Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31-01-2024 18:51
Static task
static1
Behavioral task
behavioral1
Sample
ClipPlusCommunitySetup_ns.msi
Resource
win7-20231129-en
General
-
Target
ClipPlusCommunitySetup_ns.msi
-
Size
17.1MB
-
MD5
b82ada91e8742234257d9cad38deebfe
-
SHA1
d1278efa9729f955de1dbfcfe53550e67212ff9b
-
SHA256
3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
-
SHA512
676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
-
SSDEEP
393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/
Malware Config
Signatures
-
Babadeda Crypter 1 IoCs
resource yara_rule behavioral1/files/0x0008000000013a71-104.dat family_babadeda -
Executes dropped EXE 1 IoCs
pid Process 1932 dsw.exe -
Loads dropped DLL 18 IoCs
pid Process 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe 1932 dsw.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\W: msiexec.exe -
Drops file in Windows directory 10 IoCs
description ioc Process File created C:\Windows\Installer\f761b41.msi msiexec.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\Installer\MSI1C66.tmp msiexec.exe File created C:\Windows\Installer\f761b3e.msi msiexec.exe File opened for modification C:\Windows\Installer\f761b3e.msi msiexec.exe File created C:\Windows\Installer\f761b3f.ipi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\f761b3f.ipi msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev3 DrvInst.exe File opened for modification C:\Windows\INF\setupapi.ev1 DrvInst.exe -
Modifies data under HKEY_USERS 43 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2912 msiexec.exe 2912 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2352 msiexec.exe Token: SeIncreaseQuotaPrivilege 2352 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeSecurityPrivilege 2912 msiexec.exe Token: SeCreateTokenPrivilege 2352 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2352 msiexec.exe Token: SeLockMemoryPrivilege 2352 msiexec.exe Token: SeIncreaseQuotaPrivilege 2352 msiexec.exe Token: SeMachineAccountPrivilege 2352 msiexec.exe Token: SeTcbPrivilege 2352 msiexec.exe Token: SeSecurityPrivilege 2352 msiexec.exe Token: SeTakeOwnershipPrivilege 2352 msiexec.exe Token: SeLoadDriverPrivilege 2352 msiexec.exe Token: SeSystemProfilePrivilege 2352 msiexec.exe Token: SeSystemtimePrivilege 2352 msiexec.exe Token: SeProfSingleProcessPrivilege 2352 msiexec.exe Token: SeIncBasePriorityPrivilege 2352 msiexec.exe Token: SeCreatePagefilePrivilege 2352 msiexec.exe Token: SeCreatePermanentPrivilege 2352 msiexec.exe Token: SeBackupPrivilege 2352 msiexec.exe Token: SeRestorePrivilege 2352 msiexec.exe Token: SeShutdownPrivilege 2352 msiexec.exe Token: SeDebugPrivilege 2352 msiexec.exe Token: SeAuditPrivilege 2352 msiexec.exe Token: SeSystemEnvironmentPrivilege 2352 msiexec.exe Token: SeChangeNotifyPrivilege 2352 msiexec.exe Token: SeRemoteShutdownPrivilege 2352 msiexec.exe Token: SeUndockPrivilege 2352 msiexec.exe Token: SeSyncAgentPrivilege 2352 msiexec.exe Token: SeEnableDelegationPrivilege 2352 msiexec.exe Token: SeManageVolumePrivilege 2352 msiexec.exe Token: SeImpersonatePrivilege 2352 msiexec.exe Token: SeCreateGlobalPrivilege 2352 msiexec.exe Token: SeBackupPrivilege 1704 vssvc.exe Token: SeRestorePrivilege 1704 vssvc.exe Token: SeAuditPrivilege 1704 vssvc.exe Token: SeBackupPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2800 DrvInst.exe Token: SeLoadDriverPrivilege 2800 DrvInst.exe Token: SeLoadDriverPrivilege 2800 DrvInst.exe Token: SeLoadDriverPrivilege 2800 DrvInst.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe Token: SeTakeOwnershipPrivilege 2912 msiexec.exe Token: SeRestorePrivilege 2912 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2352 msiexec.exe 2352 msiexec.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1932 dsw.exe 1932 dsw.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2912 wrote to memory of 1932 2912 msiexec.exe 32 PID 2912 wrote to memory of 1932 2912 msiexec.exe 32 PID 2912 wrote to memory of 1932 2912 msiexec.exe 32 PID 2912 wrote to memory of 1932 2912 msiexec.exe 32 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2352
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1932
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1704
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B4" "0000000000000554"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD500051be04d5c14f13578807582e404f9
SHA1fce85a9e1239029e79f822d02f10c9ae30414455
SHA256c10f816c392ce376e616f75f87bb504a9ddd3a73a989b6b0c59ffe5b60821797
SHA512453ccf1e135b8e0b208eea8f0814aafc9e9f36037e42b18014a581b2ced04278abfa74f53c6e14719dd6f23b7add44dfa1920bcc04e119a6a25c51097e2b0d83
-
Filesize
1006KB
MD5f9911a4d1a056c621dbbdc1d36771198
SHA1d59d48ece6cfb711e8904f3b7ab6563cfb64af3e
SHA2565370189b2ad314de53c154882bd15483abf538f7e75f5433d2eb8e813c8f53a7
SHA512dfe42799bc49649591045d7695be6ae2ec21402317e93cbb3cc73f392aca808b957a661af4baa7d362ec92a1820c43d39054f3fa46a9ac8c7099a21e3da83c15
-
Filesize
1.1MB
MD57f9fe032400155aaacea1b4af6c46e07
SHA1af38169b29c1071b60db456aa7e96d302e12a6df
SHA2568b1512696095e1e1d29f2d91a2d79d32b1be50899baf56ede3a6aa5c2a79810a
SHA5124d4dd63d5604467f58d59ea260eb10719acf05980c9c29ce339085502ee21e6e9b804c486106b1d119fb19190b1246acbb87b280c0f83aae0ffdfd1c6e1bc038
-
Filesize
1.4MB
MD527eccfac916724fde89be05cbcac9d88
SHA1da75266a674627cc9a5cac6b9c371ebc20c9bdce
SHA25629627dc6709e5f53fd63392ed946ce7d0d569f636226c09330755d9a1a3109fc
SHA512259bc2b047953d360b35368ba8014e356f72e33d37610548c77224139a2a84715d95fec8cdb4366665934f24613a4993c8f858b34302a828cb1ad71596445d24
-
Filesize
1004KB
MD512a366b12ca1c0cad3ea3ba51c973f37
SHA15293a879d2cbfbcf10bce052125b51a31f647ae1
SHA256be010427aca3f13f48d62c788c236fd9a7f81eaa4cb7e19798b51fae78006b37
SHA5123906b584143d146ebba17ec3d8971410496c7e0ad4d698fb9af1733ac23c27bca40422243035f4126eb6aee8ef8dd810b37e26316889ed18d9c05bac6d149f10
-
Filesize
135KB
MD58e58fcc0672a66c827c6f90fa4b58538
SHA13e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA2566e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA5120e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768
-
Filesize
27KB
MD55efb2702c0b3d8eeac563372a33a6ed0
SHA1c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA25640545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA5128119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794
-
Filesize
1.4MB
MD55ef8c4d3d856e99b366155ac40dbf0ce
SHA19373200841a4ccbb96cac41b33a36997eb2d252b
SHA256189120484b8ba64a3405f8ce693e109c54cfaab8e9e8e854848cfe7900560d26
SHA512a29e7b20051ea64f0ba2cceb743d9ba04c89b30ac73dc0bb1ffd65231ab82a7d0f18a8d5925fa3e7ef3ba625807bb68cbba1469306996b527606ff5002737bfb
-
Filesize
909KB
MD5d28239a4095f7866dde5cbf630d15e41
SHA12564f81c8e806009c23ef08b9cd802396ea71d58
SHA2569ec35f0b24e8c7b1ee08d86fd250e3e1a9c94e6e83986c85defafdc565153fcb
SHA51299af8c22c745ab6814dba97e3c22cc8fe3dd0984b759ee90dd02a3837604d6e9bb11368cebdf25a33784221236b73af77f8fcbf4b78becb134cacf24ebb1184f
-
Filesize
1.4MB
MD51898e8f139af3c37c7cb695ebba30dca
SHA14ff0c9a3da840f12ea5479a0ec92f6fe0a01d0f6
SHA25621f44ed011011a676dcc5fbde05580b64153764ebd07a9cc73fef6f35e7d0ee1
SHA512e2ca27b9849e411ff5276b969b29f571149e68e7046745a7acb2c2a666b7dedd0622916867ce4efa3268e5bbb7c408df02a22393f847303f5928da6f4589d413
-
Filesize
1.4MB
MD57f6db664f58c19e922c3481cfd742b52
SHA1ac286c6a59e109138c0403f3654328d3c2b022b5
SHA25669e1ce56f3990e42ad6b45f86f9c56a822535b7bf73317e566b98367d82ebc68
SHA512f6f29abd4cc5c8becacc411c939116069bf49bb3bc87cda50fd2a9912610987b8202f700742f36d603f4028032f9871975424809b8b8764277e34fa06bfdf95d
-
Filesize
1.2MB
MD5985196b3967c1940a047ddeb59bafbda
SHA1ea55a92256dfe1631f90fc34b75dbff6b817037d
SHA256642c52c3fa5973b0ce8f6177b5fe0292e7c9335af258df47c174d88473af9770
SHA51260fe0d4c45b194d89b9f36ae54334f5d878e5c25aaeb1fe04c85419f5f97b0d4fb1d15c0c47d4846c1f96eb45273f9a912f1d83393675a1a577f49df7d412b35
-
Filesize
379KB
MD5e98f595caa5ee23e8a3e46d83211da9d
SHA1a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938
-
Filesize
1.8MB
MD591b965948bfa25ec7f732d794d8a85e6
SHA1a526be7e7886ef0501c05ab6d7ab20b68e91fc45
SHA2562cd80261c21d29ab2b1f911b34f29603eeec9d55580ba02f140454d50244f414
SHA51255346802503d04600966ec34927ea3dc9fd483351a6353c78e2347747fe92f380667743f0a6f389e35f7a0b5dc2671fd290649a6d575b7c26b04590ebbe46d44
-
Filesize
1.2MB
MD557229daf7268b85089f61e22760de6cb
SHA10202ee5cb4ad4da9dc5135c8a5fd959cdaecdab2
SHA256373bd73b6742b1415e82a8d20436f4109136d406e6ab2ac6a10a22e17466d98b
SHA51205e6ec80c4d7fd5606afd61e7206a2f46488494bda330d1a4fe9c2057da1a5f59b5a256d61a0da4d1640fb0f75a745c35bce6c5ef44a0a1e182e916bf0a11778
-
Filesize
1.9MB
MD53ef733c8a41234ac5a79c43f4474df34
SHA1ac076f0a2f24d460ee6aafd931096be69dcf1c6e
SHA256365e8a6c352c8d39e685e220244f8a6d5cd536e04a175e2dc0c8c54426af6efc
SHA512699f173619c00a6790c4896efa4dcb9e124d4b26973a9e288c4ecb5a22ec92ff56117e00726c085c37c30d51011286a1512a9b46782333e811926d491fdd68c7
-
Filesize
1.1MB
MD5658276a6bf6c17511f54254d56cd9022
SHA1b9af3a23d41aa2bc2bf1f269e0deb8749896c584
SHA25619b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a
SHA5124de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae
-
Filesize
67KB
MD5d8ccb4b8235f31a3c73485fde18b0187
SHA1723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA2567bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA5128edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713
-
Filesize
18KB
MD5ff3d92fe7a1bf86cba27bec4523c2665
SHA1c2184ec182c4c9686c732d9b27928bddac493b90
SHA2569754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA5126e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db
-
Filesize
31KB
MD5a6f27196423a3d1c0caa4a0caf98893a
SHA158b97697fa349b40071df4272b4efbd1dd295595
SHA256d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA5120a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0
-
Filesize
76KB
MD55199d6173a6deb45c275ef32af377c3c
SHA1e8989859b917cfa106b4519fefe4655c4325875b
SHA256a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA51280b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8
-
Filesize
75KB
MD546ede9ea58c0ac20baf444750311e3f8
SHA1246c36050419602960fca4ec6d2079ea0d91f46e
SHA2567ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7
-
Filesize
164KB
MD589e794bbd022ae1cafbf1516541d6ba5
SHA1a69f496680045e5f30b636e9f17429e0b3dd653e
SHA2567d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA51216455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000
-
Filesize
141KB
MD5b6022150de5aeab34849ade53a9ac397
SHA1203d9458c92fc0628a84c483f17043ce468fa62f
SHA256c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA5122286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade
-
Filesize
31KB
MD5d31da7583083c1370f3c6b9c15f363cc
SHA11ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266
-
Filesize
21KB
MD5cdfbe254cc64959fc0fc1200f41f34c0
SHA14e0919a8a5c4b23441e51965eaaa77f485584c01
SHA2569513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA51263704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610
-
Filesize
1.2MB
MD5eeb2c9f79926c1074703c378fb27215c
SHA1df632ea453d0986aebb5961a7874c25426e5885b
SHA256ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c
SHA5120ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406