Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
08-08-2023 16:13
General
-
Target
Amigodainapasik.exe
-
Size
2.3MB
-
MD5
0da0f742cf3bd80919716fbd03299189
-
SHA1
0ff0f5254e399aa2d487dd7f0dec032a3429f257
-
SHA256
8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
-
SHA512
ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
SSDEEP
49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt
https://tox.chat/download.html
https://icq.com/windows/
https://icq.im/Amigodainapasik
https://www.alfa.cash/buy-crypto-with-credit-card
Signatures
-
Detects Mimic ransomware 6 IoCs
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass 3 TTPs 4 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (5801) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 17 IoCs
-
Modifies system executable filetype association 2 TTPs 10 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 19 IoCs
-
Suspicious behavior: EnumeratesProcesses 40 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"2⤵
- UAC bypass
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.execmd.exe /c DC.exe /D3⤵
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e watch -pid 2844 -!3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -app-data4⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -H off3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S e9a42b02-d5df-448d-aa00-03f14749eb613⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Select-Object vmid | Get-VHD | %{Get-DiskImage -ImagePath $_.Path; Get-DiskImage -ImagePath $_.ParentPath} | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-Volume | Get-DiskImage | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Stop-VM"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe DELETE SYSTEMSTATEBACKUP3⤵
- Deletes System State backups
- Drops file in Windows directory
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe delete catalog -quiet3⤵
- Deletes backup catalog
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f79f1107c370d0e270a1fa66f664e806
SHA1e9e49df3c554410cde67b4481815677e28d0a198
SHA2566505be4ba2f3110d35e26d60f184ba9d723241a82b896149367607f3bf4c48e1
SHA512f403c709c229f119020046a1127a2a976f2bc886ec9b516f5dcfea902c34bd5fc38a0e73bde69a8fada7f6fc54a1bd403f8646773f33fa657da97b2fae37f2e3
-
Filesize
242KB
MD5541f52e24fe1ef9f8e12377a6ccae0c0
SHA1189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA25681e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88
-
Filesize
772KB
MD5b93eb0a48c91a53bda6a1a074a4b431e
SHA1ac693a14c697b1a8ee80318e260e817b8ee2aa86
SHA256ab15a9b27ee2d69a8bc8c8d1f5f40f28cd568f5cbb28d36ed938110203f8d142
SHA512732cb0dcb2b1dac1a7462554c256cec27de243734f79b7f87026e9f5fbae6d5d8a5f14a702d2af0b65897b6abad70a9eff1905dc851ce267d221ddcdd9e640c5
-
Filesize
4KB
MD5eb0c85b311c7715d47796674f03ab92b
SHA12cdd5fb181360b2bb1ac1a3a9859e5ed54ea74f3
SHA256e27343a3983487e98679dfc2591916a7d708e1593a96c520303e97b7588dd714
SHA512c2bc19807b4a4351178079bd581cf75e9895565d68f62edfac579d874ab406402bacd4992f089e2464c588baf3cda9f65f9f56e861e0f97ca63f50993492b49c
-
Filesize
2KB
MD5332d57668a028301602c99b86ff07d2f
SHA142666de47e11d50ea8efb10cd4d5210097032b62
SHA25653ce31a0ff18d5fd462900feff0d139d4dd6b5ce2be33689a55c75adddafd141
SHA512d3b553ec4f4de0d56e05823b28c20693abe0bf021ff07aa919081cc4aa1ec347f9a30fca96867ab67d2b2779d9e89c748817c78a4ab7c11ad429184ef4b13542
-
Filesize
48KB
MD5343fa15c150a516b20cc9f787cfd530e
SHA1369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA5127726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
27.3MB
MD50420a69bd0e33d7f7cf1db30d3ca0888
SHA120ac5f3a6439d37611e7e1781e5a8b0b5852da75
SHA2569da2cf4b6794e2357f476f86426022475ee834a366df322756d780a3ecc369f2
SHA512c491f0d8c3cb00d84ae16ee270c05ac9a6623d63ce20c0e55dcc1fa7910639bb9bf0f73d19d8700a1f9b3e00555919e34f74f12d93f9269b0bd523a085226e99
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
20KB
MD5aa3a3920373062703d7875a4db7fc17e
SHA14a69b37ac1a29634dcedd02019d83fc7b1fe94ec
SHA2565482d861779f3b99d8e400269d46ba35ffd50b229444059b5cdb2481adfb50b2
SHA5122444f398f89552d9eb80bd4b73bf668c66dfd8c6c74419fd51b599aef6ffe4dc886e0025842e9d74aaff0b1626468f9d94865ee3b9d2b3dfe9b872ba097c43c6
-
Filesize
628B
MD5aa5fc0b9833e2bb9a50ef8a035f96ff9
SHA1f413fa057196002fd57a43bc0019717b568a40dc
SHA25684057915eb2c9b647dfb21dd6032821c75aa1669819caca35ecef1df396d5d9b
SHA512b33820cf75b55752c189e6520ad7e761ad78449638501fcbe02539c4be3564da1307aa81f5aa202739a39fa8cfee2cc006c66fd22e474f9cfc6aeb9e715528f9
-
Filesize
20KB
MD518e2c509e56b50d66b852b745dcd5c5d
SHA16657a395b2dfa69e57e04c5f6b715a99f7af9d27
SHA25674c17c927a2d8dc693a38ed2fefacc5dfc605fa0d87ac485a323540f9c187f82
SHA512408e6573ab92e6572d190181e7b8c9e162dbfd53730e349633932a1c34b239e48b9a7cfe91ff4ed40260cc32f5c205ba9b2b1636423f19365afee556c2264c48
-
Filesize
630B
MD520d9a5c42f39966c76f4a0616a429f2c
SHA1fa8f95bc355e64c6e1c7c4410595e7f64e55d705
SHA256de5c9c79750515be2fdb0d7121f9325ef705bfa0ac665e8dc1bbb7277ec5722c
SHA512154ef6aad3ef1d87617cdb781fa9778adee3106367c565c7e8c9de179bf0c42ddee191e5c01b8423fe4c0ebd3a32d7088c73eb95456d4b48e55cf691e3e0861a
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
1.8MB
MD5fcd36b7ef26da345f52b33d1c3f7e3fc
SHA1b36e1ca4f99a5d554cfbbd617e12072ecf2d4570
SHA256b52ebd19240268e747b7f919a6d41f72df46ccc3e82d329bb7c3324c3709f839
SHA512b8016e53aebf7a064f9c18f430bb690a05e96b9587f30bbbfb3c0d9578926ee4e098926eb29f8e0046a057ad269759a104759d791123f7308756282a41a4f9a9
-
Filesize
4KB
MD5612a650d1c773ee52d62546e66ff5918
SHA1a7479722bea44f8719b651ba69aa337d60da4290
SHA2569e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00
SHA5125882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483
-
Filesize
12.7MB
MD5037424861ab4bb33c18507aa2a570e5b
SHA101c3cb6c552d48e51bab20a6e1f18d3a68133fd9
SHA256d01dd09967250e97afdc4a62dfa9ae918952b06cec5af7bf2e431ccdb7eee1bf
SHA5125a4d9bfced6f0eba2d247749e026c3ca8f924f9f0dac46af239645199f9205f7a81cf560daf8bd54ced507cf9aa57cbb3f284ae7b6ea2bec0e00e590bc0f9700
-
Filesize
1.1MB
MD5e0fcaad1558ab676f008b4a373fbb4c3
SHA18ed85e9c147537adfa7fd396ce4f57a7b5d6e84d
SHA25672940e80cb91fb3cdfa1571e3380228b0b5ffa7ab59bcacaf881505af5840914
SHA51249156911504df96d7bbaa60176573105d89de79f414d7113882b93150b5c7a12e70784a55376ed0a05c1b5c0d9a726b434ade8862d1bef9be257a28c34ce39a9
-
Filesize
10KB
MD5dbef78447120e830587017c581f994f1
SHA1ea5214b9503e9a3b5335053b9f2e85c1bd26f3ce
SHA256a380116d80066949811b29c5b53c20488c1ca6b05a955c1698aff58fc18ebf94
SHA512eda079a1c4e25d18099accf11860b7c78c9c303c855d87ddfd1750a41e47571db6acf929921a20be693a18d948799279c3f7be47574a2004810021271d735b3b
-
Filesize
8KB
MD54aae089d3731c3f9dca27587e61cc4a2
SHA197b570c80cce9d68fbdd728f8524d92bce4a5c35
SHA256ed8f2f1786d5c57aee9c8228286f41b1665f46b88b882557675350d5108b438c
SHA5126ec755dc7f6531bf0ecec25f8fbf5f712ccf46f93b954f8acf522b33b4bd13f3781e73f1122a81bd5165c507b0a58222a3cafe6fbd25f5d606b4414a9a4009fc
-
Filesize
203KB
MD54613abc983479c170c59904bf039a4b2
SHA1ed1b2469601892c8a88343a210cbce1df3bfec71
SHA256001920d27e88ca3d3675c48640dcc3c1b263bb7c0d706b3806eb1e5a9b8228a6
SHA512cdfdc7357363525ab4995f270659324df5baef0c72616f20ab06288c0ede18fff5a05b1572c7febb5e3150006af45ed58635be4c392bab975f045b88def12f0b
-
Filesize
4KB
MD59ea2c09d00549e7dabc63706cde95ace
SHA17bb166da3d6ad1a67cb2048dd99200a8989b49c8
SHA25650940e86df510f7e2dfe2987c2fce6982488d7cc23b79c7a40ba715454750b33
SHA512dc768516a933d2daaa83bc6e8f6b96747ca539586c6477945050a9618ecef4ce0194a2ccc4ea84eb2a0bb5819a2a4c2fc95f31456286824c80b7ab8382869f9c
-
Filesize
1KB
MD5589a9262dbb556900850c9b908d3b489
SHA160669c10abf41bf6473d86043701f59f782ef42b
SHA2568c6aa470e8197cd2973487ca166a3cad2dd5833611ba1ae3f986df7c8bddf594
SHA512e8b5daee4a6835162319f9a29001699e558fa56bbb3853ca46d21762e8dbc645feae7bcb2b55200245480ae120dd20c7d9c1c6bb1e9bd1d39a2decbeae6b1577
-
Filesize
2KB
MD51772b2d479ac18d070c007369a26257e
SHA13cc3bc1afd065476e66f1780ab605259787ef904
SHA256f779603a02c2fca2a188d2b693b6480a20c7a79ed665885f31f99320c562c815
SHA512ff39d3e5eb6c1e14ee6e9d1dc1ae385dea24c0e9f90ffad1422ed94c89f6122522381f5976fcd2b5fd616721ba733584472ac16c546428b6b20b76c37fe8ea74
-
Filesize
423KB
MD50da7046401410e1dcf83dd3c09025674
SHA161764374fc544ecdf373cfd20d9df7fa8be9b206
SHA2564b8715debfa2d40ac205a3972dcc88e501928a13cda80b63ae02cda4e4988643
SHA5129da25f7a900ea3b672de7e95a3f318c53e4aa025ee629d715c67adc50455d85c3086dec07c0fcf31bfa46dc919af78079de5c62dd41398bb1620900fc3ba1ff7
-
Filesize
413KB
MD5c49ea754bd9c73ae6d6bc5f0ce095c5c
SHA14f09bbd178e5515887d03f5846494bf07f13dcc5
SHA2562a2a51906af70c93ba20a7bb7ff44326830b884de9bef0357ad9a85c8d53c696
SHA51255409d7456761f57019e1ef679ac45ee2c8e6a41cc07a56cd4f553fc5c0915736bec25d204fc48cf643451cdba3156de9dbf410c2bf0e4a5ab8b6f86b8dbe05e
-
Filesize
11KB
MD5ca76049c5c0ff678a5b73958ed849c21
SHA12c269ebdb58a86abe7c301a24a9a9e8526d7ca59
SHA256b4f098e8ce96b44a2ffb425165758afc173aa71378fadeb0ac00863eb8a69f21
SHA51255f999c9dd7592eef43a8545c8ea9b53cc048181f8ad4c873fc4406b98b8e24519a5c4a88394d73fc61f08c6ea32713dd7bd979044a0376a996d4b4de8a8ddd9
-
Filesize
11KB
MD5f305a11940b8cb83c6def8da82ce5fb2
SHA1961e4f51652b4a1ef662e51b823c7c5ec509b20d
SHA2566e5ebaf001a84353bbf9985330a20444cb9feeff490b0a05d0b2c129816be349
SHA5125a08ee4e141dcda562fda0163f28f7049ca80dee8fb9e9d18c618fefe72c8d9919569a4ff51db0af7cb57a35f0e9d5fb0b97116957a8f057d13ff7fd352891ec
-
Filesize
7KB
MD510cb29780c62c16bb1d57b1375240356
SHA1780f502d5e5d6a1387ff3b1bd179be8cef10948b
SHA256a80a0d38d93b80c42d89d4e9ad900ce553f6a85b31f7b642a8ad2d100f3d0e30
SHA512d290fcdf330d2be85ccf83f20b839433b42355d46fca5be2d61af6406f276a692ed5b5c469072868c6b751d441f2111e0651e9ab195c66c6854c85e5d754babe
-
Filesize
2KB
MD59f420a148f4ced157a902dfb7a488984
SHA1034b2c640bd27a23b48bf28bb231f6fa7b0e1282
SHA256ec5aa45b5b3019dca519dae453da7763b16b397126fdf95c1023d8201797625b
SHA512c10597b89491826babd09b20450fc3ce6807d0d6d4bfcc03733c26d87e4b3303b321c65ce1020255d6cd50a0fdc255f9ee06e2aeaec65bfee46bebd0f827e23e
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
170KB
MD561698f2ba07bda2ba323140f20b28e28
SHA1d3e46602b6e042abdfb6a8630ccaff23801cd104
SHA25651c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0
SHA512eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb
-
Filesize
4KB
MD536cf8d512a14fd2c5263e06775f2da47
SHA13e8ae2e7855ac773837272177b985f1705f65667
SHA256c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9
SHA512e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
347B
MD521a21e4f3c2bcc38e99a97c16cf1b6ac
SHA13a1b41fa7d7bc68b5098a82d4f02bceb1b7f1ef3
SHA2560acb63dc9325b988c185b60585c2f859091e60757a9d860b862591bac4289bd4
SHA51283f7298b4f6bf11ae132c6316e9f67827ebbc5631386a8844c6cd51fd6c3e3b8d5f5ac6e49e274d15fa3dc0bfc23467012ee93e9271e30e2223d1b176ff9e27c
-
Filesize
33KB
MD5fd09ba4add65ec5e1fd5cdd4aa6df896
SHA1866bab55e1de8136750c1b2a382762cc01de11d6
SHA256c7696e2af52225a82e42bd5285bd0e615503f3393b83f185b9837e1bf26019cf
SHA512c91343ae281b96dd99c72ab8eee1c3a807301fdfd4638d7baa7e3b442ad7ded77f74238edf9cb28aacb22488bb11f4ee01514d820af8cb38386b6d653e67a22f
-
Filesize
34KB
MD598b3902c181dc4346ecfd89dc5e6843c
SHA1796e767d5cff7757c2003cbd9fca6410e4911984
SHA256467e5b65042202dcf91f681ea90d93217edcdd548fe42dd322011450ef63474b
SHA512f6bb7d6e849922026aa33d1d913c70f82e44487ebe9a71a83658f4566c4ece43b1e778856a066d942fb26f57c0e5ae6bfdaf24430719199c122cd8ebc00a1956
-
Filesize
44KB
MD54106fc848530c0347ad2e31a952675ac
SHA11f55402fc5cfa6a8d7aa5f8c37e9dba79fa216e3
SHA2568543ee591fc9e8d5a34e680ae11fb2fd4d12fdb1f8bed29f5a36087e4669f018
SHA51299e195b00917c3438918d273209a2ebe3499e5cc5a2785ffef1bf035fd52bd7c79778dd223a4fe05fdde543deead4286d5e4b1712441a82a1d46ba205eaf3532
-
Filesize
35KB
MD5c17c0302bc6ddf54f1f120cd6fc1c56a
SHA18775553f95e7fdca0cd446875357a686b2a7ed76
SHA2564a369b339406afc4a5309ba8eb91935fdc689ecc5e6609d5aebfcc4021ff1c23
SHA5122122f28e1fb2232a4ed0200e0f242457f387f14a845827e7ecec2dcc1a1ef8884439497b479c86154a8d83e856796a92c1bbd317f1eab2e452047afb3822be8b
-
Filesize
36KB
MD5ecc7dfa9f98acc152bfbb8bf80772ae5
SHA10a3ab11270adf5e9ae88c3b1c1a2e7579f1fcb67
SHA256f75d98b5eabbca7da8300beec42bbe4a7f6fb860c95f01d2cfdd0fd4641ba003
SHA51211b1962031584a415fc23a30d9a0bdd29a42eeae4512ef8fe84d9c353999c05b1484df26470a08a7b9c65a5571fa0ebcbf8f029c747057afd24393cba775230f
-
Filesize
145KB
MD59d10f99a6712e28f8acd5641e3a7ea6b
SHA1835e982347db919a681ba12f3891f62152e50f0d
SHA25670964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA5122141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5
-
Filesize
350KB
MD5803df907d936e08fbbd06020c411be93
SHA14aa4b498ae037a2b0479659374a5c3af5f6b8d97
SHA256e8eaa39e2adfd49ab69d7bb8504ccb82a902c8b48fbc256472f36f41775e594c
SHA5125b9c44b4ed68b632360c66b35442722d2797807c88555c9fde9c176581d410e4f6ed433fabdcd9ee614db458158e6055a9f7f526ebfbc8e7f5f3d388f5de4532
-
Filesize
448KB
MD5e2114b1627889b250c7fd0425ba1bd54
SHA197412dba3cbeb0125c71b7b2ab194ea2fdff51b2
SHA2565434dfdb731238edcb07a8c3a83594791536dda7a63c29f19be7bb1d59aedd60
SHA51276ca5f677bc8ee1485f3d5b028b3a91f74344e9ff7af3c62a98e737a9888bd35389b3e6bf7b8b67747e0f64e1c973c0708864f12de1388b95f5c31b4e084e2e1
-
Filesize
32B
MD520f9a277b1c93ac74c1b35e8a5aaaed8
SHA1c170d4011afa336749bc41b94816beaae819fdb4
SHA25650ffef9f418eea5c232f36543a0eea4c20cbd142c2e38fc1ae75d2534e8133dd
SHA51296468e65f76777d0fe85d7af3c556c0dd4bec477db9d7264ae1115ba925d581edc91bd2f31679cc29b0eaf68a418d11223092462bdc9ac6c6cdfa6ab3a67d63e
-
Filesize
843B
MD51f3980b77c428b0b5a91a8b675494f33
SHA13966bc9aab3ab1345cc35ee92b9df0a256af1dfd
SHA25642d4c7ef52a3c8f79891131256f44856194a7f5916dcb573f0009926e660f052
SHA512b7777f02dd5e84ed3235b4921ee430744ca1937091ed0e59c926c3e168152ca2e88191e3a3cadfe46e09fcd4b3420b4312ec9eedaec4e380b4651c424ee5354e
-
Filesize
7KB
MD5030edc122648e9c720427a69d99f450f
SHA1de39de78b36f020dd7332eda5a9240d72c03870f
SHA2563e631d967e9cdc882e7b3f83141b1cd45f987b2fb7f04478aa0be5c4b7f09695
SHA512cb35d6023539cec4494016bf33551395785467efcc658d923c1c0f3d115c55eb6a020c64c3ef6373b2cb747ae9e29d9fbc0c3be1d161519d17bf01a804b55f9c
-
Filesize
7KB
MD5030edc122648e9c720427a69d99f450f
SHA1de39de78b36f020dd7332eda5a9240d72c03870f
SHA2563e631d967e9cdc882e7b3f83141b1cd45f987b2fb7f04478aa0be5c4b7f09695
SHA512cb35d6023539cec4494016bf33551395785467efcc658d923c1c0f3d115c55eb6a020c64c3ef6373b2cb747ae9e29d9fbc0c3be1d161519d17bf01a804b55f9c
-
Filesize
7KB
MD5030edc122648e9c720427a69d99f450f
SHA1de39de78b36f020dd7332eda5a9240d72c03870f
SHA2563e631d967e9cdc882e7b3f83141b1cd45f987b2fb7f04478aa0be5c4b7f09695
SHA512cb35d6023539cec4494016bf33551395785467efcc658d923c1c0f3d115c55eb6a020c64c3ef6373b2cb747ae9e29d9fbc0c3be1d161519d17bf01a804b55f9c
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
9.6MB
-
Filesize
12KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
412KB
-
Filesize
12KB
-
Filesize
9.6MB
-
Filesize
412KB
-
Filesize
512KB
-
Filesize
412KB
-
Filesize
9.6MB
-
Filesize
12KB
-
Filesize
32KB
-
Filesize
2.9MB
