Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 15:05
General
-
Target
2024-01-25_aff0216c3f5328b0b435ccdc46c3ba62_magniber_revil_zxxz.exe
-
Size
24.3MB
-
MD5
aff0216c3f5328b0b435ccdc46c3ba62
-
SHA1
d78371a030f02306866d114dc8fbd16a2b02ec36
-
SHA256
0ae21b70f1d09c114c387141808dbcfb11010b14b01679da1fd0e113fd366c5f
-
SHA512
2114b88650ecbb636ee53fe68aace78fdd5ac40fdb33f895eb7fd2e10d60963018c3e3e2e3c1301b69b601c279c6f3baf58d8ec7ffe27862b1038fa16f3df815
-
SSDEEP
196608:BP0Hj6JigboXZDwqY8a/qVwsEXX1KOgCu3JK1Op1H2SAmGcWqnlv0185Z:BPboGX8a/jWWu3cq2D/cWcls1I
Malware Config
Signatures
-
Executes dropped EXE 42 IoCs
-
Loads dropped DLL 15 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 20 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 34 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_aff0216c3f5328b0b435ccdc46c3ba62_magniber_revil_zxxz.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_aff0216c3f5328b0b435ccdc46c3ba62_magniber_revil_zxxz.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 1d4 -NGENProcess 1d8 -Pipe 1e8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 25c -NGENProcess 24c -Pipe 248 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 258 -NGENProcess 264 -Pipe 1d4 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 23c -NGENProcess 268 -Pipe 260 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 23c -InterruptEvent 26c -NGENProcess 264 -Pipe 1f0 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 244 -NGENProcess 274 -Pipe 23c -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 268 -NGENProcess 274 -Pipe 240 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 280 -NGENProcess 208 -Pipe 278 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 27c -NGENProcess 244 -Pipe 1d8 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 28c -NGENProcess 27c -Pipe 268 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 25c -NGENProcess 26c -Pipe 284 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 294 -NGENProcess 274 -Pipe 290 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 1bc -NGENProcess 1c0 -Pipe 1cc -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 1bc -NGENProcess 1c0 -Pipe 1d0 -Comment "NGen Worker Process"2⤵
- Executes dropped EXE
-
-
C:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehRecvr.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehsched.exe1⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Windows\eHome\EhTray.exe"C:\Windows\eHome\EhTray.exe" /nav:-21⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\IEEtwCollector.exeC:\Windows\system32\IEEtwCollector.exe /V1⤵
- Executes dropped EXE
-
C:\Windows\ehome\ehRec.exeC:\Windows\ehome\ehRec.exe -Embedding1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Program Files\Windows Media Player\wmpnetwk.exe"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 5922⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\dllhost.exeC:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}1⤵
- Executes dropped EXE
- Drops file in Windows directory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD585d6e1e4c22d0a1eb36b03b2e19fb23a
SHA12ec7eb83e4e67fa86e7b302a75b0299fa32cb686
SHA256125cc96c5b42363ba2f17f86e4893d90eff638363d0e8e7060ecb1528d4c0b32
SHA5122efb09cbef8dd5b04f3bb97d55dbe5a6419dfcc73a5d50aaf2d73c95339c7bea5e5515e75423f2eeac1c63d0c61f4ab838578d43d055ee757a130eaa58fa4a97
-
Filesize
1.6MB
MD54f12df3544256816c5df9a065e67c9c0
SHA13a89a68caa370daf09f068bd78e31314a3887b8e
SHA256938b622f9203a719aa8425ad23e9ee81f22b43751b4653864b7ca5b149226a0a
SHA512a8b2d024fd6e14e314a364c4e88d903929d22b740d0b236b404e05cbf8ab4efc4fda789126228925c8819a29315f4edc87477f5c02bfc833d497f848bb0de64b
-
Filesize
1.2MB
MD550a9e36a92a9aadd70fb328110897dd0
SHA1bff4d1ad25d11a0aa186d43aeb824a19f587a6e7
SHA2561a322931ac02414be43856154532b03432bffcb3e218068baf8f3c8095a0e52d
SHA5125de8bbb2406acb0672a4b228f8d91f24f96cd45a890e7551f5e1df7ddd3d49923994842bdff6e306ea638d33b19d4488a0f94e947e3fb29495be40739e936fe5
-
Filesize
512KB
MD5b25e2d315a2809811003f1f901e5c93f
SHA18cde3fafb114710601f04b5056993ed54a29b2a5
SHA2564c0052da9d05e1d5af3dda95d475bc8ec3952cf77aca5127d0fa731e61dd21ab
SHA512598c268a2f8ff60594ac66989f39edaa9710470510d420e76acd9dba6d17120758356792f730a77ee81fa7f37865f65711fa7e2f50ee2435969cd9d4a1dc6c7a
-
Filesize
844KB
MD5a8d41dfcd05e49f5a90f5689cc687234
SHA153e00029579269cb81dba8b4b0069ffb7c61cba5
SHA256229a6ce69a266770a233052a53c88f59b6f629d42d1ae9d0317dd0268a40a6f6
SHA512df43cc8a2400ecbe6a3bcae66cae1b5392eccbbc9c0c60f1a3f5fa52c06509e4af0322e14f547307e85ec82dd551be565e7eb8cc75b82255d7b1f5a3fa2bd967
-
Filesize
436KB
MD5c31549675f921ce2a5d743a703c4e0c7
SHA12da3d14bfe396fff88218ba686d62d57e69d2cb1
SHA2565b17ad4ab0e66182f86aa0e32d8b076c7cbc6f7e1b6af7bb8833f9a6e6e23928
SHA512b369ec874f916d730d7f2e03d354da791ca9af3f31cc7222ee1f6e16ea2025536ba35d01b3fb64fb129750c66b9a6e051ca24f219139d86d370cb7320cb5abc1
-
Filesize
1.7MB
MD5ca08da9cb33ef7fe7830ce9076f99d8b
SHA1800fbd65f04affb7f860aec29071029e12eb111f
SHA25643ea88245d9737651966760407a464a698e3744ff352a9229913e4191ac7a288
SHA5121fbc8cf14c7da64109d3eeec58c9c9bda88e50332f5698228cc8882964be49ceffb0bf6de92d1621e9c205be1ce4edf721aa4584943c538e6bb8919fe8179574
-
Filesize
238KB
MD55c54dad16dadfda24ca58bbc8a017b80
SHA1c80bf703c88e4f93edf28bc234f8052f30755064
SHA256f3ba9bcaa9025b2de408699d6e495d428217ea87af670db94ffc120509543a17
SHA5127698c276ac75c15746b66e2ee2d8d845dd2ee46663dc0e01f4817797551f30b511886a314484c274cbd5c51a35fd7c620089ff1c4949267431f89d065d928ee2
-
Filesize
121KB
MD53380aaab98d1e8e439824ccb16930cde
SHA1e99fe7cd225bb78ad362d185931937cac1de0881
SHA256232e393a849cae4a4928ec2760ba7b27008a8f04c6291572c5e981d3d10cea56
SHA5129671c6b9a7ec12396a45d618b87e3aecb048fdff094c2713590d3d48e7fa3f6150ebdd293e3d36aebde3244846b76d8723ec5156f095d6b16484d56370f4e2ce
-
Filesize
73KB
MD520ec6a8a44592ddf3763419889463956
SHA10da39a9539c87f28bb194e730920fa574ee4a6ed
SHA256c4cc6186fd84b22c0200a92e71d9d366792b8a4996ffd53a1181e91e253a7c61
SHA512aec985e5bd49bfe2053d508aaae005c7a45c6eacee55a7e9d167e5faac2eda3034537877c04e69007f8744ceb6e7f7eedb4b64d511f014ac9278e3034d5194c3
-
Filesize
242KB
MD5e1fc144bdd4e4a5a8a8141dd64d10863
SHA1b547676c93e118edec914a657dc6a698429c4a50
SHA256115485603e1ccfb4be75fe6556afb7002356a0a57cd92bc8f20cf18bea4b11ba
SHA512928c589f9f5c246877424d4f55b83a1635033591687c5e75adac364c0f594e46c00cd1bd3b6532c78369473f51f1346e852ccf52d76a6976be3444bde563dc9e
-
Filesize
24B
MD5b9bd716de6739e51c620f2086f9c31e4
SHA19733d94607a3cba277e567af584510edd9febf62
SHA2567116ff028244a01f3d17f1d3bc2e1506bc9999c2e40e388458f0cccc4e117312
SHA512cef609e54c7a81a646ad38dba7ac0b82401b220773b9c792cefac80c6564753229f0c011b34ffb56381dd3154a19aee2bf5f602c4d1af01f2cf0fbc1574e4478
-
Filesize
1.0MB
MD5052a1dc303eb6bb8aab0107cfad46d89
SHA1222a3b64f02b3d2a6c71cd395ff607000a534be8
SHA256d3af3617f89bfd0ddfcb28a382c33ec709b369d5ff665f1f1034b9b0b1f95c17
SHA5123ac3987cfc49cd05edf801a94cfede4eb0f47c26c594413cf2b29aa479f6c11b58561b08052e03cb3b991c82c017a29332fcf039f73d0d7355ed5fa51ef7eeda
-
Filesize
556KB
MD5422d40a18734246443cb5dbdd6b262f1
SHA14be9b5ca17cd962e31154bfac4146cc12fb9fdf3
SHA25617e68abd6588837d43a37fd97762ce5964de7681d46eb3898ccd991666414a94
SHA512defe232ec9319a464395b4667b7a1e7785612d747fedbfc1962fb8d7adc4b110da2c3e23d15fe42ca2dcccd2c1811b7f538d60faa541a5aa6190102ffbc99c0e
-
Filesize
841KB
MD564c68c985e3e6ec10747be96df9857d7
SHA193049daacf92df0069abf2ae99ed3606a8a38e73
SHA256b2459cd9bf38a112beeda093c6107ae631731fe54a886b01138de0337d333f4a
SHA512165083e750cfc653190bffc244553eea23e71597974dd597b9b7e168c0f51dc0d84daa53e2d6d022b23251597556733823fc45c1844ad79eac510b88956961db
-
Filesize
1.0MB
MD57065b7d09085decb695166eaf3427dd3
SHA165b8505ec85bf167c802986fa823f2b6a1c858d5
SHA256ec6ea7765f929d6cda977e4a93513bddca4edda95b3fdf0d04c14a3538c4ea4e
SHA5122645479408c838da56828e422dc4506a74c031ec6b17adfe984e921aae13fe797dde7f8b3e747d6050743dc4f6264ed2ed277d658751345b159831f999f7dd8f
-
Filesize
924KB
MD588c147cc4060cb6fd2c592b18d8a3368
SHA174a0e34a774b27b694cb67a0298c3263baf2519d
SHA25608d991fe7974a4ac9c5d7315da060bfbc42ff15ab939acf175721a8599adc857
SHA5124b14988bf833deea292275858422887bc9411e318ad1f2413e4ab74a38fd7f2963b880435e423aa5fa9d80fb056e492637d0c7a420872892c347d5652ded40af
-
Filesize
147KB
MD5ac8f80498c4d08bc3ec29ccc6cd9c2f3
SHA1b3db59d1d0cd9151288f9c5584396a4c3ee5326e
SHA25641be6c9b5a4ea88064e5ff77169a5e9528d4ad21a7b82097e15c24201d1e543a
SHA5122f344e3dad75fa81c0d2cfbac4dadbdce7f4966b59ad515121b0e06dd6b11aed11e69028996fff0632c0e76a2e94ef5c7870beccb73d2dda0df930b053270f57
-
Filesize
833KB
MD5cc8f19922d904997e90a57d238928490
SHA188aa06aab7c373ff990a957bdb6847d17a7eecab
SHA25602ae64b4456acc1b541ee87df9afa26af6d38ffefb42905a5b69b31784968a4c
SHA512dd8a26ec5d60165623342157f57ae87fe8e3fde14fc16a55d8b3ec8a6d27abc21b8f784a2452602b63f1499862d5d4d513eb1fe7db07fb60371cf231c46e7130
-
Filesize
185KB
MD5fa93408b0110987d3ec2b4bd76d1db20
SHA1158c24ae54414ffb5c4d2e4ae680a074d9a1bcfa
SHA256d36acd18a9d36ea433a513be38b6d85120de8f13053f0ad946a0f2b86a991409
SHA51230f802ab7bd1bd9d6bbcd544a8b68d9a104753645dbfbc729cf8cb0fa7eedf1ee2c195ea845ab45b8cd87c4ad3e51c156b4fcd1b2fe1f125c525ee3e66f3ae62
-
Filesize
1.0MB
MD5f329544d027f74054f3b9bfaf2405d87
SHA10c161abd0172fac209a6a45028705482f86ea839
SHA25695e54e033c218931ad8a830f644baed16efba135fd88d7325c66355713c3ba14
SHA512971c059c560d9795d17a76d453d846e4d5fc6601d8145195ad808e668a479d7822b102884e476b1877db858500eb8e421b56e4a919701a83984035d90cbe6667
-
Filesize
930KB
MD51be483587cc990315f860e18aec160af
SHA12f9e8d2d1521df05bc9d2a8aebd16ace3c9ea7af
SHA256df4f7e5bd34c4f9f501216b6dfcbc601a4f4cf1990c11b87cb2e7b695d5b88ab
SHA5128882e89bd3251d13af16c9ca79b057cfcfa08f63fee37c572905b1a84d09a85a648ae5d5d2f152aacec0d465bf2099a3d28db20590c49c0fb6184de3445a03d1
-
Filesize
1003KB
MD56b1268a224209f777b14e9d6dfec8cff
SHA17e3891ab56a755ee45dc884a112fe2f4f44194a3
SHA2567dbcf503fce0ac714c6c418dea32d8b4589d5209f7c8b29ecb19301e17cc7c0a
SHA512e392ec8b46f08b57bc0041f25cd8da6ae1e713559c9841ef46cd161e87b00bcdcb99f75678e8d36fd2682643f7d15fd2d8ec9a79d22a07012095da880669f245
-
Filesize
166KB
MD50624015d80455c89d880829ed09de56a
SHA10b382aa13ae69d00815d4b13592f84360a69606c
SHA256ac3467f4dbb6a1833ed378ceadd843a172c756466f191792449f47e3b4788c4c
SHA512d69fd8c50e2d5a41474d24a47653d8ab86d163fd1c021623af4c6971ee3c414122510ec46c79e7d1008f205ec6f5705236223cd1d6d14c38600fc960abb6cf20
-
Filesize
779KB
MD500578cc55874c6afff69d80778d2e38e
SHA107e5eaed763bc772eacfe55334d77cb3a0becfe1
SHA2569c6c2b9a4bcebbf32e38633d38f9e2890717c465c63c0be581f6098512f44163
SHA512af14a68aa6772a8de949a36741efaf45614bdd5f9b5be1c8c6c2328107a164bfd3d9376ca97606fdf9c461d69c5e35973a51eb930e0b8d8177f087c56f37c351
-
Filesize
1.5MB
MD5251ea5c2091542aefd6b8bd0f069fdf2
SHA117bdcb6bb0bd9c25a43a3ee80d367c888cf5b6bd
SHA256e9ba9c557500389455706ef3c3aaef4611c73ce4728b06cf63c9230fffcf8ff0
SHA512662c63131449251dba1f1eda9e78210394bea4091abc4b11760040898ccb1298a2e27f43932a62c370e17a5a79e1a414efbbbfd1764999ca968035685f9390cf
-
Filesize
320KB
MD5c0d091612d96430df53f1c4a6393a9fb
SHA1a0717fef7867531c3cd133f350beda1c3952abf4
SHA256276d81a54d81acfa6c0f66daea112be291c622d93b41615b8b09ed73dcdae18a
SHA51242abc4c99a30f988333377e7cf534d231fc5915a1480db07fd4e37bf17f3e91d5a9eccdd685f5c69e718777b73eb5100a7994bd5b209475bb6ed300e5b6bab19
-
Filesize
529KB
MD538939f254b756f8d67bdb14ce46dea2c
SHA18992e51eb03de0d221b0a9da1b27656d05b20776
SHA2561d5669e8dcba79c6afe9aab78b4da4e217c2be5d5f5cbf524ac330a5f88bf867
SHA512c039dd6629e2953a9fffde2c8767dce34924737e9363d4f02fe102c4b8877eafa057231d4fde8542ed8be9308b112df29b78e8ac3942efe80cd3c447d8763e1d
-
Filesize
436KB
MD52afbfcb0d9ccc02217135298c461fe9e
SHA12f78fa2b0b133f5c9d5abfd167b84dcfd5a3c912
SHA2565c27319aaf330cf9188d1ee8e3c938e44fecba1b82e65ba38c475016fa668b7b
SHA5125875449b70ecb6bfc85962d68399c85904d18c69326ac3d649e83ba750777c98dbf43f00bd15ddd5e0219ff11f95eee4dee4080296bf0c0137bd3a93bd531e69
-
Filesize
284KB
MD556cf477c48d8a5cf10f06f81979f0ae4
SHA1aa47e013b22de58d86c0b216419ed60e96d8e544
SHA25688970d61a2da321b4f2c8d095474bcc421340bfb51d4b61f90f6f3f91e107fb4
SHA512b69ff13b98c2e4302d69c7b285de69f87d93a80d75e6f45e4ede54656b258586f477701345f74b50491f6e3c2d6d985312f1b6850f8d5b3914dc80f0b7c64bb8
-
Filesize
41KB
MD5c7e046b8e20d6020d101938b5f59fd02
SHA17390609c8b989ccaacb91923e577a8fb195e85f0
SHA256e83271c69dea966016c90f28ed6b6a82caec29d1fd762f417d3f86eb4381a590
SHA512cf6bc7d13b5772ca42b2bff1321b74bc09974fb2c7deccf8e1c251334cf7cb5d90f3df1a03a2152665dda66f834cf9357147ff7858c2198688cbc958d898e965
-
Filesize
136KB
MD5159aa97df9639900525decee6e7d422e
SHA1f102a0354ffb80d68fd6bfc3285b6b012beea0de
SHA256865402e3dc7b53e723e01f988e57743bf126b6123b55e0dfdaea3b3729ce6adf
SHA512c1efe67483c008483d76bc65f7a41fe4cbf4eb0b25b44b2bc457913f90eb0323d606fe0b151d28fe8d886842256f01ac05d46cfb51a16ed00d59adf99bb77c8e
-
Filesize
1.5MB
MD554c23d1a4bc4c8ad05e779e0108266b2
SHA103d05373836af844312b2bc2df543f05233fce6c
SHA25676c561f37e22f4499460755b3286d1cad3eae9d6a45f9e2dc2c4a0121ca17df8
SHA512b306995ad7fc3d7de9471070b5e10f78380ea94022de1da5e086a424f085428c90279e7e08e3daefb27b60dc94c163977b2ebf273b3c39a40db4a8e88ea42393
-
Filesize
1.0MB
MD5fd57cd6544c8b7f9c0a69aa9bf36ceaa
SHA17a45e959e02a206e1fd69ae29ae1d59bace86d70
SHA256be92905c30bdcc8f7f7d0ce846c23096fdb3ef6d5721f55a5126c4f83a7be9dd
SHA5120a4ee5ffb157b0fe3fb712c6f73e74de0580a5da617a62cbeb95d3d1fbf1a3fb7ed5096aa1413aa317a055030a63701d587a1693bb0a1e6b1d852354f1a07b5e
-
Filesize
113KB
MD5628725de4dd7948c7a8b3c39c6a12634
SHA1fc649b67a63be4c8ca8813014aa82512ffc0621c
SHA256410646463d868124d269faf86a496eb8a82b68da2d6681ec917d4a62b1440f8f
SHA5128077b57a9bd4d6ab0e0375992c831c05eaf04dd32efe51f36776d63d39593f87fe7ce693ef9348e3b87a1930a2887830aa7a9a31006b3c365a9e8403348db39f
-
Filesize
580KB
MD5b1a379858c46a5c2869d4b42bd8c5c70
SHA164056e47d2866a2a03d4ba8a4ad2dd1c91aa92e4
SHA2566cce218b1dcdcb8932fa520a76e35e8d41aadb408d03c34494197257456a0230
SHA512f170304870440077da49f46cad1810a5b8a04f5412f278c3d8701849b41e2857bac3925c32da012cdcaa54f46c16575b93aac80e655b7fc83fa40e02aa16faa8
-
Filesize
262KB
MD586c9ee04492040fcdc84399fa5677234
SHA18612d3868d0035e50992fb8077c2ee90f303ba1a
SHA2560248f00c745166c87f83163e357969308af88083fbdbb39590126c43f82a0ac4
SHA5128ae2cf57335231a3a55ec7b184e9566cfe7db226f08f242e49917b33178a0ec2ebcfb8d211c0dabf1c4e44f37ca574f098bd7bf9a8168c0e3a207fb54c8f0be2
-
Filesize
315KB
MD57ad8e6e6fdd6d445aaf887ff49435d9b
SHA1a61e85d5b2046c4b05e5791a9a4402bb4749b6a9
SHA25641be43655ebb08068cc277d6092086d59366f4f956d273463a6db0e7c6bb8ebb
SHA512b49b79dee950d4d7a90341bcd2e1d6e503dad647d1fd187c47fb54ee8a6cd3df46484efec8a9e66fb7593841b93d2095a7ef45d66244adaf2cc44fba4be849dc
-
Filesize
416KB
MD57f0f82714a346c6f90df0d7caed9a98c
SHA154e5cb434d6b07ac105c7632a0248b1269c64f03
SHA25697d5ad6edc8d7dcd6247c42186664f61ebd0689ceb05748307a13ccddaca4e0e
SHA512259758fbf2c454878cd9c2255ca3afde71ca25da08ff17f40b6880ba39a23aa8a49f9c00033a259cc6ac56b8697d3327c0bc25514240ba090c3cd3c6a5b33d63
-
Filesize
70KB
MD5e8494d664f8d3bc677c3547f171810a5
SHA163106df414e58deddd21cb7f938bf88973863d75
SHA25607e1a1d10a761fbc9cfe9dbda3259f318d21ca0d6504d4fe2fd6c9f911e68a7f
SHA51226b614280abc839fab5550370c7e6971bd3faec67b150fc95fa25b07bd82eee577c309d29993867a78a3f3aa2530067f5dec3190d2a3fd9c61bf9950db8ea42d
-
Filesize
1.2MB
MD51f3e29ca9578808e263f036d21173a9f
SHA191332e2d65e13fae4f55ade6614dc5b3f17e0fa5
SHA2565e3eead1be1a313d8e613f294c6576cf1a1eafb3331ce4724e4bae9608d4fcf7
SHA512562855abb8a9409ebd2b143af3b64ad270fdc5c47951bb3b1704e4decfba62fcbb238e891499dc3df96c85703545aeaf2136966fb508f8fc077628424de77878
-
Filesize
552KB
MD59fa0b584cc8d1bb70d79bf1b77d0c1f6
SHA1d6923e25c8ea4879afe74781c6035ee83899cbfa
SHA256ba0d03d620874db252506894b984ae655ace1e88c2aa4178f3d3f50cd75a9f50
SHA512f1ff5ac53254bfa033e85a9607d3769c5521228dd60229a965306498e887f544410692f91b9683f5341a84f4991d088e4db9eab593769d65d278642a9134927a
-
Filesize
1.6MB
MD58b7437ebb5e22739e545a143fc998209
SHA19cbd431058f08f12b3b040a7e5af0c1b9a0310fb
SHA256dd29311d59c49ff4392fbf7b5590ad75a78e58ecc791c58635623ecb6816117b
SHA5127546a6fe10b2ff3f49cee53061c35531c4fbb42af68634edbba57f5649e5cae5ec1f0431b185854f8bae2b10d539b1fd50ce1b1c45ba47dbbe695ff0e9d1158b
-
Filesize
1.2MB
MD5f25cb6380b0848a321862e2ac9dfbc61
SHA1006d3695484a39bb061db439d2930acc03dcd421
SHA25644a253251f3038990674bf990bc4662be354033de116f8fb3fb225a9d32a921e
SHA51201df2ffc242ae6ce242bffcbe58ad8667b9d93713b2692f14797cf9496eab9d8567ef137d6a772ae4b3710ad960549bef7db4b41477d78f98eeacdd7b405810e
-
Filesize
571KB
MD5c00576bd7637fa1212affcd3ef53ffcd
SHA14503a4b78bef2af14e550f880300ca93e8ec8c80
SHA2563dc5a27b524a9781908e91e72d93e4a2085a819b716d46979c68d2ab7376022e
SHA5126b891223ec1f1831c99d0a2d05f4daffbe8490d42948d19d4fc777939b06338b845133ef1f024d6a77adfdcd2c427578fc37e52220a52c70896d87a950aed6aa
-
Filesize
45KB
MD5fd34911603fa90ab6c7fff0280e2ae27
SHA153c67f6d66e7f3982d91f79713bf0391d2b28818
SHA256fe7d0a3de962cbbe9376856d8d37a3d566d995b156ff83de5827a1d8d040b331
SHA512cea17a8347209d57e82f60841719f3cbc4fcacd96cc3805c2df6835191d6285b0c93e69ed8560e1c818094493e61ae812224cf76ad61dbeb0559771f5caf4653
-
Filesize
219KB
MD5adbfcaf1744b001cdc9cf9853d09ca82
SHA1e0192a58c37c1270f2c32a2e70b37079b54e1656
SHA256805e211fd06805cb74d87d88a2a9406d240213f6c0f44f4fe309c4a9d6169975
SHA512defc106689fac1f81673ad30b1ccf1df64d0e05d18748385654762760c4e024c6266a647ce52238a71534efbbd647c956b87b21ded3866cf816cb8225a3da1ee
-
Filesize
995KB
MD529fc6b6b8573b1b45c41568a6bbedb46
SHA1651214d76b231f57d8ed81ff052986b61bbec4db
SHA256d8beec34311f343fe1b317b2386fe2a39a95e88dcd93fe5f9ee9d89b0ccd6fe4
SHA512c2f2822241fbea23bded4b3308291479adf299ceb1a4c2b6fa8cfae83766d6318b7214f1c07baab98a74ca954cda41fd80575870426b901c30f9a6f7eb2bef0e
-
Filesize
989KB
MD5e3e0b55d5220a2ada11e0255197b3a46
SHA1578f9a085cabfaee3c36a4da0a74099f5c5702b7
SHA256de6e09942b2cb0d7ad103c84162f1d1d4728f25678236618137b0cf75f65712a
SHA5126d3aebac7f07090b2db7999da449fa770bc6e7f0d174b7f85623bc9db82d02bd5961e2396eff5b949e6cbd1efe307c56ac4fdc043d0076b025774e6be6280b37
-
Filesize
477KB
MD5be2da19a8595a4657249b1435d088c68
SHA1cd966eadd947bd99f671d72b9b29b6a9daea1e73
SHA2561046796fd6f1d35a071113f3763f821ea4055f6d3d6a4abfe27ecb38c08be957
SHA5126fdd22077555ecde5b8444284eabf2edef8cb2a75eabef2f7eec2af3e18940df823b56713129f35d57272d140f1a4f454d614bfbc326471e8c7d059d5825a857
-
Filesize
1.3MB
MD5e0345870210d68df526b51d184fdd031
SHA1e42ea242d32ec1ad440c82e24e1ae271c98aafcd
SHA25614140c6c94cfd48d2da2dda29abb6cfbff3f3a8ec9da8aeca6914bdcf5953071
SHA512c313a373cdfd8e5c44acf4fbc4da342710966af81507be560804b7c9b0143b2efbf3899cda8278209bcf02dac6d4b903fe764604758c1077e639fd29e415fed5
-
Filesize
1.5MB
MD577ce01184957dbeb745d41094ede0eed
SHA137685eb77ded93b07db7157d82a4e11c43eadfb0
SHA2567b768ff4717d39c9cda6fd4b34d9e58e644d5ff07a40dc4ca926d4b17f8abf30
SHA512f11eff9bc683254800f0504fb460279343a2997d616dd4017d3ed2bd4e9550eef313c803502bde7cf4117edb94eab42d0211bca1fd97d10ba474b576a87af86b
-
Filesize
1.6MB
MD54b976a48847d093301ad3ef2e7f3e226
SHA167b620cb09ac715b644cd0ef904b90f666652c46
SHA2564ed48e2c81275431ca9e5081e4f6c3dd55f96e9032baac569da5c4482acbacf5
SHA5127a1f46934709b997c36b424e3e6a30f4f843a94e771ed2dd73588d03ab722892165719a663f74b304c8024ef8c1d6a4ed47ce0625666312fe1e5d738a6f2d84d
-
Filesize
128KB
MD57dff18497ba9708b93afde724af6a889
SHA1ad8aaf73d53d3ab1f0356e391544d5f0826a061f
SHA256819eac8616402e360331cce78a2dfa17cca78add5aaaea4636262a18842fd489
SHA51283bd132eb02f50c3bef59f4320217063b8a9e90640f49d0b48f63932b3e7d775061b39af5d5644efd7a207b06fe9bbeec0c586b7896c281548d2628688d858d2
-
Filesize
558KB
MD59442e1f7843e88add01bedf0f04fcd43
SHA19d68cdc881b4b373d8b8125edcd9a468c32a75d3
SHA2569088c05b0bb51cd25f4d243d68e133d4487436955d1733eefd21cbf02c24b6ab
SHA512cae7c2dd66cc6b6515eb080505f332f3d4d53a6227c79ef0e63af24593f17350251612cfc150dd2a87386f513a279db5780704d5d7f51c3fce48223736c2f6b3
-
Filesize
546KB
MD5aabef1364a07894846d81efdd52bf198
SHA14f0d0de8c6daa6659f22a1edac9c667727aa23d6
SHA25684d1c75391aa2af943e0f0b4440f29495c43dc42347683a1ef09e09d62220fd8
SHA512241a3795ab89a7a5872a5fc242977c222f14003fe47066e6a16605d0c99f4eb8e327880a6d92d251a505fcc65d978edc72ba458669ad7f460aac9f9f0250c0c2
-
Filesize
236KB
MD563c75ac04b2adcecada220ae47b1a54b
SHA134a17f596254457e4465ab569594910dba05c847
SHA256b8ceef04b867e1f43bd5790a6568bada3aceda052100af0f4151d84dbd5740db
SHA5123b8b5c79bba268b6dc534229105d14c4b0d560383e1ce7588c4f4d64fdf01ae7401e1af6aeffb71efd54f7c12723bcd4cf970afc398966ba1bf6f9734e5ecbd8
-
Filesize
326KB
MD5ca4ccad81fc332ed4deac3e58524e035
SHA12711c5199ad10230a88e68b49c8d59419331da1c
SHA25628bd59533975ac9327aaacf122045bb14b9bab953aa40e1621c1d230ab8e933b
SHA51219331f393dcbad165667203e401f037417567bc6e854955c3316a429a9861e342f74d7789bc5fe645deb5ea0f32e4dde3618cb700e89855c5907978dda776210
-
Filesize
74KB
MD5337afaff1af7a7918fde477edfb4cb8c
SHA1b3c8d8fe597bc979ba9d69af28add2ce9ea495bb
SHA2566cd97c881545c699834556acf98f4d03bc9c261f83eb17515e6d1281e036b62a
SHA512fcf3c66d7acd63ab0cee02aa6a7e92e650fbdbd3a3ae34beb00fdf277f997aaed9a50bccbaa9d9fa445e61b4ff32318db1b9cff2a4e5c819f2a4d497074d6897
-
Filesize
423KB
MD5249f6ee4c3f1a2b07d2e051acdc6e1ff
SHA13c4e1b91b83fee143bb582150d40e6cf91785001
SHA256394ef8173410ac157aaca8f7660a83941e965f0cfa9d598e3016d91b0488bc9e
SHA512dc3d2ec9dc6da0e6dab45f60aac4f42f7a9c85be6ed55aa56f2ffbb7d5e560bfbe5b849f4938321f421ff6e8fc529be2daff040f349de70d2a5625da752d9c7b
-
Filesize
64KB
MD5a461bb012297e07d08e81c2a03b917bc
SHA1940581077d2d8a82db571cf783ff7391dd77a589
SHA25655f9e175682e54cdcdeb205a6b8e69cbd870280a460c722b39ba571b366bfc07
SHA5120e9ccdd9c6337cfca90b7593f486468069288692ff43f7c0366c95cecbfe6a18f51bc42bbb39d2520af05b101197f6cad36956333c7bdccfb0ba62c0190b7889
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
9.9MB
-
Filesize
412KB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
384KB
-
Filesize
4KB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.3MB
-
Filesize
384KB
-
Filesize
84KB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
412KB
-
Filesize
27.0MB
-
Filesize
27.0MB
-
Filesize
412KB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.7MB
-
Filesize
9.9MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
412KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
412KB
-
Filesize
1.6MB
-
Filesize
412KB
-
Filesize
1.6MB
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
1.7MB
-
Filesize
1.6MB
-
Filesize
412KB
-
Filesize
30.1MB
-
Filesize
1.5MB
-
Filesize
1.5MB