Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 19:33
Static task
static1
Behavioral task
behavioral1
Sample
1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
Resource
win7-20231215-en
General
-
Target
1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
-
Size
1.8MB
-
MD5
98634542919726b66b1e305224ce58bc
-
SHA1
0483a6ec826efffff036c1cbdc57cc9bafc49173
-
SHA256
1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc
-
SHA512
7cb17ddbe7469e8ef17680fd4c76e7e10957286eed0c6b78a2ecbfdf1701b59eab2f5e1699970534d7223d50c1f5abd52019ba3c6a57bdd7b44b486ac636fc28
-
SSDEEP
49152:oKJ0WR7AFPyyiSruXKpk3WFDL9zxnSZEjhMjSax84:oKlBAFPydSS6W6X9lnaQWdO
Malware Config
Signatures
-
Executes dropped EXE 21 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exepid process 4084 alg.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 2928 fxssvc.exe 5288 elevation_service.exe 3192 elevation_service.exe 3656 maintenanceservice.exe 4884 msdtc.exe 3264 OSE.EXE 1724 PerceptionSimulationService.exe 4348 perfhost.exe 5404 locator.exe 2232 SensorDataService.exe 2764 snmptrap.exe 1688 spectrum.exe 5344 ssh-agent.exe 4420 TieringEngineService.exe 2052 AgentService.exe 5112 vds.exe 3076 vssvc.exe 5180 wbengine.exe 5184 WmiApSrv.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 36 IoCs
Processes:
1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exealg.exeDiagnosticsHub.StandardCollector.Service.exemsdtc.exedescription ioc process File opened for modification C:\Windows\System32\msdtc.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\wbengine.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\locator.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\spectrum.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\AgentService.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\System32\vds.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\System32\alg.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\33c05d0b1f063bd9.bin alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\SensorDataService.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\msiexec.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\dllhost.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\fxssvc.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\System32\snmptrap.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\vssvc.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe -
Drops file in Program Files directory 64 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exe1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exedescription ioc process File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_cs.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe alg.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_kn.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_pt-BR.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_hi.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ur.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_zh-CN.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe alg.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ar.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_et.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_id.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe alg.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\GoogleUpdateBroker.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ro.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_vi.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe alg.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\psmachine_64.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File created C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_nl.dll 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Windows directory 4 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exe1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exemsdtc.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
spectrum.exeSensorDataService.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
TieringEngineService.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
fxssvc.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exepid process 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe 5016 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 656 656 -
Suspicious use of AdjustPrivilegeToken 15 IoCs
Processes:
1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exealg.exeDiagnosticsHub.StandardCollector.Service.exedescription pid process Token: SeTakeOwnershipPrivilege 3148 1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe Token: SeAuditPrivilege 2928 fxssvc.exe Token: SeRestorePrivilege 4420 TieringEngineService.exe Token: SeManageVolumePrivilege 4420 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 2052 AgentService.exe Token: SeBackupPrivilege 3076 vssvc.exe Token: SeRestorePrivilege 3076 vssvc.exe Token: SeAuditPrivilege 3076 vssvc.exe Token: SeBackupPrivilege 5180 wbengine.exe Token: SeRestorePrivilege 5180 wbengine.exe Token: SeSecurityPrivilege 5180 wbengine.exe Token: SeDebugPrivilege 4084 alg.exe Token: SeDebugPrivilege 4084 alg.exe Token: SeDebugPrivilege 4084 alg.exe Token: SeDebugPrivilege 5016 DiagnosticsHub.StandardCollector.Service.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe"C:\Users\Admin\AppData\Local\Temp\1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3148
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4084
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5016
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:5012
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2928
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:5288
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3192
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:3656
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4884
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:3264
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:1724
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:4348
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:5404
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2232
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:2764
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1688
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:3652
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:5344
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4420
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2052
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:5112
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3076
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5180
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:5184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
704KB
MD5b3fe3c9314bd4afc4be237210b503c89
SHA1d828e2ea6fa23eaf8588bf04440b94674764afc4
SHA2565697390ec5fdd1379a4688740198205a29429da9a03987563a6c2f9f196222fa
SHA512415bae88f0b695b7d75beb58c3c02ee0f2187b1c1d3a9bbd768ce662504f233fc0a70582a6f1b304fe51c74982af7421d0aa46ee6a8c154eb7b06f96574cfa13
-
Filesize
1.4MB
MD5530e96644af0cc76677cbe10506aa4eb
SHA1735f4a5c6eb75fdc74bb7525a23dfb4b763c7663
SHA256085d85c6d1d5cf99874fb3dee84cd98ca1d657439a60c9b6cf486a05a2dd5ca8
SHA512a10d0fb237b6180a48a257a09e15fd91e693d3c9751df6a1b9a0f6ac697863ac1f2f1e42e34bc07032b054ed10186700028d8cb11f02e27ead8922d21c128894
-
Filesize
640KB
MD5498af9070177e73e6017f7cd14d1ce60
SHA10658b1fabe2be3bd977a319f6ec2e4258b9ff0c2
SHA256cf12bf9c0f2bceff5c231c668668f3186c350400060391bbcd3cc2984e7a1bde
SHA512ded59f70bed0c8d5b0b0f07356fb1eb444e2a2edc076eacc9a612c54f6145a5f774af0dafc85ce1e687772d2a54fa8cb2441045cd3146cd2d24c3fa2f035f7de
-
Filesize
1.7MB
MD59fca1db5299a7fb7d8a979ae9d59595b
SHA1d66d74ea64b6b0b2c7a6de2ae7e6880fa85a2ac5
SHA256efee3f0852dd61f5786ebaf46b4abfe40a4540e231898d77d04e90dea43cbff1
SHA512bd3422d445baf64c88dde9a0ed59c4c15c30844bfca0a17da6e167a8762ce3c3a0628df1926f0e05bc763b36c6300c10269808599a1dfc6e2f046520fc7a840b
-
Filesize
1.5MB
MD5c96cbc6d56e07a5b2d593fdf9660cb43
SHA186d05b824a4bec77a664416329fadad3e122e85b
SHA2565863713108c83adf77e7975a8025ce02b65c852d7487ad43031dc902ee7af9a7
SHA512b1eacfff6f269626f79b9084f86291946df820c4977c2ccb5f1be103c4f967c48dc5175580be4c0bb09fa7cfe73a57da0e4d9980290ac60d5a6d07daa2cb73fb
-
Filesize
1.2MB
MD5494bc7cb8a143ebe185bee3e22afd8d9
SHA113e241d70f9a4f06805ca8b4fcd90c81cec6b5d9
SHA256171019454228b8f5c5edfa1dccddda14f81b5cfc81b8b3ff0df9c06da9c45500
SHA51269b044dd59195e64b92506d4fd6f3c120119749d67631c5795d55387bcf0f994b993adff1bef6afd2a4014f751d7ff90f8b333e495d62783f50ddf3935239b42
-
Filesize
1.2MB
MD573e61566aa54445e0f2f91b4a90ddb10
SHA19c33674264be60fab33035c4b5c9d589f02d81eb
SHA256caa8240ec8c97542c1d9f2a85557ad7c0b1c46ec71f5ef0dd9b6926f6ef47374
SHA5127b8316ede0c5c57bc1568be8f52cc68e7df325c4755ad0376c360da7d25a3cb5e44fb20f8d2c612cb59f724f9a1441fe43ffa1a34333f740b7bd69d42dd9be6a
-
Filesize
1.4MB
MD50167e0c9e56df29e64dc7f0e5cea3375
SHA169a4e0abad3d052f16df95c88900408f3d33280c
SHA2564c8cb1f18edbd9c3a312eab27ab0bce94758c000a469c62b3b7da148a5d6c524
SHA512d38cb0a31d199a8da789330da78a026a76c58190a057b84157aceffa76c15d8804e4a7f97bbca5958ac6aab098b01ccf3a4ada273404140767709f0cec6f8070
-
Filesize
4.6MB
MD584a012ad7708db11d41d14c4810edeb7
SHA1e08107a503fa13d71743b75491402b41861429f4
SHA25667979ab549a1dfbeba1ff8552f3c3976c0806167cfc74155c947e9c21796bd8b
SHA5126dca3d65c3d3e976f35d48938041e363937b9b2d2fd587e2b145c0a9b800136993a1f44de8f369c13b6b2e3a671060f229ecbd88de9c05ae6ccb7f4b77c09a51
-
Filesize
832KB
MD507670b933af3887ba7a20d00e61706f1
SHA170cb737e6675a89902cdcbfe0a432636946dcfe0
SHA256efbbf9d2caf493c8b18e5ec18d7cfaaac41d4bfbc2b191b929fa9d8009c9c18c
SHA512eb2320f7aaea357c9909cd132048d38e3fd2f8ea8ec9084236e2c2198f8639bb61beae4cfcb1e0a5716b6205fa74eeca4a1e0ee7455e4dd767a55631dcfb2f41
-
Filesize
960KB
MD5901f69b5f66ec91d6202d154dc11274a
SHA1b52faa9e47ce40dc9aa08b6490eed9972869a287
SHA25623a1e7aefa545c4ee3806b67821e6e73d970033ae7f167ca2011c8abbcc59f98
SHA512dbdca4598ca79728747a8cdf811163d8646cefdce7dac47be615b5c7f5b2b738ba255cdda3e8daa9dbfc98db9d4ae411481cf04deae1d00640719bdf23dad858
-
Filesize
2.7MB
MD57b1079c5eafc77908490c25c4793324f
SHA11c393d130ec8127d6dcdb91e5185cdc6a1a0ff1d
SHA25631afcdaf53525cffa40f4468b4c194a872fd0bce6a1350f6cd56bce8cdd7008a
SHA5128a68e429ea7e799396f97afda2bd0c8f605647e5463d06c917a18fb8bd261789a88d0c7419f703e8d648ce9e0befdd14994bcb455642cad08fcb9660b0cc1a0a
-
Filesize
1.1MB
MD58b1c989b468b1890e0aa232bc5f2e889
SHA1b30eb7ff12fa804d89ce52290cc9c9cb16958b93
SHA2563e698a4ab079121b11270dc43fdf7f1ee9047c74feb56e89c5bb1dc4064e875a
SHA5126eebee4a0a22204e1f10ba05d3801ff56498a57abde8fdcf0122bae5fa84f67c39067901789a3b26b22661871598de0e00b721343aa85502d9589a92a30fe29e
-
Filesize
1.4MB
MD501bf8c18eebbde2bffa6fd0d51de1c24
SHA1c3299c54eaf230ededf5fec70a2df91cf7e44c67
SHA256994c2458599b66f0b0c91c1acb18aa27c2033c814d08e9ba8c7a85a5df89d53f
SHA5120ba1683db233012af1a0f70ab8af7276747897da1ac1bb6f33754194e91ac789216a0d616fed6e661b0b2bbaa9e2a36335a3bbb5cfb7261b8cc925a2fa0ec373
-
Filesize
1.3MB
MD5041d7d6008d6c8e619253fd4e22cbd24
SHA12af91613c6a59308cdadcf5ce6e1b0e88e89e4cb
SHA25631aa7f4ffe48ba6a89ede03a6bc984c8c1b9d361065393d6c620e402cd870737
SHA51293d2eb5079a14d0a683876d6cbee6e5f0fc9c48db62b5951585cf0289ad9816bd131db92290df57971a6a22cbee772c2789c60ce845b486fbc5680d23f12bf67
-
Filesize
1.2MB
MD59063e7fff7e9d4d7e7aa141427999fde
SHA1b7eaa126e50be73118541e0bfbfd1e359603160a
SHA256e98495fecd9c1a5cb8e9900fb8b88023da98a255ec5128aff7517a9dad46833c
SHA512df540dd9c5f6083a357906d649418a9d7957348e0df1550deb482aeeaad5c4c132beef844ccef2da8c6a168953660eba0732c968ba49afb5f6cee2af29393b6e
-
Filesize
1.3MB
MD55d11ef74e72ccc9dc35470d353b43a3b
SHA141cf5cc7958e9d9f3c117295bc0e6dfc5b452a86
SHA2562aea72d128acde9f241dc0881e7dbbe8664b752a2e3ae4bd7a5be06b7603828c
SHA51248cbabe8d3d17e00e8f53076a101a10a9ceb48c5a1091d80cadd3a302b8bd0d72a993915a7a1d3f06caacf88917773c7c14d3293a1915b8768d0f8779e81ea3a
-
Filesize
1.4MB
MD5fa1b11ba82bd4ba4f38540e8f6a3df46
SHA1032ce786f0a7cd72906e8d9550a77396bcb17714
SHA256ad36641703b30869bf81e73930f870e2e9a92037538561474df589489218344a
SHA512dd77733aa9f9baf14ef9de540395a297625f6eb980398f0dc992d695e0e212b40ce96e5eb7e2bbc30af2ff21eca4744520d2c612f7f14b2945a944946214014d
-
Filesize
2.1MB
MD5bc9bb2a00bd47a64ae48d614d819426c
SHA11f57c4e2e7ed3e002a465e46cd14d6ccf59b5a4b
SHA2565dadea74077d607196a2723844569839a0fe4544a3c3a84d6daee0958f224fe9
SHA512a4bd8bf62b7784c4728242a4a8b04f651edbf60111cb6a58133b284df240d813631eaa825f2a34e7fe8fe4821a242a799c36375fd0505b4c380d038ad0b37c44
-
Filesize
1.2MB
MD50eee03f2848cea0daa30d7bd3dd5e489
SHA1209b77c3d5629a3d29007dfa2ec383c1ffbec71b
SHA2566bc4f7d94dd00d17e08882c6ecbb2255b0d1d9df518e07faf45e712f1d8716e6
SHA51288647dec99e2cbe4fe5a083f819b37db0036d72ac403c85d10f641524096adb9b9413de5a8de0853195b47a3de79c4592aedfad0ce50b3d79d6c023138e179eb
-
Filesize
1.2MB
MD57ad07b74af54b324b02d57d752f73820
SHA1bc736b84c886e244b4d734b00ba6f3901f2a7ea1
SHA2563ec7e0faafbe5671a1fe2608ab9ebb501bc265be8cf8c4089b209902906b542a
SHA5122b038bff6f9fb0a576c1b8c1d47abd11449d7bb712669ab926e4dfb1cacb792750fd7b36366c03e90ebb839e2cc86d71baf7ee32c249a7babd73a77abac3ddb0
-
Filesize
1.2MB
MD5405f8d3e2024719c6b5e8b459bb5f2c5
SHA10667c9e38391ec67efed872951afdbf41eb944a3
SHA2565defe4617bfef51e78c68499c17f40c4fb92815afaa00e9e68bd2e8e57aa7462
SHA51229f03220c022385856c499f71a23fef220b43e6f10744dd99692dd3a7d25e7f4682acec1bee75349461fa0efbc4af5331091095d8e2c3e4d1e4a338a0afb5d3c
-
Filesize
1.1MB
MD5998ea3276db154c83dc5150b0444355c
SHA11643e68f6e72df9ffe7e1cae642ccf3fdf16115d
SHA2560b443829e85aa5bff5b890ec597edb32fe8b450bd5875968b6b7c53d1b780cd8
SHA5125dc3f9cc7a52ac6984155a1e08adf0455cfef5246b3a09895699df4b254edab9f2225641f0b8e9de51011e45b8c21d47084dc4da5c0bed01e1348a1c356dd9f0
-
Filesize
1.1MB
MD54c023169a8164dcc8755f212beb3a8d4
SHA1566ebd880dd411c255fd045c93a7198f3a8c9efa
SHA2563c60804e38f0375021c81897d35d6f5652de879c41d9994fb4cb3b37924acac4
SHA512ba559127ce385f35c3249ad424ada50208100b1b049e6380f4a0593fb75c5e4d55caac9adb83208315368b7c340e692d08785701868c6948f61186daf60c4005
-
Filesize
1.1MB
MD5584cca1463496f6adc4ebcf4b75b5a9f
SHA188f85c239af1b7566c8e41563567461034c96ead
SHA256599c749953530aff6fc037434735163898d43750f87d4e8c13ceba9439c03c49
SHA5124200735a088a23a753d43d50a518b429a1c5dfb9287be9e952321f7fc16d7d8df1a409cc49d0e1286248606eca3cbfb53495df00e255f7de3c3fedee3797036a
-
Filesize
1.2MB
MD566f80c89300c07f283cdf9d597d1a7a4
SHA12db7208a9a518fb8d2a31ae2ed12d9a9223aa131
SHA256101ae63ae6baf06cdf934fb5eaed4955363dc673c2ef39dc2d6ebc316627ec14
SHA5125757c1c6675b6cafe7b7539b95e72b71b2d0d9050be8bc76be407a7f6632f22af465b77578c9e01a904175fbcd918896a181606f3e3f87c51c6d3a044bf5369b
-
Filesize
1.1MB
MD5730247e2265b14f30754a393b041d8e5
SHA1a5568328952083ce9f8af1ad2a98b10ca4863bef
SHA25650f718fe6b377ead700e170ff1e3b343445529c941aee2031427595477713836
SHA512ac5b1b0cec8ba337738e1e29f77d832bf8dab642a7c1b5f43d9ec5a4f6802e30f51c59afa4aefb87c1354e37b241e136813c0e76aa4ba3076c70c76247282e86
-
Filesize
1.1MB
MD5dff332c5ab83f7214ed70bc5daf5a282
SHA1d805a97af426e61d4b37c0dab48c85cb6cb81c58
SHA25654022c5095275e02cc990a11dbcf4855a3a58cadaac968301c696bcd32092739
SHA512fdf0673f416bee81fe1d05fd8f03da5592c677d8bdf0e3b2d465ed28412d0da01b75d04a2dd94728f10c25595214a53e5ca1fa63dacc7c2065ebcfab82fdc68e
-
Filesize
1024KB
MD5e0711a86eebc920cb6a0e6af276bcd38
SHA1cfdaae0f83e9a9760697631101825397a8009ff5
SHA256f1d371b7f4eb660b31f645725d84b7087958e9a679ef6bea467cc1bbf2b8a893
SHA51218db2718690f028a8e498c62d6b287f2c1e895fbc639d8bed05da1b7278c5842f8fa1cb8b9f237e7804a99a8d3629d4f1b67d1bdb35b7318f1e59d4b0d5e77f8
-
Filesize
1024KB
MD5b85ae3fa1da85af477f7bb455d1350be
SHA16176e69101e7c3311578e9018e3130d8bf079193
SHA256a6796798c715343b22de6c7ed91e83f1612a9d24e8fe2b4040a6e16242d4cace
SHA512eb80785dddc9c53de1889571e23e801d76c6555e9193da6739b6c826c380e1bed8ad486035a2f0184c6b7811b880407ba5e1da1dec0920e0b1108425dad2ddd4
-
Filesize
896KB
MD5e839f89b9a56fef0eb1b32002ea78826
SHA1b2b3f88e8c96185118507eab07c40a1f8a05fd7e
SHA256595ff9ac0dfb64abe530431fbdd409b35b490c8bf9e3446cf39748a5f718dd30
SHA512f0f0d18efa2a3b1a696c8f2f92d86d91985b9fbbabbc3f147528153b68165c3ec00dd83b695ed0fc20c3178d8797bee5958902e0f1e985407634f48ce262d2c4
-
Filesize
960KB
MD549281a66aa8688ff3a38abcecb49379e
SHA1fac386d7b828832a1f45c2632807bf2fff537025
SHA256d1299059fe8aa5ffe8410126d4a963b50c02c69c2dbeff2956c60cb6e2185843
SHA512f29870e38cd2e9c42162594768527de8099d55a08a2df5bf755ac90932d59114352e772e3d061b68e6324063da3453f0338d57d0ca8e3b83821e1433c28036e4
-
Filesize
1024KB
MD5031ed2862826e7d98cc0a75cc3cd217e
SHA1dd7ad2b6c04ba2323a97f828c0d934ada6fd29a4
SHA256266b12800847aef79c52f31c013741fc874a35260375d5cb93f116b74193bd8c
SHA5126f6b273711cefdfbfe80544387bd0f73885dd1652b2eeacb9e253555c900c70e9e0eb177f46b7676c0e1c2951e597a4fb835bdcdc4bc6c9eeb468110f18e044b
-
Filesize
896KB
MD5bce989b6d8bb8ae5317974b651af56d5
SHA13fab269a7c9c1462944ea9360badd4a85d7c7398
SHA2566ca822a9a2eaace6196c6ac87c89e6a000215ad5fdeb0fa7e626b4122eaa81be
SHA512f18a785b93b25ef1135a560bc8c63fb82622b8ed8dcbd5a17b2e5ddbec2dac82979f5ff102a3b7ee754cd8c035a3a0239bb561ef1d7b9410262615fbd8a24f11
-
Filesize
960KB
MD56cfd5b59c3f1a1c4c2b303557560326a
SHA142d63b94fe864308cdf40e8951c41bd66dd6b3ee
SHA2560fd0f5a9a38a0b7cf508e729b3cc5e85c2e563ca35fe7607898de603cedc1cba
SHA512c82381bdd35c91166ec76c3f52b93956e0ead13d23e3b1438fa7643c911432b8d5458518bc46ed87982312155d4de59102bdd95b86dd7e599ac90abc6518992e
-
Filesize
960KB
MD5771c2c968cf6948676efd5b07a516962
SHA1b48a48e8df0d2411009af5adad616dedd28c3567
SHA25684e374afff39813dcce5a2dfaebe108e2931dd0a312ffc80578986133e00aeea
SHA512734036b40c975c513b89fbecc6f65ae1319f873c01413082490b53c7d7f8c5fa4efbd461f7bb7b3dae1bd22574dbd0b6d04b80a7a61c39c89125ce842405f38a
-
Filesize
960KB
MD54b5a31b6c1ff112936be06c4e692c8ea
SHA12e9467d2515c487d9625fd956f4a323606859e59
SHA256024e9b5ad401a7dc479076b34daad0c0b9ea08151856bb612426506dc9d1c7bd
SHA51218a3aa2ef31cd975798cbf3301b88624cae3c8a2e167cdeec72f03f641cd42a987a5b2cc9ef4d263ebea9d515cfb205bd800e1c022ce7c84713e592436a36e14
-
Filesize
832KB
MD5cd6648714b2f62bbc2e04bbd0c230e8c
SHA13264c1ccc3a67ac9a0633249b5e79b8898927901
SHA25653d6983dcf79a870e9dbbf9ad13f64af349e947e580d8bbcfb19ffdb47f921f5
SHA5127f09dc226cfe93d6a54e1c3151ad4ab5ae36b39156338ed7230fba4d7d8831be21e21959d9d62dbc24cf917917febc38411a17a592d11d59e30f35b887fff0d6
-
Filesize
1.3MB
MD5ffc5a08032374d92e4ed7822e1cd08c0
SHA13eca27a780a0db9f4bde3fb93c78328f5a6c6e56
SHA256d2749eea50251eb946c70ba60553443b9215dc17f6d1514f320465ef76d77944
SHA512321c8679c57a2a7d4b06151497168f2d478bd64e4c9cb5aaedf0e72082eec00c2b8df70314c9a8225e8b018f09f78896383b17fcd7a75dd331f012a6824a52d7
-
Filesize
1.2MB
MD548bb2439fba181db4ca43d76d96edcf9
SHA1b24d395a5c049e091e8e6982a907665418b6a821
SHA256a68800f6f8d9b1aa049c03ce33cc2bb120c0b135530a55c5fb06ae01dd5f76ea
SHA5121c7d6b56801236dc4321051f68fc4685ab9f1033cb5f65124df57212b4be16c80764f561addb0fe7ae6530973bccbf5913787331d8ffaf885263bdd35c225a3e
-
Filesize
1.7MB
MD56121c120fa561580c190573f6cbe96a1
SHA12ac146773a6c13c4225e57e95a7821766fdcb9c7
SHA256b21884d293dfe5bb9ace5176fee0c73b6f42b9dd73f16fef01c41950e417ab7b
SHA5127f95e5612d4ea9aa1ee309dda281fc505fcdf141ccd396c817755b6c325558c5d5472197b370062f7240b0f66a853f21f5aa88ea98cbee7145ab38bd5e607a35
-
Filesize
1.3MB
MD583e3d3d66697cdf5137cb9acd220a4f4
SHA1365ebfceb60c2c621b391f1661533a48b7f48146
SHA256e4092101e4d579c635c85c24c05f93a672fab6324e7abe288ed768d5c103af30
SHA512b600b9146288d8b7c1f686d43660923266ebf4ce5b9644662d9ab9571eb9c9597e75a27b7ebded704bb97194847fe3c00356b8f447bbfb18bd78a7f6b28344f1
-
Filesize
1.2MB
MD50068a797df3143202fa747c8c81c379a
SHA150f1c8231ce0a0c1e70a9394e6a3b789968b3af5
SHA256337d951929a155bbf15d9c2ce08e9cddc36b89a8437f1f1882874f9292a95c8e
SHA512dd49a5611d84a19f6dee8b337c78e5d141c5d155b3542008b2099bd2fb39f238c91e877ec6c196ddc7b721a679e15e5b41a04e399f6465cdbf1af78cbbdc220f
-
Filesize
1.2MB
MD58822915ca32f4bef5ab95fe626019496
SHA1e81aaa45e24bc489df1b9271dbd5f24f8a63a5cb
SHA2561ca4d8cf3c40131cd49bba9977de2f03b22f9c39cf881b7cce029eccbdb1a526
SHA5127c533b1f4dd41346329b398cad15ba1b411fb3a8ddae64c1f7487a7a98c8f609ea9a5b8e3c7b5568bd2b96401894573b0cc2d2d0f09941587960606102503227
-
Filesize
1.5MB
MD539cfaee798d1902bbaf3d48319c65397
SHA1127f9c50c978dbcf4ba8dd94e89e33e5b31fee0c
SHA256d19c09fef5a0f848e981bef48118fa05f47397df3699aff9e0a980f974f48265
SHA512dd6236c712accbb8f7c2cf0d88aea2aba367a38dcc00241aac27ee342ad4bc023a3fdb684b9759290340e3f4860607c57a5ef39501b3791050ff4aae7354e5c9
-
Filesize
1.3MB
MD54bbad381700b4fa3659195691fa5c77b
SHA15dccaff57d3cdf1149f21faaa06ef61a15de3679
SHA25685013e2052b75517cee58d8934e558b710a22f43c52a24c083cc72fddb5b6155
SHA512ef0a488be847b7371f70caa9ab23ef99bd5f2d63b9a71c5101e6388ad3cbd1aba6bbdb8258c83e9ac5ebade5ac0f128355e7b80f52dc10393d4678802620ffe2
-
Filesize
1.0MB
MD5f2a6b838e3ed8bcd39be71029a2a43a0
SHA16ab4e8e11dc03886ba25ea993ace4415c45cf0ce
SHA256b527506965acffe23aa582a4045fa556c12c8a6fb5a677f3f6bcd5e1fd7e8392
SHA512759d84dc8323afaed83e912cec23eb319fc411ab26f1c6238eb610f69b6500272409585e1c98e569948e35371d76c5ae840ee98ea708648eed2d5589ba535326
-
Filesize
1.8MB
MD5814f9e5c3078d37ed0d1c6924c3bdb0a
SHA1888a7c008cd6d5027ea6882f3bd5e03b25c5a258
SHA2566e6f21e682d78b10e0852f30a4f06521e834acbde783423c3748e1d0d9f114fb
SHA512653ec627c830a7d4355be8c80156a73e35b2d4ae603e470e120b52ca516a5e3095bbb1f88c09764c22cb83c45a4c9bea5388369e852d44ff3d9167d0064d507d
-
Filesize
1.4MB
MD5eeb118866af991abf3863428489bc739
SHA1d5d2c79650af61ec474123d6a054ab71102965b5
SHA256a9fb4f49844daa611186996963965fc15601214c1c6914fe0a178133becd05e7
SHA512e103d84b44819f454aa987977fbc4129e90f7b0b9c0579da6f705a075e5f18daa055f94f7e55f48e8a09a3685e3cd40f1f7364e2f07ec6a5bcb3dc6a3334d7b5
-
Filesize
1.5MB
MD582d31708fc5871527a95487ba529510b
SHA1c9dde7d2a6ed32253da48f8d9fae978176bdf658
SHA256ecd332290f0cc337dda42ef652cc67d744c0cddb9dd322a2c336600f54c41979
SHA512adb04b1625dfdc7dc8888475eb4552af3fb24f596695bd9e90a1d2c14c5bab764c3bae7f6d060e413f227b330b992e0cdd4e7e1ab6576eca1db3e53863fd7647
-
Filesize
2.0MB
MD562f53d7a6f7a68ff6e74a72385ed5127
SHA17134b2ffb324168a8feeb7569b0095a9d1106394
SHA2560a35871271722bb0c913ad4373044fe1c6ad17f543cd61d048e717c1a0ea0c89
SHA512d8164719bf61e5d7fb7e50346ebcb8a9a99409bec673914205198126ae8735b11cb2b0feb18a5238f032151ba27a931a16c4a571054c1c0ea0ee6cc5fb150dab
-
Filesize
1.3MB
MD5687e6fd33638c40445ace0f966fa8d63
SHA12a58dc485bb608dddca15da56f1ea175bac49b61
SHA256dbc626afb079fc230c0a9904b2f5677171229be03c2106159e788c91cb5a7715
SHA512c102abd10ad0a42c4904fdf87218d8d7de1d91f424203b5a13041283d75b78ba6d2aa48ae2e4225ebb475f10a53b62f0f8afe2e4c16fa2a2fda9e71163b75b5e
-
Filesize
1.3MB
MD54dda664f2d49ae2500159e1d7dcf26fb
SHA1311c50f760849e7f2f63c9a4f5bfa6dc18fd218c
SHA25673eb2f4a7f05b902f2082e0988e866b50af52cfd4ebc98cc8d4d241c40bf7973
SHA5129b0d9f28b5e82488530f97734c4df1a5d95182dbec14d878f4c911cf454584a9616a579bc3d5bf1edcb74c7ceb0bb2273a9f0d49ab37ad1c77aa987f143a6383
-
Filesize
1.2MB
MD529a04ce2e1016d8870325a1e838d2438
SHA16deaaffc864c652115ff775145c302c53e658eb2
SHA256f274b4b0d711540bb78914247bba4e919d75b872e0372738b5290b7237f6989b
SHA512c0f70aa7f12135f6b74414f478683218953b75e0935d6b4bb8bf5093a280d5f8045628225ce7de4cbcd240adf0eed6df1942fb59890edac9d6176e3623f29b37
-
Filesize
1.3MB
MD5144d900b5ef3714191ee9cfc006cbeae
SHA1a8c9974d457a530f737c0a0ab135b08b50460370
SHA256cb7ed60699a9d4376564745ffc7c9f531b03158ad39b8f622c7bcbb4cf775694
SHA512ec22c76175aa10b2a7ed91528a48b20e3df0bf7b2979bdebd92f86475599fdfa94ddeded5b8851280becad175cb918406bcefaf12b425971edaa860474f7bdd3
-
Filesize
1.4MB
MD56e68679815153a148f9354af97527919
SHA1111cd4c7e904a7aca820f80ad176b0677ca60491
SHA2569d5c003c828b62f50e78f01de412cf4bcddaa1fbd4fb9a7c998a7982c1eec3f6
SHA5127c7c7c5d958ad4ea8ba06d9b307fe3b9918e843bf884efba40e94cd90a30d6b864bd166e688b75abb79e392fe799c4e78fdda985085e30d05b3de01a5e9a5024
-
Filesize
2.1MB
MD53f0ab81d427f5c86bb8b6dcf10764b04
SHA190a2fd0567ddb48667bf52a2bfdf3e9ac1a7e6c8
SHA256e27c4dcd76c1b93b3f14c24554d45a7f7f8fe26ed9e3058e4bfaadecb51e6838
SHA512d356e124186ea027a5abb3824cc41787092567b16fd6a4356ef821521a826619eca0bffebe49311877c51a08cd8bbbcda8595d45bf1f26037ea12ca6a867c70e
-
Filesize
604KB
MD504586a0213c7afe3bfad853420c3278c
SHA15c73a6976453aea1599be5be5b9871f2cf384aad
SHA256a8bd2d76a56a40d319a41483ecff0a55593425dd503db8181a8a762ba9ec85e3
SHA512ec018c983808b2f27e0183d9786b85dde203ad86e5a146da14965cc5b5833c012ee01c91532599a46b5cb9cbf949e33bd6c344aa53f0f592604bb1bff90bb3c2
-
Filesize
768KB
MD5a168b84c98e8c3b9718e0f004c6441c0
SHA19f21975080374e2d1d22dfc93c4c5aae323c584a
SHA2565e43bee8e6ea506a62a05fbd30b8c8c14a686f5cd6225ae760def384f0344e07
SHA512eea7bebcd5d34c5a212a026e609394c06b0d27a13dc6179e7623da7de66602b5e5f8eb9a31ac1fd6c7dd2f6c045872db1a0bf391cad68875099bb6632464e28f
-
Filesize
832KB
MD51ebcc4deb1205fa2b37c940979c698c4
SHA1cd66f380042d83791a0516b6bd1c5777fb917843
SHA2568ad2c0d255e297cee8190e1c2e10e9e061a650cd3d60c597d9cfc0db03bf6e8d
SHA51222d07909819933b87412bf2a9a7cdb933dbb5035da35a5db72b4b09f97561ad6159be9efd0f1a9b2d0db7d1c5655c61f76b7b88563d5c5c614ecb50439471b45
-
Filesize
704KB
MD5459341744a7296f05a8ecde203e76c83
SHA1d76c0fdd6ca912af809b0e48e687a6dd0c30f009
SHA2562e9d8fac81a2f7c42ba02dfca57008387d9bcc341941daf0df165f8c1ca85dd8
SHA51246d448719cdbd26d3658ae3af327497103ab6d7575a13c6b869fa3ceadce5c36682edec573e4b22dae9d8b21d73165cc3a13c61f7dfc14f0716a860783ce8cf9
-
Filesize
960KB
MD5e95d6e9e105cd310dcf503cee6a4fce8
SHA1e73557287d0c0b454dc69305214c9417cda431a6
SHA25698a28b2ed8c411b734e9838a7b09e7020b4f0551aff54e38c3a7c32656db75c5
SHA5125d9cabba9694e704674bcd7cd907e52849d45b48476146dfab2aa08c1c7b3814abc2322ad1dc9d97c005812340f53fcf3709b2cd169bfb097de7c2f9e029eccf
-
Filesize
5.6MB
MD555c83702468d98b6b7195775da6f7980
SHA1fe9c6963fecf1bfc1f6cd5e715f1d7b5fe57a59a
SHA256737f816051d3de38aeed07e5ffba9021cf554cd7d966c830131c918b62a3ae14
SHA512e1d3fe4e41697e08d0f8f95f097ef81829e40dcb195be2a8d08850d6920b445852c5f2f6f82f31538af1080b72521f8caee915768d6e5b5818bcdafc444d2c5a