Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
27-04-2024 18:33
General
-
Target
2024-04-27_935f1f2371fa80218a8e0b8ab8ec4bc4_ryuk.exe
-
Size
5.5MB
-
MD5
935f1f2371fa80218a8e0b8ab8ec4bc4
-
SHA1
53bb9e154372205a4d56f7d5f65da17cb958f804
-
SHA256
90f8457cc72de32faf5361168b9e76859fe9a066bb3a8ed61f1e0e181f4ae152
-
SHA512
ca6ade59fdd2ee5e98ac97d611ad6e9a5a171315c1dc237ba871767e49c75603873c53d3dfd4c2c781d8b8c90adb02a028b7fc24ed0cb378f36e196d0a8db3ec
-
SSDEEP
49152:EEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfD:iAI5pAdVJn9tbnR1VgBVmhfFPfUNF
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 26 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_935f1f2371fa80218a8e0b8ab8ec4bc4_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_935f1f2371fa80218a8e0b8ab8ec4bc4_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_935f1f2371fa80218a8e0b8ab8ec4bc4_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-04-27_935f1f2371fa80218a8e0b8ab8ec4bc4_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83e87cc40,0x7ff83e87cc4c,0x7ff83e87cc583⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1912 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:33⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2472 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3112 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3180 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4528 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x2d0,0x140384698,0x1403846a4,0x1403846b04⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x140384698,0x1403846a4,0x1403846b05⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,17410877879987045637,9277786818274174187,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5052 /prefetch:83⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5e54b799e5250ac4ac77c93ac48daa044
SHA1a8aab6de8b62b553f377727b24a6f507fc358630
SHA25630ac877b5db04d32b0e5a63b4fd2f638f91a9448ca09bdece4cd8ff701afca40
SHA51239215463b48108780a7ac47b7649f9c15280aa504afa4299c426c733bc3f727348b05e16c15067b7bd52a26067174d3c4344b00bed971ed73af94ff25a8fd066
-
Filesize
789KB
MD5e13b063fadd8b2967fa1d4d829a7b354
SHA1d14e47fb59d5fe4666e6efd8604ec8bc643e1809
SHA256b9090f70d169cb10527143034ead47df19d3f251a4bfd9c8136c0143afdabeef
SHA51285fe20eb8edf2f5bf461822a6ea51658c9731b926a80cf076ab59ac58f6cc5e0d1756a0a3da0131fcbcc9d5653b591c12ee9fc5514419a0d8959a8c30c66540b
-
Filesize
805KB
MD531ddd4a8c510e9cdef33616eb2325960
SHA1285516986d7ede07b1a6714661b9cca6b428e5b9
SHA2569b807a311c2635fc56a3ff270e4b8e4ed6bd65ca1d0d8472a2d95140fb457ff1
SHA51210a356818b30019f39caa89a1b7796e2a81f5b140686a9e68d885355a094fcbef00eb8291370dc87f6b4d8f5ba70826ae1cee557304ce0b2e80c9fc949bbf599
-
Filesize
40B
MD57404d467b2fb89e4e84776aa412bad2c
SHA1fb32e21aeea74145df18cfc71af67b4e99c7df19
SHA2568786c85561e8a3742609386f8eafbc94aece005a0873ee05af5912711f67864a
SHA51222da866486d4f764bbac8b4ce8314220b58fd5c3d77c71d260e90f6d96050e330d2fbcbfc607e61ead472e8fe4e1305f769406ffd57d4d202e085e2af97ba51c
-
Filesize
4.6MB
MD5c70291c50e4b1b261c0ee7f94efa3a08
SHA152e139380f5cbdbaedf6ef47030e4fa9ef3aee01
SHA256982b2ebdbc317dad80f431e9d7555d6d28cd07dff47fdf69e50ba41fed36fff3
SHA512bd10f294667a5d30d547f04be7b7240921218edcca75de668f2c45116a7dbedc54670ef46231a026bd05a1e23838f5dfe30c083365567918e4bfaa724932568a
-
Filesize
2.1MB
MD53a06d00566070e6b93304da883f0d71c
SHA1285b565df24402dc24bfc3d19db1d8c2593c449c
SHA25655dea187945a7ac3ee072c78164712c24f814656efadd37e99b6b9fb04f3c2ad
SHA5127ad4d9c7cb36952e3f99766c94b997ed104027b3e7850bac56fa95175c723ce87055968f4ab6d5702364059b44e73bc2e0c2c6a84df51119e78faaf718c15a10
-
Filesize
520B
MD5d7bdecbddac6262e516e22a4d6f24f0b
SHA11a633ee43641fa78fbe959d13fa18654fd4a90be
SHA256db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9
SHA5121e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1
-
Filesize
40B
MD5bf53a83ddea2e5f1782e8ea1fd92b5c2
SHA1c82339fcce3181fec9ee3015292dff2b2e42173f
SHA2565db038fab6e4e0147293c9eb1747e43bb168677c2a5766532ebc300b8fde591e
SHA5123ecdcb21511144b6c15ec5ded069ed8fbd76942bec079a271c40b08a81981e3663cc6ab50edd1547175533fe9cb5cca617a783a828439758f3d48e4864e6c1ad
-
Filesize
649B
MD5c1203f345899ce2cfbbd12000e93110b
SHA11b51771b7fa8f1120ec77c4f71e73917f6a23eae
SHA256300c75bcf1aec7177712d7c0f9526c0430e065f49de60a65cb6f2f5caa0c4ad9
SHA512433875546978cfec82be172318b860ac13f11ec7f8530344fc50657615ba9dee52c0281d4262e2ed4add5814a2ade119d3b58156dd22ba136467c9fe545b7cf9
-
Filesize
192KB
MD5a8cf54419129b874864cf206392ece0f
SHA12d8f78e5d6951faedba3257d5794227f34c50967
SHA256b8a7649c907c010db609d7143f3f0601a385b9cf803f4b0bddb449c41151cc1f
SHA51202a77857be5123636fdc44791f6cf7a4532fa53e34576be7f6ab21da51ef400fc138d7dda6a2880b2b42ddb22a803a1897e4f95ea3479487af61a199c7929a8c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD569f0a6a47f1c62c9273868c53d940320
SHA18c9f380f9ecbf5e9828552b2b7bd64dd1faf83f2
SHA256f38e64b615a2a5f34b8f219b88e847402c622f6814bbd0cb753c80a0690c56ce
SHA512d7b1d5aae7873ae145700872174143eeaad1dd7fcd0f760876a520e4a406dde909aaf77c651e0aa78acb39e9205b2c73ae26340266c88bd40004094a407f66e3
-
Filesize
7KB
MD5679abdfd22f707e18db576ca33de4623
SHA17ec5fa1640b0954be49ad64dd17035c9fe5949b0
SHA256157c32e0c17e57e2d967dc3c66bd7181df8e69ce58d347188f1f6e49f6a15eb7
SHA512134467f7c63d249795ba1d1aad81d7641054c08de124fe9287631a2d5e297724b2b8f6ff685f2843027397d5350cd9fcad4b1c635b31c906059d00951dccd7a5
-
Filesize
7KB
MD5e918f1a10c702e0071db6a78e6f2e4a4
SHA1e8cf933f182de4883499625c1e08d48f12cb2a3f
SHA256f7ea4c7a2fe8065e71e5ba38920c521b661ed290ecea73f473878b8cbe578267
SHA512e70baf22d9b87d29c58946c183489b991d0161912cd384e7d1ceb4afce179708333c36f538ed9a63b20b7b35f92158a6e0c97932d9a8bf0038e5d30704ed91b1
-
Filesize
7KB
MD5e97b886409fc6108104d1fedff47335c
SHA1e29299cd4486e9cc968504ea2800e374f4fb1a1b
SHA2568fdcd2ae6a7cd302b5e7cf7c2f16f806176d8ea0a892e942ff7ea13f7bdbdd54
SHA512870ba422060e0ff44ae331c6eba6526385730da1fc8d0df618f944570006eace77d800a23ce24ab7e29ce4979565e28170171812df53838b2d53fbc8a9893e70
-
Filesize
7KB
MD59663a8f89e4b855fa361ad9e714f06a3
SHA1a8db1b88445e3a3006fe2dbcb5954fed81688e25
SHA2568ab4e07b201c8068850bd088a128e4077b64ebf7e20e08ccf5db1e5cf9f4a2c4
SHA512482d0b2871d74626abf4051ef332d813a1304f975441820dd112a69b1b5d211df042d5cd836a2ef3ca0ab0f974b441756c85c1fb1ee8128f11e9f106808322e4
-
Filesize
7KB
MD5da106397022a1c6c0b8c910a1d7397af
SHA13c94b26e674b4c05b8ae6437b797eb30ce431c33
SHA256415af2785fd244fc5a52a51644276dd5d3dd038834b5cf5f0487a57283cf4ec8
SHA51261f810a3252a87ff61d7f0872f85513d2c54e1257307eabd8241ac7da6af5b8cd3ce7b61bd5911cc86aaf93cf573d30fa5a84d07744beccadfb0475e06269b8c
-
Filesize
7KB
MD5bfbb1cf5575dc3abc5297da787125cb4
SHA1e20b7252514812f499c35af1281eda72d5590c93
SHA256e340b3ad12bd2d3a25c905f854242d4976d05ccfba0b64f3af8e5f956dea25e7
SHA512c9f83db5a342935b96fc9fcc84211da90131145d5ec20512f1682ad2b220cb6db3fb78055ed67ce1612de0ce2fa2e0fc09ffd2596f35aff72aac405c3221986a
-
Filesize
7KB
MD5e4a0a54b9c5e5c16c8fab7399d8038e5
SHA1b09216789aabecd5a138b52e71aa844805ec6083
SHA2561ddef28627d7959b3d77dcfa2cf4997fa754cd3e6d2529381299e451aeda093a
SHA5129b6f26d25b77090d6bbbcdb0bdeacc98b60aa3802ca2581dfb42f0c9482159e98b0aae3fc18135469a29b11cd552920bcab19552759a3ea65e4d99333dcd005a
-
Filesize
7KB
MD5f1dcdc3dc8caa62d6022924fb224426a
SHA1683b151e7ff59ed590a340580740a919a7d7588a
SHA2563ed59ce2bc52b38c1bc02d9913ccb9920309f9bc24d9d6f5eb430e901e216747
SHA512a8a895ae3e4209db972b2d6e097ee784d397ce37dd9ede1d5483b03c4345d4cfc4b236e9d4ba6b78fc7391fc495385d59f9dafd4d9690b35eb8bc0dff76fa1d0
-
Filesize
7KB
MD5fcfd6ff6ca81ca30e61759271aebb6be
SHA1f94690ce4e59e780a96fe1011ae816f1bced5f04
SHA2569df50acc61b242c021172e353147b18e771e79e05ed2034cb0a14aa77bda7e83
SHA512a1d8a32b70963f31426f51717f9182bbfe464a14d26f5f111fe98798e9d940e78430fb4d3a9507bb55ed3fbfc661ffbf439f2e000f1f3f812f40a96e528bd497
-
Filesize
1KB
MD554394ba89cb7d1ccae61e1a72e930d91
SHA17b2c679c8076573cfacc024692c3dddc1f551c8c
SHA256a470b0ef5b4a484126b7e7fce3c3485e80f580a99ff4f57f04770059949368e7
SHA5122428291f125894b426348df6a0f3756fd26c7786ea2aff03d89aaae77d409f09a5b8512bf06633a70f28fbf86793ed26c6ac3b67cc411b907e49cd3d344e8cff
-
Filesize
77KB
MD525fa1fa15f86ff7ac1493cc21e847eac
SHA10245df77c06d829a33d628a32a41f1cf092076c5
SHA256f130f6acfd0df43a519cb08a890d9826fede7807f10264a927d06903f51ca22b
SHA51231bd7ebb614647466fc92b4196233da6b344744ba84475e77130f08a004786864a4e028e5d0917d655e36d4af40fad7ffbe20df92457a65ad220d0b00f142b42
-
Filesize
77KB
MD5c501e08d1669a18f420d419fb1ae8192
SHA101e7da2ccf1cfd51d6eca8e50dc81ee07488b492
SHA256d0ff87320b3ae74e55a5246cad2673b8807bc635c56db839ed30d38fe251985a
SHA512e7091313bec271edd65966c39c6210300d4bc78d91b3f3ad71c3fd715b27b3b12fb297d5b8c038de3f0b4c563b12145514af768613cf4aff9152d6264ccca7d1
-
Filesize
7KB
MD5821fc5af140fe637ef399648bef61cc7
SHA10337eef38b93071aae71129da135a95a09da25bf
SHA25672caca883a975e1fd01eda7e04df4ba5c2899580a5e25ad7f753ad8ffdb7948b
SHA512535b14289f093c1ad9ee33a3f529d9e1bdaec00e9bace1ee0f4a34cbf4d3952e23af64d382677a58a53fd126d22a00ef4860c69253b0adfde23d6cf424c76e9e
-
Filesize
8KB
MD58e780d52ca32113040db17493d78b6db
SHA1f79fbfa913fac9eb7bdae61ba9d41887f524085e
SHA256072af19f38f3206d5f6edc9dfe62f76a8217cc564ac0c820d594c9ca058f68ec
SHA512677869e4e5561edfc5527c25a31c2cd09286b74e3cc03f9886fed98d68af88430e36216a8341dd239d1cf6121eefebc6ae3c7169c7067e192fe634e87cd43105
-
Filesize
12KB
MD53411a84146caa29ce47347084808b801
SHA1e52399cd65fdfbee057033e682630827f307d8b6
SHA256a3bdf5c61a7805619293942365b86cff6f267637e7e43352f073857100148647
SHA512c5d5d1d2e95e0e026ccd201790fa599ce0ac8d72b0e8606f81f589f6f53070911f39f43772f5bb07fb9a6d0f09f3ca88dbc129b239ca041e1f46cb912993cd7d
-
Filesize
588KB
MD5573a3238a03c6c8ae3b2ab7b96674193
SHA1cbce9e478ebee48e15cacb0660ed259225782a0b
SHA256787ccdb2d32abe53f2971c87e0f9310c4d720c2e879df2c1f6215893e57fa1b9
SHA512652f35d7e5826a572e3e93c86d9c71bc1bb2e9a8671368d184582986006d3bbfadd5cec91d97d61f0da03ec26d785266425e6c28493f09049be42f3f93603361
-
Filesize
1.7MB
MD554f81b2ab5dcb40f71247452b67e7432
SHA137e8186addf6f60cf3d84aa054aac718fed9ff7d
SHA2565d0e5d2b86a28bf3297f2e5e1c0dccad9292cba041f3ab6ba5bc0652f9dcb17d
SHA512d34ba80427ca168d042b8aa35a4cbfd4d49ab9d1525f52ad89aaa4fb9522c014face42fd720bdb6292540a33a45db03e64e039ceb5d8dd67df97c46d9d7da961
-
Filesize
659KB
MD57b57df3f6a81d139f1123e763d9b22e0
SHA183c4a8b3fe87b5726ba35ff929eaaa112009e563
SHA256bedd6a40c2673aa93aff46339551020b62992fbd700f6763f4dd8c623e59f1ce
SHA5127c10d9e92542746741b2a210a9ffe4c2c852e33981573c802ebbf510e7365223446a84277a61ea3ccb6a6ea5a5725df75b3955a7244f1e27510b3e7a142e8e14
-
Filesize
1.2MB
MD57a99ff6f661c56d45bbfaebe20248ae2
SHA110179a2fe453050878d4c19fb233d18780202ff0
SHA256e893a41f292d0c67f494159293260d338d67eb0c827ef7b00621b3af3b77660e
SHA512629ff486e4391f0838ad07f670ec2baf592f337890415301f59cbf07dd8502a1cf953d925434e34dc7644b417ee58548781ec37cb3e73ae5f4a9b7958b2db01e
-
Filesize
578KB
MD5d5fd80225139190ae39078bed0f34cbe
SHA1a466d8b69f5ae66045d1da5a89067489767acd9a
SHA25694d1eeb17905ce201af767703d973faa24745a9aef8fab6e5884815a865e08a6
SHA51257fa473b62ff93465592bc22a8190ed70764a675e007492523a1a75a0fb8f9c64fc9f084909230f6f1dfaccd5cb59a675174eda5c153a4ed78a22e4968d20f94
-
Filesize
940KB
MD5f51a7ceca06095888c9622b07e3e2f16
SHA132812f6144ccda5f05332f69e281a716054312e0
SHA25624682afc8023910a62c4b6c73d126b47896b554229d42413086845601ce6df19
SHA512edcf15a99326c4c83eab213ec809d1fbb01a41372ee8c505a39d9689caa525e2999a2a9992bec05eadba33ae7a7951a236314871b8bf4ae57d184eeede521be8
-
Filesize
671KB
MD5a827086d085a09704294c8dac3891e45
SHA1ac7bb52ba413bf3ab3be12ab97524f6bd15d7e1c
SHA256405d57d8d2c477de162f2731a05b106dd3166c1e88e4df8d490ffcbb3e36ba72
SHA51298ad9898f528f19c4186d8759870f3733210bb1d32cbb8cd3d5fb9edd5050f43a1ebb960fd4fdc1956fba5c910877f927a01cabceaf15dd284c57b9bb59ebb0c
-
Filesize
1.4MB
MD59ed60fb37102fcafea8b69d87033121b
SHA1c931965f0b84362630a0f6e20a66d817d53eadd6
SHA256cc9f4b5dd6f4c8117e1d9208fb4f9d17f6f1d099214e5a9de888163b31c352d0
SHA5122468ba99dc09242e47c615d3c9f9b594eb4e9ad761f9d101bfccfed8309437d1b38149e3fa67d5f8fa2a77f891a2d8572784d43a331f0be72ab82c98fba18ba3
-
Filesize
1.8MB
MD5557a5a34d29c5e12659dcffcda1aa46a
SHA1fa11eda8ab769e4f26311910f8a701c12e3629cd
SHA2568b6b137ee335400886042636bd89c1ce040e58243c88c82c74b692bedd3eec97
SHA5128ef3ad7b4cce125d1b9a7e4ba8d3ebb288a737239b0b981a5db50dbfc4cd360b8386f93c1192fea2f5731738f5f342cecc6549b20f311b1321635e9354f5052c
-
Filesize
1.4MB
MD5fccf746b2c299f15fdcc2b5924dedeb3
SHA14f46570d6c850409ddc439f3e0b6fa322cbb54b2
SHA256da081dd760cd9fdd94644fb3d2d87b2db77008b1101a4998d01463e5d7f26cc2
SHA51281ff7a9a001878370264f9546cc3e25a0c1ffbc9730071c30c6cb053662da70dc17c57fe977ac7ba28595043b7e0eb3fdfea8483b0a97dd7fdc84870a45e2cd8
-
Filesize
885KB
MD5f90e9c097368f8489952383208b3f428
SHA1f34154fcb4c4a5b88ce2c3316f4eea06cb5ce523
SHA256c1ce27b2d8a746a3b5d902aa00d4306236f618341c77a35b501cfdbe454a20e3
SHA5123f1e0357eb490ec2b46ce56739da096939ef7bbffff0244af3663c0aa62ad0888526da27de491837f5ef8cfca244d6726272d0ac4ffcc76046b44c5f0df6e8a6
-
Filesize
2.0MB
MD5dd71bcbccb72b097f779e4751a1bcee2
SHA1ed6e5641431cb85029fcf9583213285d18ab8b4f
SHA25679cafe798f4b772af461eb7ba58aa197a93ab862be3ad91a4b138d8fe1361c03
SHA512aa7ac157cfb5568d72633c043c39d22d6a41ea6e3663c4c50063d6058ec63da0ac354239fa727d165cd0997018477154e58e8bea14652ae8a7542cab47427c6f
-
Filesize
661KB
MD5a20f4ca8c2e7bcd389da885c54fa2254
SHA1971fe4e358e26f119f0ce33a42726a426c6f1c44
SHA2562a32cedaaaf0f9ca5ca21227e36e007182663d888b765e37ffbe04d71f541797
SHA51222a1ce29981b8b32848a4a7ac119b720ab0017622a75c58bace7087edc59346a81f788cae6eea3b2696c9334b2c3188b0cee4b40666501303a4d876842a677e1
-
Filesize
712KB
MD51e8d1e01666997d5405d63e2cad08bca
SHA1d27b6cad1ec0a1d38a47ca75be523aa092d8c869
SHA256882ce2d10390efdc08818ba6b85c56c2dc68463d7eed6ff81228ef2d6d80af78
SHA51296d7e377797b928c9c141b49b2b71a5a31f163e1bb4d5ca73ca9e30a4e6aa1c393dbb2e1203934c26b74c21d80e5b7e1957a9d3e525411d87dc3942eb57ce3bb
-
Filesize
584KB
MD5abc6d7a88c8dcdeb6a8c5519b36f4e00
SHA18cd2a055ea6560098a129e358b28ae54b97c2355
SHA256bd567b6c3241011e5213b6b9660ed81b8ffaed15d87960aab120f5886e095cc8
SHA5123c62fb48c3d7e05dc655cfde2cf33a68fccca535ce23d348314887d3477990c0754edfdcccdff165763f0621136fa2a032db9a3f7cea4e46626ced345be6eaed
-
Filesize
1.3MB
MD5d7e7212d7c8a31c23711a481bf853eec
SHA1e6758555861069657f6b527978899c2db3527575
SHA25623754fab79bba2c4529e66f28a729a038ad6a93fc2d6d91c830c3ec0a10a537e
SHA5122e9df4ac687450aa87105cc1980bf036bf80c362e1f0e709d01c7edd0982bf6d425846e29109042ff8b998ae29b33c7540886a75556ddb678a984f272a207d54
-
Filesize
772KB
MD5ac806e8edca3a8d3a9d82e8732d9d5fa
SHA1d733601aa75da659abc458818b1ddcd23926245f
SHA256a81a7bb6fd0835b5a8380c0f57a13ab14ed0e21ba6042c47ae189f32c72ec34f
SHA51273ea104cc17875feaccccc5787e2d3a83fcf829c6109c4735bfd582614598fa2a570d12f0f86b6c942d6ebb71465963be8cfba66ba2d305979d8b8e02548c861
-
Filesize
2.1MB
MD5b0b4e35f499f3f2595d325d09df1bfb5
SHA121202afb2772e6504b0ce2e76ec8412aede4fca9
SHA2566fc8eb0c98a0a4a87acf39ce2961324f659ce6c8a237b30d7f5030d8be4c104e
SHA512b1ce12b67707f22c529b203599d32efd029fd6a94c51772d348cf43816c87ed05871f82c6665282df470bf559981d00c973b8180adc50452cdc194fa89f073fd
-
Filesize
1.8MB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
684KB
-
Filesize
2.1MB
-
Filesize
1.0MB
-
Filesize
1.3MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
828KB
-
Filesize
596KB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
384KB
-
Filesize
904KB
-
Filesize
2.0MB
-
Filesize
792KB
-
Filesize
792KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
604KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
740KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
600KB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB