Analysis
-
max time kernel
139s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 20:55
General
-
Target
2024-05-24_3ad93b70da80f157df5421cfc900f3d0_ryuk.exe
-
Size
5.5MB
-
MD5
3ad93b70da80f157df5421cfc900f3d0
-
SHA1
1bd6fde894dcb3bcef951b3d98eb73a1e115822d
-
SHA256
8d01d6b481481d3b85d3f0926aadf696304825e93c5f0ba03298b8b64a579adc
-
SHA512
260b1aa8cb55ba4835931046ce19501d3e252508167a07eb3f27336b3e6d6900f9ca81c8e00649d2e3cc95db07ae7f084ae98ffef80f922c54ce5a629809ded3
-
SSDEEP
49152:yEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfC:YAI5pAdVJn9tbnR1VgBVm0J3rL
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 32 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-24_3ad93b70da80f157df5421cfc900f3d0_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-24_3ad93b70da80f157df5421cfc900f3d0_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-05-24_3ad93b70da80f157df5421cfc900f3d0_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-05-24_3ad93b70da80f157df5421cfc900f3d0_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d4,0x2d8,0x2e4,0x2e0,0x2e8,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2baab58,0x7ffec2baab68,0x7ffec2baab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4248 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 --field-trial-handle=1912,i,4619561775816549716,11335788043969174324,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD57bb4d14b9d0bf9350f7ae7b900fa6fe8
SHA1043892fbd8c4a0639464c52f1c9d97069653b170
SHA256e452431a54cf734dcbd1e428bc103f9be55ffc5116a8a3d02c3ccf3eea40ff8c
SHA512cb9ebe83435539d5eb4fdce863d34e75d62a5e60b641233cebb1f29ec019a5ee762f1d2f6a25ba44bcd096c349ac97d7f0273bb3619f92d386185e8ebc4841a1
-
Filesize
1.4MB
MD584149caf0edc286b4f6fa75f47a1b5a6
SHA10a802438792b1e1888a486f08fccd96fad31787d
SHA256dd16cd52b095e6c218015fd9af73ba32da578bfae2296544171d61a2c720223d
SHA512a1fa70f969126f283b8b2bcb84038c0c7e4d9b391a787c218ff9c3b236a44f0a819cdd7f6663eb5bd6f8b0af3d067dbf17164b48494ca203fe4a9eb49885443a
-
Filesize
1.4MB
MD59b78f42a6e241cb334cfcffaed10e545
SHA1d9c474c7cde057fe91329c85d5ca3753d49ae795
SHA2561aa323dcea8b1b681f225882f76388fd8a5af091ccb27ea8d34f429df1e50422
SHA51202246b142e98cc9cfd79669ff01d2357a936c13e7357a45c92d637a561ae577bd5ef59df02f034052edb313d4b14a7346bce50e7509f792af87217b5989b2e85
-
Filesize
5.4MB
MD5e13460ca7722fb8003cc2e445e869a2e
SHA1c59f845bccbff43219e2c634d782d90eff94ecfe
SHA2561e4fa34cfeaedeceec3b446fdbd7ee82a19f86481c966f8cbac1a96032627aca
SHA5120ee9bb95ef2010a7dd6d7803654774e2e75fc4c7f5220cc686d0a7c4918bef2f9f766fc73c755740c3cf10cedb79e99c943743ab6853d54f5810d5720ebe4c18
-
Filesize
2.2MB
MD5435e4c1a5c6ead77680f6814122e603b
SHA1f51b636c36ce0a325fca5e4a602284713d069e37
SHA256e394c78701b8fe9967a5bee3ae2f429a729abd07a9db32ef6ee1186e266b84bc
SHA5128385f0e7837c0f26fd8620cf8c6e76db7e5a471f2d806a3eb070232157858e7ac545ca699e8bc50319c6836c17aa5646206950f02b86a1d4902f7a2c3d64e45d
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
1.2MB
MD5722d6a402cf3e52f51fa576ad1066161
SHA1a26297092ba2432509ac41ea6c14ab63af89002d
SHA25670186d85fa13af6f60d9251bc55e2d59ffa319e8e5355d1a6f9b37890a1ab655
SHA512fdb607fb967780a8be47bed8a37175d393ebb2da3ac40e38b2ea7e99d4ae507ac2a33b365656b47bfc15846f4f280392146656ee4ae36c94c6cb5f6c13ddb1ce
-
Filesize
1.2MB
MD502a23467187f5c35a2f8791ff3f1c2d0
SHA19f1284c97e5724b0bfc2a525cc238ea2d9cc9a6c
SHA256671bd1c7450070312bfbeaf51ff5036614912271cde5514c51ca2b12b5d4149d
SHA512870c0db6623448a829466de9b8aaa7cd492d56aa0c6f12e73733ec4bd6f3a948b9e24a2a77a6c16196ac0bf5a1de5dfb5d3ce0c478a84940aae5076eff90cd7f
-
Filesize
1.2MB
MD5fbf36a8cb3ab0aa8e02d12343053f4a3
SHA17d86d18b9be8180f7a0461cb1e0396b0b2f21ca3
SHA256226cdc96fdeb0919347636d01cc7b9319ee535f0bd08f764f1a9af0f5396e0fa
SHA51267f54aaec268b45759344405d369acf81193c902054ecfb8c864fa4e9e18a950523f815f8cca6b536558239a80aeb394dd68ec9ae011a1413839172a4e8c1dd7
-
Filesize
1.3MB
MD518786d35c1682dfe409bd6c27cecc0ba
SHA140c96cfa9968387ac1f4146f31329f614025bd72
SHA2562bfce887328483cbfdb112a4b42e628c545d6511f573df76873246708b3e81ac
SHA512529fad53833031fb9a2b776ea69c30a321f267fa2bbad2b7d00688566647430533a6a2320764a7e7651ee071bd776f118db5f64b197bd30a9b49265f5615b91f
-
Filesize
1.2MB
MD57429128974907f3639431f4adf6bf2d3
SHA15a4fadc88dfb58f27ede117dee95803c9585c91d
SHA25646de2b6e18e4a11f01243c8559fdca71096f9d7be84711dcff6a1221d1070a2f
SHA512e74f1aa135331d33d309d65bf705256f21d27c4698d2e138fde1d0fbd1825966c15008407406639969bbb4c2ffad86380bd6470d9d780e13657725576fde2f42
-
Filesize
1.3MB
MD507d2c6f5322873957b8e502e667ee63b
SHA1878b1211e8ca4c41a45fa078832e4d9f99a063fa
SHA256dabe2df666db8a2840a577532a8c6f84412aeead5430407ac693ba137c336cc7
SHA51272531f859c00e03b109eacaf2a5b8cf36dfcff9dc5bd9cb458bf458d237fa8fc1652b77d18e1463ead0910c6fd63bf0faf4aa9f74ac93db711895d6748232d0c
-
Filesize
1.6MB
MD57f18afbd4090d5a9c2c932a237823491
SHA19b9fe9ac245eb9bdcd92c537a98bd52c4ba14158
SHA256097a7d7fccb06c37687cf9f92ee86f196c6ee0cc7e52508f51833287f11f595d
SHA512ef0e9993548283cfb3ce74fe1a360b1f3f97189e4a1a236ea72a92e01114f5bc3d0111109219330e2c12e9e224259e3d9a68aaa67ad97d506f849a090e042082
-
Filesize
1.2MB
MD5358acbddebec51a2e16b67f0fabc2e04
SHA14a9510665cb44a09aaa7047d1aaed7b408dab7e1
SHA256f9fac58fa13aaacb9ef8c9b7a579397583d49c57610abffcc41d1f8760503f71
SHA512d5987d941da062016a99d442c040aae050376f476904a9a533fa28d85b983ba77582853fc69bef28700c327a502f9ed416f9122b5b0ac5d4b8cf46401c051404
-
Filesize
1.2MB
MD5beb24a77f8e25cd659a36d877bbda0e4
SHA1965397ea5931ea6cd955db3683e260d075ec4058
SHA256b2cea31b040d8a477fde1c83af206e8ad33814bb03b79dede69d13a0d747037e
SHA5126acf255a94bca9f9d1bdc158c4728dabd5e95de4ea8284aa8cd4a2c07e98e3ada3a4a94a415cdf29f83c6e4759ab6b1099a033b42b23f1e46f42b4c9a9703f93
-
Filesize
1.2MB
MD58df372fbf0dba93bb6b4a6ff8e1610aa
SHA12a6c7b60e58fefc941f8f2aa330f33573e65a713
SHA256784f1e25660f06837528295e4b2e14c526c9a30b22052f698d2c78b8535785a9
SHA512688ffeaf493ab2a35d4573ff1f6a4799fae8e2f7203024fb9747c96f6bc33289ec08c1d57316909f809884f1d4dbefbc93fb1950db6d126655af3ae1174c912a
-
Filesize
1.2MB
MD5a07dc6a800c9ca8615d923f34923e1e5
SHA1c6b73eb3a4700ec3815b608245687baa83b6b7b4
SHA25663e030c97899d2ebd84a22a2cf704f2fe585f7feabf94115ecb391a6d7f9145e
SHA5126e4d8256f9f2da96a966c3784b0739df49ae7b1c96faac254c1a66f43243d8ccf519b9a41bae11fb425c8e498bc8706b55c9df6d9f3df2661a78cb11e60e0761
-
Filesize
1.2MB
MD5a6343403938e30eeb2e26e9aff77c02f
SHA1abc05582e62f7ff1ab71791ae6b82eea54349403
SHA256fca05c742b30ebbf99aa2605b643e67c7012347ef522c87ac2dfff9fc27c6f22
SHA5124ab17c675d49d64626b02fa71e63c39a0c5c690a5af9e380e5fca9f251536455aa9c7d2efd22015e06b47eb447c708f7906120772eed5cb76d2b14292390e146
-
Filesize
1.2MB
MD5f278edb15c2917d39292ca37dc188b3c
SHA11697605734b5ad800e01f89b49576948f8a33d72
SHA256320afa6488fdddb158af8966e3a66c0123b6d35ab7c03578ed6c3b75a4e29c64
SHA5122c84e3fc9285123c68c092665cd0be6d1651a91872551a7458e67106616c0391bb6b191e9283992e0562dbb6e25f874e0909b1eec568893c5ebe3164965615e1
-
Filesize
1.5MB
MD52446de684cd9091239ad95cd565f7012
SHA18aca09f408b0df66882f5babce144e120bd1d2b4
SHA256d6b835adcac4463151ab800ff754baf856f8b3ecb07f7fe00fe11b2dc4326bf2
SHA512c14d61c7c067e3eaf7a4f598f544e7c0e56681ad3c1dc573cf682a0dbbf13b89ad360106f860966a8dc198daf3cf20abf720ac21fe751b35ab07b0fdd55e2acf
-
Filesize
40B
MD56123155f7b8a202460ac1407e231fbf4
SHA113121f6000a380f6621bcb8dc7c83f9cd10ab626
SHA256dc3766fd1d9f14e305d5483a9e886548c3ff3ad2d8497e26a04c6d8c31e7be6c
SHA512ef2e48a3517f58cf068d2ed9e202ba4d2a54afdccd4937c74b5c84d5c4fd47d9b92ddcf3b842a102b426dccae53ab3bc9e571a5cf27cb315be4dc58bdaad34cf
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD529d76544e5105a06d8124107e2ddb748
SHA1a7c560a7f9428385d5c5783410eda40525e0f4e9
SHA256508d1c249e996fdce865fbfd62b8fac7ce6f814ef2b47b0e2ae1a178b625a520
SHA512853691aacddb7dcfa5c88b6c9e4c2396300f744d4962d7b6d581c9e04ada6ee7b9db49ff70d1e9bf038b2a643a37de2f4f89666492b44292efa85e7d27b43a88
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD56f05b7cfb829b5211b3f53032703a0b8
SHA14972922f791d3c279216006e4a7269c3847d0dcb
SHA256e96e587595d6021411b6388272b1fa9c3e20c9479aaa880b968bb6a95e797533
SHA5129dcb788744112b414addeeebcaf8535e5e5e8f3824f0b9629ead6afe22b2c749ae688d5854b67a14f0e77bb0b19a26e0dc5a58c8755a0f4fc871bfa3f0a464ce
-
Filesize
5KB
MD503ee52bf1b809bfeb2c022ad65ba2cb1
SHA14fb5eb46f5a058ccfd4a6b61a4c193fddce3f2d6
SHA256d362719d15e4c5116b13d33fdcd2653971f83f4ff59a6df063a5a820321c0b9e
SHA512b21a41ccb508e9f2fec32f704c50589efeba7164cc7bcc5226952c88017df1e5f13c4489f5d0c0a6fadae7fb0a1848d51c8cd86369f4ec67aa1124284718a915
-
Filesize
2KB
MD580c9ece824708be3255fd46fed4fa84b
SHA16ab10396c88f4760224c2820d198207c54f01266
SHA2561f8af8464e8755fd26db7cc2bf44b59934126100a43b00a66da96ef4bac4e336
SHA512c8e8c5ce9c0607264264ceb4ccddc869543fc5b9d3929ad42904cefd147938d6523ee61e5ed2f6f46fba1e6c92f8b6dc14300f4c6c7cfb295fe3274677d9ae2d
-
Filesize
16KB
MD58cb091e62c7e17c05ec680c21f175935
SHA1e5750b54f6dc0414384d79c32119da1318bd7f5d
SHA256700d4b6b36615341505e9aa3934f1a28a568ce7f9b21fe15bb47822a7a8954d9
SHA512bc46fea7bfd5d1b68132383aa6ba44ab6724f427e206410af217fe2e3fdb6e40259e2aadfbc4a9f9d0cb8ff3a06dfcb1a08ff2155b925e603fd32321595215c3
-
Filesize
260KB
MD5c0d35a94a99290ad3d4871e4538b6c54
SHA15bb33d72c9f667662a143226db38dd0955651a69
SHA256d62ad2ea3f1c45d8286f9a31a900edbde961a7b8aa37b12163c50d9e96ee971b
SHA5121d0b9d5ceff4307384eaf1a498ace1eabd1bd8148baed9a59b1af17f2f241f491dc1372323493db1bf986e5b69ba27d8fdd979f4030913a6bcbd36e7aaf90b0c
-
Filesize
7KB
MD58a2afd11dbf74144f92624484e3396d0
SHA14d16e19bf93e765bcdeaae9eead3e79d941ac79e
SHA256c0ec467990f2cc543f56851aacb9be50429488fe42c97569e22ae758cd31b0fc
SHA5125fed25475f5c9a1c7bff65581320d94f0a9b1d9e5f2ffc8415cc21d0bb8a12830ec9f0f9702bc062fbfa47811184e03a05072c67d714107612607e50ffbc1671
-
Filesize
8KB
MD54287f0bbe2f40b4d639c9e6510bcf154
SHA1de124200d8e9ead5df0892c10c3513c51da776db
SHA25600907b0f6325cb4962d44974cea6804582613862593f6902201f0f42dc197e51
SHA512676238012ace392d68c8e24c96b1b9b4c95f74b8c5d92bada1c50488d2000b7bc847623d9bc76e7a2a9ed0b3b9a5c1d3b9422852975a77d939f0825308bcaa99
-
Filesize
12KB
MD5aebfb03efab5f8831611862c87b870f8
SHA1c12692009f3accb0665f960ae73be8ca1b627262
SHA256e52d8a6b8d1542217ac22397bd62126021a48977bcc99c8463f863ed6dbf4427
SHA5129c66eefdf49082fccc8dbc7c2ba1f7b2451f70b04b5dc4016a65811f05464116b8c7ac43f1f376f0de0cc1dff29877f68254b79de381ec7e689ef06fc8f09b04
-
Filesize
1.2MB
MD5a8c44198046c8ce75afb1e4f26985d0e
SHA1937780e28fa7d0f975a9d4faa4faca455d523b42
SHA2567fc5249edc3fb330fe7af82f012d0f8e790dcffe6c13cd8065c524c89fec607c
SHA512684260c4a34efc046c3413e019cd66ae1159bf8094acc3bb5dd3b6c16cac4772cc689c57dd53420438ca02d25356c0dcc4b0805e24101e9b6970252cafa3cf87
-
Filesize
1.7MB
MD52cffe3c27e1740aa21e1042149a3d56d
SHA17ae758790cef05c3585afa8ae5099b5bfb83077d
SHA2566301b3593e213faa15e4c5c723794658188b0be79e24f5bf5fb78b3216c55489
SHA51253dbaa85a9eb7bdceeff5ac89448433bdbacd9ee645b7c102f2c7104a7443b38ff5170a32d70f9fb6f5fa12dd7c90d7c60d430583dc87ec3214bd5a92fb1f25d
-
Filesize
1.3MB
MD5d17891919a1f032ec8f7437d7855f544
SHA1d71ca30b20741511211834049bb5f630249462dd
SHA256057018388287bf03234f8d70227bf5bf0aea5ecc158f1c5b5e9d8871fbd8f62d
SHA512befe1e04a2534b5170e724e1137a904666f9c5a395a5dd725dda7a75ebeae025b34b983a8c19c5a3536dbe4173d340ae87a090a22eba56d73eb7b2912e8e9b9c
-
Filesize
1.2MB
MD51a908a3faa4ba204f085f1c42678914e
SHA15eda67559a6c758ae7bd9572ebec7b1a5de879e4
SHA25654d5443329b6a8009cf23162d814ec078d908cab0975a72c100948cfafcdd4b8
SHA512319848d963bb6597169efc6b2ef077eef9a4b79ab88d9ff1be7e053b277b98644e381e9988df86966eaf47f76ddf37f7f38aedb618c439eb0b0a10623c22e4da
-
Filesize
1.2MB
MD5917a9b97852281e3deefb8fc579ca97a
SHA177aded35e72e050fda2bf8ae346f7ec155a73467
SHA25664aaf04b8008d471aa168b0433acdf68a9c257c2a9ad035a41a7fcfd79697c45
SHA512177fc23165ea67b6f0302f157b1cf2c66d080568708807c59ebd2ce29d737030a1d8357282674e643a677f7a120593160eb91fe1e9e2445ba151dab26f23b755
-
Filesize
1.5MB
MD5d33ad3cc695dbba5a3d147b3dea986b2
SHA109367d75ae04fda168402b85aeec790a2b3206a9
SHA25613e47189254d02cf4f5ed2d1a1d80126bc0dcce2dc82e21deecd9b7f29f96e6c
SHA5121f28cb14fa787f13faacabd9b0aec8ff661f59317a6c00ca2f8bb0d4c6206d67e18d0278c1fc25cdf1c3a22e940768328ed82d33308b0138caaecf6f7adbe758
-
Filesize
1.3MB
MD5ca296b8fc958fdd9581fd318d9a54d52
SHA1452f3ac5cd968c245a982ab25d23f1e0841d60c2
SHA25695b68c46d3230f4a6d1e6c291c56ac688d10b9804c5e9ca5daaf2627b7a6611d
SHA512bc2f8a3a37ed58bcf24eaa326088ead2a1e08beb052417373b69acab20acbfafe457e1e463ec936c3c0e61fb976a5093f4674aa169144ac759e5fb4226b4bdcb
-
Filesize
1.4MB
MD5d2e9b8bba22b5f8fd6b4f348e2fb0d07
SHA1a26ca4f18e4a72b9c69ede07fbf01790d07b5e8d
SHA256dd6e93d02add498af44aac88f6df1d06cb4cd4997221b0e8ea2f544bb72e64b2
SHA512d7d86a6cea46588ce0f8486637e30a0e249437a877c6e3b575d8c12668a5695bd3b065bafa1bdf72a1636da894bd390208f5748a12c351fd7c2333eaa1959947
-
Filesize
1.8MB
MD5ac0be44e01e45d34f9bcc3146fce3520
SHA17f1f514ec9ddcb93a58a6d05f87d2f3a92c2a1a5
SHA2567a1e12a41672c29c4e93e28cd8cb398e2bc20c1cbb33db6a11eeb162d2648b94
SHA5126d4ece98ae89bd68c837c8e57c9f2f394dc85b04ae7ad1230c45eff5e130640f30c250fd91103bf0c32e9f4ffe512c4eac67865d1d7e9fdeaa627d96b9b7ad75
-
Filesize
1.4MB
MD5caf90a1702ff38979e1a9db3b309959c
SHA1714cfb66243f65e897db547cf7da2c0c0b9f1449
SHA256b9161476083b029054e75fef05228240ddf01ae877cc761111e396c22e5f44df
SHA512660e3ee1070d621298c2e9282a5ab0ef1379a4ca5a333e68a188b54c54eb8a37e13ac57d4f758314496a613b8c65a3ff5bddaeec781e766ac5bfc47063b91bf6
-
Filesize
1.5MB
MD5450f4c53c03207714600da1b6951eeb7
SHA1f2c9f50cd890a265e5e2ae08c678be95e6c85b17
SHA256d58c451a312ffb7bc7d785a1f0b442c0f4de889de3d34725f7da6f64f81009ba
SHA5120b695685261c05f680d233f3d680d7d9fc6149e338840e9a754ee3fcb20df74fce1af1bc86fd682208c0b04e5ace1a851d2fa1932f13b559af505718288e9ff8
-
Filesize
2.0MB
MD52e1bb5ae2eeb3d65603ee3e8f79ab389
SHA162bc525928eb4b1ba40c179ff20020006c1a53a5
SHA256672959916d99f1b461e79026c732a24cac8e88d4e00dd5b00e4748458d1a826c
SHA5127ccb06536f117cbb644c87a41b3bc4f9f49c0ad4483094e0ca280cb6d51c1fafbd51b26311a4b4651a36e16478b83f72dfab4934e43c7ed52a50d066585f33d1
-
Filesize
1.3MB
MD5b422c72b96541e75e9f188755a6f2d66
SHA13fe156f6381730403bf6097b08b5aaa18449bbe6
SHA256a5bc37d564c0d28cabcf326cf32ee237010415c8e9e5161a15aafb0ffa059244
SHA512e82b6757638aad27d1a6d310a9c313ed1913a25fade6bf4a22ff519974dd187713b398dabbaf1231a6efd1825c78a49d349f90c5156f38e88ba3fce1098dce6e
-
Filesize
1.3MB
MD5639e2fef44518ec0509a9b13509513ff
SHA1a9f7b67be676c4dcabab591d1f02b7f8fcba9676
SHA2566bc54d3b42a1544af556956d50340ee010015a3ecc7813b4788ae3d09bdb90e0
SHA5129c09f23dedc06e1f58311515c330caaa63789443956863df2dbb7c97f43f9cb6701a464f2227117cbf2a2dac9f5e9f99024898459ca81b15afff89cc6d72ea5c
-
Filesize
1.2MB
MD5582da18221add379f98e8a49b122643a
SHA1b28fb647d4a5bb569542d28fa0ae8e0f0e3d6276
SHA256812037361e33b56cd45cc872e6f1e848df0abad24dd4db3db52f598348d8832e
SHA512956455a931e372c34188a3be133a48024d2a3db59ae33d94b75f35b0cf8b08fff9ae3439902b512b1d287d179b08951193657e4642d3b7e5bca986086075ee30
-
Filesize
1.3MB
MD5d8cbe2b801e44429d07de586cacad55f
SHA11f998461736b700e2eedc31e3f6350e959750286
SHA256d6335a3cdbb93e13ef08a8e2fcb470d5b9fe31b6b9964de0fc236861ee8f9095
SHA512ad073474107c8a6dfb6f928947170bfb26eb41ec6bcb5cca7d4703eaa188f80fd542c9a66c6343cefdb6147179b149944ea962d433bc3caf05b4db7eda6565ac
-
Filesize
1.4MB
MD55cd8e2658dfef5192cfdfac6a4655ba1
SHA1369371ac0e0c35a45e2e781a33336804de5342b5
SHA256498fc90f8c5ace604c27f27123b15468a7632034eb5025647ab9b22576d535ef
SHA512fa7956ea53d627f09c8a77b41122f4f728e4f460046e4a8b0127bed99c6428ed3199e6cbd648cf6af6d66eb171d1d5b377888c817a6c5c5866e3bb081f561b51
-
Filesize
2.1MB
MD591dfa20f1d59ea7506335ce7d4533e73
SHA18d5dfb1a6be8dea8b0831d484e93843e1b1093f3
SHA256999b85b66dbe48914791dd167154fdf2a977e4f92fffb6b3fcb436e041e281f9
SHA512996249b8ae4579422d521afa9cd894862b5d255bbb3567cebaa33919e771f18c9943e1c0c355af0d1b5daff750d0f6833822bc469f73fe591e0afee9f0e6acff
-
Filesize
40B
MD5f8da1e3912337378c0f722f616cf6aaf
SHA122482c3e69a3b76d24d4e88d30e345654afd0338
SHA256342768ee193e599905624366abf160660028ba384d57ae4da8734bc9473b010b
SHA512b72adac4dc3ef8cd0c1275eaf376da652f8aa271a162aac1a54571f6f93c0e5fe9fec69a9cf380f84fa3ce438f06e3c9c2493a1d422f5d1bf4c46d6962ca9f47
-
Filesize
1.3MB
MD57a0c476593604ac05b0c66ae1f573d9f
SHA14056af437507e5a4392b403b461b063b33e4d000
SHA256d379f682d5c68cd82f7e88526e38daedfb0c878d25e0350c9e5001e5e5030f62
SHA512f78a5c0172560a4c124cb1ff2e0aac3adee94de8b24d780d62ec3c48349197c636045fd4351d288fcc64ba85ca85e60bdfcf56487c022d19956056e74f07ac81
-
Filesize
1.5MB
MD500497e8f990433383e240bbe4a858bc9
SHA15be35ad97a304335e0fb9db96711dae93b691515
SHA256fd92c98fa54faf38e335d47c4d881bc8e439736e58b69185eba49663705a5c5b
SHA512254deeea603849f1af838e5d7857d3da65d0b2f94b2c98efc424402e8b56aa03032fefddd77156362d0fd3a5ddd6993176eefe5e00ceb74198fa77f7c5dea089
-
Filesize
1.2MB
MD54a9e03a47a3b685502bdd6ff5d660624
SHA1ac68471a82ecf631f08df2ee0b8afa170cd3435c
SHA256028178e7db1ea2b9c256b1c50439700fbdd4400a42e0820b7a4434f2b30ad8f9
SHA512048897c7a91fc5bc32d33b332bc5eea3b6823caba284916ebb2d5f0e400d9b30204615e98a16dfb14d473d67dcbdac04e4b4054f79736250a9a5dde1ed11dbfd
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.3MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
1.2MB
-
Filesize
1.4MB
-
Filesize
1.3MB
-
Filesize
1.6MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.2MB
-
Filesize
1.3MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB