Analysis
-
max time kernel
1800s -
max time network
1793s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
-
submitted
01-02-2024 15:23
General
-
Target
refurefy.msi
-
Size
4.2MB
-
MD5
e0e692aebaa2da2506ed840863673a8c
-
SHA1
8d2410aa0e2bc6b62cd4ef8a4278434661e62561
-
SHA256
1eff3c163f78ac2db6b1b3140f2c8995d60eb305698fde906628f7baee6628ba
-
SHA512
1521b7611f502fb1fec3667b26bff5b39d13e55cb942d2123bf90e28120782e9665de501b68d968b66a448c9a4a426be3431fbe287f2294010ab5273ef98acd5
-
SSDEEP
49152:npUPF9qhCxzT+WKjSX1ZzLVI4QWqyipO4+JtbjeYvd403NX9tmH3b3zB37irrrri:npoCQ1lLe7Wz1Jtbj9403NX9tmH3bjH
Malware Config
Signatures
-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer 39 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Blocklisted process makes network request 11 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 9 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 32 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 49 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\System32\InstallAgent.exeC:\Windows\System32\InstallAgent.exe -Embedding1⤵
-
\??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exec:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\refurefy.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 516943C583D1A8767302DAC5C22331FB2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ICACLS.EXE"C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-aadd16b4-e56e-4f78-ad74-6a823f0e7962\." /SETINTEGRITYLEVEL (CI)(OI)HIGH3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\EXPAND.EXE"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files3⤵
- Drops file in Windows directory
-
-
C:\Users\Admin\AppData\Local\Temp\MW-aadd16b4-e56e-4f78-ad74-6a823f0e7962\files\iTunesHelper.exe"C:\Users\Admin\AppData\Local\Temp\MW-aadd16b4-e56e-4f78-ad74-6a823f0e7962\files\iTunesHelper.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
\??\c:\temp\Autoit3.exe"c:\temp\Autoit3.exe" c:\temp\script.au34⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\temp\Overdue Account Letter Feb 13, 2023.pdf"5⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140436⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0114BA39F3A9CAB6FE92764FAACE8F4D --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:27⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4E535A31ECAC73C9FC353B20EC09561B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4E535A31ECAC73C9FC353B20EC09561B --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:17⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D291175D4D6A2AB001E6C33B104D4208 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D291175D4D6A2AB001E6C33B104D4208 --renderer-client-id=4 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job /prefetch:17⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BC7D17DD4C2CCFE07A4A100F45902B90 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:27⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F35C6E7FEDFAADA4EBC624E731ECEE62 --mojo-platform-channel-handle=2632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:27⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F5F837AB806AD14F2CF62C91147124FD --mojo-platform-channel-handle=2780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:27⤵
-
-
-
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Scripting
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
907KB
MD5158c76e3e09819ed5aeeb52a7182621d
SHA1e0a744e0319bb4ca2d274b641ae0b05160d78f72
SHA25689e643b280af63e6b166a4da96c80771ac78f72cb2bb22af9493163cf97770ba
SHA5127bbdbfbb35770247491155fce70247d52833f4790c8b7422907b439d08f024da144c97f94c9433ab891135fd9c76c23130e25c60441093c49878d706f2bd472a
-
Filesize
1KB
MD5f71dfc211a228aaafe794af07ec6605c
SHA185b420239da0c855b38d30ca31fc921e04c8a7e5
SHA256614302592fc07273e80270ea80d371f1255c0d6bb899bb4899c701c9b6ce0cc4
SHA5121e9ba749d38c154a0b77eece802bdae39d07d846c87f8dfd8490e9c9ee47d26c1025600f9799b30ef5a6ccde8e3a5ef42513266ee16cba32387773060882bc75
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5f0c9654a0b8e0d8b1fbdb54e37d73327
SHA1866524199958d75b120514845126b53bd935c430
SHA256ebc872ee20012c5de39cdbc8915b86bb1b3b99d6eac03f0da5cdfa200599d340
SHA51280ef3dbce94756209415663f41f854bc27309f0ff9ca68da3fe1925bece0b4139363372ef0b50d39a706ecf65409fde1ca966d129205846b08863af4fa7bffc8
-
Filesize
2.6MB
MD5c3d84f1c24731976079104943347b580
SHA128e676ebd3432f61a1a4b9441415daae5f851911
SHA25664206426ade2658280b9150a2b76cc0d15f53ecc01fbc5d3b6e282defc0a70c5
SHA51251f2ab667158298ee89272b9104526f4671b809fdf8314660d790824e579b269e5ba2ec5f1c2ec49e63581c6e4be190a72222d381c6001696a303158d72dbb55
-
Filesize
380KB
MD5c89f66813417d188517d9b494a240a17
SHA126f3d808bd4a4b495328a428762d4f19338ecc81
SHA25623a8068e93190122cd9f5fe22f1d3b40af7d1f2fb8d77c91c887a65cf2106ef2
SHA51218b3f65ddbcefe47dbb4e089f92747b0cf0edbef3497b2f15cc1a709902e423e60892d98a2c31a3935bc92740b74837e74ff677ccad2af381ff5c1fea2f8bbf2
-
Filesize
358KB
MD5ed6a1c72a75dee15a6fa75873cd64975
SHA167a15ca72e3156f8be6c46391e184087e47f4a0d
SHA2560d8878cca08903777888b3681f90e4a07c7aef7d9600a67dfa985844d4bf5eda
SHA512256c2ebfeb42c2d3340d8bb423ef0ae48d5fb9fe5ca09c363595f51a03007482b67a777e4cae7a8194f69bc3a3fbcdb9abb5c9f92097925272431bb9d50f5c03
-
Filesize
351KB
MD5cc9709e861ed97b68a19585276b81774
SHA1e3bd87f9141fd490ca61bcef838d70210a07b3f4
SHA25679a4693380e3c672b66566850b29129c41a8fb12d7f43191e03275c7afdc4b5d
SHA51230cc98bb494bddcdf16aac8aa8deb54b6c4e32a79c36d0eca2ddccc49c6e449a6da1048264639296276918761272e865ce4b7a25621db0628c7fd305c7bb2932
-
Filesize
215KB
MD5e0d455df960f353268235550e6d5b5a0
SHA1a026db0c704275958c3bdfaa041e1c0544b98e45
SHA256092f88316257444f343a452a1b2199dedbdcffa8505365f28cd29ceb8cb62480
SHA512a100ad2d583ced12edcf68515b246970bb784d8b18724eaf93002c35b83975f0a6e2bb496bdc74856eb02147beb180ef60062b7eafed47ef512b15751941c881
-
Filesize
1KB
MD56971e6ec200cf4d15c00298e77bf223b
SHA170bb10f80df3ab516e6cb42fe53fccee478e2a5a
SHA256d7efcfbf866265dc6599937c25dfabdf6c9c1f927c4078db0eda307ae969464e
SHA512ff1af8971928cab8d64a8a305a6fb6f8e67eb4f89bdba8bb87abde7ede1007b507d2d7560730196163c2bd3f419420779d1f04f6442d485f93ac01ddce0dcd07
-
Filesize
1KB
MD5e76b3acb65a87230c61e1b4a511b21ff
SHA1f67def9aeeba369ccf6ecfc817534b961382e880
SHA2567ddb3253ad5219024dac4c1408962909c12af80306b3b125baab06ab86cc184c
SHA5120cf1ac686a6e4639000b220cd954973ab4acade889cd42512737a73f36ad5f9368954ffebffcfeec32731a255dca1deabf280bea96cac5ed5fbc0ddada7830e3
-
Filesize
32B
MD526dc083b46bbee26835e1e310db91abb
SHA13531403f10abc018c4450f7b41451849cc594864
SHA25669085d4d05f9be712bded9a9b86d17cac2a65a938f3aae430772641d18a16b3b
SHA512ae1dc413c34d67830ab64649cf820c3f759ef081ba796e91a79d5aec9bbcbb29e66bcb9b5505d520298242924a8f9727f9eaf5062900d24a813c5096a64b065d
-
Filesize
208KB
MD5d82b3fb861129c5d71f0cd2874f97216
SHA1f3fe341d79224126e950d2691d574d147102b18d
SHA256107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
SHA512244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b
-
Filesize
226KB
MD5d7ffa0ac323f9568150c0c10ff99d421
SHA19779ebbf2dcf026fb8e5edf06eb57e3e1cf5748c
SHA256041bc6ace56173a606ab6a4e4690483d446a990d44f74a73cb0fbcab00a6373e
SHA5120ea352a782f9d4ad6b05acd194ff318ab8b2986285d72882ced665e5f6730abf7cba722fb0c02a20a125ab45c0de6120be53412a7d367227d0c49ab196374d61
-
Filesize
330KB
MD58c1721e9249b7b2aea4a6f4270d14420
SHA1aa5b2c59d1f1e082e41c2d23d806c11a6ce8fced
SHA256370d9a78649f181edbc0ca8026ce9caa415b99dbf8acfd90f64a9b9de370e0d5
SHA512910584b2e034c2f02963754f982b31bdf8303f6f598badfc870c637219d70fa5413d3fbeca30bb5c4f2a9906469a9128ad4d048848bda71e7366e006e446bcf5
-
Filesize
4B
MD5fb30ea8724abf16b86597b1d89088a82
SHA13230d29448bfd9397f889ef1ae6ac210d6774954
SHA25676291ef7cc902f1b1b7b13c4639813077f4fc3460e5c4593224710e391eac4df
SHA5128c5ce961d7eb201cfca936e869e77cfee879e51d99ea8f38e31e7220bc53d229de83143cc2b9bbc4202f15f3862a13a445aff24305dcb6aee45386ce9a2835cc
-
Filesize
4B
MD5af2a6ed88adfc23ff0ce04539b83fc43
SHA109c201a7a10ac33769aa9f92b60037b547bd2715
SHA2566b63868b17c777048dd4e6bae96403d11e038c94e19f33ad63a0a1c456053989
SHA51284248cd42d3576a778f9a5a859027338503ebf3d9d57eb227502bea8f2e043fbcc6a275433b557649d3609f0000e52d0d93a123c1aba64b05b37bee7a1d5fb8d
-
Filesize
4B
MD590525e70b7842930586545c6f1c9310c
SHA17dc0aa810e80b3e4f82035e4cbfff2067cd47adb
SHA256bfc57feb2cbcfaf1c2f54172ff49665bbe60629e9cc1494b7a77a7b2baff3743
SHA51299372eb71aababfe9cba68e943e2ead193804a3334f2f49ba6d68454c664424324235456de155ba2d784d0df9d556d9da80d464d1f7b37dcd176f049a9a75f9d
-
Filesize
1.8MB
MD52e83114e6df038f5a187605e4dfe029e
SHA12b06956e69aab3e1360da8bc234697587c74b3f1
SHA256e9805a3a27e4d86a8a70f94722113126822458a3311795b80d11c9da7e70477f
SHA5126116d2df9a5046073d0d013da103491090a0df68e46ad89d5cb939a455fd70d3e6ea09e9bf363252e0fca48135263f24db1388ae0a56c6b3b594f23d89919796
-
Filesize
5KB
MD5de7f8d8f29a85fd00eb35023a611371c
SHA1c36b6d2cd41e6b19f73da8225d3ec5a77e1a75d8
SHA2566152171dce2462dc46b790a5bcccd85b1c929d479109c0d5f45cd7ff6360f38f
SHA5126f29249427b33d888dd61eb9e43808b2bfdded93517a82ac15aa72c498c44b22279d79849847866deb80ef6a7ca55aa5cc56d38e426e638c7958a77934024cc8
-
Filesize
25KB
MD5343f0a1c1340fc3a54bf70628d490ba3
SHA136721b7b7d601c9f957714c150a1c2403520866e
SHA256e57b7d9d66c439f707d4e85a529b466eb26b9428dda326b424cb205f2fa82a7d
SHA5126e41effcdf5612ef007567d878f2a46c7a16c679e487d7df1b106be18df9a2fc2f0a415496a3d3dcd32b51003c9bb02989aaae7f394bc392f42be886bb8d2a6c
-
Filesize
214KB
MD5de95db6503fbcf212f01e0ecca6547dc
SHA134fa88c6ad0c40cbaab023de9a587f1ea9f9931c
SHA256d86b693627a0d8fc26d096aec0c2249c197013440b079e654452dd42ed94f2c5
SHA51247e9d176c0f95ce2d1d4d26d8eef386347230dbdedb8c7d5544c9c3d1ae29861619aeea38f10be8828f1f41c65b1aa9eb02f870fac4f6adc0e777eaad1b174c5
-
Filesize
76B
MD5dd1c5f83309a94272996a07fcff8734d
SHA149e1d44a0a18668407abf825dba95cc8204ed359
SHA256eaab4bcfc55463f2ba708eba2e3e4a707c6e75513d5b9e84075b89979ea132be
SHA51210563c675cfa2b1133ac3c3624f142c35064494af052eb031ab7c82cbfc688e44e00e7095d84dc047b294ae5f9f98cc67cb3139453049ada7e7dbb60869cfbf5
-
Filesize
244KB
MD5c32b5165a85355d011a740655bc7d490
SHA1cdfeaa3ab72f938140564794afcc28974a47e00e
SHA25617ca60786bb274e3becb68003e9ae6ec22495fc2d27a4bc43c532dffa4fc47dc
SHA512d7344a414dbdd1646168f14d846ee8a138f3c206e1078d0d441fb096a125dbedc8d8c365415f588134b30f7a503e3ad78466a730ff50a60b6f8ab0b4a3920633
-
Filesize
3.3MB
-
Filesize
15.8MB
-
Filesize
3.3MB
-
Filesize
1.6MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
7.6MB
-
Filesize
7.6MB
-
Filesize
7.6MB
-
Filesize
7.6MB
-
Filesize
7.6MB
-
Filesize
7.6MB
-
Filesize
4KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB
-
Filesize
448KB