Analysis
-
max time kernel
40s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 17:58
General
-
Target
setup.exe
-
Size
2.8MB
-
MD5
b27e51a6dc4065e25c5aabaf120aa463
-
SHA1
43b49d435183b27dc6c9b06c596b3db8d92d9c49
-
SHA256
83b0a9611b9bb5ebd1de0ea48d465705f2ad9e13af9dbc65d0c6c4b2a4081eb6
-
SHA512
5c03d40300a6932d42beb18a57fde4285a86b8d8e4b44ec3cfeadf6fb137c8135313dd2f54e753b840b3a6e190f74deefbf79c7461d10ce9841dd54f47255efe
-
SSDEEP
49152:CWz0ly6XP1/a/lRCK3qaKqqUVEIKQy9aO5ywJ/GmmFfltkFOxUy1Ep28TAWa:DzT6+XC6qa8IZhW/GmmFflHx7Sp2RW
Malware Config
Extracted
stealc
Extracted
vidar
9.6
681a223bec180ebfdc48547d3d5bd784
https://steamcommunity.com/profiles/76561199681720597
https://t.me/talmatin
-
profile_id_v2
681a223bec180ebfdc48547d3d5bd784
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
Signatures
-
Detect Vidar Stealer 3 IoCs
resource yara_rule behavioral1/memory/1980-346-0x0000000000400000-0x0000000000647000-memory.dmp family_vidar_v7 behavioral1/memory/1980-350-0x0000000000400000-0x0000000000647000-memory.dmp family_vidar_v7 behavioral1/memory/1980-348-0x0000000000400000-0x0000000000647000-memory.dmp family_vidar_v7 -
Detect ZGRat V1 4 IoCs
resource yara_rule behavioral1/files/0x0007000000023455-191.dat family_zgrat_v1 behavioral1/memory/692-240-0x0000000000390000-0x000000000080A000-memory.dmp family_zgrat_v1 behavioral1/files/0x0007000000023455-207.dat family_zgrat_v1 behavioral1/files/0x0007000000023455-210.dat family_zgrat_v1 -
Modifies firewall policy service 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\C:\ = "1" setup.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ setup.exe -
Downloads MZ/PE file
-
.NET Reactor proctector 5 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral1/files/0x0007000000023455-112.dat net_reactor behavioral1/files/0x0007000000023455-191.dat net_reactor behavioral1/memory/692-240-0x0000000000390000-0x000000000080A000-memory.dmp net_reactor behavioral1/files/0x0007000000023455-207.dat net_reactor behavioral1/files/0x0007000000023455-210.dat net_reactor -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion setup.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation setup.exe -
Executes dropped EXE 5 IoCs
pid Process 3124 e_j5FofAcB3so520v7nFBWLN.exe 3552 zHKWPp4VX4lSWCU7gqJPkf1N.exe 692 U8R7GLSoW2EI07w0rr3xThex.exe 4180 XQDcMgOM7PaswSUJuddMbfXY.exe 1916 pqJDrfkjXwyaqb4_nLw6BNiD.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/4960-0-0x0000000140000000-0x0000000140950000-memory.dmp themida behavioral1/memory/4960-107-0x0000000140000000-0x0000000140950000-memory.dmp themida behavioral1/memory/4960-160-0x0000000140000000-0x0000000140950000-memory.dmp themida behavioral1/memory/4960-163-0x0000000140000000-0x0000000140950000-memory.dmp themida behavioral1/memory/4960-236-0x0000000140000000-0x0000000140950000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 152 iplogger.org 153 iplogger.org -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 16 api.myip.com 17 api.myip.com 27 ipinfo.io 28 ipinfo.io -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini setup.exe File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol setup.exe File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI setup.exe File opened for modification C:\Windows\System32\GroupPolicy setup.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4960 setup.exe -
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 2852 schtasks.exe 4540 schtasks.exe 2988 schtasks.exe -
Suspicious use of WriteProcessMemory 43 IoCs
description pid Process procid_target PID 4960 wrote to memory of 3124 4960 setup.exe 93 PID 4960 wrote to memory of 3124 4960 setup.exe 93 PID 4960 wrote to memory of 692 4960 setup.exe 94 PID 4960 wrote to memory of 692 4960 setup.exe 94 PID 4960 wrote to memory of 692 4960 setup.exe 94 PID 4960 wrote to memory of 3552 4960 setup.exe 95 PID 4960 wrote to memory of 3552 4960 setup.exe 95 PID 4960 wrote to memory of 3552 4960 setup.exe 95 PID 4960 wrote to memory of 4180 4960 setup.exe 97 PID 4960 wrote to memory of 4180 4960 setup.exe 97 PID 4960 wrote to memory of 1916 4960 setup.exe 99 PID 4960 wrote to memory of 1916 4960 setup.exe 99 PID 4960 wrote to memory of 1916 4960 setup.exe 99 PID 4960 wrote to memory of 3676 4960 setup.exe 100 PID 4960 wrote to memory of 3676 4960 setup.exe 100 PID 4960 wrote to memory of 3676 4960 setup.exe 100 PID 4960 wrote to memory of 4496 4960 setup.exe 98 PID 4960 wrote to memory of 4496 4960 setup.exe 98 PID 4960 wrote to memory of 4496 4960 setup.exe 98 PID 4960 wrote to memory of 4544 4960 setup.exe 102 PID 4960 wrote to memory of 4544 4960 setup.exe 102 PID 4960 wrote to memory of 4544 4960 setup.exe 102 PID 4960 wrote to memory of 2848 4960 setup.exe 101 PID 4960 wrote to memory of 2848 4960 setup.exe 101 PID 4960 wrote to memory of 2848 4960 setup.exe 101 PID 4960 wrote to memory of 2540 4960 setup.exe 104 PID 4960 wrote to memory of 2540 4960 setup.exe 104 PID 4960 wrote to memory of 2540 4960 setup.exe 104 PID 4960 wrote to memory of 4128 4960 setup.exe 105 PID 4960 wrote to memory of 4128 4960 setup.exe 105 PID 4960 wrote to memory of 4128 4960 setup.exe 105 PID 4960 wrote to memory of 2408 4960 setup.exe 96 PID 4960 wrote to memory of 2408 4960 setup.exe 96 PID 4960 wrote to memory of 2408 4960 setup.exe 96 PID 4960 wrote to memory of 4744 4960 setup.exe 106 PID 4960 wrote to memory of 4744 4960 setup.exe 106 PID 4960 wrote to memory of 4744 4960 setup.exe 106 PID 4960 wrote to memory of 4264 4960 setup.exe 103 PID 4960 wrote to memory of 4264 4960 setup.exe 103 PID 4960 wrote to memory of 4264 4960 setup.exe 103 PID 4960 wrote to memory of 2820 4960 setup.exe 107 PID 4960 wrote to memory of 2820 4960 setup.exe 107 PID 4960 wrote to memory of 2820 4960 setup.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"1⤵
- Modifies firewall policy service
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Users\Admin\Documents\SimpleAdobe\e_j5FofAcB3so520v7nFBWLN.exeC:\Users\Admin\Documents\SimpleAdobe\e_j5FofAcB3so520v7nFBWLN.exe2⤵
- Executes dropped EXE
PID:3124
-
-
C:\Users\Admin\Documents\SimpleAdobe\U8R7GLSoW2EI07w0rr3xThex.exeC:\Users\Admin\Documents\SimpleAdobe\U8R7GLSoW2EI07w0rr3xThex.exe2⤵
- Executes dropped EXE
PID:692
-
-
C:\Users\Admin\Documents\SimpleAdobe\zHKWPp4VX4lSWCU7gqJPkf1N.exeC:\Users\Admin\Documents\SimpleAdobe\zHKWPp4VX4lSWCU7gqJPkf1N.exe2⤵
- Executes dropped EXE
PID:3552
-
-
C:\Users\Admin\Documents\SimpleAdobe\Bvp4ax_N8wM6lgjMq1gZZSb2.exeC:\Users\Admin\Documents\SimpleAdobe\Bvp4ax_N8wM6lgjMq1gZZSb2.exe2⤵PID:2408
-
-
C:\Users\Admin\Documents\SimpleAdobe\XQDcMgOM7PaswSUJuddMbfXY.exeC:\Users\Admin\Documents\SimpleAdobe\XQDcMgOM7PaswSUJuddMbfXY.exe2⤵
- Executes dropped EXE
PID:4180
-
-
C:\Users\Admin\Documents\SimpleAdobe\lPlb81cEu1laF3ccIbJ6Cy7i.exeC:\Users\Admin\Documents\SimpleAdobe\lPlb81cEu1laF3ccIbJ6Cy7i.exe2⤵PID:4496
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
PID:2988
-
-
-
C:\Users\Admin\Documents\SimpleAdobe\pqJDrfkjXwyaqb4_nLw6BNiD.exeC:\Users\Admin\Documents\SimpleAdobe\pqJDrfkjXwyaqb4_nLw6BNiD.exe2⤵
- Executes dropped EXE
PID:1916
-
-
C:\Users\Admin\Documents\SimpleAdobe\rlc7_l6SCy9bFClHOd2Jh8Ru.exeC:\Users\Admin\Documents\SimpleAdobe\rlc7_l6SCy9bFClHOd2Jh8Ru.exe2⤵PID:3676
-
-
C:\Users\Admin\Documents\SimpleAdobe\16kq4aJLvhOmQhIuz9u_feaP.exeC:\Users\Admin\Documents\SimpleAdobe\16kq4aJLvhOmQhIuz9u_feaP.exe2⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\is-NVDIQ.tmp\16kq4aJLvhOmQhIuz9u_feaP.tmp"C:\Users\Admin\AppData\Local\Temp\is-NVDIQ.tmp\16kq4aJLvhOmQhIuz9u_feaP.tmp" /SL5="$30208,4874549,54272,C:\Users\Admin\Documents\SimpleAdobe\16kq4aJLvhOmQhIuz9u_feaP.exe"3⤵PID:4252
-
C:\Users\Admin\AppData\Local\Kerato DJ Prof\keratodjprof.exe"C:\Users\Admin\AppData\Local\Kerato DJ Prof\keratodjprof.exe" -i4⤵PID:4224
-
-
C:\Users\Admin\AppData\Local\Kerato DJ Prof\keratodjprof.exe"C:\Users\Admin\AppData\Local\Kerato DJ Prof\keratodjprof.exe" -s4⤵PID:4636
-
-
-
-
C:\Users\Admin\Documents\SimpleAdobe\c3XX6l4HKauhE3k6c7vBI6YD.exeC:\Users\Admin\Documents\SimpleAdobe\c3XX6l4HKauhE3k6c7vBI6YD.exe2⤵PID:4544
-
-
C:\Users\Admin\Documents\SimpleAdobe\DCiGOV3OffetnvIwN3zaJ2Mg.exeC:\Users\Admin\Documents\SimpleAdobe\DCiGOV3OffetnvIwN3zaJ2Mg.exe2⤵PID:4264
-
C:\Users\Admin\AppData\Local\Temp\7zSDA24.tmp\Install.exe.\Install.exe3⤵PID:1436
-
C:\Users\Admin\AppData\Local\Temp\7zSE8D9.tmp\Install.exe.\Install.exe /ASOvdidHUjV "525403" /S4⤵PID:3588
-
-
-
-
C:\Users\Admin\Documents\SimpleAdobe\9xMVXHnwFwPu_58zzF4nkYYP.exeC:\Users\Admin\Documents\SimpleAdobe\9xMVXHnwFwPu_58zzF4nkYYP.exe2⤵PID:2540
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵PID:4204
-
-
-
C:\Users\Admin\Documents\SimpleAdobe\gCfSDVRJYc7XxIs0N1AiZ6QP.exeC:\Users\Admin\Documents\SimpleAdobe\gCfSDVRJYc7XxIs0N1AiZ6QP.exe2⤵PID:4128
-
-
C:\Users\Admin\Documents\SimpleAdobe\4SpnTR6pBihxv2hKvxo8bTLw.exeC:\Users\Admin\Documents\SimpleAdobe\4SpnTR6pBihxv2hKvxo8bTLw.exe2⤵PID:4744
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
PID:2852
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST3⤵
- Creates scheduled task(s)
PID:4540
-
-
-
C:\Users\Admin\Documents\SimpleAdobe\MPNBiAD4ZB21J7Nz5DH6knTV.exeC:\Users\Admin\Documents\SimpleAdobe\MPNBiAD4ZB21J7Nz5DH6knTV.exe2⤵PID:2820
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵PID:1980
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵PID:4120
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵PID:3596
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD534b69661f901fc1130442da154498674
SHA13b25e6569e20f770e11df2648c9453a89f048406
SHA256d969dc9c2c3b0c5adb8d012479075b88dbe2bd42f1abea82c11c55adf64b09aa
SHA512937071cf5f61004d71a2caf4549e4db00891532c1ee649a077b5e0a507deb4a21dc6babfd74b0e86c2bd8c9f5125938e31ab82fb6c07c3ae03b42be07d655b6e
-
Filesize
1.1MB
MD5d957adb09b22e13fc6a6cebfa88eaca5
SHA1a1fb5152e72603b89f4ddc70315b982a11acf7ef
SHA256f3f3f41755f0482d9219aa53cacb0405b2c34fa9476934b4630944cb056fecb9
SHA512422c3e416b3c3d938f00f6a1d4a9ae360143fda85a11f6ad4278eea31f78730e454941ee75ca5d32fcec1483f2cf046e19e2ca28f53de8f8bdde18e044f9eb5a
-
Filesize
1.6MB
MD58bbd4a1bd41f5315cb274c2d9262a3ce
SHA1c46c1b328766d65a1ccd6867e24d68f28124c926
SHA25677759b3d8627e04c428047a593a06d6f6bca8f7bce962c0489f567daf25f1686
SHA512ddc780c4e8fb7daaf1e27a08c3d6fe75d470c2de9a486c1d66ba61b7dcc84426cc5a480e8129f0353e653c3d2eab8ff9555c8949358eee01d69f8f9d64bbc086
-
Filesize
1.3MB
MD50cd1326aefc493bcbcd1c5e7d75faa10
SHA140116342435b15441a0cd28c364ce68f1bdceb11
SHA2563291098798b3fd9864b360e322486556d395a153b70903fc7326a895ea6b2906
SHA51267135bea8073cb0ba01f09346db286574f925255e41d740c6b2cb3d9c9af1e2adeb6952cfedd8c65e95b2e06dccfba666245dffc3fe02615db689fe113752f92
-
Filesize
1.9MB
MD5f0716190060927d7c8b28415a2fc0145
SHA1cfdba3748cc8d2cf99a742dc1e310d15cb0cd7c6
SHA2567b1643c9f34ce9868c95ff44fa3ed51033029173c3c307f1140c937114157ef9
SHA5120c22bebc4c0825de1f98b7556d6c317267849a55ce78563397da725799a6c85e67c11fa5f8bba3e6d504f01b3621a317ee1cef43cb3a5da682b042c51d6ee0e1
-
Filesize
2.0MB
MD5e17688520a823f30a1a58a0f937d514b
SHA1abfce374c2e2d0670a6e9bd858f0bc49b29391d5
SHA2564a37131fc3351d5b2cdb337f33735f9fad0ba3f2ef8f1352dbf6ac178107c21d
SHA5124ecda3c8ef66a84e134a5477e7791be39a300b2a0a7ca156e699dffbb96ba62489bcbcf7df2266abb074ae19bf0a4432342387f1778cba016b962e600aad1607
-
Filesize
768KB
MD5969a7088948044583c234eb87f912968
SHA1b1cf24bdbf25704c30dc7cabb393c90b1fcfb545
SHA2565b7c39aa737759ca5b2cec162a3b7b5217e65b390c3f6251d8cbcb3ec06c8ac2
SHA512aca3a5517c5dcd6421e23de9978366fd302fd049196704e0c679e6e3d68006f6a2a141e3e63281e5f72dae5d27ed76c67a6f40dc02b665c556293f37915870fe
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
19KB
MD5c948b46ea1eb5757ecf75404571c31ce
SHA16665b8d48fea3538c7e043b7ab700778d86307a3
SHA2563c5b63d61e00f30790c7df0f048473cb04d17e175d8177e86c7cf5062dcaad24
SHA5126b326b34c8142ef2b75df7f83aed11400a86d19806730bab0515ccfcd6eb2ef71d6db707dbd48d8f1f8ff9e3eb6626af80d38394ebaf2742ef3df0d0ebe4f256
-
Filesize
696KB
MD5ccee95cec1c0cfdb1e7ac88d545cca4f
SHA12821f4882e07236208b84bc6992677abbb0a8015
SHA256a6616aae0d88eac34ce29b885526e8e3f4c7ac257ded1e59394c624787187875
SHA5121b79e9d17183d14aafef7a7484728d517d3a1540797fc2a02d3b793be815b1d662e7f94b18b2ee9d03dd89d13f0a4df72d23cbe1e6441fe2a4c69b6728e27d14
-
Filesize
25KB
MD540d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
Filesize
4.6MB
MD5cc7eaa1615c32b7d707e2c6746c63107
SHA1f7661a6489700b436d59f29afc1cca83568fcede
SHA256760044946bdd841cf6b9567e592f79d1f1670489c756beaa220553b48e55aa90
SHA5129e7dec47e9d4cada022ef897d6c8a6ceab829342287117be6c1d8e1807b335352df1bde122c3f9c1e8cba1264beaab28317e216c0eea951b52b7a01a8a22e80f
-
Filesize
3.0MB
MD53f5bde95fcfabfe434f044626d1c799e
SHA1d4f0ea7264b0337f5b8f01174fcdf8e3c5cd9e05
SHA25644ae777242f50257541180ccae7c4e335d8bcb4ad319c1b74a581178151b48c3
SHA512204f42489c2910bba5084c7623f382d291e787438706d05668e745bcf438c12e1373bc8b557ed337f4109c1c2d5529ad61e5e5cc36e1f51ffb838929234857db
-
Filesize
4.9MB
MD556e259cec50be79a1505d8bbcb742e2f
SHA12818425da19e1db91e550560efb0f28a0044b86e
SHA256b647625f61f74e2b5d510a781c1dd6bd1d4945b4dfc6b54aa1ea47159b08f7a5
SHA5120c2df7e5c0bbf5c68409e5306eed1862df854c7b076c9104d1f67b7256594741043092cca66dabc8376f09c0de4e184cf6bab8398d1faa21b96059e44d1f9729
-
Filesize
3.1MB
MD5395eefdc1a4acdca0e2fe54424c7b804
SHA1be9feab5b3e29e776a711ba0498b44150a3cbc8d
SHA256a16a15300a60c9f0d62caa4c57c03fd1b14a416b317b092e72e46cbc3933f47c
SHA512e2de13ae4149ef9fd2c11d1560cee19df33fc684477d91ce183083c93632cbe7e755e24cbdc0bf3f418d3099f011ab933fcbb99ebe5124e4e9f275bf0298b2a0
-
Filesize
1.2MB
MD5ba43a528f7fd3adeb654275bdc4ea190
SHA1ab793efc8a0f94623c5245e0c96aaad56dad1f25
SHA25618e108c298d2a23bcafda5d40c21ffd67b48c2f5429a8b8f5864e593a83eb424
SHA512fbfe187af23227e5778e5cee956f8649a0c93beff29e0647aedaf1feda17cd6c020254369f27b9d919f159e1d5160a3cd5e93f24a3db474ec84910e3e2bcc558
-
Filesize
9.0MB
MD578b368161165ade1dce05220e9959776
SHA1867632bfa11644e73954486bac0d18efeb8a36fd
SHA25627ddb70d8e8e61fdf6c2f372840ca134337dca0d1ab23d8e37de3921cae0488d
SHA512955a1800411f46dbdc78bec6e09091a869054b5d45e55db6cd2e6b323825d948b3abfb1f578d4ba7259c4f2dc17f3a6a39abdd36129d242b417c553e2db5134b
-
Filesize
4.2MB
MD581778fec17ef11d77ad7d66b4a7b8004
SHA19b805c3946963c821a0aa982cf4a728072258bcd
SHA256c43a7cbc1c15c654a287adb1736eb11a213754a1782df446224d2df86897779b
SHA51286157057ab48170107f6611c20743e0ece03677e32b2190394c26e71def0ce021aa72b354a100649e13b5795cf173c3c2f4ae12908797baaa091f43f5fa51aa5
-
Filesize
2.9MB
MD5b9263fe18ebb922b0ca8fc916c8e0a2f
SHA1d566cbbe8c50e2d8cadcf4a6ea3dfba03b7eda8c
SHA256ae6a08dbe8f312a5cdc99f955212cfa462ac574e58f645106b9d51809be80d0f
SHA5120d7fdb61ca0a8676a5e690515832468b31baf83436a302a3d70c46ec1365e44a118c7f690d3c23d9d64655e89bee02d430c80687314499677454039050b53e5e
-
Filesize
7.3MB
MD562081eb5ea72644d75d687817ff96744
SHA15e81d1573f3f8936af358c60a8ed1fffb49ae6cb
SHA256b7691b8ea6f0ddd4911e1ac1203fca072a529e337be9fb21108d8dd2a8d3eb4e
SHA51203a87abf69139d248d2b323c2b4e11e79c83b5ade838f92f8711ebfb1a325cc5558fdbce30c61427418bdf48df471839d67be8289e9f17fb353293f71de32dcd
-
Filesize
3.9MB
MD5557b4c4363618d20adc0c7076f1b669b
SHA10337baf6a2e03748cfecb3f1b6050f16e261df4d
SHA25667f24eb7905eb3094d148c947090ba955159b0f4c3a4912cd3af006855f8dd9e
SHA512e40bd2ecdb119f801a036180accc8481831ef3cdeb4ebed0f354b4559fa7fed2f4583930fe84c6f7c6cb710125b5e9087b79d29e157ffb619f43692570cd4430
-
Filesize
2.8MB
MD5ca09e84762977779a0aecce171de5b4a
SHA195b0d85f5cfd50431805899edb0ae3392cb06e4f
SHA256886d00dee7fc4a5f70b273e3ccff58cf3dcd77b3a31680e07ee095054a890365
SHA512f708fe808dfe9494590b9a00419531f448a8df29d9c6ec829990978e77ad20ef825d5a77d8c39c76a856ae074454a55e78824f3aa8257e1c0f8582400550f374
-
Filesize
303KB
MD5093f9bdb6a9eeff2dfb30873fce6a2a4
SHA1e38d74f0693b927925085a019d7b2d536c37a33d
SHA256f90ba2d430cccc9e724432245c16e858e228b8343a5d23a5955dc6c222047185
SHA512fa4ca1c4884ec705f1d851e882f4f2c2723f10bdf47c0b9a078a2ecaa23fb868cc719bf8498ecf6d56e492c8491b7e846dd192b750c23ed6d45530bfc28ab796
-
Filesize
303KB
MD58dac3c36b5ec42891407f043bc2662bb
SHA1569c81f11db9e27e829fcfdd286b4cf723596e0b
SHA256a3dd5cbe00ae668bbcb6110e428802555dc71ab60b9803251418dc0a87e1446e
SHA51244a5c5d10bc3af5d654dbe168cfc8f1d0e7c0a9ee333b13d25a9725117245155abe9f8a54c000067710178f8c882876ad72e48b147e0192277fee0e4cbdf3b88
-
Filesize
450KB
MD529e787e2b219616e77dcf16281df3fa4
SHA107de213c6fbc20d1ceb6dedb967f4126fe8de15e
SHA256037e5ff442def475725a5783aa3c86cfb399378a74f2f569a7b7fb997aeb6c57
SHA5122f96f21b527148cdca68605ca2c317e3b516b60070aa2e70701c22c791b4869850e060b6fc1e3b151cc5950f20d4a33d005404efaa7d67d3f0a560c213318ad2
-
Filesize
4.1MB
MD5a2ccc6e42cd25f06fed4919b03b5f7f0
SHA18e673b0281e296719b990093c3f4f45bf83600a5
SHA2562b4ce6bcfe7a1eea5db3bb288079dd30d06320fb5ad6a7e30db9fe9569c59696
SHA5127769553351b6282dbc3f45c87ddea63667e01a4c7dba380a89065e0188b250f996f44ab26fc40537cc2e36360e0efca2adf720c69f0764874a86d02f9608a246
-
Filesize
4.5MB
MD5a683579e14a4932683d2a98999a07450
SHA18c78cc10d80a3afeb9e1404e15de31e8e81c967c
SHA2561f2ab3305c8d5ec522492696e40d7d6b613f89c1b497ed6835fc6a7c95a5c6f9
SHA5128d3a76c8f79a35c5773a2e55cd416954347cc39ba8f3ca2c2c17210e3471a6775981ec027d0228943b2b15b6e74cf2bf373e0a3a68c6e2d000d12633713ee64b
-
Filesize
3.8MB
MD54f8a176b205993330e05ae1c49e463c3
SHA123c1bce3923058162d0066fb1de6c0efd4d47e87
SHA2568a4983c7d0dbe457c464908ef64a962b46bf61dd19d427454a47e4ac72cdeb27
SHA512d475ac2e1d7d170c7d12d1c520705f9832d390adad472e96b56b0aecb939df915c2c8420c91e02d2a1d2b878bbdd9c4c8d96b6d0d14c2db645f5312a4cec6d49
-
Filesize
3.6MB
MD5b7e70c4b6e2533a3216b47f338307d29
SHA15b33d66916524ebefc45d1d8f429b2bb3ca3702f
SHA256993436af4992c600853b43aea4965547a141a328da13cab177045237db339160
SHA5125b0c46cf737b9d9d284bc5d9cd42eae942ba62b664cbe2102d9e7c83d7b66f735721794748b113cd0f7fb77c65fcb87b2444600930613769fda163774fcdd22c
-
Filesize
4.2MB
MD5398eb05c6bc673a57445c9fd009d9ad5
SHA1a5e843f7e5aa8db5a4e53aa8e6aaf64845d9b38c
SHA25618cfacf437b1fe74569f583e8db02c2520577195373156e846a7181c06b4bd42
SHA51245a446d4d6b5c164089247a1aeb86b109ee74437fdd5252bec1bf184248b47c5ac3ddba92f10b38ab8736a22816846f188630bac6d5111c66d7b34099b263229
-
Filesize
65KB
MD550c2351d515f9ea10496e4e33401bd2f
SHA1a3df57bc9e85e38bf8129e2a03695dd092935b97
SHA2560f949bcc2b6eee21800264fc2a73689349336daee566cb773789e980f89ac6e9
SHA51201fcedc03cae4b65f13914c9a7c03f3ddae216c555a6b7208cddefb99de1980377f491ea24f43b58f2d9fa8055f3adafce8cc19f3b05a6e3963b5b58ba86f42f
-
Filesize
49KB
MD5213c0265511727869c959abd24ea3677
SHA122ea6fe23eeb57d0048d1b0e2a826dd66c6969d9
SHA2563b73d0b40752af41cdaa397c87f039167f0a1c9ff8ea6623fc8a8cb4ca787ca7
SHA512bfa4d229ade2e47d91f3fb761e68f727aab86980a2697cb06955324e9b61b384569a285edfaa1d1dd7aea95e24d171a770a4f573a19ec795325c68250720f41e
-
Filesize
49KB
MD5a904406e113cdff69ec10c5327964c69
SHA1ceb8d158b85d1276073cb636769bfee2a97255d0
SHA256b4efd812665bb7b7bd3d81222224e739697fdbabdee4298c43c9a8ee7f14c635
SHA512e6eb166d1ef04a497141c542e2bb64198e4809163e19d29abc4ff7a6c05f43a1ce7d3f24b8e193efabd3c9991f1e72ae735a09933e7a65f3b0e93b3130f6c7d6
-
Filesize
10.9MB
MD5d43ac79abe604caffefe6313617079a3
SHA1b3587d3fa524761b207f812e11dd807062892335
SHA2568b750884259dd004300a84505be782d05fca2e487a66484765a4a1e357b7c399
SHA512bb22c73ed01ff97b73feb68ae2611b70ef002d1829035f58a4ba84c5a217db368aae8bdc02cdec59c1121922a207c662aa5f0a93377537da42657dd787587082
-
Filesize
4.8MB
MD578554ff60001027e3a46182f025dcf0b
SHA1aff9b7c89abd23e8e032f7526a46d6505fdb18ac
SHA256b61ca2fa35d561f145a56413f63f435ffaa59ccf7c24227baad4170aa7c174dc
SHA5123757ba0e936766c2eee48f6052f01abf5e563bb94d9ecbb9705875db85e5d3f0e6af2c3206d3f25445dd450d25332e6e319f8b4a32f6c98dc0c2a0e74a19787e
-
Filesize
3.5MB
MD5d5314b1179d2ffbe9fe8c27a91b22349
SHA187e2ab6bbc0aec632634465e5b5a96f3ee32a51e
SHA25624892aa68bbb6031c3bf74d3d0fe83e34a930167132c1b1f358db72c1bae43c4
SHA512fac32a62340fa8d039ec6fc0eba72a2dfe5fc6353139d35a5ebe1fc8534806caf16ad53e1c0b351615778770b7fb831a837b9a4f876002e819e6edb094730f46
-
Filesize
246KB
MD5372153dcf086b8a301ff1a56f7eabdd1
SHA18c6c63bd521cfaaad3cfb23f11f07195c14c2fe6
SHA256741dec0da90dd267a30b88b6f17b842af12a27c6c4f3746abf9ecabe57b16306
SHA5128ff4e19c29a920f2ad8d5d6dd650c152cd03786e6e10652c855cdbab0bce6192d25f7f7cb44df38f671b844cd7e626e4f8abd9745b60d8ae3d3023d217a0652e
-
Filesize
5.8MB
MD5962ccc049d115a8c7336cb4c44fbcb9c
SHA1f5b211da99bbea7d31cb89b48d3ad2cfdd444a67
SHA256cb4cb84b05cae44ff96d7294c1e90973f67eff39f7c4ff87264819ed589dfe14
SHA512dd7c5cd88480da783cbd5e8797cf07c20ec07f843cb168a0bbc95c85e62e94858605beea3bcb01146e2adc63a408da9e4f61f50e38097739e86b273d6e4bf892
-
Filesize
3.4MB
MD57aaf1efb61a6d85031b9c17d3e4f68fc
SHA1f3a9bf1f71d00077ded39d7aac9a1a01a60df934
SHA256b1c505c24ddb6ae6df043ce0b011d0f87cdd1258ed807250dec06c0ba5098854
SHA5123f4bd0b6276eaab33b9fcb4e24994dfe0015c4c56eee837d64c870a4a4a1bb4add4e683763d7a39646160dc8a1a92df0d565c955735133775ec36a0156df6f1d
-
Filesize
4.5MB
MD54e8045153c0d985a1fd63d236f3c95a2
SHA1359d9c04b400ac57e49cc5d9b17ff122abdaf2cb
SHA256345df79cf65b6e5fe8807250815f96ff9f2aa3a026538d444c001d41c1cbec18
SHA512a903768840a85638efbeb7f66b76688a41f4aba3b71f7ff7a09a2a1014ea693dd548ac0e77fd4ba199738c339126b2f21c277c76ad6dac49255753c8b2c88225
-
Filesize
4.2MB
MD5b4b80d85382be0b9cd48a509501164b5
SHA175e03a328bf29a2a404ff0d4ff7e460f23ac2105
SHA2564940bfaa825010f3309f249c28a57f6b3aa13a7d5a4d89b5dc88a881548c3761
SHA512227fb3d4a7d1cd6e1036ba5e5d061eb34f2a1b05a42a92a1018e98f577e43dcf2c1ca0e88d0ff4f62a36a4f9db46516ce9b5f3a9c69c709d5dd4a97206eb7f7d
-
Filesize
4.1MB
MD51e8c3dc065008fb9dec14f738125f1e7
SHA1d25430e7773d76ed3254c4d3d8f5f9dccd7e3fc3
SHA25600695788800882e753b07d7e81956e6a8ba7953eb2288a0c24d87834a74f9f27
SHA5126a8af74f52f28a9dc7db1108d5a095a828db1af832d619e9883d3903b2ba1e5b6496af3c7a542d4b8e75f99d38b95e34f840c7ba5a3a97663cd5427649d3ee48
-
Filesize
3.7MB
MD56166d9ecc98f8c709b7230292bb38d81
SHA150b9bec88dc7037ad2eff5bb560c4c7ef65b16f7
SHA2567429919f4316d0e31af1a81a2fa257cba6c37bb1ca20652f7e4c1d316b0d71e4
SHA512b13871dbb0d27cf1d8b9139650baddfa4f331585292d1f79b3362fdcfa210c19f298a530827e415e4939c7341aa1dacdbb17fd4611a05bce217284284d6a18fa
-
Filesize
1.1MB
MD5adabacad85b16719726a41d03b632edc
SHA1c6b2549cff52cbba08be647e8ac46a4fbb175a46
SHA2569eee944ca20b6bf9a6623cc5c432d11034745c68075a38d5dceb123e6ec7f6c8
SHA512c6f0e681a42adf11cdaf20addfb778390ce77d02a03e6904e8f2f7829076f1a8822d2619fd5b72ef0e333fed02c24dbbf7ea9bacdc122ae0056cd77f63c74cfc
-
Filesize
3.6MB
MD501aebd1d440c4668b7f9f2504dd7b8bd
SHA12aafb63648bfda5b510a955170ac997e0085d526
SHA2569b2a82e90326990ed51eef4564dcf0498fc5fad8bc4228e0a14e7f2a6c5373e8
SHA5127764e6fdc37781469ed96bc7e826cad40ad9a20d6447e5a204b061aa86397019bc5de1b582632c30cfc46c8e419229be9487eba53ace597c7dd8bb4a907db290
-
Filesize
3.2MB
MD55de85ad7b280608dcb3ee8b962b9b180
SHA1f1974c39d8bfe5444fef600567034f9111fac782
SHA256b84c3bf12e52b7c04cb491ba8a6f9db0aa10ca4c7107cea72fa523edd0d55ab4
SHA512072a49554a2ca3cbc261d7647ac45b5957317d61bf70b4ed882f1c61a4dd8b2ee11ac78a839f72548a08fbd6d866ace51906bc2bf8ea47804f5849d0359f9f01