Analysis
-
max time kernel
290s -
max time network
188s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
14-08-2023 18:32
General
-
Target
Amigodainapasik.exe
-
Size
2.3MB
-
MD5
0da0f742cf3bd80919716fbd03299189
-
SHA1
0ff0f5254e399aa2d487dd7f0dec032a3429f257
-
SHA256
8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
-
SHA512
ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
SSDEEP
49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt
https://tox.chat/download.html
https://icq.com/windows/
https://icq.im/Amigodainapasik
https://www.alfa.cash/buy-crypto-with-credit-card
Signatures
-
Detects Mimic ransomware 6 IoCs
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass 3 TTPs 4 IoCs
-
Clears Windows event logs 1 TTPs 3 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (5772) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 15 IoCs
-
Modifies system executable filetype association 2 TTPs 10 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 19 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 42 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"2⤵
- UAC bypass
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.execmd.exe /c DC.exe /D3⤵
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e watch -pid 2864 -!3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -H off3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S e9a42b02-d5df-448d-aa00-03f14749eb613⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Stop-VM"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-Volume | Get-DiskImage | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Select-Object vmid | Get-VHD | %{Get-DiskImage -ImagePath $_.Path; Get-DiskImage -ImagePath $_.ParentPath} | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe delete catalog -quiet3⤵
- Deletes backup catalog
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe DELETE SYSTEMSTATEBACKUP3⤵
- Deletes System State backups
- Drops file in Windows directory
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\system\CurrentControlSet\Control\Terminal Server" /v "fSingleSessionPerUser" /t REG_DWORD /d 0x0 /f3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe "C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt"3⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl security3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl application3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl system3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /d /c "C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\sd.bat"3⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.2 -n 54⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\fsutil.exefsutil file setZeroData offset=0 length=20000000 "C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"4⤵
-
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD51cfe50a5240ac43a5b559db3ea31ad1d
SHA11f6ced38ac268809f20b9162594c0338656cbcaa
SHA25622e6116f1d140891c055b614f3a1b47784d183d29deef8a987f3907d21c7c9a7
SHA512dcf26ab09604641cc9e0a88c101fe0233cf8dc8af2ce55c9d16f153ed5cfe348e85392118612c412fa5768fa597912f8404ebc2dde950aeddc699791d8f69d1d
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
4KB
MD5320a29896ab4792f39244507877031ab
SHA14d5937feeff07ad9314ec528b9efbff1c30c2aaa
SHA25697876a2bf35041380a5b3aebfb9977d904116ecc4975ce5dad60e4cda231491c
SHA512e68f82b339b1d95e39df33aaefa8b9081eb11755db26ec7a51e2c027805548f631723fcc2aa8d9319e8996cf62c49d5ffade66281b25953c9e5d0cfac3cdd663
-
Filesize
2KB
MD5841b32ed0ae537b1a18b1690154ebe73
SHA141ce0ff6bf48c86bc78d5bb357d9057bc542197b
SHA2565b18a98b7e8bf7c39003019aa206e2d8b505803be38c10a2bbfdf447da10dd4a
SHA5122babce6ede078020e28248c3a0e5faebbfe9beb22d220fb97ecb44e244088430aec3c982f32c56c00494c1d59532fe01116c5ac1a10a85940671713101ca587f
-
Filesize
48KB
MD5343fa15c150a516b20cc9f787cfd530e
SHA1369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA5127726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
9.2MB
MD58328f568c06c36638da44c0d47f25059
SHA1b9bcc9ac4d4d3829b8d8054298fdf1f4e6c420ae
SHA25679fc63a600d7ea81eb5f4d80171400c1beb7f7e05b100f7123f27eda48a996b8
SHA5124fa9dd9c49ade7ca4bbc5c8777263f52c662e3774ac4608a8bff8831da6e41d07cf34828c2e9ceced92bfee669bde4b5cdad9abee1b797021967abb5ae71ffc8
-
Filesize
9.3MB
MD5feece20cbc1e733f819c6a85c028f5d9
SHA1fa5cfac583836d19fec2ecb833991f05b13c1d50
SHA256be94856f38e4aed4483210baf118a43d80847b7cf85f7f118cb1fc28e250c782
SHA5126110d0f2d628d80c63467af384a8d9a834580ebb995689b57a303da3f1886cc9e6b4059efa32447eb0bf7862a70368729aafd624d8a4bed9b3e6560a8ca1520d
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
20KB
MD5bbadc776de9a39893442deba8c8ce4d0
SHA1eb89aa583986cd3f71d076ecd88686402cd8d9c6
SHA256cff6748b86f278d7bccbaa7a08b2879e4a6e5a383298ab8551bd3b72403b5ea9
SHA512bca0b85ec4b246af5227cfbc85d41d201f8f7cb3a6b47b3bc9b20c56a4933d71a7d85661b73869022fbcb8b27636565b546004d37550a1ef3c1145c2750b1c21
-
Filesize
20KB
MD50006f62e53e6a99786f80b718bfeb835
SHA1060bc48d012dbbd473421711f44eb54cd3c46330
SHA256bd209a22028cc42e7be66104999ef01caa745f4a535dae9d3ff020e4db056ae7
SHA512a2d431c358d2ee3d779e2416dab34977d416ef0227c6051b5094d077a392b40c3605c731c45ba28b0b4ef9d187aad2a96d81689abe57e5e9c2aad415888aedad
-
Filesize
20KB
MD5aa3a3920373062703d7875a4db7fc17e
SHA14a69b37ac1a29634dcedd02019d83fc7b1fe94ec
SHA2565482d861779f3b99d8e400269d46ba35ffd50b229444059b5cdb2481adfb50b2
SHA5122444f398f89552d9eb80bd4b73bf668c66dfd8c6c74419fd51b599aef6ffe4dc886e0025842e9d74aaff0b1626468f9d94865ee3b9d2b3dfe9b872ba097c43c6
-
Filesize
20KB
MD50006f62e53e6a99786f80b718bfeb835
SHA1060bc48d012dbbd473421711f44eb54cd3c46330
SHA256bd209a22028cc42e7be66104999ef01caa745f4a535dae9d3ff020e4db056ae7
SHA512a2d431c358d2ee3d779e2416dab34977d416ef0227c6051b5094d077a392b40c3605c731c45ba28b0b4ef9d187aad2a96d81689abe57e5e9c2aad415888aedad
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
4KB
MD5612a650d1c773ee52d62546e66ff5918
SHA1a7479722bea44f8719b651ba69aa337d60da4290
SHA2569e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00
SHA5125882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483
-
Filesize
12.7MB
MD5d9f7f66afcd4a8a1da4d95bc74910b62
SHA13fb3a5fae8685ee8416c6340d7fb592f779cd9c6
SHA2561b2594263f46ef6a6a761ae8be4376fd8884a2238816108e7c5dec73b901fc0a
SHA5120242472513086966ec7cab25ff890f5f8fae944745692011cc66f7be71f7d6e74c12f155d7e8c7f028def75d6375f12a1dad7da38e8adfc59fa53b1bbac9f8e7
-
Filesize
1.1MB
MD5f208985696b6d0312317b749e095fdb8
SHA1f2c01cc085f8b129c937b9068a159740dbf67417
SHA2568fd7cf98ce50f14558cfdd94e5eb3cf58bf5cb0db7d781aa6e914603c1f99099
SHA512888508887819cd0b488ea43d79ea113ab506480d6a26c832eda827da65ae0d96fdb05f01967c48a82b182f4e87da23fdc36b802fc3309b2620ae8f7c5b072b70
-
Filesize
10KB
MD5dbef78447120e830587017c581f994f1
SHA1ea5214b9503e9a3b5335053b9f2e85c1bd26f3ce
SHA256a380116d80066949811b29c5b53c20488c1ca6b05a955c1698aff58fc18ebf94
SHA512eda079a1c4e25d18099accf11860b7c78c9c303c855d87ddfd1750a41e47571db6acf929921a20be693a18d948799279c3f7be47574a2004810021271d735b3b
-
Filesize
8KB
MD54aae089d3731c3f9dca27587e61cc4a2
SHA197b570c80cce9d68fbdd728f8524d92bce4a5c35
SHA256ed8f2f1786d5c57aee9c8228286f41b1665f46b88b882557675350d5108b438c
SHA5126ec755dc7f6531bf0ecec25f8fbf5f712ccf46f93b954f8acf522b33b4bd13f3781e73f1122a81bd5165c507b0a58222a3cafe6fbd25f5d606b4414a9a4009fc
-
Filesize
203KB
MD56a769dc62cbb6057b4372baa60b9f745
SHA1394c738a84f91a6d65006a91311675c3ee847bea
SHA25652f740f906c9d6741d58dd37cdc8dba60e3133973312023e057a6cf1004ebe0b
SHA512fdd96b81e4511c76c0b8116bacd859f4137b19202535b601fc490bcfd6394b5bc0162951611aa450e5d7c16a119fbef169bc2fe415c99ca19a4bc50678df3401
-
Filesize
4KB
MD5d9be49052f51e4f013b66d9bf29e102b
SHA1d5b69269757e02dfd56f1ded9d1146782a3433ce
SHA256adc8d0fdee857b99ee93b20668f2ef11b148c83711414fbb781c723637912d5b
SHA512fde44096cd05ea15d50cd95ede9ca8823b470f918bb8485d26bf7d21b3428a1d7ba09e2df0f3f0a4e2dda8d7a5f31ebd45613f0cf938df04b7156a3a0e710e73
-
Filesize
242KB
MD5541f52e24fe1ef9f8e12377a6ccae0c0
SHA1189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA25681e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88
-
Filesize
1KB
MD5c878ec984598b0a36f77ac02d577d734
SHA15aae3e03595b0834d2da89a58b3231d69be462fe
SHA25662610e5d20a48bab27c37eef953bf67ac5edbb5cee192d258264c5faadce899e
SHA5120fdd64c07a34d692137a081785c8bae0161984d301d490687c603fd94e450e05315b4fc3ce81b04491822b8de58a2bfb74abbf79911d8ce5fb309dcd4f01bf21
-
Filesize
2KB
MD5dafe7b60761a9e8f08aab764718b1fda
SHA1dc762da11f9c7e7e28ee09edb3779e0c45201d55
SHA256b379dffd3642d1acbedeba5f48b0d571ddedef359f0e972139de10745e6f24a7
SHA5128a815c4b6b8f0c8151b3612d98473c998952d540d09463019a5f1f87119ab1f0bf73ecca3bb41801d8502049286e1dd4f6252de58399ae080c3d5336a7f79d71
-
Filesize
425KB
MD56d4f1c5c4012d411231480cb06aa36d7
SHA186f5f977dd4362b9c5078a87abbbdc05faaea668
SHA256af3a864710ef4e08f692815e36b84e861080b38ff708552304897aff270dd4f4
SHA5123a673c7498ba87bf9714b393da99f490fc19f598409c80d021de26d2562fe166e10d5af52e09fd2e7155860c4ee66a0a94145534912868db67de586c185aa673
-
Filesize
412KB
MD525b25ddce23fc88db85bfad12a4ec48c
SHA183a916d4c705bb465a188de60fcf2b5e5585cb82
SHA256d341fb87bbe3ad979c5f5002fb845609325d5123185b971592e69f4e3c005130
SHA512ec1f41246536648e54cf8755026ac121d7dce0f90a2cee498d63ee318acaa544c6af0f6e98ca9c085cfeaf3e598fd333690d9ab1c0ad41324cb5cfc6a1130b00
-
Filesize
11KB
MD5e53c1cc91affca1d27896c2d8526b9c5
SHA1c44d1477aa03b1570c3c26266f1d52c56a9d1367
SHA2569c52f5c4966fc509c63cad12e4085724e0f0368548e899adbeee7e69695886b1
SHA512200e72140c84fdca9af0d31a6080f78adb94b120e7c82d723f0772aa3144cc65bd4c127384033b9df561f87ee78a269bae827d0115e9df04616d0d884dc901cc
-
Filesize
11KB
MD548382d7ffa08e80f1663946b526a84e0
SHA10da0dc9ad13010a1b5266270e8db385da58c5316
SHA2569ffade7a2cad8c06db94a0955df67ec3b06bd211d1f50ce1bc9ba2be55da3dca
SHA5127436084143029ac927068424c61d6c763a26784b11e83f96276cd89c6a6f06ff239df457ed0dab7c4d5a266ac653c14f3a9b15e70d0382a777ae2c15a74ff2ed
-
Filesize
7KB
MD545d7b8033946e5a824d8829d9317241d
SHA196d9386392c02f2d10ac7dd9d0a4b8247ccaf3d2
SHA2564dbdf7d1053740f59936b7efcc9606e34ed2894ae908efa7a41006b6c2172718
SHA512d6ae87d6cb6e545f75801c52248c693c1d68ec04547a2d6a33f21ac2d066655778a220239c7d607300a3180c42e44cd58bdf72d44338a17703135f17f58a2f15
-
Filesize
2KB
MD5540103f795c288354647eac00c20ea3c
SHA18beac7e004e8a96393924234eed983c1800e7f42
SHA256d15b0f659a4879bea2fee75a8f672e3f5a7f8b355762e8b388a281a191a6d641
SHA512aa9b753e027488da85dcaf9461b4efcb960c734af391b7e1424fdc4d5a26cef7b96d1bacf07fc2efa8b234414588100a1ab3dbbb716e2e27a6c2fbde690ba6cc
-
Filesize
170KB
MD561698f2ba07bda2ba323140f20b28e28
SHA1d3e46602b6e042abdfb6a8630ccaff23801cd104
SHA25651c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0
SHA512eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb
-
Filesize
4KB
MD536cf8d512a14fd2c5263e06775f2da47
SHA13e8ae2e7855ac773837272177b985f1705f65667
SHA256c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9
SHA512e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
347B
MD574aea97cbb011528a8be31f5b6b0d55d
SHA102e25b7972cabd0c8f6f4259c79bbaa16a9123d2
SHA256f8286c8a00bccc320ed3efe1e3ed18fe7999b70921701bb7e721f5eeb69557f1
SHA51245f82caadca956f49ccdabb95cf4f7eb0ec61f837052c95ea72ca2ce2799fde8f2a5c4f45dd0a71bb9ba38883034dfd2bd9faa7f59c942d99ba1c8a99e0fdd17
-
Filesize
33KB
MD5e093345fb7e4c910b0cca797cbaa907d
SHA131fb9a7cc97bb486dda5c1ddea150909a027e428
SHA2562d241ef7ea36e823e9cd0644c0f1b1b1b69790ad56d9c2ad1a5f8d19d9d1b1ab
SHA5121a99e763d54df71962c08347475d955e326e4156f203f1d23583ebbae66b2b5d1ae125715dfde33b4db8ef0c986c1e94a3401f9dfffa2d953c08942245faf685
-
Filesize
33KB
MD50f29e5e633ce5e197ce660889651c76f
SHA10a23c67a1fa48918744656810164b9bc60ada5d0
SHA256ce9af084bbc5bcdad3b8eaaef10ccab33b5f98ab25dadf0e6a0ab14010e326a6
SHA5127ba345bfcd6613975fb5c8fd957bb37da3e6396e72a10d881ad33313748ce262eeecd0fde3c7e8427d5a53248c91f39a3e477ee5ba8ed18383f8004beef53a39
-
Filesize
44KB
MD5b1d21bae4b2d4f985d14b01153274f3d
SHA1c0a811edbb0bc061814bbf9ca490c485027f60cb
SHA2569054594164f660b22ee92936be7776c0ecbf113b718fbace17b498c391cc91ee
SHA512c9b9cdade745eae717c67c2de8d6f8e2c4a47aea95cf239026ea23763f2c1253b20819803386353667d128056a35a89f1504e6e8598da6e9e52ae0d006a70723
-
Filesize
35KB
MD5d371c86101a48038e2c84da7314a5800
SHA15e7dc0ca8d27ffda72765792bbd70b561d89f373
SHA256f86243f0230f39579540e68ba4096296d6fa5c075b25a01addc58e69d6692e61
SHA512a2bba4aa6b7ad61f4ed919cf6516dfc6b9f77c30f7f13f742c2617faeea8d35b403fe8351d14b80fd4f100de22cb3207cd420fec5115083be0ba5c942eb2db3e
-
Filesize
36KB
MD571fec78616e898a08c0d30019875bcd1
SHA17f3c1c21a57df79644d4f99d21364e5ad7e7f0a4
SHA25625eec12101fe22f5f857d2cc15bce3f57ab3baf8dcd73a5141bb6f239743f26d
SHA5126074976046091a9340e33f4493c12c1ae82f91578de8ef2e161419a542c88c3343f97d4691b6ec4b73e367cf5e3e33e5991303fa527f392bb779b1c2f9d7dcd3
-
Filesize
145KB
MD59d10f99a6712e28f8acd5641e3a7ea6b
SHA1835e982347db919a681ba12f3891f62152e50f0d
SHA25670964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA5122141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5
-
Filesize
32B
MD55e93c68c29d6a27ce153b81650050596
SHA1ebbd4f838aab0ae47214167505e3ec828dc4e135
SHA25625eac934d12f4963dfaf4f10ebfd03a8ac9d0a7bb7da771a2087c495083acef1
SHA5127c9c4dc97578da8180afb60280392d4f962bcb925f6e6ae0a41add6a566793e4c7ad63eb31e991fdd8ee165a8e7064c6b6a093153b210e577d960d50e26272d6
-
Filesize
843B
MD5fab1ae68689e3622db6419f69517095f
SHA1a8ca3060e803b9ab3ec04ec073ee4fd049f43bc2
SHA256170336de9f2f2c4eb28f9f9965f6fb8373fc6543d35b5286f3177627c145c6a1
SHA512e9692d3da961709f1cadabdb5177560f1a39f5e0459c6621f10991e82bb449ac46c4ac5144b0a7d6d3a0231efbaa067c6d242d6c89cd00b2982293f8d1df560d
-
Filesize
7KB
MD59666ad1c5c7c962d8e446d5825b10af7
SHA170765df67399b5b63197321a2f4665f9c636aa70
SHA2561317466426713462a16dcc539a2efac72bb730b127d3ef6faf58b7b8119cd70b
SHA512731935a192e7a6be064aebe6b6d25c401029a29f3f7f5b66d7616a8ff48f6c75b2a2548ae99663280310cf588eda71e3dad6da419fce7e0104c404753977db6b
-
Filesize
7KB
MD59666ad1c5c7c962d8e446d5825b10af7
SHA170765df67399b5b63197321a2f4665f9c636aa70
SHA2561317466426713462a16dcc539a2efac72bb730b127d3ef6faf58b7b8119cd70b
SHA512731935a192e7a6be064aebe6b6d25c401029a29f3f7f5b66d7616a8ff48f6c75b2a2548ae99663280310cf588eda71e3dad6da419fce7e0104c404753977db6b
-
Filesize
7KB
MD59666ad1c5c7c962d8e446d5825b10af7
SHA170765df67399b5b63197321a2f4665f9c636aa70
SHA2561317466426713462a16dcc539a2efac72bb730b127d3ef6faf58b7b8119cd70b
SHA512731935a192e7a6be064aebe6b6d25c401029a29f3f7f5b66d7616a8ff48f6c75b2a2548ae99663280310cf588eda71e3dad6da419fce7e0104c404753977db6b
-
Filesize
32B
MD55e93c68c29d6a27ce153b81650050596
SHA1ebbd4f838aab0ae47214167505e3ec828dc4e135
SHA25625eac934d12f4963dfaf4f10ebfd03a8ac9d0a7bb7da771a2087c495083acef1
SHA5127c9c4dc97578da8180afb60280392d4f962bcb925f6e6ae0a41add6a566793e4c7ad63eb31e991fdd8ee165a8e7064c6b6a093153b210e577d960d50e26272d6
-
Filesize
8.4MB
MD5b95010fc1f13b1e2de77ba7fb39c5dc6
SHA1c08e72dab7af3a6c77774cbd447ab87a724da8c1
SHA256222bcad7614c624dbafe6a27f6e67bf779796c3cb4a9cee36f74427cde0f956d
SHA51255c2818e0f3d4b77d0e30d35cbb06a61d7e07dae486f384ec79e82fad8b0c4f79ba37155551b807fa445b70428952e4b56563de8a0cc9adbcae768a1cc9d0762
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
412KB
-
Filesize
9.6MB
-
Filesize
412KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
12KB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
9.6MB
