Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 18:08
General
-
Target
2024-04-17_b1d8edb95e3c10cc52e948613a4fc82a_ryuk.exe
-
Size
5.5MB
-
MD5
b1d8edb95e3c10cc52e948613a4fc82a
-
SHA1
8543288105e00e1dfb0a686835e7b005529176aa
-
SHA256
488073cd1e8b40bd1d9a7f122f109e7fb496bb26c97792823e69b41cfd381109
-
SHA512
b6cee70f635d1d84dc582f6a443f9cbed0e6fb9eb23cb328577510b34d916151c206ea2d0ddef6792997f67c0f7e9ece76ccb0a908a4ce6f81a3a4c0edd9712a
-
SSDEEP
49152:9EFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1tn9tJEUxDG0BYYrLA50IHLGfr:BAI5pAdV/n9tbnR1VgBVmaD527BWG
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_b1d8edb95e3c10cc52e948613a4fc82a_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_b1d8edb95e3c10cc52e948613a4fc82a_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_b1d8edb95e3c10cc52e948613a4fc82a_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-04-17_b1d8edb95e3c10cc52e948613a4fc82a_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d8,0x2dc,0x2e8,0x2e4,0x2ec,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b370ab58,0x7ff8b370ab68,0x7ff8b370ab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4296 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7730dae48,0x7ff7730dae58,0x7ff7730dae684⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7730dae48,0x7ff7730dae58,0x7ff7730dae685⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1912,i,10361750428925415353,14944790604559667621,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD534549ab25ba07d0847eefaaa2f18213a
SHA1eb54a00fbc4c1c39a0ff6949e0a4b921b6e646d4
SHA2567c65beb435ee5f9b00137c455e25558dd899cf89eda3a29016138486762037e0
SHA512006e020302ee12d574835c031b22d5e879a36d7262ffef2abbfaf74dd327f40b5eb9535d9475940fc4015898b29c345d4a87ced2f21814152e3a3f29f64c5e7a
-
Filesize
1.4MB
MD5ffd9be9fbdf3ca4ac7d1a7bd433cb98f
SHA1da7d38ee75d3f3397f35a0b7ad2b83e419daa2d9
SHA256b4477fb73088339b6a52c9d28e5925bf87bb610bdfafb752a8c88d77c2ea870b
SHA5126a4f2d3e8c0c20fe102e89ea2338cbdc37c186d2464fe484e3f657f0ad1b1b48c241d934efc7659925f3d39504b1e37f31747e867d020c782718259e2862bc95
-
Filesize
1.7MB
MD52ddd2d85bdb1f6885623f5f8bed9c834
SHA11200dd85980840dd21badb66c3adc596027151d4
SHA256a84d395766af77c2b2918cfb53c75605ee82f4efd2d03ad21a6e4b423df4ac79
SHA512e510db41a0ab822eee78037a01a493b2d4b6fcee8db06a9192126c39ba8fdae72ba9f43fa7e4a9a09ef3761c1a0d629e5c84ad5926b2e441f02f6425dd9072f6
-
Filesize
1.5MB
MD563994ffa845026b5c2e41d114cb428a8
SHA1b40fd5629ea8bc119091e3b99ed71af22b636980
SHA2560799548631a982d0267f59188afc1666d9b71ac31b53808c035290066caffbc4
SHA512faabbc759bb5c4b127c7d3ef5c9f50e017fc48320ef376840f071a47965b40ef779977c6596d5ccf168bcd218c8e205684de971b7fe726bbd7ac2c5d285e8a2a
-
Filesize
1.2MB
MD5a71ebce45dadad73d99112426d922b1a
SHA1525b98394d14376484d9c19a6353dd18c991d732
SHA256d320a26af6b8b41f6e32457fdbdf55eed392f5c5e8b6d334da6d7bdf7b776ae4
SHA5121d52cf7d42280f7605f75b347ed7ba1d3b92bf6abe2348221b5ba22ab80d7ac2755fa1da8326e320ea1947b42f91d3150167e51afc20c1b4f5cf2d26b1d75e05
-
Filesize
1.2MB
MD582eebc2814e97557dbd6930588b2daa9
SHA15f63c81772504702fa2b01a27b5ffadbd2146b82
SHA256444d0e14cefeb54a1ec0072b2525030655d3ec0f3f7536724db54fd887bf7be5
SHA5120124745c4a4e3264585d76f942b0679341a9d7668e538942ac0837d0f65299efc983ff3b6cd8dcc89c0161b896c4261013c8bb3424dbd40462a810cbb6ce3422
-
Filesize
1.4MB
MD5a1b39b2c880b39ede549d2c0621ff131
SHA169a4471f432163d919f719e6807956af2ec3f933
SHA25694f7baa18e9c0e110f81b6c61fccc5d66eeaa41d9dd33cd7ade9872dc4454b0e
SHA512ca9b96342a725840c1eb600e552f83f6724ba3654edd0022231ffd6dbb96b70fd78549844bb2d3634e394a3079db6ac3023f8926cb782791a9aa9fbc5d56fca0
-
Filesize
4.6MB
MD5e6ca8052dd8be48dd70b5fb6238c6474
SHA1c9481e71f7e867c0d448d3e5c145ce33a07ef8c6
SHA2568cdbf3ba8153b17acdb2bba683577287d3ce19aab6c2e98abc934db1260c1db8
SHA5127ed5d3272cc47e7d4baa16c881a60e878e3e7b8375b902c373f8dd8877a24c2ffeb9ae7574ab7ab9593921f3426077f75beed5f0038e9787aea94fe3b846b010
-
Filesize
1.5MB
MD514451635ae5dd1f51dde6e8985366770
SHA19d4424ca4ac6d731da6c89ffa7686b253acdd6c1
SHA2569bd516ca95b6b6d3b0e7dc8d301e25fa3f1052da3e64b7b9fc87a90e692a8fff
SHA51253126ee586430bce8c9c7e5ae15515a01e0747cd6870d6445af0faaa1c37efa6c2eb9fb8713d2a3fbeabba7abd127388f209cea7ffed588e3d58d6db8407b17f
-
Filesize
24.0MB
MD5d80390d384976caf088e9a434976355d
SHA12e3bb3bc44f2d98e246d1476d421b17bb01daa03
SHA256a2d4d16f1a26a3307bc62244e1819c0d05f9f9fe0f33d8dbf8bd37a463354842
SHA5128a6c44c93429ce161a5cf43052959a9a9a420efb4d46abd1bf87bc7c71bc9008a82936ec7d3e31f207450d256a208c73e79d036688401dd6b2a9112a28a46fe5
-
Filesize
2.7MB
MD5200b2106c55b37af3962c19a3f1710cd
SHA16be030531abf43fca8cae2130992efd5aa723655
SHA256add583e5a74929280992e02e028595dfcf8db7532165b8c75bc25c723ceb2a8a
SHA51241e5ff5b9e8c7689dcc3a9d6750e047c8254983067f1cbb9b897b9127949a195a8ced610c401b7559a9c8cf3a7b8ddb7d55d4580d7528c117ceb48c5fef240a5
-
Filesize
1.1MB
MD56e833c1436610a5e7f6ed94dc80ec2b3
SHA112d50b6c9ea5516af2b989dbdfcf34a77e452464
SHA25691e309b3db11890a6814fb80b3af70c043d41a4a9c9725f7879367435f7d45e4
SHA512a58c6489f546653fe2dfe2518e924c63e15372025f7f705d23f29c3effbcda1cc668d9540db66fd7d950f7d4a60ff20c3a4bbe874d5c748d774490b21b9ec50c
-
Filesize
1.4MB
MD50fb81ccf18febd55b3fa86b19f19ee2c
SHA1fd3ff3da52a824e15c432c71f0edbe38667f1ad6
SHA256176a9ad7985ef2b939bb83c2fda153cee12af29cee6c2dd2912e32c6aa6a558d
SHA512da748806e5ee7b97da7b36bc46c79a24cfa5f68e746ea9b943b3ff5a11bb694edac288c1233d5c3c5a7343a25352656bd3ffc2774f0bdab0a93b2230ce22e5cd
-
Filesize
1.3MB
MD574f99f22b56bd54fa36033bfe203cbab
SHA11bf43f2241762599629167ab7a72179263118cf7
SHA256f1fa8e07c0a0f2abddf0426d1cb61b19d3f4cc71542a56f5a0f14a0fa07d53ef
SHA512f7cc0aa588b2bda4fe34f907d7d5eb1636044c4c5dbf2d0e2151b4ce00992ae65d41b2d60801f8d82ad94c6663bb621f8a0df21305bcb57c22dc5c1a5ca4bb40
-
Filesize
5.4MB
MD5cbc045b8b33bb33508cf86149995420b
SHA1328c0401550b0c0d8493ae7ccb44e943929d59ea
SHA2568c51d147a5946141b2508e98fad2c32cf7cd50c866a3e0860cb3c878ddf647f3
SHA5124723e09e8d986f2b21b6d15eb4e5324ff3865a9fc6284a3bfdf757173511d8e590ef503ddb26a0c08a7a1eeb2902daf55fb66e418d58150c98b06bee04253ed0
-
Filesize
2.0MB
MD58c716cad49bbf9bac27f643b4f7410c7
SHA163b71149a7972b4ae753da15df6a301d198559f8
SHA2569b86f4ae441bcba0113b7dd77ca3383e4ad56d8d5cb14401fe2c26c4af8df05d
SHA512db7faa31ac1a8ce04ebbe7351beb956521f34569abbe49c68382e7d014e9519edb365ddfa23dbe992ebf47c99fd2bb9c6f437faba17338f6df0a4c0cb60d1538
-
Filesize
2.2MB
MD531ab84fdda7e94917e5d8d8cd243b32f
SHA1921ca261b815384e78d366629c0436852d9ef589
SHA2565b22c37db16b86431b7685f34923e672aa0864f5165fb6122145007cc046ad5a
SHA5128b197ed1f5011da2db5b969f0936aa66c20890469ff982b6c5ee4adf9ec0caeca36650eb1f2e99a2a427b478301bccbfa4f34122ff28010ad912b7a4398a14cd
-
Filesize
1.8MB
MD56e714a05816c28d51874fef18fa9c6f3
SHA1ba599ff975682fa4ef9dcd797fbd9af787f0438e
SHA25659d062b424380598235e32346b8310c302733d12c4698dd0ca8d8caa7ec81814
SHA512c578b1d52a8e8f344a12c4fb7afb7ccd5edcdbdf2620e834b23bfe6b8cbfdd36f8aa20d16a3e37f90f66e7e7612301ae9c041f2712e37675025c09e72583cf5d
-
Filesize
1.7MB
MD5c669b5463faf4313e4b217f1d0b197d0
SHA1a4b82a24527c62d5e157b4dab91d85959f8b4304
SHA25661994c7f7f240eb1c9ef6acfe8181e0f060a8431e7659e5b39f353950226a69c
SHA512f1628bfe0ac8abecc410be944d7823f7666c4568415763cc1e851219049470aaa52628ab4b340fd8906016db460cb225b88945b5f9c1946a004b8d08fbb1cd87
-
Filesize
1.5MB
MD5891adbffc461c3abfe1716bcb2ab6a2a
SHA185adccdc748a088fc4c016abde0022c4cba7a7b2
SHA256c6618da3471e74d2df8137aa1e839dfa787f46575e02ed94bdaa2fe15185936e
SHA512accf9dffcb234f1913d1b3cb26674b2810c928dd7746eb14ffb2152dd85cd5127e56656f43505d5e68fcebcd2ae2c98b9e34758590bbe9ca5126a184aa632e8a
-
Filesize
1.3MB
MD5ec2bea2dd3b5e1ea8851c4bb239e3add
SHA139d6fcbcd0b48a446cabc601410170422ec83293
SHA2564a9081cc16859ee39255a5ba76921e44e654f22c553efefa1c8281f1d9640ccd
SHA51277f365b638146448b98402ec6b4afa0099674dc4fbc4020b0df26b41d18e0b52459581f7f0886294017517774e402862e2a7f89464acd1c1c50e235ce4e7f025
-
Filesize
40B
MD5d3349a596ca7d54f25209a2acff38639
SHA15d390f8e582cdd9f77c8d14a827ffa6eb6b2b873
SHA2565fcffc57984f121d4451482e528ba1bae52d163d430406b5596bd93087364578
SHA512276f120ff58fe047beb880fc82277308d79b0ce05ad423a520a474afa7d017fb1de03ba33699135c881f292d5df1b4a78ee2da4be95f217215860aae34bf12e1
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD531dc9a3912d56b3aa58ab47fe95333f9
SHA159b473c40eeb7c457c860223559d08226f840511
SHA2566349a6b52959de3f7d43a3d5ce05227bd0b04f40fdbb7cc04ef8f01d00802be5
SHA51255f20cd803d78476ab36ac612ef3c8afb35cb5954a51292360f0a8a89603bb87d54e833f445d2a67e336ad604aa4214844b769d56dde85dd05a007686eac7899
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD582f7b629240b41ff06a9f48ac2e0342a
SHA1da2f319218044f9f2a0ab7cd04e9498a5335630d
SHA25628c19cd3a8c908b1b04207371fc7fdec67aa4a2c446de62a2b6f26567440caeb
SHA51253590f6873d226c2f8c3885a64c46ae274af074c3755f66451ee0b104f4d3835963fcaff7165f76a60a922b8016169be57feb8861176f0158858cb7e8df0dc5a
-
Filesize
5KB
MD54c96959b18cbcd80eb6699e64b376b73
SHA132edd31072f3fc858ad8382186b57aeb7975685e
SHA256254f8b832c85276d89211d0a7e64c5bb75c03f8393506ba59658c246edb0f10f
SHA51215ac30b7defafffd4d745cc9c77d716f889c499f74f2acac740cf75daa3120bda0e318259a15be6b62fcf6d9aaf422bf2a9c1fbdf848d748934d6d4aefab98ae
-
Filesize
2KB
MD5d9d040d9af2828f394e33248c287f851
SHA10ec5d52a2d2d65877788a0c767f67999de31e1d3
SHA256224970cb1a0b7f374d02f0539569ca1e512e2853e9851eea2691aa49fd44a1ea
SHA5122091a483fc4025e30b692c068bc53fc0acd68d85f384bbfd661ba896f72164b005a510ae3c25623fd5c4678652a07e9c9b7f9ea69025bb9b24472c4664b08ceb
-
Filesize
16KB
MD56b5c658317ca8f665e29af48621b455e
SHA138929168e5ad445af43621c14ed88ce612c878dc
SHA256097b896f1ebc8f23498b4febb2cd1436aa45c23bc01b6208433806ef463ca0dd
SHA512c9d1e89a5710bb608b7ebfc9dd40108f580ae220a2ec7585ffc3b48da83207c5ec1531fd44861770d381ab0deaf28eeef1061373023c67a18ac1f9b9f00ce1f3
-
Filesize
251KB
MD5ffdf9dc7f357e9bd3f5515a6c4c094c4
SHA17085582b57080d14298ab927fcec73e3b6e45887
SHA256080ed093a6e82e7d8d71d3b9d5cbff60eaba01cdc0ef72dd1a095072006c725f
SHA5125f3cd4490c8e90115d23e2e8077e11d36700f17a10ea96b486f55263b79ca4f5ed3398ea5897eceb218b65b3deb5f735b8fa3372ea8a889370b13ccf763aa388
-
Filesize
7KB
MD5455c063ab47f597c7e898b27c752f07b
SHA1b7886af85938a6f6786e59e050504ab9f6898521
SHA256af871bb04b727122da527cbf25509f5c27d9234fb75c957d2ce2c123fee38df3
SHA5124f711667a5f2099e1568dfe64e47e1f1662752d572f2b11ff3aa521ee88f263aa30387c85289f10d00b9f46524a9734baa4708dc8e7b0a4329d0f02b20d8b6d0
-
Filesize
8KB
MD5c3ea392596c6e8b6b6f2cb4cc3882dab
SHA1431c58e77ec91df3e0525e4344b4914d528594e2
SHA256412c2cf410029245b36a6be19087e5bf6d1306bbe5ed07ac52ef215f30b8eb2b
SHA51260dab505f817365d64825e9535bff8fbced3126c69e5aabdb79dd9f03a8ec09bea25a5733fc0d64c338693181ff4efd1679a3f20582ac1fc1460c906a05da521
-
Filesize
12KB
MD561dd24eecc6cb5624512156f7f882994
SHA118735699e916f6e33b9ed1b7492a3c7dce2ab527
SHA2562320391349e9683ea1e1ccdf152bc598b92b1e5509ece67b9002c84513d0f6ad
SHA5122973a5a4f198b252e98833c9f2217c2c0eb9a0a7aa1ee81614956097c5369e71fbc6f41408d720433e2af704321e1b529a2d83b7d810af0975951a07ba79e305
-
Filesize
1.2MB
MD5c5da7b47c41ff289f6e7d65be7c27c67
SHA10749d07975b1fd7d36473da0060c054e32f5cd34
SHA256f20d2fa06538dc1e90833384c478ca3d1dc9638a6c3c59847f40f0ca2e06b264
SHA512fef9561c1765a80c83e192e12042cdbf03b635768efd5909f7c4c4690b8e029815693d65749d04dcc7b5cd42f6621e994c4c2aa4cfcb83b026c0ed02d97bdfa1
-
Filesize
1.7MB
MD54eb5b0683375386f520a0194941ecbf9
SHA162ffc7c26fdbd897bea089168fbfba8d4c0f0006
SHA25644cf4143fa1e93bdbde3f61c17d51e3ae71243d87e87ba2c49312857b366aa33
SHA5123091e8b2680ba4bfdaa0e9e2e194849be08c3739bcb3e5e95fcf41bfe46c47c2726579a187871b94070f03003db476a418282fcdffb9376d93016b4573fe71d8
-
Filesize
1.3MB
MD597d05f6fc3e644ca1dfbe5b373c68876
SHA18d9dbe1c0c72c943f898058456905be0423cc9bf
SHA25663ec01d7733ec4fea1d682785844f62dcdeb4934c09972b590728c0996ebfdf2
SHA512974bb0c581dacba4f9875ecc2c4214a963566698d54ade598b80ba9cd61282d266437129781c17bef88c7dbc5aaa15862ed83e7717f583153217b540c51f19ee
-
Filesize
1.2MB
MD5c19a2cd8a3aec7a7bf74c17e0190d9dc
SHA1b41b77381d9bb2a8ee193b5ef1510e80f432722f
SHA2560a3b6a5196297c4beb685227eecf1bd4e46f762650be94ac3c83b2507a686b22
SHA512c5725e829c1e3891f1bc5620c642d56573cef0bd608c48cef105872d9b62beafcf9c61a228ec872292c79956a18242c64ec80047dbaa5a5b927736b2fefebb2b
-
Filesize
1.2MB
MD58a8e7d303ace14c6cf2f8c24a091a062
SHA1b000f70a4bd3d639a9efbe39efb8b277b26466e8
SHA256ebb4cd7708cd1b068f829c017092bbe05c89b14596466a661926c72aac7aff7e
SHA51255bb2a5b99355b57b1d9d9ff201622f5874a07669062be8d487e19aedf19a6950ce104f38a6fcd1c2f5f5e6f442ac65d1ec54cacb35d6dce02c16d99eccdbedf
-
Filesize
1.5MB
MD59c6474d4737d1010f2e473ebd181c611
SHA1472cec078aaf207985e846f3463560aa0eb60172
SHA25639782718dea85a327ca4502a987582710a2b88a23cf26e8af1738c40a9772747
SHA512c4bba3ed69cc9f86bcddb5037c17ebff97376689eca7b069c24b1b5a753d145f09adea8ad8f258435cde26083b19f0ef86fffde7d483331488644c76db2902c2
-
Filesize
1.3MB
MD5a5a49cfcd52bf2e2da3766a730351d68
SHA1a58df7093275990f57c1202fb7be34b6e4f39534
SHA256c67a4b5918737311d275d49cfb2979ed5493f440d94a792fcde3e3b73319e31a
SHA512948f3a3fb9b30ee93b8cb98d1d1d96c7e12358779ee95317a78e70c40f81cb50b086b11bc604c15f7402618180f44ac6e9c2d45d6f91fa9cde3b22496003ac37
-
Filesize
1.4MB
MD537fbcd5643b012b89381fdd1c4f8d96d
SHA1e98a48bb566ef3d4c4a2e0232acc7b7ff9f96675
SHA256f5b068e567551bf7b1414ea540ab8b739d07bc35795ef98a6504299acaebb461
SHA512858ee525ab8f8976415d3b73e19cfbecbdac760c99f5dc226c567eb33009769bd47db79439830d99b54671de5baf15f2aa8aadb60dccc21f44d59fef90f67852
-
Filesize
1.8MB
MD516da30fce0e36411fd3083f31333ec86
SHA1edf6c110ad4753409734231ce1e66cb81f871caf
SHA2565967a43e651d739463d37f859ba1796b0c863df595f238924630799592c873fd
SHA512d1a12007db7ff9d94813de4532ddc45ff97fbd363c2eb629ef35010f526d2e45a21c709ba22a7236be39e70719a4d94c78f9579e74339fa9bc1f66ed9ab2369e
-
Filesize
1.4MB
MD58e710f180f667e86e354d4132335cb01
SHA1ae682212cb3c1fdf71a866588dd4494120e76d30
SHA256dfc533770bd732e2a2bb9b1b4e2a18fe000044a293114978fbd9f07d157c34cd
SHA512ccefddd4b66bceedb7bb374521540bd7932f3ea8401136c65b3c22d9631f7afafe7761d71d0c36104debf04da8f2f0835e1032d9276d47fee77a08d1d032a2d9
-
Filesize
1.5MB
MD595be24cbf85c499661aa79ae9d73dc70
SHA10394ac22398f3d2ee3d7338cdd45eb68b0fcf462
SHA256b1f0c41524be25f75b5a04d594e6fbc11577251a1caf217452b8dae1a110d1d9
SHA512a5f28cc9289227e5cda05629f034daa852d77d49ab5cf68605aad387aaf862da743be1e42ab458c434b37bfb243726c99c9461d3e6b1b5e7e49096c739e47a7d
-
Filesize
2.0MB
MD5f95bdf92c2772d86894cfffbad415bd9
SHA13df5824f45b6398a955c0ce2d41ca27fbb601ec2
SHA256037f9494ee6041590ba3d9e7ded2d126513a250ab4996da65b01f18ea90b387c
SHA512484c45c3c635b8272a78d62345452c6c95a2de7294a5d4d154694584c7857e8a5be4cb8a3139d2df07ceb0453123eb2b8597093f8ca387149b2146732b0607f7
-
Filesize
1.3MB
MD5ea8ef13816b93340b58f993e840c9899
SHA113addffc4880e253ab4e1bcd88c029a0ced0ca8f
SHA256a1ce4e85957676b83aed0cf6f6eacc61677c13ea60c36ac85ebb87ae530e0676
SHA5120fc6c82801322c648a474d79b08e5bfcec46c18d65e2ce81ea875b19d93f0d1ec31b01aae9748b80ab095c2344647d8d38b8e3bababfa7d8fb2fc6ebbfb80d2e
-
Filesize
1.3MB
MD51525cfab40f57f34d4e14b10491cf07f
SHA15967c4d21e739637ded1cc1c37e7b87af6a85101
SHA256e066259a2dedd8615a88316047579e8bbf2fb297cd9f3b9f2a6a4e831f7c4c7c
SHA5124c27cf923e22dcd9ddab5811841e6813385d554c71748db0f25c74117a462655a033273c73ebaaab09b3380a6757ad9aaaf8c4ff2c1e4c3b5a83b7659fce325f
-
Filesize
1.2MB
MD50eba82d0d850dc1c0cea2255353b51b0
SHA1a92221cf885c1778a16d1c88fafd8314e39117bd
SHA2567098ce562f4afb28fa0f58d7ee7f293d90503d2f753341be0a389746cce5575a
SHA512d2419046e397ca61a210ef40337079f9da297af83a2f78ca29e99c2a36b73142577e2b9d4c581e4bca8477e76ea1884088ee5c2b437fb67230a9a40fe22ae865
-
Filesize
1.3MB
MD5fa8eeadaef3c9f632eca0fcb97c920e2
SHA16700cd874fa28c8e0c2d8af632aa32c9de362143
SHA256c0ab341f7ebc20aac101f0ae6275e4c401de086a6a913647a75b5ec2077f6daa
SHA5129b3ef53d4c2838bc50a0afee53993530552eb207c9493cfde54050871645f80c50ccc85e2cd1f22225fde8dc4accded010ba4064e5437381d3d32c11dea96f2d
-
Filesize
1.4MB
MD55f27a18b6a38b721c66062149ca61551
SHA1700fda2023a1748a76d9f2672cb288f24e2b8005
SHA256faff32db3c0eae4f41a68cb904c96a57af4f3e309a65573b19f05e1f85fd50f4
SHA51297d3701e2f622658cb0ca4259f6522b7c259746ca9c66904f35efea49c066f580ae68fe15395acf1ce4d3f188117f85a7a24dd57bf1e5383f28638b494ceaf92
-
Filesize
2.1MB
MD56b5e9d636c3aba7a6e3fc06556b07116
SHA1cbe42d212cc891f3e4435ccffa9104bf65d482fd
SHA256af37840e5ba65d1d60be14c97fe82334b0b784918b4580d75c594bd6e112811d
SHA51204aec659026633b97104275cce8f8a8b509ad6a26d873ba0dc742b05eee9e630ecf7007c305fe81dad18d38581cadb95c3e44d201a543864a4424b7c2b4dc8b2
-
Filesize
40B
MD5eff6be2d6063585c6ed4f264b5518103
SHA1767875e9fad292043705a75fc591369bfdf27941
SHA256882f1b0069c23022da369c2a80b580830cde172c8e43f90f35484b619afe1c90
SHA512ddc05ea3746a6fc260820988baea3407c3374ae0f720ee7b3a3cf8e7899f040c925095d4d6f023fbca0826a889851069b1828d4b3a53f20d1a5be13111e81198
-
Filesize
1.3MB
MD5311a2962a6acc62ccc070980937df4e2
SHA1d82ca81abe272871f19464182e2559778950733e
SHA25664eb9edb032d6f744adecafb543a3ea3d10b773b1432c03d1424bb4ff50bb1ce
SHA51259089aa73aced850b36cb1f7cc5df8307b81da68af4cdc56743037f77e573ae229edf31162658927ea795b6054cc9bd2b66c07ff5fab0594876ebedf82b8a8a4
-
Filesize
1.5MB
MD59cdf97fd1b91e727c7e701a07ebe4e0a
SHA18b72b50b3ed0d44d3c603dcc70682ca700a65637
SHA256d6d17b0ec5e905a0e0be0a7ec26e33350271ccd2da70ab0face86a6cba79c704
SHA512cce91c354f5ca3ba5bceca3b04aa23fc9080ab9b79c6097d4f1ea298405cff5a86d8931a37851f64564dd529c2b0c68d0fecfd98fe48b04a525202d9ca9378d9
-
Filesize
1.2MB
MD51133729062048fa7450aae16cf5e8c16
SHA1433be3b3165f8dec11c493f858186323efb69050
SHA25622aee48164316d3e7d8d9fe5206b357a2aa7eb26311f530f22465729ccb3e78a
SHA51269bfdf9892f50d13c04bb2e7108515f4f4eba7fbc0d338bfc37d240436a6128fa19411738f5fea7db7af65cd40bcb59802390bdb8bd3649f3d799896badd1c50
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB