Analysis
-
max time kernel
46s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 23:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
-
Size
4.7MB
-
MD5
1ec78ac0898f63c64eb19b0475e2322e
-
SHA1
bbbbf53c06c387bf2dbc69d779c20826512d1c8d
-
SHA256
a70135b3bf5c57e6d39dd6e9b16b25839b679fe0c44254459cfdafa8cabe4519
-
SHA512
6bb82dfcb3e1a36de9aa362cb9ca7a26eb70a46c2d8aae010d5b73feba0fd18c833051701379c6d03c1897cb5085ada3c541fc548b8f02fc365c355873d4f159
-
SSDEEP
98304:KqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhGmv5:L2dV7VK8tj0QufMC
Malware Config
Signatures
-
Executes dropped EXE 10 IoCs
Processes:
alg.exeaspnet_state.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exedllhost.exeehRecvr.exeehsched.exepid process 464 2004 alg.exe 2476 aspnet_state.exe 2484 mscorsvw.exe 2660 mscorsvw.exe 1212 mscorsvw.exe 2536 mscorsvw.exe 1636 dllhost.exe 2292 ehRecvr.exe 2380 ehsched.exe -
Loads dropped DLL 5 IoCs
Processes:
pid process 464 464 464 464 464 -
Drops file in System32 directory 4 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exemscorsvw.exedescription ioc process File opened for modification C:\Windows\system32\fxssvc.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\alg.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\d4c52c45cea407a.bin mscorsvw.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Drops file in Windows directory 22 IoCs
Processes:
mscorsvw.exemscorsvw.exedllhost.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exemscorsvw.exemscorsvw.exedescription ioc process File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log mscorsvw.exe File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{11EC774C-7238-4D2A-B692-C6BF59D4815D}.crmlog dllhost.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log mscorsvw.exe File opened for modification C:\Windows\ehome\ehsched.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{11EC774C-7238-4D2A-B692-C6BF59D4815D}.crmlog dllhost.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat mscorsvw.exe File opened for modification C:\Windows\ehome\ehRecvr.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exemscorsvw.exemscorsvw.exeEhTray.exedescription pid process Token: SeTakeOwnershipPrivilege 2884 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeShutdownPrivilege 1212 mscorsvw.exe Token: SeShutdownPrivilege 2536 mscorsvw.exe Token: 33 2012 EhTray.exe Token: SeIncBasePriorityPrivilege 2012 EhTray.exe Token: SeShutdownPrivilege 1212 mscorsvw.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:2884
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:2004
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe1⤵
- Executes dropped EXE
PID:2476
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2484
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2660
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1212 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 258 -NGENProcess 25c -Pipe 268 -Comment "NGen Worker Process"2⤵PID:2736
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 258 -NGENProcess 2dc -Pipe 25c -Comment "NGen Worker Process"2⤵PID:5116
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 238 -NGENProcess 254 -Pipe 26c -Comment "NGen Worker Process"2⤵PID:4444
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2536
-
C:\Windows\system32\dllhost.exeC:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1636
-
C:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehRecvr.exe1⤵
- Executes dropped EXE
PID:2292
-
C:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehsched.exe1⤵
- Executes dropped EXE
PID:2380
-
C:\Windows\eHome\EhTray.exe"C:\Windows\eHome\EhTray.exe" /nav:-21⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2972
-
C:\Windows\system32\IEEtwCollector.exeC:\Windows\system32\IEEtwCollector.exe /V1⤵PID:1100
-
C:\Windows\ehome\ehRec.exeC:\Windows\ehome\ehRec.exe -Embedding1⤵PID:524
-
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice1⤵PID:2920
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵PID:2240
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵PID:1316
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵PID:2724
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵PID:2216
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"1⤵PID:3480
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵PID:4108
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵PID:4408
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵PID:4632
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵PID:4744
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:4860
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵PID:4960
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:5080
-
C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\Program Files\Windows Media Player\wmpnetwk.exe"1⤵PID:1864
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵PID:4060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5ff8c650fac249e017bf6ae223df043cc
SHA157eda4f29f5d1886fc636d6be38b918b6501b6c0
SHA256e7fd2bb48b0817ddd4cef0c5677e35ee41336c7728c640a7df8ea27ebfebf1d3
SHA512ac98c8640c33ce9fdbc60aa17d945e232c7377884f9032dec182a4745d225577c03d25ef62096bdf1379d1b868435a412c5be69f12bd05e4d0a7426cc1a76229
-
Filesize
30.1MB
MD561e00979743562fbb6ed8d57964a2451
SHA112e59898f6594be5034130e0c89956b8379e7069
SHA256d3899aafccd4f2836ac2fe11093c0a14b64fa83bad9a2df8b73e42981876d2cf
SHA512d1a840620e15fd0248a5082a374382339185a25e469dd91e873123d31c80cf3948ae8d592e07180fa259e1520435452b4b641664ddb689638eeabad8bd635c43
-
Filesize
1.4MB
MD5e059d4352f6ac0cd35e27c9c1b5a51cc
SHA133666228eee37dfe5092489f53ac7a914fdc1474
SHA256af1c5ea3220921ca38473221831e261e8cafc78fca1ca15d653024fd99d1a71b
SHA512473ad574a09822e90f54dedf5b799ddf682b94ab72c75104a8a3ab55df2a1c2913abed4b36701cd02470251d0aeb13ab33d8dd088b015f8cd38f2cf40d1eaa2a
-
Filesize
5.2MB
MD535047e06b1ceab764da227f4df506844
SHA13b1b0a5ec4605cdce8989aac84c55db70af11e57
SHA256713f8585496d3f1546a20a049e5bd1754f03bbdcb18185e511df1a65422b6677
SHA512109532e56961c7fbf962220fd2327b50b092f5dfc04c8313b1b285e825cb1ba06b6f1ae7924bbbd4bf2cdbaf950dec63cc9df21ae25c9b67d816706da04765d6
-
Filesize
2.1MB
MD5ed36b0d319098979adf6086ff5bad38d
SHA124ac7335cc352f32fb485b2b0e40fccc412821a9
SHA256d250c4f2c0173803a84b727d780dfdd69b87efea0997fca21b3e0c133de4059e
SHA512fde12ad4620a18be91a7a38791cd8f3b061903759ed4add7c4c8dc08f166362486c2acd45d32b00c4f23c5d7c5ee9c253f3008df1a65c707b681d6732996c417
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize15KB
MD5577b7286c7b05cecde9bea0a0d39740e
SHA1144d97afe83738177a2dbe43994f14ec11e44b53
SHA256983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA5128cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0
-
Filesize
20KB
MD500bf35778a90f9dfa68ce0d1a032d9b5
SHA1de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041
-
Filesize
23B
MD5836dd6b25a8902af48cd52738b675e4b
SHA1449347c06a872bedf311046bca8d316bfba3830b
SHA2566feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA5126ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80
-
Filesize
1.3MB
MD52af750cade358576621e3d944f5f44ec
SHA19fd77e12ff6fb404f3d56804df2d34dc0bb9df4d
SHA2567eeea1b452b22f559bf2f632e079f318e19bf8bd18d0e66dd58472fb272d0095
SHA5123c2bf48d57917b83d7660a5227597c44fb3b88d0d79f12230dfbf54bb12abd6f3740a5e9b8e4e96dabc479fc32f4cadec8c41377b8f4aba294e5a1bdbbcf8c08
-
Filesize
872KB
MD590fe207923f2ef71500260041f967861
SHA1a79ab1e369ec668df224f3e5105d1c14fbf70dd8
SHA256f356fe9d2c3ea7416869ef00695530b0af109e3c85281c1cf66105652bd6b14c
SHA51209e6bb5cd21c8e07f64b632d713cd765596909960cf9f0720b49c57e5abd94755383342a30f200d4b9ac5209798e98f8375d7b350123bf7d2f8b4df69102ca6a
-
Filesize
1.2MB
MD54b144d42b73e7be090574495f6c4ae61
SHA13aacd11e60beff92966dea13259b136b26abfb3f
SHA25617a5982fe2247365ac3df1733442627cb600607971872e4ef003f0ce9d72fe2e
SHA512755baeda93a24232a894b642b79f33f40edf98be9a0f13a2c1ab6da803acc86eafab0c948d40ec24adb96e85c5100377a831bf3f0238213fccb9d9cd5f38f7fc
-
Filesize
1.3MB
MD54ad95acc117e51080a560cfdb81eb7e6
SHA142e2793bffa6b38513595ff40712b76e6185ef73
SHA25638ea809ec438e0aaf62f406f8661335fac4965a9f6895586f06dd6ffb538b2bc
SHA512c0f6a23f8273d59adf9e89870a30cd2dd027fb79b2a2df9f6a80b3228cb54a8380108a170ca647b052af13f961cf55b628fca2ae86689cedd57a0c7a54970d31
-
Filesize
1.2MB
MD588ce0d62c8bdf226767f26c0bb890ebd
SHA1985cc54e8d7ac11b858198647b4e5b57b944e874
SHA256626a914d801c69f71b538ff2f0541b4a9304d671b01108c1aa7e9a2e7ea2d908
SHA512caa99c4ee5e2218e7ec792f6d98476053173555e9ca53b074d0982cbe5637f15311e102f490020980fba28ff4aba2301873a2d31c3eeb69de472f00684162f7a
-
Filesize
1003KB
MD55c7221f85f02c19eeac0e5555fb9d7ff
SHA156bfeb8be0ee1c0e196f1d3e8e4ed7e20cf8b86f
SHA256962d8f269980f9616acbc5609514f0071692b108ce731b32107e7a42c4d4b7b3
SHA512d5117d0a0a6e4643d19d8400fe8ea4d5aac89b03be679c3032c32c76e0fd912f44f907562b1baeae99155117c573e34888b914cee783e0c7455f48549e4c0fc8
-
Filesize
1.3MB
MD5d783d98fa0ccdbfdefe5cf641beed0c7
SHA1ea11d7ecb7d1d160ea632c65bf45b5edef57e2a0
SHA256760e5741b75e7fcfa6bac1be6fada4ab084fae733b10cc1b0a4a947dd438c403
SHA512448732397f0bf2716ff88e46012373ada47506a52e088a5e38239270bb1875a41297c6e19b039d936d1e7aa43a39296e230261d00efc489ea331df132add83c8
-
Filesize
1.2MB
MD544969865b7b3ae265719dd7258fb531f
SHA1f31d57735a529d0620f4c10d460a5a6de2bfe0a5
SHA256ad0e0f291db19605b53839781dd57b3b2d0756b5ca87f87b2ae561df1abafab0
SHA512952739be85e621f259b04b59e6f9aa106ae51f37c59fe9e5678cd64751b2c5c6ff55c12e0b981e5682ae4d166258c64a7a3f4fd7845690c238f98da6803fcf26
-
Filesize
1.1MB
MD5915dc01b1c893eb07aa0fd24f9c2d5a8
SHA1b201406c6397d34040a285f8ccdeaafcc18bec2e
SHA256e382074b662ee5c4bb161aa300398914a171c7c3254adef9cfa8d78252ec4bc3
SHA5123279a8986547b13bd2d81676dd224adcc50b5299cca35af77ec5d72db2edcd2466cd041dcee8568123237ed2db3df7297eaf3c922d04fba2331e43d833344b8d
-
Filesize
2.1MB
MD5179514ee67c1f159719056fc5f5c8cbf
SHA18d90791a2fa92e79e1084d7fa2743d6e1f69993f
SHA256dde759196c118a19f2ef30dc57ddae1602d8d2c77576a0ed0511d58797748d3a
SHA512ff4275145b38e7b1a55f776e7b345cc48d68196df24418718a064b39c546de071460fd3205390b134d9a977038815289f01dfeccdbcf61faa3cba7dc3f5c95e8
-
Filesize
1.3MB
MD53dad3e1cb36dd2f7707f51a96ac83c69
SHA1ac39045a733601ebba7e8aade986f653d3ecc8b3
SHA25693f59414139d1c2f074df76b20255c37a0070f95a4d4867e2796dbf2fc11ab96
SHA512f7e925e139a080d85a0f064687569b311d4fa4dc655ee49f334c33b60ea06dbcc492c942631dee2e1d6924ddadd9be1879002e2319898c4c11a06aeda991d5ab
-
Filesize
1.3MB
MD5b46284f6848954b2b99d94ec98705788
SHA14ba38e947812555d000dd45c15c6ffe712a02827
SHA256e05bf1e6fb8571ae9eef89abb2209effa2bef5063d5105f9b382514266e64917
SHA5127f618aad519f587222e04cb64300556022135ebf71ed686fcab9dbed2282fb8d191b2b31f5caa9a022b60cbb7aae5d470ea6e3abd2a549f746871685380ebdcd
-
Filesize
1.7MB
MD5cf29486e0b62f2813d6f565c3b2094d7
SHA1e56bd499a023c3665a7646c2bfd4765c2aa3992f
SHA2563a86dc585d84615250510c0d1e3e57611c23552499f30547cca8da73ee0d07c5
SHA512e72d3143fcdac624c51e8f9909391cb01961899ffe2a1803a5961e5d5e2b6e0622812081825ea6bcf10d98e985716bca626558fbec1c89e8c3364afa5ad8d544
-
Filesize
1.4MB
MD52cb094329bf947b6de89e952b8788e97
SHA175ab4e7fbcc27f4bbc1531d8c030e2db2850e146
SHA2567ce7f0d3e7ee0fb1a6b0974f1b1362dd9f01a8dab9d9115dbe774fee33fb0c8f
SHA5124974effdf434b376c1a9fff73944222376728e319e9821e3426b1aac36f15b31608d29f77dd65b244f6cdd2d405d89a530926fa23136288788a05d6baee77774
-
Filesize
1.3MB
MD55c7d67ca186df92805bd2302d4a24166
SHA18d798bacabd5eeab8c56b74734ca9b00c4a010bf
SHA256fae03944427a02be25a4be6dacd64a0b355caade8f71ba8fc4e5a81fd99ade5e
SHA512054c4f1ab09dfff5218c1fafe66d97996e7474f4d7e8f82fe93eb078a7800380f89c521c82ad7c1edcb1f9254782dc0150ba204b00cc4917462ae3cbe7e53477
-
Filesize
2.0MB
MD5783cf9b1b6ebdf8b184e026c8b04ddcb
SHA1b2d489093a3265598077e716eb4c25f618197fdb
SHA256c647c59a80e7fcdafe13ea3a9fa8fcff2316fce8cdf73dd16068ac2fe04c9d51
SHA512cfeea8734b92c72a28cd40956e6a65b2254678b0a9bf71f87f2d7fdc1e2e5bd1fd6425c40fd9ef29b15884675141904e1e15d0b81805ac9a249bf757498d2a52
-
Filesize
1.2MB
MD58ed2c4d4a85a187449b8af0561753100
SHA11708a64e98c08c11b3aff793ff0b2b792443a362
SHA2560f36feea59b4825e71e06a9fcfb5d7d3c4f932fd7ff9e5e296269201f0b0f723
SHA512295c3f1a81bf45d8ace713b7baa04a885a1822029aff9a79cb292a7ed11396ac7299b83339b05f6e5c536dca19033821d4eaf6efb1ae8a08595a153db45bd155
-
Filesize
1.2MB
MD5f21b61c5d40f01940ab3d058e6ac6ba8
SHA1f9b27bd6d64ee6b36e046439c9f1a54a0649e89b
SHA2560f02647cf9de9013014dbcd86b5c0b8bae87aef4332d82ca7de23feb07b7411a
SHA512bf0209d8d15a94016efb4f0a96b886cdbcdcf57d406bb350d42e579137e4dc6f4be9a624e242817eb4b20300787f4c54af45cd8cc16b05a9be899fa4b7449201
-
Filesize
1.3MB
MD500c0697229a033e916dfa874b2234171
SHA1a648a670a80c4ba57721fdf77027ab2081208596
SHA25600fdc9bc95e6d52fa2fffa3c5a561590d8aba29a66806ddc369a9ead3170c954
SHA512944187cad4732d7c3cbc6ba02845ed25cbdd38e71861247b32df9ff8b8018e0b7c7fdba0b14b21299452ab72c549827eb1db369ada85da6345ff6b9c8d6e908c
-
Filesize
1.3MB
MD5fb8d7b4efbabb387398e5ffc62b56c25
SHA1d29f23c869d3072ba5ba0b0ef306d3ca006dc94e
SHA25602659d4f17702d82ae0f0afa5c7ac7bc3cf530df6802d5269c7442f5ad932b5c
SHA512538c0626b42f016eb677b3b4c0860f3c178a9394c11eb4931485735369cbff775521f18cd6ed4c71c23edf5303feef92ad7ab6b10bc2b76cb08234ed6c88f080
-
Filesize
1.2MB
MD549ae14203ae757095478513bb00f7384
SHA17e2e97312918a76dc767715ea52b485d79735df4
SHA25659675ace8a5607f07bb8f387d9ee836fee71540a1fc9941e7e6ca717c92dffd0
SHA51222cd2846d27e2932c96f5cb6d55f231c9b57bfaa30c779dbe0e46550560df3445970455bfd03198541b0f9b727636811833d5869d272b546628dc00fd6f26867
-
Filesize
2.0MB
MD545842e7ae66d4e3997eda8ec26f00ec2
SHA1c447667368eca1cb1b49af78535e78339d060fd6
SHA256147505b4a5b48551c65ca1d36b31c9afd2a67dc3325a68fdfd99b4f7afdbff51
SHA5121891d75d3e579e0fa5ce2e279de8b649cf6238fef2afad8d4e829933eb59d84ad73479ea5cec2afe771f6e199bf448f202b2c21d5602a49ec481b54864e40803
-
Filesize
1.2MB
MD56713bb56e803d65231fef45d012c80c3
SHA18a7c38fde7555d7ca6dfb5aead29e334dccb89cb
SHA256a4e5237ada3060c19396fdb041961ddf51787145116373e9d8d382699e8a67f4
SHA512dba778ece9becbc9bbd25d8510abeaaad92fc76b798fc4be8eece503de1730216dd2ebf1380e4ec67b45fa538adacf78ab725640f86e3ae1e1f2be41776b80b1