Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
15-08-2023 09:07
General
-
Target
Amigodainapasik.exe
-
Size
2.3MB
-
MD5
0da0f742cf3bd80919716fbd03299189
-
SHA1
0ff0f5254e399aa2d487dd7f0dec032a3429f257
-
SHA256
8f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
-
SHA512
ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
SSDEEP
49152:ohBJrWt7Yfg1evewmI874ZtPttM/G/jOayrdDKr:ohBJrWF04RIu4Zfa3rdOr
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Amigodainapasik_Decryption.txt
https://tox.chat/download.html
https://icq.com/windows/
https://icq.im/Amigodainapasik
https://www.alfa.cash/buy-crypto-with-credit-card
Signatures
-
Detects Mimic ransomware 6 IoCs
-
Mimic
Ransomware family was first exploited in the wild in 2022.
-
UAC bypass 3 TTPs 4 IoCs
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Renames multiple (5797) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes System State backups 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 15 IoCs
-
Modifies system executable filetype association 2 TTPs 10 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 19 IoCs
-
Suspicious behavior: EnumeratesProcesses 40 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exeC:\Users\Admin\AppData\Local\Temp\Amigodainapasik.exe Amigodainapasik.exe1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" Amigodainapasik.exe2⤵
- UAC bypass
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\cmd.execmd.exe /c DC.exe /D3⤵
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e watch -pid 2816 -! Amigodainapasik.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Amigodainapasik.exe" -e ul13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -H off3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-Volume | Get-DiskImage | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Select-Object vmid | Get-VHD | %{Get-DiskImage -ImagePath $_.Path; Get-DiskImage -ImagePath $_.ParentPath} | Dismount-DiskImage"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass "Get-VM | Stop-VM"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S e9a42b02-d5df-448d-aa00-03f14749eb613⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -S 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c3⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX e9a42b02-d5df-448d-aa00-03f14749eb61 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETDCVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 96996bc0-ad50-47ec-923b-6f41874dd9eb 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg.exe -SETACVALUEINDEX 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 03⤵
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe DELETE SYSTEMSTATEBACKUP3⤵
- Deletes System State backups
-
-
C:\Windows\system32\wbadmin.exewbadmin.exe delete catalog -quiet3⤵
- Deletes backup catalog
-
-
C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe"C:\Users\Admin\AppData\Local\{D3F1A24A-4570-94FC-C72A-8CAE679319B4}\Everything.exe" -startup3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f79f1107c370d0e270a1fa66f664e806
SHA1e9e49df3c554410cde67b4481815677e28d0a198
SHA2566505be4ba2f3110d35e26d60f184ba9d723241a82b896149367607f3bf4c48e1
SHA512f403c709c229f119020046a1127a2a976f2bc886ec9b516f5dcfea902c34bd5fc38a0e73bde69a8fada7f6fc54a1bd403f8646773f33fa657da97b2fae37f2e3
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
242KB
MD5541f52e24fe1ef9f8e12377a6ccae0c0
SHA1189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA25681e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88
-
Filesize
772KB
MD5b93eb0a48c91a53bda6a1a074a4b431e
SHA1ac693a14c697b1a8ee80318e260e817b8ee2aa86
SHA256ab15a9b27ee2d69a8bc8c8d1f5f40f28cd568f5cbb28d36ed938110203f8d142
SHA512732cb0dcb2b1dac1a7462554c256cec27de243734f79b7f87026e9f5fbae6d5d8a5f14a702d2af0b65897b6abad70a9eff1905dc851ce267d221ddcdd9e640c5
-
Filesize
4KB
MD5d8c2c121804d11f38b81b555567ef434
SHA1af83bfde30aaa71edb78bfed8b738c2a1df7cd24
SHA25668a2c394fde4904ccab3f686fe91ce83e2425b1ad0e7347f7487c13f4533f2d6
SHA51261e9d2ce8c503f14f833cc0efc96d9d537253b06c867c69b12e8c15b5ed4f7c07dc6c862515f0e399fb2a9e53592210f95c17e31becdbfdb53ef541159a58868
-
Filesize
2KB
MD59a5eb1791290d3933714cfe85c183012
SHA1186def022d2903fbad524c5f9c2b57d48eb5d071
SHA256fb2f4ed2f0b1b0b64e9249eac88201f8e3d40beed830b2cc2be800e9f3f91f08
SHA512a419a5fac3b1ff475554f7bbde1de515b012efb9e459aef443abb0c7e5529638c9511ffbbcebe2ea516f417681be24eb453f681400249e22b9f6138650d87f04
-
Filesize
48KB
MD5343fa15c150a516b20cc9f787cfd530e
SHA1369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA5127726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
27.3MB
MD50420a69bd0e33d7f7cf1db30d3ca0888
SHA120ac5f3a6439d37611e7e1781e5a8b0b5852da75
SHA2569da2cf4b6794e2357f476f86426022475ee834a366df322756d780a3ecc369f2
SHA512c491f0d8c3cb00d84ae16ee270c05ac9a6623d63ce20c0e55dcc1fa7910639bb9bf0f73d19d8700a1f9b3e00555919e34f74f12d93f9269b0bd523a085226e99
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
20KB
MD5aa3a3920373062703d7875a4db7fc17e
SHA14a69b37ac1a29634dcedd02019d83fc7b1fe94ec
SHA2565482d861779f3b99d8e400269d46ba35ffd50b229444059b5cdb2481adfb50b2
SHA5122444f398f89552d9eb80bd4b73bf668c66dfd8c6c74419fd51b599aef6ffe4dc886e0025842e9d74aaff0b1626468f9d94865ee3b9d2b3dfe9b872ba097c43c6
-
Filesize
628B
MD5aa5fc0b9833e2bb9a50ef8a035f96ff9
SHA1f413fa057196002fd57a43bc0019717b568a40dc
SHA25684057915eb2c9b647dfb21dd6032821c75aa1669819caca35ecef1df396d5d9b
SHA512b33820cf75b55752c189e6520ad7e761ad78449638501fcbe02539c4be3564da1307aa81f5aa202739a39fa8cfee2cc006c66fd22e474f9cfc6aeb9e715528f9
-
Filesize
20KB
MD5ae1523c9ebffa8ee08c03d829ac6e44d
SHA141bc73cd0bf586be290cf3901346e47e9d3ccd24
SHA25695762ef418780ef6d24b2e0d400dd8c2172ba25be527ca6498952a904aa3d8d7
SHA512c8caecc3b9fc272d3bc3845b53994fa0f6351b824a71af212ac852e702c45891f4e986100a71e6384cbb096f93948da6b9101ebe7f287945b77b22669b6413bf
-
Filesize
630B
MD520d9a5c42f39966c76f4a0616a429f2c
SHA1fa8f95bc355e64c6e1c7c4410595e7f64e55d705
SHA256de5c9c79750515be2fdb0d7121f9325ef705bfa0ac665e8dc1bbb7277ec5722c
SHA512154ef6aad3ef1d87617cdb781fa9778adee3106367c565c7e8c9de179bf0c42ddee191e5c01b8423fe4c0ebd3a32d7088c73eb95456d4b48e55cf691e3e0861a
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
1.8MB
MD5fcd36b7ef26da345f52b33d1c3f7e3fc
SHA1b36e1ca4f99a5d554cfbbd617e12072ecf2d4570
SHA256b52ebd19240268e747b7f919a6d41f72df46ccc3e82d329bb7c3324c3709f839
SHA512b8016e53aebf7a064f9c18f430bb690a05e96b9587f30bbbfb3c0d9578926ee4e098926eb29f8e0046a057ad269759a104759d791123f7308756282a41a4f9a9
-
Filesize
4KB
MD5612a650d1c773ee52d62546e66ff5918
SHA1a7479722bea44f8719b651ba69aa337d60da4290
SHA2569e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00
SHA5125882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483
-
Filesize
12.7MB
MD57b5c44e9208715b794d67420ad7ef8b9
SHA13974d077a4ef85484cab211d09805a3be08395f7
SHA25611b159fcb07e4216e8191e571fb56c9daafc6b8308d572e921188e4fe6131a4f
SHA5127162ba63a9e952111b9e036b72c85ce91cdc3584f87ec14f192f8ad9b1dc23246a85826330712e9340768fbb3ddee0cecf93906dcff49329405c8a3e2381f683
-
Filesize
1.1MB
MD5548b7d3983fce9504158795a629179c4
SHA14c76fec91c637ce18f8b5855b40fc14566072dd3
SHA256c59ef66ec095471ddc76400864a0550eb597e46ce25a6358a100c7ef0172ff26
SHA51256e5d2ea1e2e1717fb58559c86a4e3b9a6b1db7deffa70cd6bed92ce4fcf823d3d929f6a86ba2bf6eff8cf4ecef87617770f585b4884f3f3c42bc7da5d312f39
-
Filesize
10KB
MD5dbef78447120e830587017c581f994f1
SHA1ea5214b9503e9a3b5335053b9f2e85c1bd26f3ce
SHA256a380116d80066949811b29c5b53c20488c1ca6b05a955c1698aff58fc18ebf94
SHA512eda079a1c4e25d18099accf11860b7c78c9c303c855d87ddfd1750a41e47571db6acf929921a20be693a18d948799279c3f7be47574a2004810021271d735b3b
-
Filesize
8KB
MD54aae089d3731c3f9dca27587e61cc4a2
SHA197b570c80cce9d68fbdd728f8524d92bce4a5c35
SHA256ed8f2f1786d5c57aee9c8228286f41b1665f46b88b882557675350d5108b438c
SHA5126ec755dc7f6531bf0ecec25f8fbf5f712ccf46f93b954f8acf522b33b4bd13f3781e73f1122a81bd5165c507b0a58222a3cafe6fbd25f5d606b4414a9a4009fc
-
Filesize
203KB
MD54f2fb9e3b632585ac601999486886dd0
SHA114b3299262a49a209d665236d43bac4cb5160e3a
SHA25627b6a5d1a9f983c8327fbf6540828dbb050b2f1ca428dac2a63e5515db5da9c0
SHA512be6fad14e7f4a0ab2d26b170d1dfc305dd705576ee1f4838779235fd96eb1d29de41df3e1c527b49b96accec886b06ddfc218c7e2501fbdebd455e0aa9e1570c
-
Filesize
4KB
MD578661cf2b8084de1c8247ea693f6258a
SHA1fc827f0654f25ac240dceda817dc5b3d2a4a8096
SHA2564d65a4a9564e316b7a0532ad31da72d37869bf84f2aabf6b3ef0360b51c5d797
SHA5127ee0668a0288013876ae6889d2c02a1d6a20b1d9af3ba2de607706123dc67e41dcb0d701da242b2d3f62d8caf56491bb6aab86e2f4f50b74ee1eeaf18dec26a3
-
Filesize
1KB
MD54099dfd76b8816bf61be2f29ccfcf531
SHA100212b6452b24a77f6046c335f5433357b53d3b9
SHA256a6efcd1fa4b8e3f4e37e48e4e7a9278768785c44eaa05d619c0df229c59154b4
SHA5127bde4812dc9475d6301735adec815999a87da4c9d2612ed1dec72c532d0320a0542d384057596ad5587852c7dc92395481b8f216be6b581a1798ba996a6616b6
-
Filesize
2KB
MD59019fe1aaff395dabfbbd04f48c80d6f
SHA1640e44fe974f1c3cf1df5d5e16db6cd3978bfcb1
SHA256263c34446747f75ac225bd75cb3efe5b49446a4415d86af8d52e7c7775a2e946
SHA5127d2bc98f7b791119bba91a9b52ca31a9a831338b64a79a4dfc5d2797e3ef8133089b3224ed329936212a02f9a73607be3e323fd2c2a2eeb15519a4bf35b2bc9d
-
Filesize
424KB
MD56bc91b3d65e874bfb09c18b7dda1f03a
SHA1c112ef5910cbf227552e763b158775cb70c91b75
SHA256fd597d9e3537b9f0d425034f84ade17c539dd838c366c0a18f2f0423e1fc4105
SHA51209019a0fa803b47a5309beb17cabe16863b179c985d09fd3044585833afb82f96c02224d1df43c36940c38cfc5f534d4d30bafb50196cda5086d993afbd23333
-
Filesize
412KB
MD5a81142ff84fda7a2b3712c42300ec9e4
SHA1a674d3b340260dd0cfd5b157cdfa2a439ec11243
SHA256f6a890e0041fd1de29a022fe3feb99ed189634bd8fb199836283fd7f9bc6d3e7
SHA5128d6f6ce90f354908dfb4a231a07fce4e7fd9480ae9cd87a3e50dddd33fe9b553f15ec666ed639dc1288bea2b672b96376c6920f3bc98b9be08f0a685e78347f7
-
Filesize
11KB
MD50bd5e0c0da48036a2ac534423d48c4e7
SHA1196dbe84ad057c6b1f307db490919d783f9c9bc7
SHA2568821fce77f4a633c68e6fcf6c1369081f493e997c35787c4add67756f90b16e3
SHA512991c684e7f7d5ff3dff7be1ebf9d48b165a18bfc1c176948cac94dc337e73a5f21c35225bd706e72f050bab1bb8962edc543f86c7ae243e21b2233f89482692e
-
Filesize
11KB
MD5ee760fa3c42e6371b1c9c9023d33dc6c
SHA1ae0f536a8bf52017ea440788bf0a5457a38c97a8
SHA256e4fb0cc3336af5e4b02913641f2ebed6401fa83baa91cc399c7b5285798babdf
SHA512d4383a8d7b063551efff035785a15ee8b4b1f5eeaaafc0b647a9b864f4140f5a859cb6e9caf6f6ab19c0fa493e8c453965cb699327b6716f3c10a14e70bc89a8
-
Filesize
7KB
MD5c5589f2943ed81902599d2402fb050da
SHA10bb22426a139d357a3ab815647f26803c457bb74
SHA256c2efa075d01da4ab6bb0aa7026cb90cbb6cf543a62bf3b70ec8faef0f2c531a4
SHA512f956a5006b0498306073e94b76d9c85ddbafa936a1af84c7d05d8e7bcb461ec55b5117502353f26383c1bd5b754e1724dd9e48785dc1fa3f913e775a45960848
-
Filesize
2KB
MD5021837437a262d5223c5a5e4d1bad64f
SHA18fb5afbf4b89c01a85fd8239eabcfa9b891ef969
SHA25673c41ff2d6b1c067e7026c96230fd15db03f26fd9b0b9eeb0fd9e9eb26309e47
SHA5128e7f5f02464314e8e7b1fa14064ae68eaee3e02b6a400fe3add43e93e252c079523c7380e981b985739815fcdf8a784f17d63c0416b951096a660c7c915e7a05
-
Filesize
170KB
MD561698f2ba07bda2ba323140f20b28e28
SHA1d3e46602b6e042abdfb6a8630ccaff23801cd104
SHA25651c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0
SHA512eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb
-
Filesize
4KB
MD536cf8d512a14fd2c5263e06775f2da47
SHA13e8ae2e7855ac773837272177b985f1705f65667
SHA256c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9
SHA512e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
347B
MD570ba9e9dc2720c3eb836488e97e1a7f5
SHA1f42bfb69b8fc9d8d5123e6359a47988ce780882c
SHA256d2862ccef6f8ebe81c6d7354c20bd93cd86599c609eea7c29e1ed44934aa4027
SHA512a70492a7ccef0e7987509492a6b63dab2f8443a8f05b8f057760032aac68a4f107d09548cea639b2179b9f55b7daa846165c7e4ec2c10db055848e97472fecfd
-
Filesize
33KB
MD5887530f90fcb9eb925f4734a06332da7
SHA1bc906dc092162e087e6cd2ce6a496470fe4cdd2e
SHA25665706112bde91828fb442c5f951fc5793041a7741915df478ab32288c7fb297d
SHA5124c29236d28d4a042e6d807a67402151b79573fcd783c1754eef1d7a29d6a93abea524e89b165eef858065825910cf944810c585196d9e9100d80e11f17dc5962
-
Filesize
34KB
MD5496fe7b4ce1cba99747e1890940dff3e
SHA1334710ba612fb3cbe3705ec2193a5b4c215dbd8f
SHA25695be5f6752b4fc324bd186502977a207c503c0ce86bb9b660642fb52f18098d7
SHA5123eb99c3054a665af229db6f1266eb6ea47c08b10f93c2fdccfb955dbc2c4c6717f5318450a9e1ba31e7f2674e340b65a983f1915db68d4c352a082c6fb29f854
-
Filesize
44KB
MD5fcb01de28f400c416ea7ae67fcf86de9
SHA107d61292716b3e54cab5b0248457e1bd421c305a
SHA256e7f1834c71f5957e9c2858a25127bc0597add8bab90ae14105f09348a51dfa6a
SHA512427a7d25684272d0b529e06ef3f11ba60ea35aef4c99fb29195b60648f2514c37ad199575be5534232bbe8a48f490b980be4a9c7926fd7121b8bdcda5ee8980c
-
Filesize
35KB
MD5cbf2f9e2ecfe573ce22185d04dbe2e28
SHA19c7f82d6d883d01531f5776acba1fe46befe85de
SHA2564c755d265d953f21e5f265019310f35e3bcd951c2e2cbfbcb59dffa652c62d0f
SHA5123b879038cf877fd8673667f1e59ecaf10d1cb7b200537d1cabfe5742e28242199a5abd54c0f9fdf2ae8a03dd5391788065a36cb228ddebfc559c3d91e8b3b95e
-
Filesize
36KB
MD5f11123e683862bd4af8129f84e949ef5
SHA16420d2870be801c145441de6d2bde2ce8c188722
SHA256294e6e516e2c936441547e7ae2bf2e5125127e773d996de8f80449488154871a
SHA512106003e28a5501a4ad7e32c85d79b816516801ac9b5ca68a1cb4d136a9b13b96a977d883b9bea3790ea1223be6af41f6db75c1234d88768d5d45019534b8b0ee
-
Filesize
145KB
MD59d10f99a6712e28f8acd5641e3a7ea6b
SHA1835e982347db919a681ba12f3891f62152e50f0d
SHA25670964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA5122141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5
-
Filesize
350KB
MD5803df907d936e08fbbd06020c411be93
SHA14aa4b498ae037a2b0479659374a5c3af5f6b8d97
SHA256e8eaa39e2adfd49ab69d7bb8504ccb82a902c8b48fbc256472f36f41775e594c
SHA5125b9c44b4ed68b632360c66b35442722d2797807c88555c9fde9c176581d410e4f6ed433fabdcd9ee614db458158e6055a9f7f526ebfbc8e7f5f3d388f5de4532
-
Filesize
448KB
MD5e2114b1627889b250c7fd0425ba1bd54
SHA197412dba3cbeb0125c71b7b2ab194ea2fdff51b2
SHA2565434dfdb731238edcb07a8c3a83594791536dda7a63c29f19be7bb1d59aedd60
SHA51276ca5f677bc8ee1485f3d5b028b3a91f74344e9ff7af3c62a98e737a9888bd35389b3e6bf7b8b67747e0f64e1c973c0708864f12de1388b95f5c31b4e084e2e1
-
Filesize
32B
MD520f9a277b1c93ac74c1b35e8a5aaaed8
SHA1c170d4011afa336749bc41b94816beaae819fdb4
SHA25650ffef9f418eea5c232f36543a0eea4c20cbd142c2e38fc1ae75d2534e8133dd
SHA51296468e65f76777d0fe85d7af3c556c0dd4bec477db9d7264ae1115ba925d581edc91bd2f31679cc29b0eaf68a418d11223092462bdc9ac6c6cdfa6ab3a67d63e
-
Filesize
843B
MD5943c9cd00ddcf60b69ad0cf898d0db82
SHA133caa42914a4b20bd57592972f05308188205cda
SHA256ae563fe0176a54978836d9d66bf788ee0d1fd252a28bf3dec5175be9b858be5e
SHA512fb16781a7983dcaea1fc8e2d9721d9659091b50f70b044f3862b4cfd8463f70c16962496804ae19abe9770699ce8b42920db0e48b3e4e7b2e58d8a27f4f353f3
-
Filesize
7KB
MD52dd4f6c5750265f623321d01b9014ac1
SHA1f2c1bc351671cdc7c28a5311d7803b2cfcdcb4dc
SHA256479d1ee830746e1c6a8b114b21147a20ef23ab5c25d879eca3857e9342a8d21f
SHA5127812dbc1db89d189709b51926c58200777560e2d6a7eedd3ffc1dde250e7e71954532f8c36a955f81425784d77747cf2dd8e3620feb014bd202606c599c40fda
-
Filesize
7KB
MD52dd4f6c5750265f623321d01b9014ac1
SHA1f2c1bc351671cdc7c28a5311d7803b2cfcdcb4dc
SHA256479d1ee830746e1c6a8b114b21147a20ef23ab5c25d879eca3857e9342a8d21f
SHA5127812dbc1db89d189709b51926c58200777560e2d6a7eedd3ffc1dde250e7e71954532f8c36a955f81425784d77747cf2dd8e3620feb014bd202606c599c40fda
-
Filesize
7KB
MD52dd4f6c5750265f623321d01b9014ac1
SHA1f2c1bc351671cdc7c28a5311d7803b2cfcdcb4dc
SHA256479d1ee830746e1c6a8b114b21147a20ef23ab5c25d879eca3857e9342a8d21f
SHA5127812dbc1db89d189709b51926c58200777560e2d6a7eedd3ffc1dde250e7e71954532f8c36a955f81425784d77747cf2dd8e3620feb014bd202606c599c40fda
-
Filesize
2.3MB
MD50da0f742cf3bd80919716fbd03299189
SHA10ff0f5254e399aa2d487dd7f0dec032a3429f257
SHA2568f8ce3e99d843a4beb1d3d961a7cab27e75e32490132464e448bdbcd97ddcfd5
SHA512ce92c93973120a2808b7b33c20324f450b1e33aa1637fd2a66bc3c8f56cd44ec492e71cd8e34eb807c6cbfc5e356332b487144168de531be787ebb75ee3778f3
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
1.7MB
MD5c44487ce1827ce26ac4699432d15b42a
SHA18434080fad778057a50607364fee8b481f0feef8
SHA2564c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a4307405
SHA512a0ea698333c21e59b5bc79d79ff39d185a019cede394dbd8b2eb72c4230001685a90098a691c296aeab27db6751eef56c4261cf00f790de2e9e9efc0e7f7c808
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
84KB
MD53b03324537327811bbbaff4aafa4d75b
SHA11218bd8165a2e0ec56a88b5a8bb4b27e52b564e7
SHA2568cae8a9740d466e17f16481e68de9cbd58265863c3924d66596048edfd87e880
SHA512ba5312e1836bac0bb05b133b2b938be98b28646c8b8fc45804d7f252cd2e1a191667bfa8ba979bf2a07d49053114234b78cca83ef28aecf105d7169a3ec3dc62
-
Filesize
2.9MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
412KB
-
Filesize
12KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
12KB
-
Filesize
412KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
32KB
