79135ad33fb9fc42f14dfabc1948ca62062b0fb87ce122ee83264d38eda57bbbcf82da96002c6c5a7c6b334cddbc4345c
-
Filesize
1.8MB
MD54372241ac8571b2ca26705407a7c360a
SHA1da5ec2077ecdd19e7e25ee8d2b9b54b4b07fbb91
SHA256fc01dbc7f67142be7a86217d60380ac5cecce8d92b6e20317ffb09c48e4e0e39
SHA5127be8f4b36aa71c3c3deaf6d7dd836d097d115dd49ed1782c9694a8fcd8cb8b36d84bb55bf34a1d5e08baa107346df8b4faea71273318211358c7cab5bc00dd37
-
Filesize
1.4MB
MD5dfba112ffaa113e470d8b83084148448
SHA1abf76a2dd93a49787125973dbbfc0c0ceef166a8
SHA25663a01954cdba2ec71fe75afc8600032a02a2c613768e0daf3f5baf2515dea0c9
SHA51246c0e507c77d3762f1b8737efb01ef4dab4077cbb7decd04038903410bfee371d2a905cc8f036e1149800df45e07fc2c223ca142efa4e906b03a6635dd9fc01e
-
Filesize
1.5MB
MD5552e6bcdfaae96fe5cce93ea2f91d453
SHA1db9fbab61ad97255eff3109c1a7ab38045a14dc6
SHA256394d19b6bb844d4de70874592e4a22a1e8e7c0a842e9f36cfa12dc979127b115
SHA5123b9c02684807edb2e29b75f0312b22d30606072751fdc3937e222ee9d998b1bb0bedcc37cd581732f2214b1f244de827c0a58e1fbc82f7661fa30ca0afb2af0e
-
Filesize
2.0MB
MD597e3a78e94abe4c4684d9ca246621bba
SHA10ac2ea5f7f206beb859f72ee38753f617ca94577
SHA256ffe4a20154bde61133f212ba2de5819c753f4a389187e624fea9477077d6af56
SHA51246da835845e1bc6feef3569ea46cc1ddc4188c870bff01d13bbe5cc2820f94c0cba7544af511f3915c6abe42845d0bf4cc43b912fdd78797e24e2c25bfd3d54d
-
Filesize
1.3MB
MD5859b18cd3942b6226e28166a945a427a
SHA1fb1662613c39b7c4c582b73f4dcb5ad4e1b886ca
SHA25693518e9c55352d68b097d78f5f9aa696664deed0ff42b158184f5455043117b7
SHA5122a6adbebde8f7d2d4e2b7729d94430fccad61b7742af5a8c2a4b8e39a560777a22b583dfdf876d91a6d9f3fe8e944534b07c7bcb8fdba22b1b298b3d22f418ee
-
Filesize
1.3MB
MD5ef78cb6332f865578182e23845b41f7e
SHA15151c79329f7168b25f5557aa580723a52d2b961
SHA2567b0816b42f96bdeeb3359ba75c25a3d6b2852a503a00b9c387b1cc9fcdf961e9
SHA51229a4665ba957eec1b6d398960d39d2ace64495e091bfc87e4d88da9487decd5fdec8708e273f4d9e00a23278202918b0b4ae6910db5d7534ad07750d62afa407
-
Filesize
1.2MB
MD573e45dfaf6a3bc1f0b569dd66aa41693
SHA1ebc733afeb7b2ec04488638e2dcfc4754863e2c3
SHA2560c62a126fc295a152ec192ec7ede4de47703fc9b6393b01c34258fa36a85525a
SHA5122a64c69e3dd51865e428729ab631b789c31dcf11523de340f7348dfce3ac353b9d7e0156c1dc69fffa25d8dcc517837e2738a95c6f7a252678286a6f160caeb5
-
Filesize
1.3MB
MD58f4f45037fda163dba641cd4faf345cf
SHA1a89599f699588bfe8da8b746c54f745d14587e54
SHA256433975b32724f95f90d61e02a0f6f7e15d34267716a1ec7fe087fe1a37fee37b
SHA512e3bdef7de3aaf1cfbefc6e1f0c9a92a3658fcba895c192ed6866c94b8bff605b42e63239e186e0cee28bbdd3801a3eb5af7b27e7d3f5718b402a09114f2981d7
-
Filesize
1.4MB
MD56e48e8547654300da173eaba648067c6
SHA1e9e9dc85dcde2d08c0d20859850d223c3f33c489
SHA256f99bb3de82d9ef0a9c4fb803cbdbf9b22ec8c576cb2ccc028fad5ab43b391946
SHA512e19d6c3e26ef0a523a4eae06f680b14ff2f9533650be701c7d33189a2a42fb1f2d0846d849f2028826e0ff9b2f789608892504c40a4d8c9e920db4e08b101673
-
Filesize
2.1MB
MD5532c7b41818ecedb6cb1dd24c44b82e3
SHA1c12a581e6ddbbd7e4c4b992b968efb04536a83b2
SHA2560fb5e28e82e4f03dcf5c32b7969aa7d822c3c72fce392f21df8cf8332db32263
SHA512333fabf224420aceeb19946c422c6757ad839910118b5d4c6eb06f58479bb384a981c5199c3c5d4ba987db473024cf8277c04536fd97e15accebf039c1618cba
-
Filesize
5.6MB
MD5d243775bad174376fab9027e53b32ff8
SHA150007d5dab61fe794ef79f43ee191f8695a0946a
SHA256fc50c6348c5e870293c9f5bf57057e717d0c4ac16f873751535a558be1e3401a
SHA512179eed2dd2eb611903d4f4ea6c99847d4ee977e84a39d7f56fa5b3a743a2f8f6ace00ef7932f74eec0c657321bab0acda6f0b540faac37292129d6ff1428b1da