Analysis
-
max time kernel
9s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
25-11-2023 08:10
Static task
static1
Behavioral task
behavioral1
Sample
65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe
Resource
win10v2004-20231023-en
General
-
Target
65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe
-
Size
1.8MB
-
MD5
7cd52c097c7bbc8407bfa165aeeffb0e
-
SHA1
978c538d9066f90b113cce31de33f1b4ab330aca
-
SHA256
65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f
-
SHA512
7da7df70a57bf88919ef65691ed7ee357a498446448abdf1332d740c8ad070b2ee37cf56e376eeedbeb2e4fb0ab82e78b91004ca3dfee04ed42bae12e9c06419
-
SSDEEP
49152:yKJ0WR7AFPyyiSruXKpk3WFDL9zxnSlHwn9/7sbN6uR:yKlBAFPydSS6W6X9lnBp7sbN
Malware Config
Signatures
-
Executes dropped EXE 10 IoCs
pid Process 464 Process not Found 1624 alg.exe 2300 aspnet_state.exe 1724 mscorsvw.exe 2548 mscorsvw.exe 2836 mscorsvw.exe 2800 mscorsvw.exe 2432 ehRecvr.exe 2412 ehsched.exe 2200 elevation_service.exe -
Loads dropped DLL 4 IoCs
pid Process 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\f3e5c26bea1ae02.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\system32\fxssvc.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe -
Drops file in Windows directory 20 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log mscorsvw.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\ehome\ehRecvr.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\ehome\ehsched.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log mscorsvw.exe -
Modifies data under HKEY_USERS 6 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit ehRecvr.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit\Version = "7" ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\Software ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft ehRecvr.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie ehRecvr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1080 65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe Token: SeShutdownPrivilege 2836 mscorsvw.exe Token: SeShutdownPrivilege 2800 mscorsvw.exe Token: 33 856 EhTray.exe Token: SeIncBasePriorityPrivilege 856 EhTray.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe"C:\Users\Admin\AppData\Local\Temp\65aa411de88f6d3578228ebe1064f833b4604de3a53639170024e14e031aac0f.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1080
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1624
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
PID:2300
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1724
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2548
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2836 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"2⤵PID:1724
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e8 -Comment "NGen Worker Process"2⤵PID:1976
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 25c -NGENProcess 1ac -Pipe 258 -Comment "NGen Worker Process"2⤵PID:112
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 24c -NGENProcess 250 -Pipe 264 -Comment "NGen Worker Process"2⤵PID:872
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2800
-
C:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehRecvr.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:2432
-
C:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehsched.exe1⤵
- Executes dropped EXE
PID:2412
-
C:\Windows\eHome\EhTray.exe"C:\Windows\eHome\EhTray.exe" /nav:-21⤵
- Suspicious use of AdjustPrivilegeToken
PID:856
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2200
-
C:\Windows\system32\IEEtwCollector.exeC:\Windows\system32\IEEtwCollector.exe /V1⤵PID:792
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵PID:2740
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵PID:768
-
C:\Windows\ehome\ehRec.exeC:\Windows\ehome\ehRec.exe -Embedding1⤵PID:396
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵PID:2424
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵PID:2992
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵PID:2348
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"1⤵PID:2360
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵PID:2316
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵PID:1876
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵PID:2964
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵PID:2600
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:2648
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵PID:2456
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1068
-
C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Program Files\Windows Media Player\wmpnetwk.exe"1⤵PID:2620
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵PID:1168
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2085049433-1067986815-1244098655-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2085049433-1067986815-1244098655-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"2⤵PID:2144
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 592 596 604 65536 6002⤵PID:2924
-
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵PID:2760
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD505d7471b3bf00fea38caaccc263a9d31
SHA16b260c13196aa0eab6ec4afc682706ef0b725686
SHA25603d4603a54071b99bc9f61dbc743fdb6d0a2a3503f8e96d1ae2b316fada7293b
SHA512f8aa103eec3c547285ac4c1f614f67c9382a6095c21deaba2dc6ea378683458fa5ed50d559e675d92d2d227f7d8202a3210ad5530c0702a320bddd71db962daf
-
Filesize
30.1MB
MD566ff1ec8c73d08b998290319ef588ff0
SHA1edc6b72140da8730d3b049684dfa8ce9e0f22891
SHA256fa3650fde8277540c2d3e0f0b727d793d9bf86e847588e8ba114fdd479b6b357
SHA512daeadfc1edcb8a608c0f6afe6d479c2b6355e675a3bdce8995ac2cd615f3184b6205a2e8bc5d549d9f5301011db2211646a119550bce10a5173a50810e02e5b0
-
Filesize
1.6MB
MD5f8c637e010603f7d9bb18f0cc08dd8b2
SHA14faf51a2ef5d76cee95d09024426b6d30e22fc29
SHA256845c3d0deba70db6cbf1722f8a3ca7b055d9edcbf72c2b28363b7daed31b25ed
SHA512666221cb4a6f33ee290d127be49066999379f3fd4f329cac7d6ae6f6d546ec51cd9029f5dcb2e83f29904466deaea48c6cdd39600859db70c598e10b19b40315
-
Filesize
5.2MB
MD5b1d461dd17fea3279058a6a5ea832d20
SHA19e1f2a7286312abcfe2bc37c5bb90c4bdb491619
SHA25610152e4ea07fc5de008904456fce37e26530a9b6e1f07ea1fd4cf2fcd147d5a8
SHA512f35379d4dca96423426f91c15b51829870a8c594f927340123fd5ef7ae315158acc2348e8c86fc0feb44ac5c37adcbcbde46d86f986f57a8a922d75364f2db22
-
Filesize
2.1MB
MD5f95731b41943ec2a83b3cfb398bc9066
SHA1068c233348e2309fd11cd9d0745992452212e9f1
SHA256b6ab92306d8299a9418a4ac5b1e3941051e2a3722b5c0bf88a85aea6a7bc04f0
SHA512a8245bc73df417361b5904ff1ba5912e136b2ddf1b3a71d024f2acf35424fa5d967e9f9d26ab809898adbebeb2be970aea9a8ca040d723c700fce6eccbabd4b4
-
Filesize
2.0MB
MD5ce0080cd878f7dfa9bd6de54f0362f71
SHA1cfa749e767b6faf6de59515940cb791285d53232
SHA256e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb
SHA5121ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf
-
Filesize
1024KB
MD50431dc83ba0a1f0461d0669a3c3fb3ce
SHA1f90bfeed24c7e4f5efad08d715b9df3c8ca32504
SHA25661523f68dec2ff38561f76e3edeb18d5c2e4eb432017a4e329058bf2d2042149
SHA512074934dee0341c3e26c1b88f70a9d3bb9dae19560e66e8e1cd86c654fd084539f1bf280f95a1f93395abaa0abd896aa42311a5ce4790a8d273041ca2df16ae1c
-
Filesize
1.5MB
MD51189965962cd0564b261ab214a99e02c
SHA1f51d9455b2105a1430c72c1597e32e812b435eb8
SHA256ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3
SHA512949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620
-
Filesize
1.5MB
MD51189965962cd0564b261ab214a99e02c
SHA1f51d9455b2105a1430c72c1597e32e812b435eb8
SHA256ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3
SHA512949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620
-
Filesize
872KB
MD507564d2f2f8bb2fb41402b0ea8c6f0aa
SHA15c9b21e8778a22c4f9744ee0fe43e7ec12021b62
SHA2562ed61959d2bb8e5f5d9de8ea750a252562af447591b47ec018099f523416c4e4
SHA512e979f6ece8cb9594d8c5f0584c274dd72e74de53e3bb0c284f134d47013e52438c4e30a4ddfbee68a27207c1bb9cd2797063cb3575bf206a37808c1fa0c64e68
-
Filesize
1.5MB
MD5ff26a4793ac59ff962e16935927797a9
SHA1bce4fe16bf3bc74ded6c1303bccee4cdf8494186
SHA256720ed057036cd4f84f267678334316c69f1c8395f70128c5d33d33869c243ba7
SHA512b80f2a3ddc8ae3321823d0bf170de3b29af64f71017c9eb22e9a8023677bbdf8a7d05b58e3b8d0cfc3c7138bb17693ae006279e91fac39994336bdc38e723230
-
Filesize
1.5MB
MD508b607d28f3250c293ef3271e51a64c7
SHA19a9737f9e4577d56285224cb7b7d0072e6a1c6b4
SHA25657a9a1b111969de8b1b40227e6d15435972c474dd1a990b88e6a250d486c5dbb
SHA51277589734508dc1db86eaa246ff230bcf8d7241abcb789db56ad94c74e0403894e36d1372dfc6b3c53800859f1361428707619e597941eca4399cfb6162736ca2
-
Filesize
1.5MB
MD508b607d28f3250c293ef3271e51a64c7
SHA19a9737f9e4577d56285224cb7b7d0072e6a1c6b4
SHA25657a9a1b111969de8b1b40227e6d15435972c474dd1a990b88e6a250d486c5dbb
SHA51277589734508dc1db86eaa246ff230bcf8d7241abcb789db56ad94c74e0403894e36d1372dfc6b3c53800859f1361428707619e597941eca4399cfb6162736ca2
-
Filesize
1.5MB
MD5390ab84cdc063614052aa8665f19ca1d
SHA192670107fa48834fb7bf2baa58c7542449ff4d42
SHA256cf79acac618a77f9ddc0afd4a4417ac5aa83ec36cfb7b5cd2eb7c50f96fc9c89
SHA512ffa77741f694c44f30d6d6ee664402053ca664af025258f4a7aabb9aa59bf1853013fda3839a965917a44655010a5f4eb0563ecca7e887a2127744425b9c2572
-
Filesize
1.5MB
MD5390ab84cdc063614052aa8665f19ca1d
SHA192670107fa48834fb7bf2baa58c7542449ff4d42
SHA256cf79acac618a77f9ddc0afd4a4417ac5aa83ec36cfb7b5cd2eb7c50f96fc9c89
SHA512ffa77741f694c44f30d6d6ee664402053ca664af025258f4a7aabb9aa59bf1853013fda3839a965917a44655010a5f4eb0563ecca7e887a2127744425b9c2572
-
Filesize
1003KB
MD589393ca03dc72cbb2a54a004450088a2
SHA1e0a1899ef1165e29ee28a7c4c3273f71d73fe0f4
SHA256619a9aa3347342e01ed28a4074780f5a366bbf6890d8da665d4c604ffe25bd23
SHA5127cec8c13c1411362698ea6bf1761f290d0015a785c4ec66350895d0484473f1fb18cbcaf3402045df93fe50fe8333c1f6c0c7613a3bdef89b736e6b4b2f9d1bf
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.5MB
MD5959fc61852183c96a3942e9f1367e583
SHA1f591366546ed6f9e15e17167bdbe63cf2262f5cf
SHA2565038a39bd01df67bb6c1f3a8937a95d5cf8d9bcbda987af5f97cf45fbdf5c4ee
SHA512505a4bda0103319c73890117b8a06afa8c0a7a4ddb6c1550d64f12472e55653bcba5222a2a29bba276a28072219a83ca941d59cb949cc757ef8739fe4e491019
-
Filesize
1.4MB
MD59161cabc4febf30b473db4d2796ef335
SHA10148c8d269fa19af02e1fbecbb4ee85ba107d36e
SHA256cecf219c3bc23f39e49f8202f026b3fe035cc974b1094d2758ee4f3352eb10a4
SHA512fb9b54c5d34e0c57c12d5b16e49c14f6aa133edcb204a5eef31257dc7a5528c5da668a07a4ba399db8e5e9ff5b27070ad9e8c0bd72d5fa2bfb1c2b69f9f68560
-
Filesize
1.4MB
MD54fbfff6f6fd7b6942e45cbdd203874e7
SHA1984afb0abd71acaf4e92e5d50601e9b621a93519
SHA2568f0eb247666e868b08910f63cfaae9a44df70ed0be6db43eeca801a8a7235a3e
SHA512b813000c93eca62058011582d893537d39369f59427cdd95cc9d4649fddf439be37e92519ad811db05c9379037ef5c78ae00e943fd9d4e256a0e64407cb16947
-
Filesize
1.1MB
MD54327edf2a1cdd0286793fe23c77ceda1
SHA18224761d5481c23979ed7e5a4521e2c5ddb88bb9
SHA256ecc9ced76b053226e73d4fc5f47da187907f2bab9ba529b4310313c62473536f
SHA5121b2eb63a80cff81360d3f1fceda43f966373713ac084bd892d25f00c9c4c0e8343b2ec2b2975b7fefa4a5f3136dbbd67d863780f7e01517954951a85c19f2114
-
Filesize
2.1MB
MD5f12d8277dfb683acc80e8876e773ee8f
SHA1f2431a13896424589791a25c329bb8f212c697ac
SHA256a5d8184c1d4a5a0175e9fd6134b32cd34deda9c305fba2fc12aea5ec1777d511
SHA51238f389b41e7f414e243692554cacacc945c8d8838639794c66f9b264934012e1bf819888d15a622444b4e5d08af83ddb0edd4c6a6a9bea872887617bca9034ce
-
Filesize
1.5MB
MD52b01e9f09569d6e2744345a00a423baf
SHA132db6bd0cccb091be1898728a23f022840358fc2
SHA256071f003df218016e485cd8238d77c21e7fa8de6db55db16139f704338f7e7eac
SHA512cbdc604afc12cdd1c934c53e185330cdfd7d82628f59d81c61e232e71e6af66e8e0b966b1b043a2ced1547caf534842be996cfbe9727d31558afa1d4742de7c7
-
Filesize
1.5MB
MD594f1f173075ba3140f7642e05a51a29b
SHA152b78da0c6137d8096ff35b7eab3a2e926bf374e
SHA2562e83f71c93a4a896256600f2887756c21a3be46c7656d49fe46dcc31fc677c39
SHA512e00ad4a98d38b141f8ca1531d410ecf19d7ff9c339310147d577335ae5e903f51d8679476d1a4ffd95f1d898cc2b0c37ff24771004f83ccdf0305568d52e9ad1
-
Filesize
1.6MB
MD53ee569f35686c1cd1f0977e9bb9333dc
SHA16ca45478e33e13b4b8b0b494793f3109b32443fb
SHA2562ef3081770414a30bae3f2bc030793c36490d7da4f25f04fc6ddb10f2af6756d
SHA512b4a7c398066c3d33fea2b346b6e4589cf4c2c61b0d04e5cb57fa7237848d60dd8ce42127bd4737b1d5413943adfd29cd79f01622875918eda40d2a002a02148c
-
Filesize
1.5MB
MD55f8a704c9630d1c04b372435cd90f06c
SHA12b67d245a0a2906f07ec2dabdb7c30820466a4e5
SHA256be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9
SHA512e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509
-
Filesize
1.4MB
MD5bd316554a066f8717949948131f0e23d
SHA139afe8152e84eef0a191f6bbb004bfbc329c0fdc
SHA256b7bb666eb1b6653950b10b06e3df0d500173d019261c35a668bc9dd967f09160
SHA5129aeac7d771e302f88ccee2c49f93668476b04271a75f7cc393b033a2c0f49a0d1b17d926eddc2077aa3928f5128a75ac57978165a93d59432c73aa9fcd3138de
-
Filesize
1.9MB
MD5d829fca5e25975be81d5e568ed439651
SHA1b5e7b8324515f63ebaf63bd285f00565d6cd0b19
SHA256dadd0641c8ddfb4f06c0fee0e5596c5a05b73fbceef82a4f8e9c8cfc5ce32119
SHA51216dc1586aced5a1585d0174388ab285959ab550d1b1eaa47094ec40ebe0c0b2c6aa46f36be5652ac9a89f265a5fd38fc8e8459652d631645e515e172b0dad6a2
-
Filesize
1.6MB
MD5e26dc1c0f26b30383722d33ed5d66e66
SHA15eb18b4f8204a56d56ddaaac1d948d32f711b581
SHA256ada9cd19e93c58292b0dd8ff75c8b7663a43b24308fdf455eb3ec683a888db4b
SHA51213799a5d4735101cdfd8850c5915e330743182a4d53dd7b8b04708151501ac4890573d1f80aca01c82a28313fca508317730f7e2097195eccf62bd9b1a4142b9
-
Filesize
2.0MB
MD544847945c5e01ce866bf636c8b4672ce
SHA179d427f05c965e857dc2a0dcd2fb4bc06a12dec2
SHA25689d4da1c32d8a6a7b1e759f2b664a15835e115c967f71288e4b235828c483ce8
SHA51243670bea90191d9455f913ef6a2276062dfac9d1a10df6a681a58a469933738c97f1759be1df107121d017b29cf924851b7fb0bc8a945cd1255e108afe048a3d
-
Filesize
1.2MB
MD5627e754f550e99e232da3c36f851a405
SHA163af1d32472e22d10b4b0c7738ff174013d410f5
SHA256226bc4feaaccc571825524e1576763e18a5575414fded5766e72a2023c75fb69
SHA5122733931fa692fdb412789656740e4cecfe44b0dc5da33207f97629718ca4313f80c839cf1daf7b53d887f283253907ebb8139ea2cf4fa7e137664065314746dc
-
Filesize
1.6MB
MD5e7a841471fbd3419da5e37e68a6b8d72
SHA120f32810ec080231125df7bd272ac878a1546241
SHA2569db2453f1eeefce1cb878262fe69df4527cc898c7bb8a096cb92e83513dc84e6
SHA512d5243e25fc1d8b98f47aca72d532691173f130fa9c72863cc300f7ae90ccb96d1743155d49b9898c6249d0284b7f95a6b8440784b7e18e36b6b269b56943202d
-
Filesize
1.5MB
MD55f8a704c9630d1c04b372435cd90f06c
SHA12b67d245a0a2906f07ec2dabdb7c30820466a4e5
SHA256be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9
SHA512e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509
-
Filesize
2.0MB
MD5ce0080cd878f7dfa9bd6de54f0362f71
SHA1cfa749e767b6faf6de59515940cb791285d53232
SHA256e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb
SHA5121ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf
-
Filesize
2.0MB
MD5ce0080cd878f7dfa9bd6de54f0362f71
SHA1cfa749e767b6faf6de59515940cb791285d53232
SHA256e3b3ac75e880fe78de759e2f1176439465efa69d8dd8563c090aa6e9034186bb
SHA5121ad4be41760a24ad6007d7c1dd42c574fc7186de977357e8aaa1e90ded9d42bff5f14a984cb26305bf2e4c1a64b85746856249690d775bcfee747d287f16ecbf
-
Filesize
1.5MB
MD51189965962cd0564b261ab214a99e02c
SHA1f51d9455b2105a1430c72c1597e32e812b435eb8
SHA256ce30874b62577b7d5f8be7f41828ed26a09879feeeef6addce52094e4e599bd3
SHA512949bc0184ba3107edea819c60e272af3685627bf768de1ae1225c43d0fb2535183a9bb2e4b2567acf01a445849c44d819a72714615242c68852ee5d8f2e3e620
-
Filesize
1.5MB
MD5ff26a4793ac59ff962e16935927797a9
SHA1bce4fe16bf3bc74ded6c1303bccee4cdf8494186
SHA256720ed057036cd4f84f267678334316c69f1c8395f70128c5d33d33869c243ba7
SHA512b80f2a3ddc8ae3321823d0bf170de3b29af64f71017c9eb22e9a8023677bbdf8a7d05b58e3b8d0cfc3c7138bb17693ae006279e91fac39994336bdc38e723230
-
Filesize
1.4MB
MD54fbfff6f6fd7b6942e45cbdd203874e7
SHA1984afb0abd71acaf4e92e5d50601e9b621a93519
SHA2568f0eb247666e868b08910f63cfaae9a44df70ed0be6db43eeca801a8a7235a3e
SHA512b813000c93eca62058011582d893537d39369f59427cdd95cc9d4649fddf439be37e92519ad811db05c9379037ef5c78ae00e943fd9d4e256a0e64407cb16947
-
Filesize
1.5MB
MD52b01e9f09569d6e2744345a00a423baf
SHA132db6bd0cccb091be1898728a23f022840358fc2
SHA256071f003df218016e485cd8238d77c21e7fa8de6db55db16139f704338f7e7eac
SHA512cbdc604afc12cdd1c934c53e185330cdfd7d82628f59d81c61e232e71e6af66e8e0b966b1b043a2ced1547caf534842be996cfbe9727d31558afa1d4742de7c7
-
Filesize
1.5MB
MD594f1f173075ba3140f7642e05a51a29b
SHA152b78da0c6137d8096ff35b7eab3a2e926bf374e
SHA2562e83f71c93a4a896256600f2887756c21a3be46c7656d49fe46dcc31fc677c39
SHA512e00ad4a98d38b141f8ca1531d410ecf19d7ff9c339310147d577335ae5e903f51d8679476d1a4ffd95f1d898cc2b0c37ff24771004f83ccdf0305568d52e9ad1
-
Filesize
1.6MB
MD53ee569f35686c1cd1f0977e9bb9333dc
SHA16ca45478e33e13b4b8b0b494793f3109b32443fb
SHA2562ef3081770414a30bae3f2bc030793c36490d7da4f25f04fc6ddb10f2af6756d
SHA512b4a7c398066c3d33fea2b346b6e4589cf4c2c61b0d04e5cb57fa7237848d60dd8ce42127bd4737b1d5413943adfd29cd79f01622875918eda40d2a002a02148c
-
Filesize
1.5MB
MD55f8a704c9630d1c04b372435cd90f06c
SHA12b67d245a0a2906f07ec2dabdb7c30820466a4e5
SHA256be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9
SHA512e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509
-
Filesize
1.5MB
MD55f8a704c9630d1c04b372435cd90f06c
SHA12b67d245a0a2906f07ec2dabdb7c30820466a4e5
SHA256be0b68b3ef86e24a6b00e20065a79d4c7cf1eebcae8bdb08b5ed98c9ed3292b9
SHA512e30c4f146c51c7d13f19cbec38dd763dfe7c6564b4036a63f3bb78ce35483c951399d6c376ef1ccc0c3304ef35aca567b9fda5e8290089cd011cea68bee0e509
-
Filesize
1.4MB
MD5bd316554a066f8717949948131f0e23d
SHA139afe8152e84eef0a191f6bbb004bfbc329c0fdc
SHA256b7bb666eb1b6653950b10b06e3df0d500173d019261c35a668bc9dd967f09160
SHA5129aeac7d771e302f88ccee2c49f93668476b04271a75f7cc393b033a2c0f49a0d1b17d926eddc2077aa3928f5128a75ac57978165a93d59432c73aa9fcd3138de
-
Filesize
1.6MB
MD5e26dc1c0f26b30383722d33ed5d66e66
SHA15eb18b4f8204a56d56ddaaac1d948d32f711b581
SHA256ada9cd19e93c58292b0dd8ff75c8b7663a43b24308fdf455eb3ec683a888db4b
SHA51213799a5d4735101cdfd8850c5915e330743182a4d53dd7b8b04708151501ac4890573d1f80aca01c82a28313fca508317730f7e2097195eccf62bd9b1a4142b9
-
Filesize
2.0MB
MD544847945c5e01ce866bf636c8b4672ce
SHA179d427f05c965e857dc2a0dcd2fb4bc06a12dec2
SHA25689d4da1c32d8a6a7b1e759f2b664a15835e115c967f71288e4b235828c483ce8
SHA51243670bea90191d9455f913ef6a2276062dfac9d1a10df6a681a58a469933738c97f1759be1df107121d017b29cf924851b7fb0bc8a945cd1255e108afe048a3d
-
Filesize
1.2MB
MD5627e754f550e99e232da3c36f851a405
SHA163af1d32472e22d10b4b0c7738ff174013d410f5
SHA256226bc4feaaccc571825524e1576763e18a5575414fded5766e72a2023c75fb69
SHA5122733931fa692fdb412789656740e4cecfe44b0dc5da33207f97629718ca4313f80c839cf1daf7b53d887f283253907ebb8139ea2cf4fa7e137664065314746dc
-
Filesize
1.6MB
MD5e7a841471fbd3419da5e37e68a6b8d72
SHA120f32810ec080231125df7bd272ac878a1546241
SHA2569db2453f1eeefce1cb878262fe69df4527cc898c7bb8a096cb92e83513dc84e6
SHA512d5243e25fc1d8b98f47aca72d532691173f130fa9c72863cc300f7ae90ccb96d1743155d49b9898c6249d0284b7f95a6b8440784b7e18e36b6b269b56943202d