Analysis
-
max time kernel
295s -
max time network
273s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
14-08-2023 18:32
General
-
Target
Amigodainapasik.exe
-
Size
2.3MB
-
MD5
0da0f742cf3bd80919716fbd03299189
-
SHA1
0ff0f5254e399aa2d487dd7f0dec032a3429f257
-
SHA256
8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
-
SHA512
ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
SSDEEP
49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt
https://tox.chat/download.html
https://icq.com/windows/
https://icq.im/Amigodainapasik
https://www.alfa.cash/buy-crypto-with-credit-card
Signatures
-
Detects Mimic ransomware 5 IoCs
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass 3 TTPs 4 IoCs
-
Clears Windows event logs 1 TTPs 3 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (2762) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 4 IoCs
-
Modifies system executable filetype association 2 TTPs 10 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 19 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 52 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe"1⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"2⤵
- UAC bypass
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.execmd.exe /c DC.exe /D3⤵
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e watch -pid 832 -!3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -H off3⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c3⤵
-
-
C:\Windows\SYSTEM32\powercfg.exepowercfg.exe -S e9a42b02-d5df-448d-aa00-03f14749eb613⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Stop-VM"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Select-Object vmid | Get-VHD | %{Get-DiskImage -ImagePath $_.Path; Get-DiskImage -ImagePath $_.ParentPath} | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-Volume | Get-DiskImage | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\SYSTEM32\bcdedit.exebcdedit.exe /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\SYSTEM32\wbadmin.exewbadmin.exe DELETE SYSTEMSTATEBACKUP3⤵
- Deletes System State backups
- Drops file in Windows directory
-
-
C:\Windows\SYSTEM32\wbadmin.exewbadmin.exe delete catalog -quiet3⤵
- Deletes backup catalog
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\system\CurrentControlSet\Control\Terminal Server" /v "fSingleSessionPerUser" /t REG_DWORD /d 0x0 /f3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe "C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt"3⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl application3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl system3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\wevtutil.exewevtutil.exe cl security3⤵
- Clears Windows event logs
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /d /c "C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\sd.bat"3⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.2 -n 54⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\fsutil.exefsutil file setZeroData offset=0 length=20000000 "C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"4⤵
-
-
-
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\Systray.exeC:\Windows\System32\Systray.exe "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD56d8756bcca2de0db6a28c8721b03a75a
SHA117334a5475a2f1f3231a0bf3ab4258539cbdfc86
SHA256e5d3a31cc286ca693455a9d5b1dcab43e7f23c53c1e3478d184361f0a4d54d75
SHA512fe49a21e4e752d675a897ca6ee321a9040177cdb22101328056c0ee93c86a0931f0411ced2cba630e2e6ed0cb7fd1248e3fd3fe4ac9f18d40fad4f647331513d
-
Filesize
4KB
MD56d8756bcca2de0db6a28c8721b03a75a
SHA117334a5475a2f1f3231a0bf3ab4258539cbdfc86
SHA256e5d3a31cc286ca693455a9d5b1dcab43e7f23c53c1e3478d184361f0a4d54d75
SHA512fe49a21e4e752d675a897ca6ee321a9040177cdb22101328056c0ee93c86a0931f0411ced2cba630e2e6ed0cb7fd1248e3fd3fe4ac9f18d40fad4f647331513d
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD52e907f77659a6601fcc408274894da2e
SHA19f5b72abef1cd7145bf37547cdb1b9254b4efe9d
SHA256385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233
SHA51234fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721
-
Filesize
1KB
MD5963146083fe374ae23a67448d63bc620
SHA12448befee1fb7057308afafdf9265610acbc42b9
SHA256d1e2940cd2225f75a66bb66005945bbae7403bb979212b673d9e188d383ab0ca
SHA5126109ce143104d222d58aedc548793a69bcbb177cc768c831e1176cf69221a7dcbad56e8b5007d2215f41e020b1f9880eb5fc01cc2f934d68c04aa730a7cc7aba
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
53B
MD5351007b2098b31d519c5850754668aef
SHA1e7ccc46dbb7dd71b56467786aeb35bc19666e373
SHA256efffe084d1c85a8791ea5d81436053ba11e89b3d4e1f3a0727d5afc82a653eb8
SHA512352ccf7b5632f65fce32eb8fa91ffb40cd31274cae353b6ff384efac02568ffc7a5003786e07e3279156f6d2fbd882b2f35e3972dde6b478798fb4128ebdd12c
-
Filesize
242KB
MD5541f52e24fe1ef9f8e12377a6ccae0c0
SHA1189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA25681e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
1KB
MD5caf7eaf5d3d91dad9b75c6ba9d2eb1cd
SHA1107f0622704491568904a8af950cd6a372b094f7
SHA2565a4ca636d8c82940c78ba821db6412d1dbd97f458cc8109f97210ae45b8e0e74
SHA5126ddcdf4be34ed1c0b900ffe7e485c8cfea5c925bb07523fcc94f0188d7d0fc6cec4495bfbfe8cb7c7b5717ed4180d6707682a2477b9528701d17ad0b6464951c
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
12.8MB
MD5727b6f6a6a0693eeaf5650293db1dee0
SHA10c27092d5861fefc36d7efbed27de1fd96010bb5
SHA256e6f6e2d50f4050124dccf3c972642fcdf4d67e847e5c2ec1959737bc6b6dd8a6
SHA512486562e5947fd2ff2026861e69f47a53826786ef3ace140ecb4125abc647c34f9e302ad63141b208e65d93e57e37044ffce40625a98b2863eff62e0fba192a2b
-
Filesize
12.8MB
MD5c40a4c8521dfab576f774ff0a55e293c
SHA11caaee0dff318269ec3315e5b574c9d841c55f02
SHA2560836118c1462143ea1bbb9d997512f3abc2d1fe29f2c4a768d5a5fb65046238d
SHA512e0dc2760c8982605bfb4d40ade64046984bea9bdb9bbc505b064f390d2bef0baa58233fc27d2b9e15befcba0a44c2e8b540456ad76c7175540af7450bd0d7002
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
20KB
MD52d8175b2b050f4228b4ea3da20db27ba
SHA17ac820ae3b05e4aa9ea226fcfa6b862fece8123d
SHA25603de75b6377624ebe7117744f4870618cdfd590b9a3dbeaab6c3263464de31e8
SHA512ab88ea4f53f98e98f3d96f9dbaa31388ff89fddf2089165b5015fe9bd89b381b5045a778c1b5b1011df30640cd5b9f1fdd4052b0c58605a9b87c54c5b13ebb29
-
Filesize
20KB
MD52d8175b2b050f4228b4ea3da20db27ba
SHA17ac820ae3b05e4aa9ea226fcfa6b862fece8123d
SHA25603de75b6377624ebe7117744f4870618cdfd590b9a3dbeaab6c3263464de31e8
SHA512ab88ea4f53f98e98f3d96f9dbaa31388ff89fddf2089165b5015fe9bd89b381b5045a778c1b5b1011df30640cd5b9f1fdd4052b0c58605a9b87c54c5b13ebb29
-
Filesize
20KB
MD5aa3a3920373062703d7875a4db7fc17e
SHA14a69b37ac1a29634dcedd02019d83fc7b1fe94ec
SHA2565482d861779f3b99d8e400269d46ba35ffd50b229444059b5cdb2481adfb50b2
SHA5122444f398f89552d9eb80bd4b73bf668c66dfd8c6c74419fd51b599aef6ffe4dc886e0025842e9d74aaff0b1626468f9d94865ee3b9d2b3dfe9b872ba097c43c6
-
Filesize
20KB
MD52d8175b2b050f4228b4ea3da20db27ba
SHA17ac820ae3b05e4aa9ea226fcfa6b862fece8123d
SHA25603de75b6377624ebe7117744f4870618cdfd590b9a3dbeaab6c3263464de31e8
SHA512ab88ea4f53f98e98f3d96f9dbaa31388ff89fddf2089165b5015fe9bd89b381b5045a778c1b5b1011df30640cd5b9f1fdd4052b0c58605a9b87c54c5b13ebb29
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
25KB
MD5211c9743cfe46da8bca3aaa62aa9aabb
SHA16161cab66621a9756c9cf46107208bebda640770
SHA256ad4c4164eccb9e555d2b83ee3bfb3f8ddaef52ed98caa09ecc68c3e8c086d3f6
SHA51237da87492369ec1aaafd80d6e6485f3e753f59a00e60281472b1278a8ca6eaa16ce421e35da17fc210d44392a1f02d8d0e8e5756e2345887d9bd9819a8cc79e2
-
Filesize
57KB
MD5502ca3c050f2ee72a9cad97732db658e
SHA1b55fd94cae6f4b298d9cf8e6c04f19ebd32e3a56
SHA256f6de8b5d993c463b851979118f9f73edbc99ea27a361b6bc13a933971069ae0c
SHA51292ce59668cf96c16044f85e15039d754c0e5ace9408013e3dcfbdc868ff8b98e6b6b6954ef3a434ebacd7a67ad5422f1df2041a883f29db61ba4282fbe1fdf90
-
Filesize
187KB
MD56135383d8bb1682084a9b366c75b5f88
SHA1c8a734659c93987b4ed97457aa61393386dde196
SHA2562e5c10636ee63a0f58fa17646d2ec28b2b9b4f20087c41e9ad6c477305c0b46b
SHA5129ecf2e2a35b770ee9c01b86d601df36e5dd22d001bf6a07f539318d24a11d0ebb1792fe65481972e31793178df55a7b132683b90f935e2049989b42ff29e0c5b
-
Filesize
93KB
MD50fbd755e0b53da54ee2bcdc5f719c0ee
SHA1b0102e2ad7fa41c6d2453b921bc82219aed9987d
SHA2563a1dc728e64a1c83e21c955119fbf5a633fefbd3de9a58c2ef3e137cec73bb34
SHA5122afcf2dcd875ca351124a978f8b4ec5ff13c677fc210c643ea29fca5089e7417a9fd42b8ca58077ba6f330446b9a1099902089fd0e18c2157598d2907335325c
-
Filesize
470B
MD51387c125a74a59df38c44f89d69b5226
SHA1d0202c6cc4e2cf6534d076c9ee775842c0419074
SHA2563ad2fb340b524b74f67a9d8a13418109da6b24ce046cc1aee2407b1ad3995542
SHA51230f5045376757533a3c4ed8015795342ef2cdc50d9b2e039937dfe4dd4378faeb053dded3498ec515521a14dc9669ef8125ad6d0eafe4cd9df0b7714c2faf575
-
Filesize
6KB
MD5a35ae2b4b404f8cea0097236d9a5aa38
SHA163d6da383ed3e66b3846c82e62970f885597fb1c
SHA256bfcf3a73da9f4bbab3566c54e0660f47ff3c30878d88cf45728147831c9f5b18
SHA5122513354549edcbb03da5b645facae283acc7006d60fc8980428f8557fcf4326b85844e0817b1a1861c806dcb933ad94ea5f6fe4e64e147f9486c3400ce0ec651
-
Filesize
1KB
MD56dad9717d1ab077352654501ec4594c8
SHA188e5e77de99f75f29d0234dda3727df5242dc2f3
SHA25607a5151267b200bedc01736b15dbac537bff67218eb93b3dd57a76f246c275fa
SHA5129a1d7049106868f686f527824a30e889d56aa3469b12b25e29fd7a80ffdd0080db6666257defe702fb707eabbc4404c312104f5f1d953e78387e7f3f87c55e63
-
Filesize
425KB
MD55a17fbc5b1542d6ac52b7e92e28f32ef
SHA1a0cc48304f75e8f0b9c0bbb15c5288aed6caeead
SHA256d12d1b53ef3fb692b766ceb6db997526bbc73a0f24f4ede9288d83e046d93967
SHA5125beb683b31cce03b4aa65f2b57230d8ac8771cd0e27e2a9c7d3a9fa3fd44d3c8d98506674bc4e893ef1509740f81fe15ce347307521d7e6ece80f980a355dac6
-
Filesize
414KB
MD5a53f8ef1958eebedd691f6d06f61394e
SHA128d63d68503ea99bfe362ee64e89572bf7cb2200
SHA2563f2a4418e82420c63620f8d9865b44211a1f516cb39efd551cb27e0ac39c08be
SHA512bd02c9d874837c43c1e264529148cb1979ff9c1877e6c7749d88974c84b7316c361c5d469eeabdc89f4aef3c347d4769a740fb9398fb66d794e9d1e0a7d31041
-
Filesize
11KB
MD5e745d1833f82b8e37b895442867ba0b0
SHA1e54ceb48aa30f95e093dbe4efc3da83cc1ec42b6
SHA256b0cb71f30f5c3e091301bc4b126679afb93dfabb86dfe2bcd819cd45e9f1ea11
SHA51219e64b0313b1ca83fe7d73d5d4ca32c044460b1b02b5959bccca0127a61917352b30216f77c08fd6567aa397ee496e387400cfd152035931b05312c7ecae5fac
-
Filesize
11KB
MD507824172b6817c64d8e5885ce529d5e9
SHA160333e55bcb9061909ea337783f7dc649206e6dd
SHA256abcbb5755cfd1631c913c216f3dc24734ff87bba19a3440bda9644270ab57779
SHA5124eb979db7d68db05f5e3bc0ae2bebd1663bf2b5d0f2141316f0619a6f5d74dafdac517e24b77c13ae98e62b7a8a29efcd4e51ad94a0d140061a2e12f2a374a67
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
266KB
MD5dca06c44504b1f4f174e6a31b6c68227
SHA1965a5668c7d4be8ec9a9fb0f52d1d45cede1c369
SHA2562134afb3c2c7cb2fbb5b5acaa2f19ab22f3c46e8573b3eba4f52ae6f4e884621
SHA512c131d1a1636cdaabdcd25fc54de0a82fe3d4f50eb588867eea491d2e2a0155c6100f11aaf1e68a44f313ab79c5cb89a6082545f755e6a3254cd45df494942e68
-
Filesize
6KB
MD5b0a0c0524480bbf9629c6b94a56e18b3
SHA191d6611bbec708d6e20a63210d2917f57fc4a97a
SHA256dafcfedbd313b572b4c62c55a5c7a1491913d0d039ce07f58cb0a4dbe8913fa5
SHA5122f7702ed802b9dd395b23d6db087f29b4ca94609392bf9dbef3adec7e9277dcff0585ada08280ac9eb5915a49227291f0c8b4fdd131ac6f9fc45a4179485dbc8
-
Filesize
53KB
MD591769a9308da06394cbee50c65a7734c
SHA174fc666e640dc713d7cc3b02afd51cb3847e3f4c
SHA256aec2c465925a34a716cb0af243fc575f20251b0768449c8598fee0d07698c722
SHA5129d0cc50fef7bb1ae6aee4869df3e9d4afb641ec2ca090f7761582c57781ab1de95b4b4c76e41b6be227a5e0f42f771f59bed61c6897cbdc17ea866c3e88ba6a7
-
Filesize
326B
MD5742d3872c9511be3aea3b7ad4414d99d
SHA1ab13c298853e474e02f469ced06f258502f2ad2c
SHA25698571ebe2502ad46c23b7172c0e76abf950515ba307b803ecef5e244b2f7b073
SHA512e71e1a75474b89b8b2b787088598cfd64f6bc7abd037c70db1281ef71faf8afaef304521f0d3e85a9c4bdbf43c8dc7f4c53273de7fc893686ed09b0878f06009
-
Filesize
32B
MD5ab795b64d45dcfca70172c9fb0a3fa77
SHA117363fcd99dc786353d452ef6c907ecde7a3ce3f
SHA2563f4bca688ce11a5bd361c697f0c7f82c4ffa3e4d6937e99fd999116be01a8e9d
SHA512abaf3584e10e2c10bf279760b68f4ff1bde7bd5f364e5b73aae6b323742ecb355620e13952bcf5da95a73b336ee5bfa2269e94b278a9f7501fd6bc364f7227db
-
Filesize
32B
MD5ab795b64d45dcfca70172c9fb0a3fa77
SHA117363fcd99dc786353d452ef6c907ecde7a3ce3f
SHA2563f4bca688ce11a5bd361c697f0c7f82c4ffa3e4d6937e99fd999116be01a8e9d
SHA512abaf3584e10e2c10bf279760b68f4ff1bde7bd5f364e5b73aae6b323742ecb355620e13952bcf5da95a73b336ee5bfa2269e94b278a9f7501fd6bc364f7227db
-
Filesize
25.9MB
MD5bd2866356868563bd9d92d902cf9cc5a
SHA1c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b
SHA2566676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb
SHA5125eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27
-
Filesize
25.9MB
MD5bd2866356868563bd9d92d902cf9cc5a
SHA1c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b
SHA2566676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb
SHA5125eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
40.2MB
MD5fb4aa59c92c9b3263eb07e07b91568b5
SHA16071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA51260aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
697B
MD57f73ef4c5a053d7bb22f010fcc55fa59
SHA1c061564c814cf5ea5e5e7af8f1ad4585686062a6
SHA256ce6617add7e22e2a12dd14a22df71eec64f03bec5ac4cb01034c0fa2ba9babaf
SHA512f19fca65346bb547d2c4b02127432b3d07766765bfe0f065c1a39e1a10114cdfa3f93cb9d87fd8b898923f481d828b809929fe48786a1d35762047f7a2d28800
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB