Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
04/04/2024, 23:43
General
-
Target
2024-04-04_ecac2d16b3cc9a9addb0534c12241c5c_ryuk.exe
-
Size
5.5MB
-
MD5
ecac2d16b3cc9a9addb0534c12241c5c
-
SHA1
94f62a9cfb34f35cf2f855c415af91b247cf31b4
-
SHA256
2981cb9abc39a2b5015b73af59c0f559285ec91408d626e04d30b72ff3a6005e
-
SHA512
9184591296805f959135a2eebba6a0b0370fbaa8eb0b31a826be22336fdc38ea17e83ecb95f4cb9e0973693d68e976b62f1426bdee8b03e6c989edd6f1360e0b
-
SSDEEP
49152:uEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfp:0AI5pAdVJn9tbnR1VgBVm3qo4w
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-04_ecac2d16b3cc9a9addb0534c12241c5c_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-04_ecac2d16b3cc9a9addb0534c12241c5c_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-04_ecac2d16b3cc9a9addb0534c12241c5c_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-04-04_ecac2d16b3cc9a9addb0534c12241c5c_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d8,0x2dc,0x2e8,0x2e4,0x2ec,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb33e9758,0x7ffdb33e9768,0x7ffdb33e97783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff617417688,0x7ff617417698,0x7ff6174176a84⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff617417688,0x7ff617417698,0x7ff6174176a85⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=872 --field-trial-handle=1900,i,10472892325675486032,7323718154057490475,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD51a090c272ef1d13453fc296d9b5e7789
SHA1e1fc4d013860e8d22dfcaba91801e10f91c7b545
SHA256319eade06169526a09645b481f9ab8bd1794ec8fc0829cba02a2b7421c3cd08f
SHA51212efe17650b38690d30e3389bccc87e21fbecb8e8a229eab1839a2d719fb89c35991fab19a0be583ff417eaa3ebfc4b58e52b3b0d7262d0e154de12c66100b7e
-
Filesize
1.7MB
MD5b52ae871875fa42a70713eb2ad33caed
SHA1a95ad9d9c11c94934eec5e11168b6f5b4b9cc7e1
SHA2561d55abb187403d3e88755eb3ef58c41ce21f44755944c69c1ce3cc9f70b4f54e
SHA512fac485ebc2b04efb4729dc78845088b922967ef66bade6e0401b8373088ac07cec63e87b368293a1809c23b44b3f5e9c523b2cdceb7efb5e4fd049370adda921
-
Filesize
2.0MB
MD5042d7cd5420fa963cb3a63036b823ea0
SHA15830712d774a023a65511b0f51b540b8d32ee46c
SHA256e0b1bfe5d3d016f29a73532f9d0cd039b316675823cdb33d7e0353b837c22057
SHA5129d04bbaf0b2393d0f3321093d3e6be30660c0fdefdd5c3a3612f5aafd17235fdc15eb0bfbb38cdc521215652ff87248c9814f4598284c27a6726e455cefce8eb
-
Filesize
1.5MB
MD559eccb878affe7e362ecb56ad7f086b0
SHA100e72b1f18654e0e3ed073b45d1b44b65d47a211
SHA2562596b5d73937ce5ec5ed259cac7afd26ff46c806097b51b0c73f2979ddc44655
SHA51254115e854008d7f16ca4c9ac4fdf1e928a6d84367cb42354b50b7cb3159770d83ab7de23007fa802a6b0f48ddb4ef2b9d134910a0f24850fb9d6cc080d6ade04
-
Filesize
1.2MB
MD5d50ccdab1c90ff4fba2f8645dbfbea6c
SHA163a9bb94d8ce93567fcd173f3a97449ee7ac1713
SHA25605e0157d54fcf4c9723c08791bbfcf65de948767fb31ac80c5e9fccdd268952d
SHA5125bb614c6e6260bb2fd83b8c83b09925f4ad4a5e671789cb56a98bbc545bb1ca0357c175472e9e639e95d1db35aa99df4798383a9d0d2f7413958ec8213781fca
-
Filesize
1.5MB
MD509afa8d6ce061f1a7b8633d9676a040a
SHA15b0fe94261e31707cd4ebae6958299be40f2fd83
SHA2569e50435299d8f04879883d26382e30a1d186633df77e8f75856f4add18f60d4c
SHA512d8dd487e170dcce88a6b078a6fa1730bb059a88230636282010a2d021b68850711c1b08b38d1b45bfc215fcbca35af3809f5ecf6682cff62e8a9171b3aa20d17
-
Filesize
1.7MB
MD5b0ceeb87a6edbbf2d1276a53cd00d53e
SHA13221daa927d665f56f4156b27e8e811408aa99ef
SHA256ee3c88d43ac98d738bd32b54577886a08e06f981d36994580d0142a19e00fe97
SHA51271e17a64fb8357ef8d311b1bec6c75a77c871e1094975fc36f6ed881ac5f315a19da890159674b93280c660f6b1bf8b8f1654436822a2f4191143bd8a22517e8
-
Filesize
4.6MB
MD5d0a8bdf39eb712c043aff323fbbc69b5
SHA1c8e6281090fea7837da6015dd81abc0dfd732cf5
SHA256f805f73c9b83a212593349f99e1b1ec6339f342aec02fe6c3df56c35483ff204
SHA51200a9f9dc4ad3423a61c40a105ac77fd1983101cd54a7cb7a2fc7ed82112776a2d555b0c71c8d6fb4ae6be67a323f68ebae86bbf61f7116d6fb2eba2301300054
-
Filesize
1.8MB
MD57c3dcb62d6dda7d8df8ee1f150dcfb3e
SHA107c72ba0c3145f856427a91b9040d12a225de877
SHA2560d9aacf852bd1f234224210054e2ee5091d02145fb9389043f13e10ea7d8d3ee
SHA5129d583b86fe3eec9b35e071d3fddd80cf0a76006646ad8787f204ba5565f3d86345f978a582e421b0820f9eb87cb3cc642035a0fdb9a07c2426e9fba6831765ba
-
Filesize
24.0MB
MD535d5673d51c074973ae4d7c36156c124
SHA19b1596282984cb2097d8335a6586f1ac80153931
SHA256ccae8075882dd6566bc8a46fcfaf929bbfefea08ef4fd20b8bdadc15703f881c
SHA5124fb0616c20e340aa65b8f822e23393a7ce3dbf2a5a5ef75f6e8e948c21fe52aadd099d7146217a85256867178538d041319e4329188d3b378c62c074ff0e6cba
-
Filesize
2.7MB
MD58f386e53718135df9336cc6e278e3d70
SHA107a73c3a7b586d6447ff0165e18dff928b3368b1
SHA25656674969e40c25a0c8e972e4f3fb8ea2a29aa0f9382be17285238432b200163c
SHA5124a83607982eee0f7e9ded4daed5a8d7a62f0be720fc2319906b570bbf53441039dd0be0070a188dfd48ae552530840a75b0112c700241137feca3e1460cfb113
-
Filesize
1.1MB
MD5a31b6adfd856230350b40959d68c4705
SHA10db255753c712f1f4d14266498c4179004b08010
SHA256f9111ed1166332a3bd8d5766a50cc085ce0e45c2cc332a814e88351c861062e3
SHA512e0da86cc1c653687eddb33a45e79fda2005156e3a8afb4e4bd187754fd5c40610f50cc8e129fc74398ab760bc4b7516f865905bbd51761521f29a827b7362651
-
Filesize
1.7MB
MD590f54bd35017d8ec770d5cfc6e1f4db2
SHA1b1f88d1d0ad4e7e3c5dcdf67e6dd010ee5c7c618
SHA2569168d30b4fce00090af02ae0d88dfa11b176f06ffbcbb9484e6f38ddcb94b5be
SHA5127d0d5dea930f33189334db7602d237eb13cd36c8602b761bd3596e59f99ba83703217743c1e4c1585ea03a1aedbbd5587fff8ac080db48c74b2553bf38ac9c80
-
Filesize
1.6MB
MD5a77d0503897319f4d6cdd11a20edd6e6
SHA1e3fdd6c7cfc440101c22f194ca95a350909825bc
SHA256785fd0879c8093c3a27a1f1d7c115898d9470eceb2bdb668937b1c8a8be1f01b
SHA5120516dfe6e543a290f581751adb7569ec5475f6a3bf1b8bbb14076e5d30dde8dc9b1b36d3fba72bd6f99504dec97ae7698ceaea01ead9fe9772115abacd45caa8
-
Filesize
4.8MB
MD5b55fa8f8a361f0f78d98170c168a5611
SHA1a6a743bd0d6db19eb9855ccca38d5b0aba7ecbe6
SHA25632945db92b7c7f81fb5a1243be0a680e9c566a4654cc7c58962278fff64b95c6
SHA5129c65927405ffa9e2b2849359fbe00c9bd0a5013d2ef8ece16cf4f9725665010e6e8a3affbd577405fc5b5392a1e29683ed64e26bfe59aee42cf617b61b760a2a
-
Filesize
2.2MB
MD56d2d4b98dfe9889452be40a8b7c0dd0b
SHA19926f5c852d43720c461178badbb9b75b0651dd9
SHA256e22371021c56f0971bf1710e2bd8c276a1f0f34ee9747725948a54274916880f
SHA5122664b368788a1e80b79845984b4370da61f530fe55928821f8d60e300d659c13f8028b7f88147bf07a2a6b9cab6fe32d1c87ce1ae64482450edad51407adc660
-
Filesize
2.1MB
MD5f08e609baef321683dceb89b990a0ee0
SHA1523297ac59889305d139371e65d759332e3443fb
SHA256ac97e887f7b4895f0af5b84e1c3a4a45118cdbb968486f9147589a11c7c00b85
SHA512a6614caef4c7d174d6794933eac54c7568286b4f26c74e08cc3fb3afb22e709551fe3e43354a6ae9fe64be46568695edadc277be58d17f38e0b86cefec029419
-
Filesize
1.8MB
MD5925f5746f54ce1a1fb55da42a6a3f568
SHA12b4a83e54e7d5068ac76a81e241002ca2abbd9da
SHA256c80b2af992d45f2c71f7c6a3d00054e14ecdf5c53581b4b89f12fce1af53c60d
SHA512062a22adc13463c858261a0ed45f34b46f2ff4ac31362de0b28bf6c6dbba45a67f0afa10c90df7d4af4f00e91603ede16d7b6cd0eccc74ad697608a6bd5a11a2
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
1.5MB
MD5c1429aa1b34bed5ee9f7157e6e1f2734
SHA148894421ff8f3f44f4a8d096dcc7a3c018fc036e
SHA256c7e33e812b501c4be93f7b5dd99a14579d74cde7b9eb2a3dbafeca9533739637
SHA512d5e69405cc92803779fde2f974f6d0e6a87446f00a2b38d4a5e5660c2674167412122baf8bc9e9438894d4148258f6c2a45315b7cfbdb030da113144350d61fd
-
Filesize
1.6MB
MD531168787ddf0b5dd45382ad629ee76fa
SHA1dc533f284186372852e1aecaf7c85a0a1b4a391f
SHA256f4e61caa5015dd32a2b47276b54dafff1e824fced0ed337464b5f6041b9838d6
SHA5122f712eed51cc651255fa96ebe37a938094ab0dd4ec86df4e1a26c597a21274fb34f76495eaa81ba53d857817848d68d43523988d2a0c67aa4dd48c918f00c1b8
-
Filesize
40B
MD599cc49358cfa3628888247c84b312722
SHA172df90d4341e204b5d695a65f8f0575d75d6d342
SHA256570055b300595d9bee19cd486aec73f2e432043cc1a510b5075bc55da6b32757
SHA5121b3f0129c396f2e582b6e1316e622f9faf71776e5878c95e71a961e4851f9aa90b651f0e3c3d406602c79f377776df5c8353578f44673359088ba16998fd614d
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
945B
MD5cab80f0119954bc400024dbe85d6b5b3
SHA1c976a05f0f999ebdf99bc9924f257f0c0f199872
SHA25694e9547abec11661ff2eb954848ebcddb944d8b248c86b70929d7b54c073748f
SHA512b8d418e04fe360dd5ac5ddf594d10b29546c0f0b39cbe15595e737afd014bf6635e91f154432d33d8a2db8b2f35fe42dfa99e1854f516a3aa118d1153d1b76f4
-
Filesize
371B
MD544da51c293a1095e28d9fe9b17a53b63
SHA10a574aff0da26b76573e097055c2efa338290c76
SHA25650e56aed84023c8597280734f74836bbcc0ac23e01388af7188712c466e28167
SHA512eb4bfa9102a077f3ff668230cf2eb4a068c0179a8dec432bd818ea822089a84850d258693e6572f807ba818c0620f2e5d930ea0a162376faad61f7a6411c7ad1
-
Filesize
5KB
MD5d83185fbae749c0efbad4fd07575b0fa
SHA1fe4126788978b57729b3a8b6f4a406f09e685097
SHA2560941901b13fb24ab2ffa2cc9054e615c8548eb42e454ebc2280b19263666d8bb
SHA51216f32338dfccb40c81d7964de5b6b9f8e00824ccedb47aad0e9933a2719ab976a115bcb01a761ae939a9413deb34c58d95ae05664b546ffae8ac9de3bf4d90c1
-
Filesize
4KB
MD5dd0b3b6ee2c448c561ffa378cd557dcd
SHA199bbfef9cd05cbe1b0fb8f094a005f96ee6f0030
SHA2569c672a8c9b73a6649954f9aedfc4b1895b5556eccf23d9791ed35c49950f0920
SHA5124e5c9791f7cd51c1094a95cb01729f997ed99af4d50e2deeea27166a7c19bf31e038e33535675f721e6817dda154c99f224f78a06b801e23f03079880d8e2d49
-
Filesize
4KB
MD50fe1861190558dac9ec497f8348a84a6
SHA13e7f6b90749312ef209fe300125110f0b9b3b62e
SHA256bf17e54e295b12f3045b1ca2bfef44cafbef3cb00322b0fa1011d73a64919911
SHA512b169eb9bd4f2ee8efe7c6db534d889b5a89679209f996b31655fc09eb8b749352e239c5b5e59f2a77a651aae33e3d9ba352a2bbe33ebf9a492460a4df1264af1
-
Filesize
2KB
MD59789813c7b351abcd4b4cc4821874f82
SHA13c3839cb1e6fcbd66f3c6dfc092f3aa49c057c03
SHA256899961eb96b3c34c8a0b0bed8f6e6d81c5979592af5cc0144590b71e394bf7b2
SHA5129c8dce395a863812d3b050b5068e97301309e46ae0c69f6ee0f8539f3dd453d269bfe4865d4afc6a8518e4b85ac49f8901fc937ca19da27a1e5bd178e3774a76
-
Filesize
15KB
MD5b0d30af27c1756ed42572c853e87788d
SHA1122cbcfac2f53023a3531791945e8188b8fd59c9
SHA2560938adedfd2f4754ef50d8233241277a4d72d666e5cb44fbab8f38ffa4e0dd42
SHA512c8fe9ac2f98437cb0feb671bc662520eca99956e4406d02b013c6838963d190d3a8c69c599ad0a10d2e4128a1c19504df415a9de31835d70d35670e83137c3c2
-
Filesize
261KB
MD5dc800e6b2aef635f604dc2dc210c0029
SHA142a34a28e77f8ab1e81ff7d6d8acb41f380e11d7
SHA256515045d2d305f9701f332981781d6aedbb4f72f2a2c655ebf6ae7fefc3ff7c0a
SHA5126430c1319e4e4cd8116995e5198c0b5569805c64e0434ea1b26540e85a47b1f813c7713c82006d774ef8a7e6a9ac229677711d0e00508430dd7f510c72f8b81f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
7KB
MD566924a3335fcd4245dd470e8a53968b5
SHA15f181da16d47dde6ab4b3948ba2c3208ad813ffd
SHA256a89770173845f9d55a672b69661bf69bbb299f5ed3b364fb10bd0ac3a8d4d8ec
SHA5128af29a5c5280a8204b8cb359ffb0582f584fecf3f4cafb57100ecc1c4f24ecfcd52759a97323f8bd696224395ae0e86060bfce02aebf091f1ed933b50a3f5cfa
-
Filesize
8KB
MD5ff33b99e35683b967dddb8ae4e9faf2e
SHA14b4b1248c12f313fbcac43160cecb0400126e3d1
SHA256465b4a2ada2632d280c60c570bbcf0ed835de2598a6f8377ec62711c441f9529
SHA5120d5c48030abc6109b85129fa71408553abe64a8a02e4c7621e6b8b9bf95c8e64096ae7775f10ce7ea4d2f72ab9d0267fdadedd248acd9b93138e14af1fb29545
-
Filesize
12KB
MD520445dafff50f5dee840a7f70184ed72
SHA10005dce4ed99e8779627932eda222c1f68f32edd
SHA256ab84f8e621bb4915aaba5bd6f9a69f781631b8d7f009bd5809c44e44fa732c83
SHA5127106a7f7d12fa49414171f8771afc276ce7cb96c60167ac9f8aab2af4b211154042b1be20999841815e37f868612b297df80b8ccab911ff6a6a018ddcfe4689a
-
Filesize
1.5MB
MD506d0846ddb235a1b0b5bc307c3da4140
SHA1a06524d6ca7211149c560fe18a8ba3b98e8dab11
SHA256c7dc37ff1ec5976d822c178c546b3dcd2156c688831c45ce820a701745f8cfe8
SHA512cd36742a36fcec4eec5e385891cd3909c60305f22b9f43d4776bb0610f3254901c3c7654ae1ffc067220fa6e682a52195946be0c8cc42f144ea7c0ec40e37cf9
-
Filesize
1.7MB
MD50525f82e2e2988343d47d59972801242
SHA18813c0f9fd690576f95160954ba9dc300ad3ca93
SHA256118e4dab382cf882e1cbb7523e3e1b1f6bb175d9f375c1cc2d748d6abf48cda0
SHA512351d0401ca67638d523f867f147de296b63da37a1a88cc9048754e3824b310a5e1d46c332c7bdb5cdcbb80077ccba877341cdcc0c56f447b00b86f77dddfd5c6
-
Filesize
1.6MB
MD5cb58f8ed3bb1c000a71641d2613900d4
SHA17acc2dc775e8edadc93d4571e3d11640dea5c035
SHA256c118e3f7d60b3e510c8b0e2fcc202883331b07e02bff20867ae043c63d1467b8
SHA512e8311db2618dd4748d1563457f1c7f5ee4f683956ab30444632303e96fab7c9c9de5bf049185f925b4bc49c708b1341e8b11e22457d20966e967a48ef8990081
-
Filesize
1.2MB
MD5ab2f5593af83c0a63f563cee0d3b561c
SHA18c3afdaceb9c66913d0a7bf233e003ea49bbc586
SHA256bc025e38e25d69cdd966b0ca20f484d562b9fa943392686d921c1df5e05e0cf7
SHA512696be41eab28d7856c22c9024c5bac1883fce1b73b031052c51f979ca0c90f8ba1299ec948c5a9d54f1064284ed62c423232d66bef17b60e5240d567ab7ce92b
-
Filesize
1.5MB
MD569ad4abd09c6b4ef9eaacd6cef427a1c
SHA12ca27880a341a0e8897691c5a6c306c5102d06ac
SHA25694a60e4adef72177cb10f789fb9925b7271ba66157938a81a066d3e3e42fd461
SHA512a4d99713027831481eb6a37086c114b8d7e09c64f7eb5b5cf448eac6edd62137326948ea61e85835d821e0605bf3247c081354a2ddd8d0389cd7be8a8defd44c
-
Filesize
1.8MB
MD57d7084bab55327654bde2862221042a5
SHA192b3a975054251ba6a5fbebe3c7d1a2ab87a145b
SHA25623b00af3a915fe6655f85c95f5ed0e20664e6d4058efc5446ca9a4744b5699f5
SHA512aca20bc57672c71145d6b0b7fe73d90ffbd9d65bff7a31ecfb42a256ea25154606f22242eb1f1513eb8b72ec18f447750f00e05729c58f48c4019bbecfe2845c
-
Filesize
1.6MB
MD5790aa7ec431c997430576c2148d1127c
SHA1da51bc539628b027a60b6f9653532d8da8c76376
SHA2569694fe2911dd96c76a403ea31d9281a5c1449a08542ecea5508842c2405629a6
SHA51230b7b74bbc5fcb864058321ed682d23917ee0d6ab4a9cf08887c489b0716b9b443d4bbb737a819d25cc84860bdbc96f5a3f62d30549f661158f05b582f06a675
-
Filesize
1.4MB
MD5a8df6776254bfd3c2dc8f144004733fb
SHA1ce5519ab4ce4dfac358bf7f2acb4e2af2937f172
SHA2562d1347a5d0c6d310c2405963f9bdf8498a45c7df67c8c9ee9e476a0a2b621128
SHA512d50974fd8cfda9d22cec2cac07c700bd560d1053b49b51031c3c0b52eef39638623c0ca46033e25c0367520622a38c672fd8334cc2ffafda133bdaee39a017e0
-
Filesize
1.8MB
MD57e0db9447012f34f1060b2972c7694da
SHA18148fa65ec823beea0948914c1ab938e571a9c05
SHA25644c892955d41fa1c09f7210c6011e1a8d7da19f1440e087f3ec8986a45789c39
SHA5128604f4968a381401c950c039847777be9edf38d508e7553d3d7e7395bc75aa3b484e25806e679f8def81ebd3f1fad8641d4adc171295db71b825f3f40b25b7a4
-
Filesize
1.4MB
MD51387a2eac0a9b83bb73de71d7e650338
SHA1bb24efa1752f2aea6b1c0b982e5414fe7b0ba0e8
SHA256fc0c4529e2f148158656c8b3632e7c256a681cec4b1fd287cafa4d7a8ee7a831
SHA512751ad308c16b6e2865b1722d0846b5f8a349073e7d068899f73e8690be346fa2b23073a7a414f85377024e172ce599aa72badb538212d3a60d55683876ccded0
-
Filesize
1.8MB
MD53564febca496e816b079a050896432b7
SHA16aa9865701051642631e7e927ffa478580cb3355
SHA2563fa6bf608af2dd8ad842b8eb326fbffd0bfac3a0fed40880da105786791fadfa
SHA51262cd46ae28f7ba438cdab10bb6ee9130bcd66c837f16f11abb0976de818c90e1974e0a6eed618964f3a5c2ae2e98f4e4dbc0de35039cab6a0eb5bea897c2ca84
-
Filesize
2.0MB
MD5f7a84eaa0c61214bd4cd80dacd970081
SHA1dbf649054014aef3c7eea7d576554f05a9194874
SHA256ad58ab8474249888a19ecc4ea62eb8dff4cedfb4041732836cf290fd47e1949f
SHA512240ea212119c5672cc659cc6a8a09c23375427cdab8073a72249dfcd0b4c4e81ed0ee8ddf7fc3d114a180ab07906d241570f63c8cc0bc95267abe4d90bda4037
-
Filesize
1.6MB
MD57d832b54e30907c39d096187ddcb5146
SHA12a414b67ec6fce63ab127d109d748ff51b9b33e9
SHA2567213a7e53ee1fb59978403d7064589560513126cf0b20b1ab4edea229fb38d4e
SHA512f45f348d52e55735ea17e103ef1748abf89e442f1cec72719aef5bc707d0c9a684c7d52216518cead665acd6fe61d714668c4442acefe730f55cb23433066daa
-
Filesize
1.6MB
MD59d7badb8cda39bafc19292a3b17e613c
SHA15a7e1a6ff4090df468e0553730f1d7fc7f41b2ff
SHA25671cac141609396e2a5f598ee750c7ba2b344049f30b8540689bd568d0062bc4d
SHA5129e56c02936a74b95606552c81e8eb0bc2d591078bce12b3264c1037820053b7d0fd92e45c663897a2271331e052484db73797810670cecd1bae1fbb735eee5cd
-
Filesize
1.5MB
MD5be95c5530ffde6919aaf075543af2c9a
SHA123f8801ce8312a5fb6a0bf64299300ebf47d8b92
SHA256295401e2969fac370a3bc8e95489b065d24c476437c1b832039c9567e15dc3a7
SHA51230bfdfec7d2d44ebb073cdf8954174c00182a2c04b1ca9d9cef6af7a51097237aacdc5c59f48f607d29445322f74760d1140890c7607e9dcdc680aa687943c12
-
Filesize
1.3MB
MD5e8a2d30d0e3a803d54782ba80370fb0c
SHA1d16ba790c078cc6f055a56db5b15426bc37851dd
SHA25687eff05153be0d37bd1f79b949a286ab53c79a068a5717b8a3bcda202614e0b6
SHA512daf52dd58cbc422ed12a2c710347f8e7ab8793fc8912796de0acb548eb7c036ee325a30bfda6775e2819f6268713e79a9d9024794ea5d69e2ba5932217736cc3
-
Filesize
1.7MB
MD523b563d35f73bffa4ac6d9e016e44965
SHA1f83e3c682c1ea49f9270fa1b191b2a86fef1c518
SHA256891afe00f874b8784d66b46a411c67230dcf521b92ef6cc89e8a965f0ff42ee0
SHA5120fc7874e8c69f4e790762aad3779da2eb50887454130dd44756ad1dc70009ec4522da5ce75d80b1d57974e5104e53c2161f79cc3f5056097c2fc9c863f249a12
-
Filesize
2.1MB
MD509edf7ef76209e9b95d1dedff649f180
SHA19136bed59d5548115aba3efc661e1908e385f7e6
SHA256b4bb909bf8ffdb6eb2d38d3885775bee9e08edc6329f30d0750bd654c9f0719a
SHA5120a6c03299480193d34ced5f1e470baf57486078ccb92a3c222143575f9939221d57e72e5ec8e598542861b470f5ee02d4fcc4207ec140f570babd40620e2b8ee
-
Filesize
40B
MD5a57e00e7b64144dba402c6db0f7ad149
SHA151a33fa8f038784838ba3a6c0fd16cfccf49de55
SHA25626345f4eaae9348eb9da6a4c6101dc723a2cd58c0f15d93f5c1ee628b6957fd2
SHA512a9d626fbae4b1da4d41e75520ebb2eee98cd2a4b9dfdf5f264e574b61f1acbf34c0bca6b1d3e1212ce37c8935a50817c47539b03030e1665a7dcc3a18dffa739
-
Filesize
1.3MB
MD58774200fd61d2ceb81a7b61eafc396fe
SHA11a78040e6d247ee0d7413d7645db18d52cfcc815
SHA25646a44771b9efc45ae448f90808726d2a6f62f34b9be0180de1890a953b3c9280
SHA512f8bb14a44548c8a12778d405b6c0f0b0f8fa45d9c95c244b6a9fc0522e681c417a3ad76165052d2b0af8e4be081dedcf5b07da5b005f538cf3befcd17f5aa310
-
Filesize
1.8MB
MD5b4fd048b2a536747b08cb1ff36bf6e7d
SHA1dc56530c4d9d0560b4b13d59e801b5c7d7f09296
SHA2566561847e0cd35e6f097bd19b53705b30fadbdabb101d9ba474b54940c3baa225
SHA5128c28f62168dcd5587282d475757544a4d12aeb62df2cd59aca1cc5f84653e38f0e221f0d4dc7ac525879df961a85c8f08ae76fbb1ecd06ac824ffd795fc87ed2
-
Filesize
1.5MB
MD5483cdc63e6500c7ca74791a1ee014619
SHA10a30433c0d1a9ad651b80d5769ed629ef4d59f74
SHA256b5efe4e39487cf20f22e24ede42a9fb414a67c9b31281319661236d21f5d2e4b
SHA512e3d0918c070b9a955108a89be31f30beb199f9fbeede2827729730c06682f28e1af119db779a2241d05ab144b1b6fc18861942d51d60931bfee37b1576923fb4
-
Filesize
5.6MB
MD5f8a62854c861879c695c128902b92b56
SHA10d7ff58462a29d2cd7ef99628f8f0effccea1614
SHA2561e48ee08c90e27f58717a9bc684b43a2a0e10ac000b606e5240bb7eac3c68ab6
SHA512eabd4e884096b9eae96ea431a8e1672537451fa8a7cf090675f2ebe2d8ab088faf31e0d29c8bae9cb11d201fe730b8f3fdafec2895d27a03a0cbc3ca78068bde
-
Filesize
2.4MB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
2.4MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.6MB
-
Filesize
384KB
-
Filesize
2.6MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
2.4MB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
384KB
-
Filesize
2.5MB
-
Filesize
2.8MB
-
Filesize
384KB
-
Filesize
2.8MB
-
Filesize
2.7MB
-
Filesize
384KB
-
Filesize
2.7MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB