Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
08-08-2023 16:13
General
-
Target
Amigodainapasik.exe
-
Size
2.3MB
-
MD5
0da0f742cf3bd80919716fbd03299189
-
SHA1
0ff0f5254e399aa2d487dd7f0dec032a3429f257
-
SHA256
8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
-
SHA512
ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
SSDEEP
49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt
https://tox.chat/download.html
https://icq.com/windows/
https://icq.im/Amigodainapasik
https://www.alfa.cash/buy-crypto-with-credit-card
Signatures
-
Detects Mimic ransomware 5 IoCs
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass 3 TTPs 4 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (2795) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 4 IoCs
-
Modifies system executable filetype association 2 TTPs 10 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 19 IoCs
-
Suspicious behavior: EnumeratesProcesses 46 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"1⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"2⤵
- UAC bypass
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.execmd.exe /c DC.exe /D3⤵
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e watch -pid 3412 -!3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -H off3⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-Volume | Get-DiskImage | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Select-Object vmid | Get-VHD | %{Get-DiskImage -ImagePath $_.Path; Get-DiskImage -ImagePath $_.ParentPath} | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Stop-VM"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -S e9a42b02-d5df-448d-aa00-03f14749eb613⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c3⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\SYSTEM32\bcdedit.exebcdedit.exe /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\SYSTEM32\wbadmin.exewbadmin.exe DELETE SYSTEMSTATEBACKUP3⤵
- Deletes System State backups
-
-
C:\Windows\SYSTEM32\wbadmin.exewbadmin.exe delete catalog -quiet3⤵
- Deletes backup catalog
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f79f1107c370d0e270a1fa66f664e806
SHA1e9e49df3c554410cde67b4481815677e28d0a198
SHA2566505be4ba2f3110d35e26d60f184ba9d723241a82b896149367607f3bf4c48e1
SHA512f403c709c229f119020046a1127a2a976f2bc886ec9b516f5dcfea902c34bd5fc38a0e73bde69a8fada7f6fc54a1bd403f8646773f33fa657da97b2fae37f2e3
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD52e907f77659a6601fcc408274894da2e
SHA19f5b72abef1cd7145bf37547cdb1b9254b4efe9d
SHA256385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233
SHA51234fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721
-
Filesize
1KB
MD5925acffe86071a2de4f77f059596a4d3
SHA10890e8b055f6bff77ee247625f0fc5399670f94c
SHA2565e9055bb1c76fcdd057a21e12ae737100ee272872f190a2de310ef14703ac76a
SHA51220e4912800b9fd9ed93f426fd6835232f7d34680d0007728ae9cc55e8bbae6acd0303e5fcf6d38261c8a4bbe61c50a958ecc82c9e09a80d20d2c7e12334d3790
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
53B
MD545726f79bd74c10369d98c597a155ced
SHA19b5a600b97a70a2e40c49532e2bfa683afaf8be3
SHA256dcd422d2eee79ddad4f2ad3191d22eebcfa334c439dd394aafca450cee9dba75
SHA5122c5fbb1c31f0c43d4efbfe85e9cf6800bd62c63a31ed6fea6a2cb84904a2684867a3925c840078c273468e70cf415578baf0765c22b9252ce4ae578730b5f73b
-
Filesize
772KB
MD5b93eb0a48c91a53bda6a1a074a4b431e
SHA1ac693a14c697b1a8ee80318e260e817b8ee2aa86
SHA256ab15a9b27ee2d69a8bc8c8d1f5f40f28cd568f5cbb28d36ed938110203f8d142
SHA512732cb0dcb2b1dac1a7462554c256cec27de243734f79b7f87026e9f5fbae6d5d8a5f14a702d2af0b65897b6abad70a9eff1905dc851ce267d221ddcdd9e640c5
-
Filesize
9KB
MD5d80a3d394ccc6789a8af4bb65f90e397
SHA1b248a6f97e672a3d06750406e677e446426ef05d
SHA256a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969
SHA5121820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221
-
Filesize
1KB
MD594d95958b19f01e1229f0e138396f9b3
SHA1e9dfd1ac00d8ac8e0331bc84a8b5de830a00195d
SHA256113b3ea339e3d74e1716bc0bbd460958ca36cc96de93fbd5e06c616fb8c81527
SHA512ab9669f029bdc500c33e3e3b36e54baef1905e99a08ee28ff9db8b941f0db74a02d0ffa90d2b6d208008dd867cd58d34cd5f294c01a626d70a02698474aa5b31
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
12.8MB
MD5b6614b33dc37615f770bf5d09c508b65
SHA171f9906602e9a6eb362047369bafadcb0a9d4972
SHA2567064cb3e4a54e01187778a9065784b960b2e86cc9d93f2bb6b8007538b24b559
SHA512891606c3fa24988d55e6c2ea266ea7f2de6f07ababec6fa94a8f71d400fa817ebbf98cd4f0541224b5ca2f7b36230f8df415bc67698ce8dc8be00d06180aee39
-
Filesize
27.3MB
MD50420a69bd0e33d7f7cf1db30d3ca0888
SHA120ac5f3a6439d37611e7e1781e5a8b0b5852da75
SHA2569da2cf4b6794e2357f476f86426022475ee834a366df322756d780a3ecc369f2
SHA512c491f0d8c3cb00d84ae16ee270c05ac9a6623d63ce20c0e55dcc1fa7910639bb9bf0f73d19d8700a1f9b3e00555919e34f74f12d93f9269b0bd523a085226e99
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
20KB
MD5cae755ea3099a5d8c9005afe724c4961
SHA1b7f72e8e2ac7566be53d0f0c62f8b2ab87dd2ba8
SHA2563d6bdb80d66c459cf9cac8437c6747682af3c1aa1885eaf305896e8711090c75
SHA5121583a67552a8ebedf7ee618c65307add51586f7b4be1c556f3376b393ec2ce7ff057ece55103b20706105a695a468d39bf0f706a821a90a6b27b13b8e52f491c
-
Filesize
20KB
MD5aa3a3920373062703d7875a4db7fc17e
SHA14a69b37ac1a29634dcedd02019d83fc7b1fe94ec
SHA2565482d861779f3b99d8e400269d46ba35ffd50b229444059b5cdb2481adfb50b2
SHA5122444f398f89552d9eb80bd4b73bf668c66dfd8c6c74419fd51b599aef6ffe4dc886e0025842e9d74aaff0b1626468f9d94865ee3b9d2b3dfe9b872ba097c43c6
-
Filesize
628B
MD5aa5fc0b9833e2bb9a50ef8a035f96ff9
SHA1f413fa057196002fd57a43bc0019717b568a40dc
SHA25684057915eb2c9b647dfb21dd6032821c75aa1669819caca35ecef1df396d5d9b
SHA512b33820cf75b55752c189e6520ad7e761ad78449638501fcbe02539c4be3564da1307aa81f5aa202739a39fa8cfee2cc006c66fd22e474f9cfc6aeb9e715528f9
-
Filesize
630B
MD520d9a5c42f39966c76f4a0616a429f2c
SHA1fa8f95bc355e64c6e1c7c4410595e7f64e55d705
SHA256de5c9c79750515be2fdb0d7121f9325ef705bfa0ac665e8dc1bbb7277ec5722c
SHA512154ef6aad3ef1d87617cdb781fa9778adee3106367c565c7e8c9de179bf0c42ddee191e5c01b8423fe4c0ebd3a32d7088c73eb95456d4b48e55cf691e3e0861a
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
1.8MB
MD5fcd36b7ef26da345f52b33d1c3f7e3fc
SHA1b36e1ca4f99a5d554cfbbd617e12072ecf2d4570
SHA256b52ebd19240268e747b7f919a6d41f72df46ccc3e82d329bb7c3324c3709f839
SHA512b8016e53aebf7a064f9c18f430bb690a05e96b9587f30bbbfb3c0d9578926ee4e098926eb29f8e0046a057ad269759a104759d791123f7308756282a41a4f9a9
-
Filesize
56KB
MD5d2ea5afb9c134dfc16ed363004d3a76b
SHA11fdbfff11255209a87085f7c380c7a0863d8c0a9
SHA2561825ccf269849382cc92e972d21b39c1d25931d7aa113ba3604051b0fcd01dd6
SHA512e307ad67a607a3b991aa8e77cc6d7b6431fefe165b19330bc36e84524927a95b1c6a8394827bdade5c7ec37f3aa5b04575dfddedf8355b7ec2803294cc8a1075
-
Filesize
183KB
MD5902bcd40b45deaca0f9b2e9c0ecf0c23
SHA1b2e31bae0075ebe57efdd2448973a0710381da53
SHA256682d50c106a6ea33e0a9d25c794e48a174fa0f2136524716932262abb3a5a724
SHA5124af801aff915cbfe60dcf7fe521a3f4fea5e4df750018b838e9fecc88983875b4aa9fe87d7544e0476582fe2787d058f3a0953215ae5ef878b17c89c19567aab
-
Filesize
25KB
MD590ece7b869d701e75a27ba0b72a3e6a4
SHA144b1cd2ecb61a08cc7d1053f16d9604647bd692f
SHA256ffabe3340bbbbf9673c5c8ad80dba7d5d0fdcc682afa59c64780edb95279fb6f
SHA5122c46547214f250b4061d00b9a9fecc1af58ebac0c303533802c287f0ba02dd141a4ea34cc5fe90ee07b5cd80263fb8c767487b55f84e72a86a355daaacf626e6
-
Filesize
93KB
MD50acbec19a2ef5c8bc958b3dcc4b92258
SHA17c53d2a1687f8964c9f725a3d32b268c59562f46
SHA256cd4527a94a49cc3c27e0b6a04b70c326bfdbda4d2cf1244f68d6d63a54470f56
SHA5121561e2f1f03068687412ceabb9b3c3c861788ce088fce088296310aaab39c350209e4d5f89c070600102c9ea681681ba9d15794f5e143e31f6d572038abea27f
-
Filesize
470B
MD5ce990ad48f893b26f486f504b9a2ec4d
SHA17525753eaf400ebb0672a36ca989fcfdbde53c40
SHA256c6f7b475bf6eb157f383b89d75c9bbc3112c61350b8ba6a375f37ef620ec82a7
SHA512ed0659e1d6a2dba1b7a6a2e59a9d47bcb5e961bea2321b9f525e607363ff5678c60c4b9f8b76fccf144f6d31644586c6d07dfb7900ca9ccfaaf435f65f193bbc
-
Filesize
6KB
MD5b26b21d9e34cbbd819869c40612b8190
SHA151b4f5a4d48d9857fd875069b655e304a7c7fcb5
SHA256fbeeff076d9fa71c2f95b7984ef6ffc768253070fa8fc998237e01cc0403f7b7
SHA5121971075b5646ea62cf5a458fcc8572362b33d353c5df1c99713e12a150375802e40b7864faa948f3eb8f9e7cbdff12e82b199d9fc198d350fd42fe5aea591c2b
-
Filesize
1KB
MD5142d576d152828fb26303861a8e81359
SHA13ac10da66ef205e07d12951a081fc38a0204f631
SHA25628e5626d4a9f751420030369a204c979fccd3c24b2e6c4852ac7cd8e8e2bf903
SHA51256a1d023613000daba0e2047a8464b1a51db35cecbd39d3380d31f65986bb76c09a69f8d50c99c2ff9b85f9c75296ee555325feaf4eadc22a03cb74e8025c494
-
Filesize
426KB
MD580f1fbe1e31aea0f11c39ef48bec0c17
SHA10446aa38fb826addfc01fccf73a28e715e50c7d3
SHA256883baa02ea5d10fb850a8f047952d18d48d84ae6f417362a8c9b460726b3edb8
SHA51266a4521970c900abd4a50242450aae197ec3ea6a7b6a735571ec8b6da2bec431d450bf0763bcc1ef208c6bd2c1f15876f257bcffbe92ec581d1b75413cea432d
-
Filesize
415KB
MD56b4ea79d0d56681b1844ea28b21ddea7
SHA1c4913d40255a1821ccda42fe0e737dd415e258c8
SHA25648b4963ee42473f5de1260ba75e29de0f5eafa3279be1ba44ca2473f81889ca9
SHA51248592352834ced68bac15887b3cfdc399b6950505bc0443924a1cbb47493c3fcffd3e74d25d3b0fcf354991e7ab83492d5046dbdba7f625e9ebda6f61ddf6c63
-
Filesize
11KB
MD506c62603c41ffba6dc424b928ded5767
SHA15243ecd8d7504683636feb205a16824b4d389fbf
SHA256c7247c05fca94edd9c0709265063e16da1f0b4f73fa1e80345a89711d8f99eea
SHA512f8f188eb0dc5b23a2ae6d1bbf649cfec77c4c2e7c936acbb04c63ae681d98e1c0a74ae51116ae7aba2198007e84f66a5c98ec65447fc2cd9ad4d088e8456479f
-
Filesize
11KB
MD5ed9f665e65b84899a2ea883a051b98f9
SHA1565d2a47059b262e85b50b8d19ca94a278fc6701
SHA256641e7490279ec668e15f24da6a9114bf8cd111e5f45cf4ea91829df0ef78ca99
SHA512cf646ced634995e4d6ce4fe43f0939fe5c98979682c66817ec7b3b7a48265e772ea630c132bf2d7b4b12ba04874a7d5b3585d5d7f2f8260d125dde124963f581
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
265KB
MD5cb58b1c122cd4a3ce16af389138e77cb
SHA1aa082084a1fe64f56eea0dd69c5d53d5791335a6
SHA2565ad15e5e6ebbc1a3bfac72f1afd7c0497f67b10c0808567b9fd5b4cd793dc696
SHA512ec794e81011ccce6620bedcc63c2c2496bdc9990532ab04a066399d3442b0ec70faf01e0211780d0e685837a58f2b1f013cad9efa8c33a0ecdbcf747f0d5f339
-
Filesize
6KB
MD5de9c054b57ac06a0a9bc51a93c27707a
SHA1623d2bb28d94232fd102461c97db12dedce393a6
SHA256289f9aa9baa63af92ca83be5f5fcc2583eee7da584ed6a88de8f49a16aaf9b36
SHA5128ea5569543a69a2971835a60c00fe2c2099a730a904f1e2eae40e9ff8938872b3ee9ceedaf531c2589f61dee9d186ec14510042836a76b75139769abf9eca270
-
Filesize
53KB
MD591769a9308da06394cbee50c65a7734c
SHA174fc666e640dc713d7cc3b02afd51cb3847e3f4c
SHA256aec2c465925a34a716cb0af243fc575f20251b0768449c8598fee0d07698c722
SHA5129d0cc50fef7bb1ae6aee4869df3e9d4afb641ec2ca090f7761582c57781ab1de95b4b4c76e41b6be227a5e0f42f771f59bed61c6897cbdc17ea866c3e88ba6a7
-
Filesize
350KB
MD5803df907d936e08fbbd06020c411be93
SHA14aa4b498ae037a2b0479659374a5c3af5f6b8d97
SHA256e8eaa39e2adfd49ab69d7bb8504ccb82a902c8b48fbc256472f36f41775e594c
SHA5125b9c44b4ed68b632360c66b35442722d2797807c88555c9fde9c176581d410e4f6ed433fabdcd9ee614db458158e6055a9f7f526ebfbc8e7f5f3d388f5de4532
-
Filesize
448KB
MD5e2114b1627889b250c7fd0425ba1bd54
SHA197412dba3cbeb0125c71b7b2ab194ea2fdff51b2
SHA2565434dfdb731238edcb07a8c3a83594791536dda7a63c29f19be7bb1d59aedd60
SHA51276ca5f677bc8ee1485f3d5b028b3a91f74344e9ff7af3c62a98e737a9888bd35389b3e6bf7b8b67747e0f64e1c973c0708864f12de1388b95f5c31b4e084e2e1
-
Filesize
32B
MD520f9a277b1c93ac74c1b35e8a5aaaed8
SHA1c170d4011afa336749bc41b94816beaae819fdb4
SHA25650ffef9f418eea5c232f36543a0eea4c20cbd142c2e38fc1ae75d2534e8133dd
SHA51296468e65f76777d0fe85d7af3c556c0dd4bec477db9d7264ae1115ba925d581edc91bd2f31679cc29b0eaf68a418d11223092462bdc9ac6c6cdfa6ab3a67d63e
-
Filesize
25.9MB
MD5bd2866356868563bd9d92d902cf9cc5a
SHA1c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b
SHA2566676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb
SHA5125eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27
-
Filesize
25.9MB
MD5bd2866356868563bd9d92d902cf9cc5a
SHA1c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b
SHA2566676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb
SHA5125eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
40.2MB
MD5fb4aa59c92c9b3263eb07e07b91568b5
SHA16071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA51260aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
697B
MD57a9864bd756acbe973f69530c9a0b44c
SHA1a7840f6f414e6603b14634c391860aa1c1ed7f9e
SHA25651c4e007be825926efd1a91989e10ee96982a6c8fc947bccac26b8ef42a8b48c
SHA5129872730fa86601ce0c1ce90c9790df05a042c1a7dfb72cb1725ef99aee2525e06a158b655c1ffce8053950327c0b4bfe7cc62636ddac89582887fe11682e8bfe
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB