Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows11-21h2_x64 -
resource
win11-20231129-en -
resource tags
-
submitted
02-12-2023 04:06
General
-
Target
gameguard_setup.msi
-
Size
7.7MB
-
MD5
68bd8f9af44479db013a77c806f1c674
-
SHA1
0cbb2b63c78b42e13b1818964bb2cf43e46c5052
-
SHA256
ac9ac5a95273064ba09af8be049124ba52db7a59075d69a94d12427917dbc376
-
SHA512
991f703293b984beeeda44cc72cacc0cd69bd4cb1856b2b1c5cf2a2d06d7f58e8469af70c2ecece05d98643937c52f8a944b9892e2925738457d2ac238867852
-
SSDEEP
196608:mELpCPNYnYCCJLuMo3nmkmKf+GNI1Xjn5CD9ilxw:fLpCVY7CtuMo2kmcNmsiLw
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 3 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
-
Drops file in Program Files directory 19 IoCs
-
Drops file in Windows directory 14 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 46 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 31 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\gameguard_setup.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 68A0AA281B4DCAB5C9F283DB906210DE C2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\GameGuard\gameguard.exe"C:\Program Files (x86)\GameGuard\gameguard.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\GameGuard\acsvc.exe"C:\Program Files (x86)\GameGuard\acsvc.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\GameGuard\acsvc.exe"C:\Program Files (x86)\GameGuard\acsvc.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\GameGuard\acsvc.exe"C:\Program Files (x86)\GameGuard\acsvc.exe" --run="C:\Program Files (x86)\GameGuard\gameguard.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\GameGuard\gameguard.exe"C:\Program Files (x86)\GameGuard\gameguard.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\GameGuard\gguard.exe".\gguard.exe"4⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\verifier.exeC:\Windows\system32\verifier.exe /volatile /removedriver acdrv.sys5⤵
-
C:\Program Files (x86)\GameGuard\gameguard.exe"C:\Program Files (x86)\GameGuard\gameguard.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\GameGuard\gguard.exe".\gguard.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\verifier.exeC:\Windows\system32\verifier.exe /volatile /removedriver acdrv.sys3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cs.fastcup.net/support2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa9d623cb8,0x7ffa9d623cc8,0x7ffa9d623cd83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6320 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:83⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17002032262883148362,11172929435272148184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:13⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\GameGuard\steam_appid.txt1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD56afcb1a72dec236848d2c968ac613933
SHA1240d71b8e25416bc2e63fe63734398b4da455f6e
SHA2562581bb411974354ce9ed801ae370b4196e03c369dc28c3f40efebff22c319df1
SHA51247a101da4e1e7fda7d2198c7b9ceef6fa8caa7f49a2e0a27f3aa5a3cf9fd029e462893e4ddda2a63ec6acaf874cdd0e710ab1c41b25efca06ff287e1b3499f3b
-
Filesize
316KB
MD57ec55f85dd4740e6f146d3ee54e01201
SHA144fcf3bb83a006ab6ca90d728bec43c031e0cada
SHA2567997c3e9c03c0e91b8b07cb482c97066afdd483d2dbab1f292f749f4fe97e229
SHA5127b6a494b5506e249e67e63c32fe42895227ec53a49f37e9b3884f628fd7bcc29f1f8bf96d616b8b741adc48540fc8eda7e64701a459acb707569bd1e36ee143b
-
Filesize
316KB
MD57ec55f85dd4740e6f146d3ee54e01201
SHA144fcf3bb83a006ab6ca90d728bec43c031e0cada
SHA2567997c3e9c03c0e91b8b07cb482c97066afdd483d2dbab1f292f749f4fe97e229
SHA5127b6a494b5506e249e67e63c32fe42895227ec53a49f37e9b3884f628fd7bcc29f1f8bf96d616b8b741adc48540fc8eda7e64701a459acb707569bd1e36ee143b
-
Filesize
330KB
MD5b966184ae28d7bc96756bc3ed001c701
SHA18c620632624e9bc9b3e7d7a672072bdb6952df87
SHA256f2b6185392b98f27da4a7a8c74b585ae00d6e69bd7f97727dca0953aa3ab0324
SHA5128b9ad0bec94ed9a44a0c8aa8b8ca1b80fc6aecc46a2d74a2eb3830394ece82a77bed121c49ccbc6fb4fb7c05edbc90c17d591c2ee0f88bd3018893bc4cd0e003
-
Filesize
330KB
MD5b966184ae28d7bc96756bc3ed001c701
SHA18c620632624e9bc9b3e7d7a672072bdb6952df87
SHA256f2b6185392b98f27da4a7a8c74b585ae00d6e69bd7f97727dca0953aa3ab0324
SHA5128b9ad0bec94ed9a44a0c8aa8b8ca1b80fc6aecc46a2d74a2eb3830394ece82a77bed121c49ccbc6fb4fb7c05edbc90c17d591c2ee0f88bd3018893bc4cd0e003
-
Filesize
330KB
MD5b966184ae28d7bc96756bc3ed001c701
SHA18c620632624e9bc9b3e7d7a672072bdb6952df87
SHA256f2b6185392b98f27da4a7a8c74b585ae00d6e69bd7f97727dca0953aa3ab0324
SHA5128b9ad0bec94ed9a44a0c8aa8b8ca1b80fc6aecc46a2d74a2eb3830394ece82a77bed121c49ccbc6fb4fb7c05edbc90c17d591c2ee0f88bd3018893bc4cd0e003
-
Filesize
330KB
MD5b966184ae28d7bc96756bc3ed001c701
SHA18c620632624e9bc9b3e7d7a672072bdb6952df87
SHA256f2b6185392b98f27da4a7a8c74b585ae00d6e69bd7f97727dca0953aa3ab0324
SHA5128b9ad0bec94ed9a44a0c8aa8b8ca1b80fc6aecc46a2d74a2eb3830394ece82a77bed121c49ccbc6fb4fb7c05edbc90c17d591c2ee0f88bd3018893bc4cd0e003
-
Filesize
16B
MD5f5b5cb5adc1697570707c7b14a1c8005
SHA1da8f4df8684b9e2102f9a6255862fa3c64b65f98
SHA2564d850b3f2712b8fd03182627839f245400f59dec4c0f6729e3da860f277833bc
SHA5124b4153b392f8d2bfa5b40a2775b7d15aca20efd350d6aab1dc0f19996eeacd2c50712d1ed0a0ca4f1c72a0d31a1fdbb0340fb85ca0c1a123e12618a025108654
-
Filesize
251KB
MD53dbd633d37bdc0712b837aae2e2ec8f5
SHA11cd21533b8f869f5cb44c3e101c427fa91a70768
SHA2564bd185ee9a98ff82708ffe787b0fd204ca971c7e7746adc061827a85884c27b1
SHA51210bd1777daeb4962c23ae37c2b621e0bfd993dd6eed4a9dd6c48e3fbeed8f8ae9e398d46f00e73ccadb520e7b8398c5a99792528e4b5b0eb083156ce14e1e644
-
Filesize
15.2MB
MD5672fde6659e3b00a98a8fe84084f3dec
SHA1f6e63c0e89804bbe43b4c458b9c20bfe19a6c27c
SHA2567fdbfcd257064a70f3115f6b3d71b16918966c6254dad8bfd2fd23b990a72a0d
SHA51269035f31bcd3d3f7bc7071f50a830820ebad1266267a2d5ed61e37c2c508f13fe59b26fa1b0defe9166210cb556f32da5ceeb99e37e82f0c52cf0ac9acdeeefe
-
Filesize
52.5MB
MD52563ed229622d628d0a22e80987b7221
SHA18ee728004608ddf8116e618bc38a5863fe52f77d
SHA25654417cb3369b0a7ea037532fddae6ff355e276eda9a3bcdc98beacad5d63f0e6
SHA512f9e9ebd5bb02ed6667f4c0b31ce940defb0b7fae65bfe84ab07bc84d7e8f147f2febb1eee6b0e87bdf48a7212acf5886a3987e92b3c892dd54e3a5908752ee91
-
Filesize
7.2MB
MD581ed38976254bb646c0ecee753324027
SHA1c3fe70f9daff9e66b315b2adc9481a7d39d7e7c6
SHA256cf169e7a746c574f3e2ec653a6739ca71fe0e34aa76f604cd36706fe45536be7
SHA512476a6f9f65857d015661dc8504c537efff00fbd69014ab2e36aeed393b69083962195b3aa6e4485aa46f7471aa59aec21a6e56a687fc6474cc7a62b9c47ca018
-
Filesize
7.2MB
MD581ed38976254bb646c0ecee753324027
SHA1c3fe70f9daff9e66b315b2adc9481a7d39d7e7c6
SHA256cf169e7a746c574f3e2ec653a6739ca71fe0e34aa76f604cd36706fe45536be7
SHA512476a6f9f65857d015661dc8504c537efff00fbd69014ab2e36aeed393b69083962195b3aa6e4485aa46f7471aa59aec21a6e56a687fc6474cc7a62b9c47ca018
-
Filesize
7.2MB
MD581ed38976254bb646c0ecee753324027
SHA1c3fe70f9daff9e66b315b2adc9481a7d39d7e7c6
SHA256cf169e7a746c574f3e2ec653a6739ca71fe0e34aa76f604cd36706fe45536be7
SHA512476a6f9f65857d015661dc8504c537efff00fbd69014ab2e36aeed393b69083962195b3aa6e4485aa46f7471aa59aec21a6e56a687fc6474cc7a62b9c47ca018
-
Filesize
15.2MB
MD5672fde6659e3b00a98a8fe84084f3dec
SHA1f6e63c0e89804bbe43b4c458b9c20bfe19a6c27c
SHA2567fdbfcd257064a70f3115f6b3d71b16918966c6254dad8bfd2fd23b990a72a0d
SHA51269035f31bcd3d3f7bc7071f50a830820ebad1266267a2d5ed61e37c2c508f13fe59b26fa1b0defe9166210cb556f32da5ceeb99e37e82f0c52cf0ac9acdeeefe
-
Filesize
15.2MB
MD5672fde6659e3b00a98a8fe84084f3dec
SHA1f6e63c0e89804bbe43b4c458b9c20bfe19a6c27c
SHA2567fdbfcd257064a70f3115f6b3d71b16918966c6254dad8bfd2fd23b990a72a0d
SHA51269035f31bcd3d3f7bc7071f50a830820ebad1266267a2d5ed61e37c2c508f13fe59b26fa1b0defe9166210cb556f32da5ceeb99e37e82f0c52cf0ac9acdeeefe
-
Filesize
15.2MB
MD5672fde6659e3b00a98a8fe84084f3dec
SHA1f6e63c0e89804bbe43b4c458b9c20bfe19a6c27c
SHA2567fdbfcd257064a70f3115f6b3d71b16918966c6254dad8bfd2fd23b990a72a0d
SHA51269035f31bcd3d3f7bc7071f50a830820ebad1266267a2d5ed61e37c2c508f13fe59b26fa1b0defe9166210cb556f32da5ceeb99e37e82f0c52cf0ac9acdeeefe
-
Filesize
52.5MB
MD503426508c197f0fb93d40f23207f0b65
SHA16e9290637e864861d2cb83eb2b30e172575c38ae
SHA2566838273835134318062a8c1ca9e1e94efd7da9f05995330f2a05d3fd6fd33eab
SHA512cd71ce2e1a24a48caf625c6819bc65f9797cec4e611d533b452c0c07993b78ee37b3e96a1b17e919ec9779d48b3062051ed8534b3f2ee65ccfbca649af2e8018
-
Filesize
52.5MB
MD503426508c197f0fb93d40f23207f0b65
SHA16e9290637e864861d2cb83eb2b30e172575c38ae
SHA2566838273835134318062a8c1ca9e1e94efd7da9f05995330f2a05d3fd6fd33eab
SHA512cd71ce2e1a24a48caf625c6819bc65f9797cec4e611d533b452c0c07993b78ee37b3e96a1b17e919ec9779d48b3062051ed8534b3f2ee65ccfbca649af2e8018
-
Filesize
52.5MB
MD503426508c197f0fb93d40f23207f0b65
SHA16e9290637e864861d2cb83eb2b30e172575c38ae
SHA2566838273835134318062a8c1ca9e1e94efd7da9f05995330f2a05d3fd6fd33eab
SHA512cd71ce2e1a24a48caf625c6819bc65f9797cec4e611d533b452c0c07993b78ee37b3e96a1b17e919ec9779d48b3062051ed8534b3f2ee65ccfbca649af2e8018
-
Filesize
52.5MB
MD503426508c197f0fb93d40f23207f0b65
SHA16e9290637e864861d2cb83eb2b30e172575c38ae
SHA2566838273835134318062a8c1ca9e1e94efd7da9f05995330f2a05d3fd6fd33eab
SHA512cd71ce2e1a24a48caf625c6819bc65f9797cec4e611d533b452c0c07993b78ee37b3e96a1b17e919ec9779d48b3062051ed8534b3f2ee65ccfbca649af2e8018
-
Filesize
52.5MB
MD503426508c197f0fb93d40f23207f0b65
SHA16e9290637e864861d2cb83eb2b30e172575c38ae
SHA2566838273835134318062a8c1ca9e1e94efd7da9f05995330f2a05d3fd6fd33eab
SHA512cd71ce2e1a24a48caf625c6819bc65f9797cec4e611d533b452c0c07993b78ee37b3e96a1b17e919ec9779d48b3062051ed8534b3f2ee65ccfbca649af2e8018
-
Filesize
251KB
MD5844785d10e81cb5a99da47b73af09489
SHA16446e3c75324f2653975657f940cbcf593ec2e51
SHA256765fb6498ba7d262e63b2dba19c09f63de4dd0a092b5499828ec8949aa183f82
SHA512f7f38967e8a613a80954bf9b5a92d6c5aa4ecf8c398e4af59dff43fc4969464335e4ec73e94548a69cd1afbb5b485adab2ca5056a2f5890d4ec7f488eee8e860
-
Filesize
251KB
MD5844785d10e81cb5a99da47b73af09489
SHA16446e3c75324f2653975657f940cbcf593ec2e51
SHA256765fb6498ba7d262e63b2dba19c09f63de4dd0a092b5499828ec8949aa183f82
SHA512f7f38967e8a613a80954bf9b5a92d6c5aa4ecf8c398e4af59dff43fc4969464335e4ec73e94548a69cd1afbb5b485adab2ca5056a2f5890d4ec7f488eee8e860
-
Filesize
251KB
MD5844785d10e81cb5a99da47b73af09489
SHA16446e3c75324f2653975657f940cbcf593ec2e51
SHA256765fb6498ba7d262e63b2dba19c09f63de4dd0a092b5499828ec8949aa183f82
SHA512f7f38967e8a613a80954bf9b5a92d6c5aa4ecf8c398e4af59dff43fc4969464335e4ec73e94548a69cd1afbb5b485adab2ca5056a2f5890d4ec7f488eee8e860
-
Filesize
251KB
MD5844785d10e81cb5a99da47b73af09489
SHA16446e3c75324f2653975657f940cbcf593ec2e51
SHA256765fb6498ba7d262e63b2dba19c09f63de4dd0a092b5499828ec8949aa183f82
SHA512f7f38967e8a613a80954bf9b5a92d6c5aa4ecf8c398e4af59dff43fc4969464335e4ec73e94548a69cd1afbb5b485adab2ca5056a2f5890d4ec7f488eee8e860
-
Filesize
3B
MD55f0f5e5f33945135b874349cfbed4fb9
SHA1de8627f75ba1abcfafd00a0e75ad189105cfdc21
SHA25642c6024940120036d7a0103375d5b8e5072589f6d0f9a1a8e7f6eb6a17358675
SHA5125da80d9b6aca0f09864d6ce31381361564c8504ad294d2344a4106f51a7e25e6f22ef256efe32a4e774173d60599e2e938da2020b70f8c115e587b5420eb478f
-
Filesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
Filesize
252B
MD5ff6b323c8ad29ceb50ca05f3627d0bfb
SHA105ce1be8e95efcd8152d10b251a2ab7b44d4a976
SHA2562e9403d2454d9716cc9af24d430fc29e14f68ae1727fae2b2e142ea31d00488b
SHA512a7038cf3bc2f74c25cb0c365c09a2694bebda1ca4eeff7c517421199c08d95b6e9a04931d59031fa01c8020398b33ba1aac4a6527bb0afc5060b5d56a5d3a394
-
Filesize
252B
MD5ff6b323c8ad29ceb50ca05f3627d0bfb
SHA105ce1be8e95efcd8152d10b251a2ab7b44d4a976
SHA2562e9403d2454d9716cc9af24d430fc29e14f68ae1727fae2b2e142ea31d00488b
SHA512a7038cf3bc2f74c25cb0c365c09a2694bebda1ca4eeff7c517421199c08d95b6e9a04931d59031fa01c8020398b33ba1aac4a6527bb0afc5060b5d56a5d3a394
-
Filesize
152B
MD5db2e4d9e346a898461d3dd73a9bd1489
SHA1ed0676dbbdfb85caa47514b1ed9bd1686e2b5973
SHA25663ec89c40c09cda645f11eed75b85d332b5898d774d56ac761f511a36216bbee
SHA51264979cc44300f1b648c1fe78b4a272fcdfcfd3e2f2b50bc6c8a780aaa074916cd2061b45642f719a2d9790d3dee7bf159e59081eeccadca38a1a5c638efebd06
-
Filesize
1KB
MD53e8f84828e984387cbf9fc8d79b4d81d
SHA1831c0803e365acee2fa348b65fb00342a92bf67a
SHA2567775c0a71a43c850798ae1e72540443228f0fd1cffb6933da22fcf0c1890b03d
SHA5123809ab125cf4f081359c1bb30642ff649b78a81bb637e6167ae2cf4fd900dcfd45ea4d16eaab4e3c110a5963d42c4cca817e621583c2dd8b66105c812b811c36
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5d429f873d46cfce9d321646ab4ddddb5
SHA1cc34967291c876aa88af01831dd6318fb51da803
SHA256b4c7445c8ab6b856a6ddb87c455b9b7e886e83599f1a280724fcdfdd36e93112
SHA512a96e5ef54b6aa444714ca466c7cf4ad15146fc0c651d54af172f1ea005396b65415075ea1c4bff08464e68c726a514ed4afaaae2c2144b94978ab0b1a025a2df
-
Filesize
7KB
MD586debc9c83c2c62cb82ce4badf9e6cfb
SHA16e25c253695eefb77f678364e0aabd637e809c67
SHA256cd0f6216158db84f55d799b0138d5a19cfa16c7a0d3cd880ee931349962b493e
SHA512df124a4df04781d9e235e50532bb3192354da0492f2b66fca589f8e1d8135614b97e60fad3452a0a032f088cffe4e32c078813ac9e60b8d3160b30011447b8b9
-
Filesize
6KB
MD5a86721f7b8dd3238482918bcdea5b90c
SHA17a389de5e43585c356333d0f3619d3fffe4b26f7
SHA256274984e5800d7f61717c0cc2794c1954932b5b740e02ddfa48e6d1dda1b9fbef
SHA51232bd54792900b3db96e05f5ada3b06038b777b65adfa5aeea86dc9fe04b0115ce3717f271e3b8057c331415ad94b7668577d8dcf915e60684b40051aae8a4219
-
Filesize
25KB
MD5c058d43c86c549232b38f4ec339e5f5f
SHA1d5f2ccc3a00935f7dbc402fe248e62dea3ea80a6
SHA2565279a4e706dce4b6989d95d10ca1443df59bfcf0986783f6e9685a0b003b49f7
SHA51219dc392d1cfd9c59e3d8b58a23c28fead2c3af9341e36dc3aca0e5872f9768a368fd886f37df312cb0ff3983cea01ff200c0725062c54197439bafac070f0ae6
-
Filesize
264B
MD521b38cc4223aeabd8eb08228b25c5040
SHA10281782c634ab00370e1f95a09c8e768405cf137
SHA256bd0fc5eea5fb7faf196ff5d15a9bbd80ec4d2279cf25346731a400a6b8f9e843
SHA512a1dc789cd1b1678a55d8a6d25aaad073330fcd9bbb93a353d9a6fc600aa2443999267a0f21031aacd79c5792b8ea1f2117a1d2a83d569605265806e8e96fc4a7
-
Filesize
48B
MD57428b2cd737fe069c24c4e6eb135af25
SHA11ba683039ebd76520165b317dd41934cb2e67504
SHA256b9967e2a2ba39e3793024ac5b6bd5fde5e17711444c713804201969ad323dd7a
SHA51287d46e3fb9d84214f577ca9d5100d0c9ce37f00120809ba1eafb400dc3180f7a574d22e8fe09825902744a87c9eb2a2902087c0f6c5d3133f41cf082a4825f66
-
Filesize
5KB
MD59e3b27344ac823e97654663ef2a349d0
SHA1ce3503efeb5fa778ace3ecd950ee257db703819b
SHA2568f4834a53f31468a36bebb5b9a8bfdd53d7729fa496aab62a3599670cbc6b127
SHA5123a77b2f27026d96e986e7216e751c63c7ebacdb783d5a5d509f76a2847cc9fedc9e5905bf127910c04619ca2c996b5fe7c03047da01012e2901a69bb7548c5bf
-
Filesize
5KB
MD522fc9d7e4e6b4554f8dc61c29547c625
SHA1a4d624c8ef99437e4085f1f1fc49720b94243ac7
SHA25698c46c1b748b7b92921727f8243e1409e297eae88a1b5461542c5ec9df821869
SHA512f3130957b5f3c620f18f48c64eb90e14aef9b7b7e1fe84c684854063827f49dd14f20e9e43c933022cba0282329c855038a623efe94aafbcd120e60d11cf75e2
-
Filesize
4KB
MD5282d975f8824dbd6a533de34b9f97aab
SHA1cd79957eb6320b1644cc6c34f096ff4698701d47
SHA25638f55c408a9a785bf608c0a14ca0880b9e4f6bba63c8d71bd356e8b3344d44d1
SHA512961562e3b38f1a5bc7cbbcf80b4cbbf9ebe12096b171051d086ee419f72bf84d5f808faaa3b86c36acf59f5f883c95b4513f927bed18dc80160f36c0f331820c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD594901eeb7a894b5ddee21f307848ac78
SHA122d79603150b74fa1ce9628a4e9c33c614c3b325
SHA25677a7bec96621da1457239c9364bfbb7eb39cbfcda88d56ff27e8af97ae0d2b0b
SHA512206a6049e234d177d16312a70c6f4b8e1fc3402780b51298f5dba39bdbb432b0958ec2b4b61eec2fe76a449a64bea56db6ce89de7bced30fcf1dc7188f6403d5
-
Filesize
10KB
MD5be7f7d7e777ada4e3e7a442424d3f865
SHA1a3d7452fac2bbe010300bc66ab1c9c4e03ee7f8d
SHA25604a8bb1a167b04c33b7322b7eff4af35d81fd41208f8160a165285baf590b960
SHA512301504ae9e17799d364cdd0a800933a73e8003d12675264039367c497921d3c0cdebe3bdb54dfd3a338043571726b4426426c35ad00b6cd294dfd7661cc544eb
-
Filesize
202KB
MD5d773d9bd091e712df7560f576da53de8
SHA1165cfbdce1811883360112441f7237b287cf0691
SHA256e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7
SHA51215a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd
-
Filesize
202KB
MD5d773d9bd091e712df7560f576da53de8
SHA1165cfbdce1811883360112441f7237b287cf0691
SHA256e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7
SHA51215a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd
-
Filesize
7.7MB
MD568bd8f9af44479db013a77c806f1c674
SHA10cbb2b63c78b42e13b1818964bb2cf43e46c5052
SHA256ac9ac5a95273064ba09af8be049124ba52db7a59075d69a94d12427917dbc376
SHA512991f703293b984beeeda44cc72cacc0cd69bd4cb1856b2b1c5cf2a2d06d7f58e8469af70c2ecece05d98643937c52f8a944b9892e2925738457d2ac238867852
-
Filesize
12.2MB
MD55402bcfbe6d8134586629398032b5fee
SHA1817b912bf267fb4ff04aba141691ec6826e100f6
SHA256a52937f16bc1e5a816544fcc9d1f005848a8c38815c2a4786925b61d0e08ce86
SHA512824a6db64b89541b251c54d29dccbe92d48518523a88db1f2b252f2e7f72b3347530fabed3b5d6e8f8079d4e20adef1058b1ac1e3af5d41a28f921b274f28b5b
-
Filesize
6KB
MD54c435a2ea80c989c3af4ed416aa002da
SHA1716dd7f4cb4da3d8189723fe6680e3ccd729567f
SHA256138ab745b03c51c5129f666aebbf91ff905adeceeda99d01c9bf863c62c40860
SHA512dd36d89aaedfac639829e4e00e594fe6020989bd4868a83a8f007b59b61a52cda90ada1464b961a02fed28719a236dd6026b2b9ec0c3e1d87a8ded712916e9a3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
24.8MB
-
Filesize
24.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
24.8MB
-
Filesize
4KB
-
Filesize
24.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
24.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
98.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
11.7MB
-
Filesize
4KB
-
Filesize
11.7MB
-
Filesize
4KB
-
Filesize
11.7MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
11.7MB
-
Filesize
98.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
24.8MB
-
Filesize
24.8MB
-
Filesize
24.8MB
-
Filesize
24.8MB
-
Filesize
24.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB