Resubmissions
13/09/2024, 21:24
240913-z89kgazbpq 813/09/2024, 21:22
240913-z7241azfrh 813/09/2024, 21:20
240913-z6wktszfld 813/09/2024, 21:17
240913-z413jazemc 10Analysis
-
max time kernel
69s -
max time network
81s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
13/09/2024, 21:20
General
-
Target
fxsound_setup.exe
-
Size
69.0MB
-
MD5
d0509ad561d032d6179e95a521b06f10
-
SHA1
f7580459ac444fec5e5de1300155a0373f3c9590
-
SHA256
7dbc411488e4e653769f98b014f2a24b185b24653cee04fa5ed59b03438da7e7
-
SHA512
f70f24149c8296e1ae8837f14a0ff0fb32c9075ea6ac772ec6059831b1fa9ebdef1b0ec9c628405629ca1da45b47ed7a9d9385ebaad372787e0dbc0c0d9d59c5
-
SSDEEP
1572864:ANVjchuWARziOixoc2oDvaoDPtYJDhV1CA2CJ42PzSNHl8SLUb9M/r8JZsS:eR93c2eNPUJp2jWzSNH6PJMg/
Malware Config
Signatures
-
Drops file in Drivers directory 3 IoCs
-
Drops desktop.ini file(s) 3 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory 21 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 44 IoCs
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 25 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 53 IoCs
-
Modifies registry class 33 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 10 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 50 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fxsound_setup.exe"C:\Users\Admin\AppData\Local\Temp\fxsound_setup.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\FxSound LLC\FxSound 1.1.27.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\fxsound_setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1726021811 " AI_EUIMSI=""2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0CBC331213441143412BC2E4EF90F0C9 C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1D0468FBDF42B675F1CEEB901CC5954B2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe"C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX123⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe"C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf"3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" getguid3⤵
- Executes dropped EXE
-
-
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" setname3⤵
- Executes dropped EXE
-
-
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" defaultbuffersize3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\powercfg.exepowercfg -REQUESTSOVERRIDE DRIVER "FxSound Audio Enhancer" SYSTEM3⤵
- Power Settings
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f3⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Program Files\FxSound LLC\FxSound\FxSound.exe"C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A8D09A8C607FC7C03EC9F77052F16EEF2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe"C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove3⤵
- Drops file in Windows directory
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /delete /tn "FxSound\Update" /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\FxSound LLC\FxSound\updater.exe"C:\Program Files\FxSound LLC\FxSound\updater.exe" /clean silent2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c420cb2c-a470-814c-9cb8-780881181276}\fxvad.inf" "9" "4143399a7" "0000000000000150" "WinSta0\Default" "0000000000000168" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "0000000000000150" "99b0"2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004AC1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\msiexec.exe"C:\Windows\system32\msiexec.exe" /qb /x {B78F934D-616A-4FFD-9D5A-B870EF9423C2}1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5c7197f47e7ec47ead867fbec656c144c
SHA1d875b2c4468d9f1563dc2f142f5735d60b72327c
SHA256859ad4d08508dd4e111f86f579552dc1ef9968b6859c796ccf160d9d91791444
SHA512a9fc88b4078693a4b2aa452a01e0c2e7ede4b757e3300bc6aad4137bb184d5272076d67917eb00b138ec28fb8a74a4cbcbb0922193f553dc7dd3eb0d59dff69f
-
Filesize
28KB
MD514152c43b45748c919092c3bb3d73af4
SHA12eb18edfcf4e131de5236fb79d89d53a487a0e71
SHA256c02c9ad9307ecb70fe9a765cc560bbed2e92f4b168b2091d9b084570fd322ca0
SHA512753e81da3083e7ba3bbb743a0027dceab9ea7c634e4f05efc7d6eb1e3d88386c128fe073ed0e2b4719b38f922979f9a8432f4b571bf6b0887e104d24cc6012f5
-
Filesize
204KB
MD5b94bde258afa7da0a9cd3feb22a64edd
SHA1d3867cef5939cf4f73eaec32ebd72d354c40b534
SHA2563c44390b0c3ca51707eb977373788c155af5f8197e3ce6d61f2775af5b204fff
SHA512a74b6754544c6a188d59a24449271df2519a7e54ad88f55f7cbdc50d8b7f2fe24297d0e84a39aa6e6cb3607926d9c49293b0f4092e3158e2353ae4c308eebb8c
-
Filesize
233KB
MD54eac440540483593db5ede2f7203417b
SHA19c09d1cf19c6b7aed59d263ec560460475aeaa5d
SHA2560dc27ff7bfb0d75fc6fce439bc1af557e68a18ded441ddea8705db6bf8df9a4f
SHA512874fd7a73226d74d5ee664feafbf29bb0ddf474891d43bb8cbe397cf9751a53cfecc1a981d3e39e25da7228e0089b28170e603f14de6455f9fffff0b4729cd68
-
Filesize
32KB
MD5648d3f5e7778ca1f7983b246c264b0c9
SHA186e382be934a39aacc78f4ca3ab82ccf1e5e6e4f
SHA25628f31663d6ea3161943737e0235eac93d8dbda241c925ad0fd72727f491274a0
SHA5123772c9df9494afbbc8cace58e98446b913739395fd1da005dce09d3e806c772d6dedd9c654083c64e3aa0d5450836708c65969b763d129dbb8be33f213a31fbb
-
Filesize
19KB
MD57769c64158d212252387732102b604aa
SHA12bfe000b2759071a4f5189ddd43e149a6769ccb0
SHA256474a8fd7f30ab7787932160974c4b05dfc62c464c779ce638cab3db4d66147b7
SHA5124dbcfc4951e0db129face695ab9b326c9a24fa94b616b65fc5e68353cd0248ff5bdc21a707b8ab056cf9321cc97e953f75369fe1518393590e89a8ef2ef22f0c
-
Filesize
263KB
MD595622c09d216dc69e1b8968d04f7678e
SHA19c39f4e017764fd87d5d0f4d8a6c8a76b4b6e7ff
SHA2566acee42be1bd7a7ed6a3cd3e3502990e39aa4c8e776581225993e4c8e8f53a73
SHA512607f2b96bd4e31a96ecc48b80d73a63b3f07cb65350c0d6d2240db9365c094c40e8fb5fbd015c76049d8c9ace2ca9f76f729da0e8320a57f9451118cc1cdb8c5
-
Filesize
5KB
MD582d8cba970ff0cf924f8c750e4470873
SHA1f2edc8bd8fcaf38976dc8e718d5d3ace3be82792
SHA256042c6b79dff1fda007776f7ea14caf4e7665f0a2a3f00644966efda6478b4939
SHA51202b2e5fd829de9c0c7841319376abf2f2b89064ce59aee8ec6b8f886db25d7ade4f05e1b5b3bbc76f0de660f91c9799314b85a418debbb5a66abe928a31c9b54
-
Filesize
211KB
MD589cc98bee76ba8634a7371bd1769a6a1
SHA12ba2a7e91bdaed0a692a1fc345c7afdbd8430180
SHA256b63cd31445311d8b5e42f0401ac051addd7492393b601ec1dd875cfc9f15cdf0
SHA5126433d38dc915b9fce15083b4c9ce4a8dcdecfb2f8ec9d9b9278f9e523bafcb7090de27406d3a91dd7107de21ace81fa3c6f85a4da0d26933a4ec7d0b953e175f
-
Filesize
211KB
MD597507887426dbf2b0d2463e652c15eea
SHA1c86dea4f2dd6a0dd67d1b15326b95de382c39f55
SHA256a018cf271f4ac6af83e035db3a975ba3936da9e97cbd62194091915f1adb3cf1
SHA51236f27045e2dec820b4633b14c51f8c97c907ef4d8a9018302659ee9093d2eb65620736e585b27c08d1245a091e9c5b73dc7149b14a79db234f0e5e31f2826c8b
-
Filesize
314KB
MD531b1a479f995a4a3eff6e11bacc34400
SHA111587b7105e94891470273d35c77ebc3ecaf1ebc
SHA256a507119631f73432b9e98d8d33815ffed90156c3bfb7e5e81666591d46ce460f
SHA5128aaf5e0919370163691b38f5b754c9391dee12afb8157cace51ece19503b20d96d220948d8ace262778fd4eb98c48d5ff5b247c53e831cb793facecafebe73c7
-
Filesize
226KB
MD55fb42fdbaf9db9218cd8b43c4f53cae1
SHA1739029bf018cb24106b885d6f17fb404dd658910
SHA2565f220108d9fc890453e157cda6d5ed4936e2ccd62fab3b16f06ea34c7975d0ed
SHA512fad1ddce210e964ca415b85ccf476b06c66880a8cf49e4d5488c4626f1ab6482abba0fb9fdd85f8c1ff574ad4bb141f98de56cbc71347bac5377503b24f34e85
-
Filesize
5.5MB
MD5818eefff2fa0b989124d9ba3a84f073c
SHA107ce11b5f8c64155d30fcdbf849b82e3840cb53c
SHA256fdb4044741bc68f30ea8b92c1aefd920530a2d044f8753a6148148abdeb33958
SHA51296483c07afd1a7b6177f00ba3794a2e6ba321ba7aa4ac57b491482308a106d0fd08f8735e2b5e9241cd13ab140702015678401875de574a0793364b5dbe19e67
-
Filesize
4.5MB
MD532666ae307200b0bcab5553590672bb1
SHA1a4cdc5c494d118e231a32dda98373e7835ac9dd8
SHA256256bb06b91d974ddbc0e3c063c85522cda6187cc638f0c6ae5d752efa63fe093
SHA512eb1459b024346ecb2a2014a481202c76988f2757c1287908295ecbf71e51ce1fdb886cc07c28b49d86faedd59fbfc7c017d5c5b797d03447314f882184e76847
-
Filesize
315KB
MD5c05a2f8f443c7d756f594b583d7c820f
SHA10da76fa1ba7cf5e631c8ac25e9a3c3ba105c5381
SHA2567ba582f2b468502e7dff903069a7a5e177479c92b483eb9edbf683a85b423cb9
SHA5125069c8d568d463324cf426d9cd14994d3e4912ea7921d4f9eae3f3bfa6c6022aa4d9bd6834690a97c74ddbda1adffe6f587fd631251ed53e663bc3e54a2238bf
-
Filesize
10KB
MD5cc51e0bf07678a35f8ce058e2a674b18
SHA1f44cf566246c83c37177403439e8c203a672b543
SHA25615d3eb929843c1a3d5aeafc6d93e673906abbb95208df95009ba8962ac6ad11c
SHA512efd4a37255f375278b9ac9e9b1fe86a0b198b90e9f8e9494ad2d49a060b6c99905c69b7773439ed80cf48a673f3b6349b5657602d4456d50a2dc49118133139c
-
Filesize
9KB
MD594015cf4a09898205476cee29f2b75fa
SHA19f847a10277c4caf45a83fa0f53f5d525302ae39
SHA2561a453865d234167fbe486f62d632373107994c634d9619e6d310c1dd3b5037e5
SHA512a4b34e39deb20be3c1f27b3913eec1b15454d5437ea41db1c745ca9dae35765588849fc05957ca27f2d1ddc309c023ec5013f7f7e8d08750003be6ae299f59d4
-
Filesize
318KB
MD536f645d44476652dd078287d05499bc5
SHA1287a7ad815f60691942b0bf533b39c20ad43300d
SHA256dab6f4a9a68821fe8cc4b11af19cc5fde71e67fb9275e39e2abda680e477446b
SHA5124cc4f625661ee755b44d94b8f4c91f7ffdb6daf6da39cd6147c5465c7448eb9620a0e71bac6414ae2bbb99ce8cd379b03a98d70863cc384be83f70ba00254ff5
-
Filesize
9KB
MD5381cf31b9363fb10c0e4dd4fa3847a74
SHA18b360d53a6d63e1a32a650bd7326efed17bebea5
SHA25682ec9e6e7ec723052cb1d608a39dc41d501818027837730d0d9f3b42dbe750c8
SHA5128dcbb28c2a35be40b984f614b094b29e27f41ac0f679cd74bc39bdb3dedae129a53ebb95069d62b12fc355a2088ff74d643ae5e3cb7e1b216fb89cffab8eee77
-
Filesize
4.7MB
MD5e2406ff1791c401bc93e73d9e44e6d2b
SHA149e50de244558c4c21f43d85b7404cabb970b30b
SHA256e7be1cdb169344a75bdf09f8563dcf5e662194be3064873b6b4ca57e0ba0774f
SHA5122a386a33f204fa5d07da0da4bb45590ddeca669235b77471fca2e5405f749c9ad35289d439f48f2340377e27ee85725644c6f051d6deea10ed9c49b837b845fa
-
Filesize
45KB
MD5b26fbae4345b2cd98cf41fca34206b56
SHA1a4075b2cfeae20a076b0303622f3ec7a4a558480
SHA2566acdbf858f40bcc0fa57b3971b1c5fe904c46b38df8e4073556bd51f22fed358
SHA512e560a762db0e95d5c85a7392c7e7622da101ddadccc3ac90c2ed09668ffd5ac4662eab4eac1a9486f599abf0f321c3783d62838d48dd0046489b3bc26f486e0a
-
Filesize
8.1MB
MD5e3ae561f7b8052d9aa9f2b0b09c33ea1
SHA17fb779ea2a8d83d7f80d4a2865d1ebb5e3cf1257
SHA256a2b93e6c2db05d6bbbf6f27d413ec73269735b7b679019c8a5aa9670ff0ffbf2
SHA51232b1f305aec14a5ea7c1166f76c5ba7dcd1d4fcf513902ea1e2811ec1f2b72cc73efb6cae4369fd877619ee66eaabd014c6ed0ff7c9d9b5e7f1c5ff3dcc8e8ad
-
Filesize
4.5MB
MD5210989664066c01d8ffdbdf56bb773cd
SHA15f533d0d5caf3847afa2d78301e7b87b3485ecbc
SHA25629445948e432137e0de104dec389e956d72633aa0e4cb04ca572bb8e378e3d35
SHA51286ab46ce5f441ab7ade525b0ace1347d0b26a77303cde9f11c68c772431e9ce181f50847c9d4d31026752f6230e66549692108df9f1197f99c42fb5525c42adc
-
Filesize
8.1MB
MD534d4f8ee5ad2748a4cf36d3d414b49af
SHA157f0f560df654bc8e322a44c947672ae92cd2fad
SHA2569c62ceb174d7529ae4a7f2071f6531991cfadbc2f1897910b48ba951a580ac57
SHA51263d2e90007c7d26203e5010291478a431701018f6a75107c2365dcf3b968ce38086ced05e31c57505b5c2564e22a32e63410e5b143d57f7ed914276967096788
-
Filesize
5.5MB
MD54aec04fd98881db5fbc79075428727ef
SHA12c104ea6ee8cbc919f3338210f361f05f4882dd2
SHA256778214c61deec84ce9f74164f1be5756807a9895feac2d7a553fdd7d410070d4
SHA512cd87b434edfef3466d745f57c53440c2753668e5bc327c453adbdfcd8e353ae43c92f9bcfbd2aafe3def1ee846e5a0f199242354c17e5e004a604a3148132cf0
-
Filesize
197KB
MD5aed416691ba9afb1590d9ddf220f5996
SHA18a441a013bb65edb42d747efc85caba6d4149464
SHA256720187e6f1fec0d3510a9407bfdf8b952dc61bd990edebaa477fbd72f66775c5
SHA51206b7933d35247259ea58271c6edadb1dc7cae80a158a47a4f41192773876c08f3dc0b31d5e11948936cfa6f696dab1f6b10b9b5a697dbc7acd06bcb49efc44ec
-
Filesize
196KB
MD5dec15f4454da4c3dcdba85a36c9f9a37
SHA1ee2c78fd0af8aa895f15a93f9a61e13a960c17f3
SHA2564a204f20f82129d09196fa3f16f2340b9cbbe2fc5e27038e0e57f76e03d96e38
SHA5122faaf11b8c6b5f487e8d563c8ba05f8cd34fa595ac2ad3cb9b1bff29283db7be33d9345dfd9c19bd3eb058bbb8f45c32649f4b18e35f33ca300b35a516aeab33
-
Filesize
195KB
MD54c61e408402414f36f5c3a06ecc5915b
SHA1f3c1c9e778680061c35ec512c918f1a630868872
SHA25602cf88921629eebfb25fbbcf5d46d0ef5bb307bb0d8af482f47a65bb6620b088
SHA5128f98065bd0b2fda1a658fccf9166bb4387a279d3471ffa8be43b78ff874ee62735350390157270bc73a9ad84b7ac2df81fc0538e3b5b569965c3d1ba55c47b92
-
Filesize
8.3MB
MD59c8cb849cb0041912ec77c9c59725a2a
SHA160a514fd2a07ca63ebd7f5484951e50cb03f4fc2
SHA256d1961be1161ea1be08496c920862d06ea5c23a757628f4fd69368de1d9f51bed
SHA5122c89324dcc21d9aaa44258bf96a295115f19b8264ab125250e20ab5be0a7c1a55754bd754b569d938c7145fb431fcafda75900cd461f6a3fadd2d38728d13931
-
Filesize
45KB
MD5db4fa9cba5c3bed6d99a608207f5240b
SHA165af553b1091b015cafea3a1498c9f8e36997864
SHA2562166ddd8dd7650ac7a7d81fd229cacbe99c06cf559d93db3b37d356312deb405
SHA512bd81a38a4adb1849d19393d6476719c13e93ea418dcf369e38872d0ff59325fd8058ac683b514ee3b6663fd8f88babda0cfd065cc5e0f7ed9e1858b5893f031f
-
Filesize
5.5MB
MD5022f32abf24d5534496095e04aa739b3
SHA16030f4e7d59b356d0eaf26f1bca370a999335058
SHA256fb3df01b4182734d021d79ec5bac17903bb681e926a059c59ed81a373d612241
SHA51252c5231efe966a5ee4069a5bacabbf561d6a840bcb51822316f3b84c1b0fe6a4331a17ce002358f4de15d8a9bd36e4cd51880dbcd3fc572176f7f3d08d96f1a3
-
Filesize
6.8MB
MD577bb826ea1eacfcd234608d3dedd1e2d
SHA10207e8e9dde26122d25e4880cc340ac9fdea5a9a
SHA2566dab5509da393017701282da4f8373731ff5471bdeab05c08cf06be2a2738b1e
SHA512c63711f90771a1dfde7f6328ad63ad2ac72f768fea2bcc0719f3df2e127a178711c083c17e8fcae00b08ac4411ed9768fe38fbe542bf43cc1ef91f9d4cc6a482
-
Filesize
230KB
MD53b112e6aa65695f31fa1e1a8fb0589a9
SHA1cb04c8d7dea87049b9de13524547bba6336dafcc
SHA256863a038c6afe94ec626bc5bfb94ce37f26196c1f1d50289f4f7c88e339b0aa41
SHA512477bd2ed50f8a385ef123869d641477a9b79c8715b64d2bed1abc28eb7d783d9d34f069e20cef978578e0f0dea02feaca5b8095b9a792fe2a0ccb501b339cd00
-
Filesize
220KB
MD5bf7497338196d1ed6c36ea4d010f12a8
SHA11fbb97720fa14853a4e2cb276638d792b0c5f251
SHA2561118a402b5eabda347c416e49391bdc156836abfc0aca93ae9f1fbddfab2af28
SHA512834334d45fbb9ef2eddd4fe80e2e78024a5e8faa617b0545383e9110eb6aa425a4ba6c0a8ef86e38196e737a13accf75359dd15da5c10656d5bb0157f1279a7f
-
Filesize
6.8MB
MD58a5b2818bd2b3d898405d5d22fffa3da
SHA1e2083b57f19a3807ecf79be548e672eddcfc8a98
SHA256d6748bf86e76740d592ff143af61d0c80b453f5f8544c2c71cdfc52ea0dc0f30
SHA51287ad202505db5d2c0964288789662f8f32598064cb616ecb329ca02e942ffdf8a5997cd4b6ce9dacdaa092f817fbe991cf103ea89f85450c58a46acef31ed9e3
-
Filesize
6.8MB
MD5a136a9b3ed5e7705532a0b09bae2b5fa
SHA16665a06380f6228b5fa1f902b9303643788788a5
SHA256f78e4152bf5364f8b7f503bd339a18f3eca55300587e105e5fe5e267acd125f4
SHA512d3d56ab1b80d1dd4e4803a1b3e842eac3a063dc2c93a17c297aaaefbf872cb677bbd5df94c58a497f0cc40aca9ecd8c9a26b74e815947d7d020b24a4bf224dce
-
Filesize
125KB
MD5adec0dfb1782e399a2e0e21bb2a52dc3
SHA1c7067be7b766ee137f7a622728ee895bf74533ce
SHA2566371f096e3e9324f3c559cdf504168490ae049ba30e790471f9904e97bb5847c
SHA5127895d1e6c05b9214a336a4656fa455071f2a0bfbde35c755b095156601a56965752d3643a8e7521bb1cd9962fb211a9ea14719ef06a1afa584ebccae08658ab8
-
Filesize
65KB
MD56cc7fd49bee71a54aa659e30dea8903d
SHA11ef81f57626e6516a46ea8e69f1ae83fce6c5cfe
SHA256ebc764a3b96c31a34f1cd9ba94dee8cd107aa7a8b45030fcdbbceee0eafb4e25
SHA5128d0f8f1b2bda0e734f6a3d85551ff94dfe0c466c57e973057851ebac1d9eb559fdcdcac2f82c53b40fe808caa31c5b3bce84802242ff4dcfc4e722faff60056f
-
Filesize
263KB
MD5173973c091a72ebbe73c9578ef5d00b1
SHA1d92045a9daf39606b71bcfc75c4e8e0830845d78
SHA256f15415185611c7fb5ac97e00ea3452bc7efb0c32953defe27c5c5d5987f3e256
SHA51250af7169071840f366a7594bf72b2fc5273821ac54800955be6b290b703d192a12caec60388ed7000061e74b916fceb2c87a2bc1e39019955a570c65c4b5f839
-
Filesize
5KB
MD5328087caf99b50d988a304beeea3fce8
SHA123ffef913679537bb049008f5e6f8e517bb24192
SHA256ba175cfddd91b87bdda3f1df2a70249e1742e846b843381eb0438b70f91a110a
SHA512d006e8de0f9258a3ee75723e458d635586040702c1357630f199cf5740c7e29d87fefd4b869a897bdd26b67fad134e6bf35a2c01c3a00acc8bf20181d7da1aa3
-
Filesize
944B
MD5f27ea21512686da8e8c90e0a4d0f5616
SHA13231a236c4d517197e28413eed3f5ac74d557cd7
SHA256b9ff4bad7f89d0fdb9032b6aea475a04fac8c1eec39020fa00db3cd72b91e1fb
SHA51245911c28bc677c223baaf46b6cf1e12edce56bf9584fc3317535d8b3be1ae0f402847c7ddd2d1e7e6dfc01c4c24d04965dc475b9419a85d7a703685335559db9
-
Filesize
963B
MD510a1b6c5a17f64d377394251c816fd73
SHA13a54dbcb969269f9b4b63a0a72fec51f9c1f2fd7
SHA2565da7f6318249417a1edf02d133ed5543334389ce42e75cb904a311c680ef0d33
SHA512dc32487cc4488f114c03605702f496aff597797d1469fc246561f6c9055a4691b5e3af6d1bcffcad6344310b1c1fea27f70473d2c7a1f6be6711d37047227c41
-
Filesize
961B
MD5038e70d0b0223598b6f11890c7a39da1
SHA1e790ca1456f895c6ef3a112bcea575fc1f3a1006
SHA256d05ed165422959c5f6b4c2b25fbe84b3bb0aa9bbdb72a6b0123bcb7cc2fb3cea
SHA51202bf6cd53ae7d2f1b9de9868454a8937d72a787227496fe2d07f75aa296aa3fe71464e0ed610ef974e73c0f3e8b51939ce43c6563f2cda958b7a7964df42fbf9
-
Filesize
955B
MD5eec389c321a0f4e18d568d9eb52d4a4a
SHA146555a411d1dbe75b4994b0d9c44c21b72243edd
SHA25633e8695f8dedd7e7f4ed640c8f6412c1898d2a06489aad41c09f0326bdc08db7
SHA512b61d04d025cf4cc2b1fe8cb5881f57bb0c2dd0b3fab2f47548d433d6ee2b2419838379daf115fdd9f0c797c9de8366c21a6dba1bab7c6f1e5cc9f2afa656bbb4
-
Filesize
959B
MD5ee618c4c177068c08dacdfc8411d5610
SHA1726b0f02f137361d658ee0a45fe4c8ad64f83c87
SHA256690ed5c16c33b8efd0ed7c7aef90f71e6df3f20c2a44114e98cf8cf7355dbed8
SHA512d1c6652d14ed28dc5d71d0017ce975f57f247e5134033384b50b0ff094c407cdb11e0af4518a900025e4b56131f25aac300e8702f4d6e7e267fda44b93b8985f
-
Filesize
4.5MB
MD52ee68bb73020ae85bbfd2ccac511d97b
SHA16e05149e11cee654d8a41154d7e0a0eb19a19fcb
SHA25623bcfb48d1f2033ebb1f8c31dda7b4889c2f617d0f7fb964c17664bc173c7bc4
SHA512674fdce2f10b5f2e275b9908014f9a9cf240459f557cafcbe43dba99b98271f143ecc58fd6e10d6cd3cbb0d77b3038e3a3b9aed85e5dc1d2a5742eaf82a3f467
-
Filesize
1.2MB
MD5a4c5e08afdb48af64b0a06afce16f6e9
SHA17f82bea7f758b02bb3a4178ec0ef278e869797e7
SHA2560b0b415e2d87ad8137c577051cc47bfcdd9ea61e37555d200bb469219769551a
SHA512b73dfabc3f22b6bb8c3537e0111668568a8c411badfe48e3a8fdf848f5f67bc7ecaabdeed20fe2f816b9cf134536e4dab8a8013a184afca7bb39b01a3e6aa442
-
Filesize
389B
MD5c0d2216b3d899865984beca22c35c752
SHA11e84b3c868f83f20ca6a2b7c20ff7fbfad2d1607
SHA2560edc2d0fe5c21f17b6bcf14c6c3bfaa12b990c12a990e144e895b92f3e30240a
SHA5125cae31333f1896973eca918d4aab9e6ee6d8461ac7733cf7e66884a27d55a0e8ac09340f9aa1ba9c78cca4925ca17d63f644d416dbe86e6beeed5470fd45ad8a
-
Filesize
415B
MD574727ea454af89c1cf3e95f891f2b1de
SHA1c9af8f60f2f131aab4934e3d56eaa53d5e1d5ba7
SHA2564347a99e0a128052bc3a99811b9aab78a2e51abb147e705d13d844a300f79e4f
SHA51262737761ae8a6b5a5200ece3407e4ebbcde781236ae1bd5bfd9cc833ea13d2e512da0eb4f809e3183ed22f109649f689d9adb1f88ec9d94ce7df4b6f4302077d
-
Filesize
2KB
MD51a90e2b6986a4f30c245e366c30dcb2d
SHA111f4a7bfd1897c37a4e86af7844cdbf72d80ae31
SHA256c4c417fb107de7ac7511ce0ffffcab5a49b6338c0fa01bdc3ca0090c541b0a57
SHA512535e059b38d8e7e0436009da9f2b32b126a6124c627d07e3f8a72a442424205c2ed8e211822b538d72f61a971183d47e86f9547e2b19ad6c29903a5504971aec
-
Filesize
2KB
MD54088dc3f199366d21c66179674679642
SHA1887b931b4069fa49b88a4efd480b21e1f7c8ed32
SHA2568c3b316d5085cecd4e2e408365f1ff485bdf3bf11598746deb64ea46d1ca4e5d
SHA5122b54825b8eef95d2ad2aedcb2f7eeeacfcfd2d22f3299206e269126625350d33aa7cb38ad0a338d0b202d9113f4a96f59c42688ffaeb11931931ee9c67a9efc5
-
Filesize
2KB
MD51200f46b8266e80f17d8b586a097cf1c
SHA1e57096f9ae0605344638b4217d85ab0872ea5fc8
SHA2565228dea66d9133b77603dcf2c053220d93d0033bdda8bb6e97fa8ef3c68cb633
SHA5127e33b80df72cf1f7c3b7e4a389732689a489b93b399005f72fea223b7b62fd3636eedf079132cf026e1a6c49ad7d0e9780004577299d77caa17b33c6091fe404
-
Filesize
471B
MD59ddbac445d0e3edfc1da1c9e0cc7049e
SHA17e978011ef7db7f0315e0a7c50c20ca8ed662b93
SHA2566a624c5876030250829751c10462b7756b5454c93720e965ab5d2dc74ba19b1b
SHA5128cfba09f317672789923ff836691ac216b15d8b002d62d0e888d7e88aa9106ca7a5d61ff80b4846f173c38fcc36d3a4de7c0c1864e23bef8abc08dbeabbe39e9
-
Filesize
727B
MD5f56f2ef08bbd8ab4d4e3720f26a47237
SHA13dbe3eeb2fe31550d941c0ea0f73ef2e6ae39d64
SHA256313fd510a71f0f56ae3be1542d3c64c3137c737fab3ba6d69039ce19a70cf60d
SHA5121858cc1327a6dfc6672cce923d10f43b3072b2dcededb2a510f1d82b5c35ab0816e24f76c1a9430c73aec02b4755a274877b8aedaa4d7fab83a3d66d3af76c3c
-
Filesize
727B
MD56aa9da11b6262df5dd0d2da2dc4bb8c0
SHA19657def3d49acaed4bed3062dfcca99f1aad9358
SHA256b53d7bd989cb7282e2ba6dde428724647625ba42d758bad35e345f1e73dadb0e
SHA5120c09d3263d885b798c06d0bfba30cc44a63d0be607b0e4a92b9920a84ec61246d7da00047f4ab15a3871b4536709b3b66f1f9dc1b388148ba141df011e74da1c
-
Filesize
400B
MD55df42eed840cbcb0dfe9fe2489a6ee51
SHA1e78a13eb24d906242c6bf1b3a316699969f48ca9
SHA2562e66530dca0a50a395d1fa3827c0ead7ba026676a3d605cb123c8a02b61f745a
SHA512066629b62accb4a562541376272db319c97e84dc2933e80825daa4f0a1e9ccc951f6992cd2e2436564a1b5ae64ec0b4acd9386e112427d6fdf2354db9871f8ad
-
Filesize
404B
MD5c393d4cd813257f2493e2e99ac2c6745
SHA1e41a306d70b720edfe6ea4a4e323b2bffd98d2c1
SHA2565541ceebf1c116804443343afe75e53a44245cb67cf192b04dbcfdcf7429edc5
SHA51295f67819a42601d3e805eeb0a9561f3a88dffb48c5190b7649cabad5b882a195e80faa6edb9789b55ad939b3fe2a3a7b6414b35d559d6346d09ad09bbc77a068
-
Filesize
412B
MD53cdfa4faf878982d593424d9fe2ae7a4
SHA193f114fc4ceca36daf672f0d40a769aeafe67c8d
SHA256144cddcb522f7e5725c6e23dc3bcf50629fdf67199b011dff0cec2aa452bb939
SHA512867c5defe55e4a2bcdf1968200de6917514383d8a3d73ae09437a84e63af0d269e66fc8c8e348be83e4fcda8d6fb6232d95396b01a638e124d8750b42df2f352
-
Filesize
23KB
MD5513f02ace70b5551b96b3e94af63ee84
SHA198063d23c408c5459bed67b671a96afad385459c
SHA2560969fc9c89767b626de538f675d112df8747e3c0a6ff3a175f7d185692a70933
SHA5127e6d87d8a5b6e4de328a87a4b1d1c5741076c8c6a92b375cac246c71ccfe3b0f7e5e8d353ebbca64399c0da3c04e014e796d754d287e84bff7eef5f1eb6ca5fc
-
Filesize
904KB
MD5421643ee7bb89e6df092bc4b18a40ff8
SHA1e801582a6dd358060a699c9c5cde31cd07ee49ab
SHA256d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da
SHA512d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023
-
Filesize
877KB
MD5a67acb81551a030e01cda17fa4732580
SHA19f6b54919ee967fddf20e74714049b8c13640083
SHA256107fd7ee1eaf17c27b4ed25990acace2cb51f8d39f4dfc8ef5a3df03d02e1d34
SHA51230cc0870797220e23af40d5f50a9ce823c1120fba821ff15e057587c2a91c7247058e9a8479088047b9dc908c5176793e6f3ccd066da30bd80e1179649b2f346
-
Filesize
2.7MB
MD55190b141f86d93919fb271398ea3bda8
SHA1121b1d6ac6a73a3dc6a4b96a774911c54d5bc1e8
SHA25656f77e41fd6cc44b7c4c2c37b085882b449ae50f11409c44d1016225771d9077
SHA512392a4be1d7d212c5c194f829fde86c8ddd7ade3e584b4756749340e67561061424f3d531c526a16bf7ef030f6b8b41b7dd5c6cbd61438ec670a3ca98357c70be
-
Filesize
510B
MD58fb1498ca436f7273a6370f29d0c8a2e
SHA12b52d4a070f24692a651628bdfcd3251043c3ac6
SHA256477a7a23d7e44584540f3faeeaf4caf652c263e263808e0beeac6cfb6db05303
SHA5127287b5e0f7fa2f46170fab19bd52120fd727d13b11d30a2b896725bcd0f3b61d8765a9f332238779753f4eef521edf0344c39cbe594ebca5c0a5102203a05cde
-
Filesize
420B
MD5662ba9dcf5741e993239a4017ad99f91
SHA15b54a547a202542d9a88fca9b0a21312d5019fcc
SHA2565c0187ab1de6ef56d9a411f48970e6147fbcc13dea757c7a66d977bee9d3bac7
SHA512ddabe8ac141be20d46d2b003aed87cf8fe7d7aa8fd5a18239ce24f019226272f69eb8e64e9652d36b5c9c2507b21a3292c17007fa92cacf6d2a006df886e20fa
-
Filesize
515B
MD57c7baf7ffafd871ebe449092fd6ba2a0
SHA15c3256a6d63dfbc1c5490e9b7c0c6c4ef8d54fe3
SHA25695e8775a8aab92997e4fa8a38354c0d972644977b17cea4e3bbddf3505066bc2
SHA512e93aac218ac7f1bce058b0c500d9af21c7a5d60c042167b131965646b88b34afb41ab0bb96b111cfaadcaf7b9e8fb85523c5f1568920953621d3540962b402f8
-
Filesize
1KB
MD53126febe28ab25ab8bdcb70911de2d7b
SHA148b0fbf0edf8ee3b7b823ff0d30db4c0de4b1efc
SHA256b8cb1f1e03c1f84eda7cb8180b4c0d13cb93b8eb891b3b8238697ee000f66747
SHA512b354ee7199a881b0651b5654550ae07a128bb11b63b2a8e4b0f325c65b697c81adad502f4fc5166986cff1cdc50a8ca7fa7477c749daa3ca58bef6378713bff5
-
Filesize
12.8MB
MD57fc47523f708dc339911778edd0807ef
SHA1b75fa271b466ba22873f0061115428ead6828754
SHA256b0016dff4f609c5c656b94b9687b6e28fe163237870d51be3545a65ebb01f0aa
SHA5128d81936c27f9f069d41f9aea83200e30aecb2a36feff21e4bba86804cdf55edec30db434cb797fff6e451a56be16032476dc83d0ec490ba48a27c190234dd23f
-
Filesize
6KB
MD5fdb253487e0fe8ea751b2559b32cf782
SHA1a8c288c8331f43e11c26ea012aa612f0fe8b4c94
SHA256ce408277e255e6ad8023e9523da97329709c447c1f7854aeea5e14a0cfc5a246
SHA5129c5f29d9098d7ee3ae533a4420bc338b6d52b85dbf2f2ca06dd82003feb5fdac50df7cf758d764745bdd901871cd18726e23423949f842e21e15ce7ef776410b
-
Filesize
319KB
MD5eaf913c1de47c2421669b662edaa5a6a
SHA153524526e1898a90fa98ae02e662b9c0e6dc2848
SHA256425629b6309000013e8cd1a9b827bee365d21c9f743873aadd0c3bc96a999d2a
SHA512bb674feb73751172a1ace65aab89c5ebf952a07f7af0f3ec1dadf357ff693230cf08910ae273e8335eec35e5827da6405272d05c161987df679199935af21a76
-
Filesize
10KB
MD5acdaae5d1219e7703285c42f774be54d
SHA147df82d8c843bf1adc098a26e9e3e27217b3104d
SHA25625c8dae186155d20f74feedefb4f84161e4215925b8fd0c898f68f3e50ebcd7d
SHA51283b663222fb22b1760ea8551d19557f3f2905bfac205b380b23dd7f2a65a37b851a3c3c345e4a768b76700bb891b97c96a0dbbb58d81358993293ad1eb3e300a