Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2024, 23:30
Static task
static1
Behavioral task
behavioral1
Sample
68e9767a80e49cdbca8e6d8cb26867aa.exe
Resource
win7-20231215-en
General
-
Target
68e9767a80e49cdbca8e6d8cb26867aa.exe
-
Size
3.9MB
-
MD5
68e9767a80e49cdbca8e6d8cb26867aa
-
SHA1
b6125fdec846e62cde9d65b6af224d9495cd190d
-
SHA256
f91fa2953c6f7d35429a38ff474e1345da76a29c7a90c1c9b9380d9b09d8eead
-
SHA512
510f4a2d309a3fdbcf40e4652b7ad5402a57fd11bd03a4966fb66c0ecf6ce49c93680d49a18afa99cc31871ac0381ccb64bc39d912f2c16d7f43161042cf7220
-
SSDEEP
98304:fnsmtk2aqEIPmLgtC47Ik66NWtZdtzJ9RLkC3COU:vLG8mcA+IJpDV3M
Malware Config
Extracted
darkcomet
Main
whp.sytes.net:1157
DC_MUTEX-Z0KBHP5
-
InstallPath
MSDCSC\main.exe
-
gencode
6SFPopLHSquT
-
install
true
-
offline_keylogger
true
-
password
123
-
persistence
true
-
reg_key
main
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe" ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe" ._cache_Synaptics.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ main.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ main.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ ._cache_Synaptics.exe -
Checks BIOS information in registry 2 TTPs 8 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion ._cache_Synaptics.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion ._cache_Synaptics.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe -
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation 68e9767a80e49cdbca8e6d8cb26867aa.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation Synaptics.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation ._cache_Synaptics.exe -
Executes dropped EXE 7 IoCs
pid Process 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 3848 Synaptics.exe 4120 ._cache_Synaptics.exe 2616 MAIN.EXE 1020 MAIN.EXE 456 main.exe 5076 main.exe -
Identifies Wine through registry keys 2 TTPs 4 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Key opened \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine ._cache_Synaptics.exe Key opened \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine main.exe Key opened \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine main.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\main = "C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe" main.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" 68e9767a80e49cdbca8e6d8cb26867aa.exe Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\main = "C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe" ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\main = "C:\\Users\\Admin\\Documents\\MSDCSC\\main.exe" ._cache_Synaptics.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
pid Process 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 4120 ._cache_Synaptics.exe 456 main.exe 5076 main.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 68e9767a80e49cdbca8e6d8cb26867aa.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ Synaptics.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4924 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 4120 ._cache_Synaptics.exe 4120 ._cache_Synaptics.exe 456 main.exe 456 main.exe 5076 main.exe 5076 main.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 456 main.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeSecurityPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeTakeOwnershipPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeLoadDriverPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeSystemProfilePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeSystemtimePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeProfSingleProcessPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeIncBasePriorityPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeCreatePagefilePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeBackupPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeRestorePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeShutdownPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeDebugPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeSystemEnvironmentPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeChangeNotifyPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeRemoteShutdownPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeUndockPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeManageVolumePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeImpersonatePrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeCreateGlobalPrivilege 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: 33 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: 34 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: 35 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: 36 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe Token: SeIncreaseQuotaPrivilege 4120 ._cache_Synaptics.exe Token: SeSecurityPrivilege 4120 ._cache_Synaptics.exe Token: SeTakeOwnershipPrivilege 4120 ._cache_Synaptics.exe Token: SeLoadDriverPrivilege 4120 ._cache_Synaptics.exe Token: SeSystemProfilePrivilege 4120 ._cache_Synaptics.exe Token: SeSystemtimePrivilege 4120 ._cache_Synaptics.exe Token: SeProfSingleProcessPrivilege 4120 ._cache_Synaptics.exe Token: SeIncBasePriorityPrivilege 4120 ._cache_Synaptics.exe Token: SeCreatePagefilePrivilege 4120 ._cache_Synaptics.exe Token: SeBackupPrivilege 4120 ._cache_Synaptics.exe Token: SeRestorePrivilege 4120 ._cache_Synaptics.exe Token: SeShutdownPrivilege 4120 ._cache_Synaptics.exe Token: SeDebugPrivilege 4120 ._cache_Synaptics.exe Token: SeSystemEnvironmentPrivilege 4120 ._cache_Synaptics.exe Token: SeChangeNotifyPrivilege 4120 ._cache_Synaptics.exe Token: SeRemoteShutdownPrivilege 4120 ._cache_Synaptics.exe Token: SeUndockPrivilege 4120 ._cache_Synaptics.exe Token: SeManageVolumePrivilege 4120 ._cache_Synaptics.exe Token: SeImpersonatePrivilege 4120 ._cache_Synaptics.exe Token: SeCreateGlobalPrivilege 4120 ._cache_Synaptics.exe Token: 33 4120 ._cache_Synaptics.exe Token: 34 4120 ._cache_Synaptics.exe Token: 35 4120 ._cache_Synaptics.exe Token: 36 4120 ._cache_Synaptics.exe Token: SeIncreaseQuotaPrivilege 456 main.exe Token: SeSecurityPrivilege 456 main.exe Token: SeTakeOwnershipPrivilege 456 main.exe Token: SeLoadDriverPrivilege 456 main.exe Token: SeSystemProfilePrivilege 456 main.exe Token: SeSystemtimePrivilege 456 main.exe Token: SeProfSingleProcessPrivilege 456 main.exe Token: SeIncBasePriorityPrivilege 456 main.exe Token: SeCreatePagefilePrivilege 456 main.exe Token: SeBackupPrivilege 456 main.exe Token: SeRestorePrivilege 456 main.exe Token: SeShutdownPrivilege 456 main.exe Token: SeDebugPrivilege 456 main.exe Token: SeSystemEnvironmentPrivilege 456 main.exe Token: SeChangeNotifyPrivilege 456 main.exe Token: SeRemoteShutdownPrivilege 456 main.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4924 EXCEL.EXE 4924 EXCEL.EXE 4924 EXCEL.EXE 4924 EXCEL.EXE 456 main.exe 4924 EXCEL.EXE -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 1316 wrote to memory of 1156 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 89 PID 1316 wrote to memory of 1156 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 89 PID 1316 wrote to memory of 1156 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 89 PID 1316 wrote to memory of 3848 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 90 PID 1316 wrote to memory of 3848 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 90 PID 1316 wrote to memory of 3848 1316 68e9767a80e49cdbca8e6d8cb26867aa.exe 90 PID 3848 wrote to memory of 4120 3848 Synaptics.exe 91 PID 3848 wrote to memory of 4120 3848 Synaptics.exe 91 PID 3848 wrote to memory of 4120 3848 Synaptics.exe 91 PID 1156 wrote to memory of 2616 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 94 PID 1156 wrote to memory of 2616 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 94 PID 1156 wrote to memory of 2616 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 94 PID 4120 wrote to memory of 1020 4120 ._cache_Synaptics.exe 95 PID 4120 wrote to memory of 1020 4120 ._cache_Synaptics.exe 95 PID 4120 wrote to memory of 1020 4120 ._cache_Synaptics.exe 95 PID 1156 wrote to memory of 456 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 96 PID 1156 wrote to memory of 456 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 96 PID 1156 wrote to memory of 456 1156 ._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe 96 PID 4120 wrote to memory of 5076 4120 ._cache_Synaptics.exe 97 PID 4120 wrote to memory of 5076 4120 ._cache_Synaptics.exe 97 PID 4120 wrote to memory of 5076 4120 ._cache_Synaptics.exe 97 PID 456 wrote to memory of 2252 456 main.exe 103 PID 456 wrote to memory of 2252 456 main.exe 103 PID 456 wrote to memory of 2252 456 main.exe 103 PID 456 wrote to memory of 316 456 main.exe 99 PID 456 wrote to memory of 316 456 main.exe 99 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102 PID 456 wrote to memory of 1612 456 main.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\68e9767a80e49cdbca8e6d8cb26867aa.exe"C:\Users\Admin\AppData\Local\Temp\68e9767a80e49cdbca8e6d8cb26867aa.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Users\Admin\AppData\Local\Temp\._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe"C:\Users\Admin\AppData\Local\Temp\._cache_68e9767a80e49cdbca8e6d8cb26867aa.exe"2⤵
- Modifies WinLogon for persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Users\Admin\AppData\Local\Temp\MAIN.EXE"C:\Users\Admin\AppData\Local\Temp\MAIN.EXE"3⤵
- Executes dropped EXE
PID:2616
-
-
C:\Users\Admin\Documents\MSDCSC\main.exe"C:\Users\Admin\Documents\MSDCSC\main.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"4⤵PID:316
-
-
C:\Windows\SysWOW64\notepad.exenotepad4⤵PID:1612
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"4⤵PID:2252
-
-
-
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate3⤵
- Modifies WinLogon for persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Users\Admin\AppData\Local\Temp\MAIN.EXE"C:\Users\Admin\AppData\Local\Temp\MAIN.EXE"4⤵
- Executes dropped EXE
PID:1020
-
-
C:\Users\Admin\Documents\MSDCSC\main.exe"C:\Users\Admin\Documents\MSDCSC\main.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5076
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4924
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD5fd62b0384996c724274436a14eb2014a
SHA150013197b3565e778e0d0e3bb267f2bf18cba10b
SHA25642487ee73087367b001278541879efbcfdc7118a84fccab05441cdb7d7901858
SHA5127203b85858e697dc6ebb4634f5f67cbb25317796e45a5ba51ff53e3f40db7061e9509d049914c7d98033ad5ee16ef423642b39d98870920081db2c58bd356863
-
Filesize
35KB
MD5abbe4634d9a892d56ca7d3a94b38caba
SHA15f471e405f8a44b5e5c8667eed8fd275f77d0900
SHA256e0da48deee7d7b2fbd030ce197ea85a7ccf4f7f937604e017b50407d602a5a31
SHA512b5046dcae7045b09aa146c2815e3445ec93575b20acde146cdcea338841c00ada64489e4fd6a61dd41d72aa7aced70af65b2d578f220bd2ee9b96e22835156e6
-
Filesize
346KB
MD5afe8e5457ffdba7fd71be9790d76a820
SHA1b0618fa870c6103442619b1bf566de43d5c6a4b0
SHA25657ce4d76c4ef09b47c69fdc8573f8a92dd394eb2d4466f6399a850d5aea9c851
SHA512e8ef6bb158396fcd4e23b2988456440f600382cbe9861e33cf88d44e1ad45c823498268caf62e89709b31ca8f31e5817d36c3fae052023d92a4664a758f5725c
-
Filesize
3.2MB
MD5adf43260a99ad4ad02f71dc4bb4a6fb4
SHA1c913da7b00ec6c73e29c4bd26ca46a07af531a60
SHA256b0dea29e2862732605642902983b4f6f067937b7335fa09a4ecb8c81222d61df
SHA5128ec38afa0787fc9dbf5964bab7fe3975387c15ad29a5c7e4ada51872a9e10c2b9992c6bafa866ee9a8406775f40912f1e27e27bfebf7ae3574798d5503169acb
-
Filesize
721KB
MD5739d8ce16d7a529d26e5b64597094eea
SHA1479ff6dad45d938ef5378ec6eb09405f20d63f8b
SHA256677d6f54f4f33592b8a395caa9e41d024ff7470c3122c468ea7181e0ebd3cabc
SHA512f65858dec3747fc559afc6971a820741c2799134657e022959f692a2f4324872cbedf0104f91fbf60f8fd2ca561c5f119e0560f8f370a2871721e80c8d025f75
-
Filesize
498KB
MD529f7dec13017a0500b293803fd6566cb
SHA1dd68bcbcf7119da919dd7a0099124ba843d24d86
SHA25631775efea945ba1d7b2456365f6404a99fc9675b9eb57121f051a7cd05ff4185
SHA512c441e5750ee3dccef30fc1b20e57895a27975fe729deda2731e5968493e65226258f82f52ddb0617237e500596a1d2da85716c9503bdee4de65e5d181f001571
-
Filesize
456KB
MD5c1ea12304ef7577300d15fb160993d5a
SHA14cdf4162e2ad3dafab1f77492ee03b5987d60874
SHA2562bafa92794aa41de575c8bed50dd58a575be60f9fe379279776777c576a648d5
SHA512f438fc91cf1526681156b3fb5dcb664942db829c22fe4e6926a6d92a9c3e7bdf6406cdfcd6abac060a2e9d57047e54ac223f29b3855bb1255b3f42baff7cc166
-
Filesize
758KB
MD5a3e88f99627a815228015311e7936c8c
SHA13c953bf628b9f7dd8a225183eca3e100918666bb
SHA25602b068912be3a6791d205e740db1d23b65d9962a49dc4ee08a5ef292c2869b72
SHA51232fe948fe92baf17ab1966841863a203ae9b684cf282440d0a094097d6d418d780ca8a1c65b00fe1fddb80ec21e4374b9d4c85336cd5adc968cab4b50135dd90
-
Filesize
17KB
MD5e566fc53051035e1e6fd0ed1823de0f9
SHA100bc96c48b98676ecd67e81a6f1d7754e4156044
SHA2568e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15
SHA512a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04
-
Filesize
803KB
MD52a6ead88f1f1565757db18c979382c91
SHA174e7b50e614e77c74f10c3998f955573326ed0c0
SHA256fb9be7092ed298f531d49f3042c5594ff08d5db2f636a20dedefe795e260ddff
SHA5128218786b07e3ea3f98aa90a4c63ba8278acd56a130696bc7e67c45deba23c78479fcb0cfe82cfad82cc53f4005965dc160a68b9be5f01ae112ba5fb41160228b
-
Filesize
82KB
MD562daab2ece893c95ab28780f7a398e32
SHA13ace80e06dab248783dc5c37e77e78ab866c1541
SHA256ab68ac8d079e0b172e9648113b97f8d4daec7de9b19d82eb2c0c3330af9ccaf1
SHA512db09ddff42c07bf290a710aee0dd4e2f5bbc5e0be84394598679840fdf2984d0e2d4dc154d675756095bae5fec9f379f7e315c2e0468fca74966e6aae8cea2b6
-
Filesize
172KB
MD54a27c90a68489f3ae6bf018dca18a61d
SHA1f1d242f6c3077d46f56ec716b9b44be3c05ab58d
SHA2564c76da09caab4640dd3960fd1b67afb32361a199e97a0f1b56d8ae11d8b12827
SHA512c6b13d26444a55c70e25543ab20beed1b2bad957f8cff8bfe3986d8802c895433f39bba44155649a9e642742462abdef94483f1794cda18e4e17497c679fd120
-
Filesize
57KB
MD5369ef80d2852218edff9c20ae3e2f03f
SHA180fda0d08a6d78a0f3e2919e5d53e2f177aa9382
SHA256511f7a9f74832f33597b44c1c226dcf9ce663e19d0a8fad03a606360ac446b64
SHA5126670cee9ce74fee456b443953859c39a4f96a9cbe4eec423fb87bd76e21cef34961bd9ecc570390ae096bcffee8e167c3d506de4138fd071e41156536c5b5317
-
Filesize
525KB
MD5752bf0e6a7036444112523431fb1a818
SHA1494c0be8082f37403e9aa99c25e245cdf90631bd
SHA2565ed6d61ca696af95ea6f1b0ff54b576fa664b178582366caaa53c3b8342cbf91
SHA512df22de217a8d0a2f66af9ae0aed297f5c93f9a8804e888bb012f0ddf1fec8d611da807dd7927abf835084f01f44c8b282763ad770bc6ba87624902f3b774a6d5
-
Filesize
25KB
MD59921bdf03e25219e6e8cab4ab97ef00d
SHA1297d75d5aea9a968119471e625a17714fb87dc8d
SHA256aa7e3b7cda06a37a32c51d85798a03cac4997f01e945fc237dc76150906b565d
SHA51241a95ffe2c5d0b9294ec541a57c34bafc62e1b840d0a68fc4e1178f8f51e29af5d3ca197a11ad6bd5c4dbff82a40e1dd7280184a9d76c0c523bbeff6ed66af10
-
Filesize
401KB
MD5bca99288d93b3a82f3796d17547f9f69
SHA11b0d8f740844d8a7fb1d0b6130d7347b78a08fd5
SHA256f4351496d8f5f242985e5936db667159f03de0addc44ce2142ee7e4ccca395a5
SHA512182871bc95365709002fc1417ac9adfe7d1b5d0693f9f85654238feca17e6c41f50e27da2006f2e2d456003544f2af0c0a88f0082157aa0cb82c9176de897654