Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 10:45
General
-
Target
2024-05-30_0151ce78f71a5befeee6db812691b6e7_ryuk.exe
-
Size
5.5MB
-
MD5
0151ce78f71a5befeee6db812691b6e7
-
SHA1
598c0da98b129fa12c2b24e53601973466eb1353
-
SHA256
269f4d0d54bd009197cd70e67f506508ee1db22d1762c79554a301f8261ad2f3
-
SHA512
a2a3e0a24e93282d6d4784972600c0b49fe4027749aab968bad9667a3474b3800bf581532a6a9c0ec88eb121dc9964ce031ac9fc1a8ca565d077e987da020693
-
SSDEEP
49152:9EFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfN:BAI5pAdVJn9tbnR1VgBVmHfFPfUNF
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 24 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-30_0151ce78f71a5befeee6db812691b6e7_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-30_0151ce78f71a5befeee6db812691b6e7_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-05-30_0151ce78f71a5befeee6db812691b6e7_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-05-30_0151ce78f71a5befeee6db812691b6e7_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8a6ab58,0x7ffbf8a6ab68,0x7ffbf8a6ab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x29c,0x294,0x298,0x290,0x2a0,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1912,i,9625571300842464222,14283057080705386807,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD56b1fb8237a50e07935b809478f4fe690
SHA12c815d9f2ce864d76a0f830d5a39f1f2dc52d33c
SHA2561821b43077fe50f11736e478d2ba5f46c622c26d47e4c22afaf3230170927c53
SHA512152cf98c4d7be30293386da871c1a8068ae85d07a86e1a206d73675a4f33efe739c7e80289a05b3596187f3ac4b5ac58922703410a5b7152e6cbd8dcf529b9fd
-
Filesize
1.7MB
MD509efc6bb296938a59ac410f60048ee7b
SHA1f0b88c56213488e54d54f1141e4fe5dc3c7ae8a3
SHA2562b848e379eb9e3721a5bf6f7d103a7a5b8b75c7f6c28653d37fb27d1b38491d7
SHA51282230f81becc650218547fbdde50440b2253b5844fe1c9bd8abee18b3f2a939a7c9960851063f0d344893641a818b6ebf1a00c7b8487d461d94dc48bb1aace50
-
Filesize
1.7MB
MD5f018b57360b5af4481e88eccdf12c6cf
SHA104fdfec4e0a32e774400ddfedab3de4795636731
SHA256bafa3ed7b6608018b76022b9590e3e639b7bd5e4a42116447db10d94c4097c64
SHA512a1652ad5ff22fbccb52b259ec05a6ac0622dfefdcef52da1986c909bd3be48703dfa982f6baf9eddd081d5bbed832cee1e9b304e3a4924986dbd551f35b6e82d
-
Filesize
5.4MB
MD5d1e9b179bf2a67652860f8dc6c74f8ad
SHA133b924145abe4ea4a177cfc4beb29d7ff1f57224
SHA2562742b17b876e8824a0b6659d9c7c18aa58e6f7e561617188b425e35e655b9b99
SHA512f908e7b90a270f77756b7c43e21210e1bd870b2ce81629c2475f576dac5709ef076f942d1a16e7294d84bc9d23f3d718e1b3ef4ed778591cd1f5aef7a91dcced
-
Filesize
2.2MB
MD5f70ba2fa5f839285ab841168ba52efdc
SHA1dcaf251fae71005c27d67e8df3c5234752feef08
SHA25627205417cfc8eb1f2d65a1e3620644c3c46d9f221c851291a8a528571ea7dd9a
SHA512eb603d14e6ce9bb1f2ab0f06e364c86930fced22e3a520a4e9bcbba02877137ad201c513e45cdf6befea8e2e43a443fe3d9386ffaab3883959ade46269937d2b
-
Filesize
40B
MD523e6ef5a90e33c22bae14f76f2684f3a
SHA177c72b67f257c2dde499789fd62a0dc0503f3f21
SHA25662d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790
SHA51223be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD519ee5be9b65cd8eab8dc6a514ef4fa49
SHA11f9eefaa93baf9c6b3b8d90b576293367117bf2f
SHA256c5fc0b3198c19cb427c9bd2bcb71869eacac84bf7a147560836236f46aaca971
SHA51254e9eac5e9da664266afd8bc10881504bf3679e2ee02d01225f836ce5bce8cdc58fb97b685e0e038a532f4a73ee4209c585bfd82437ab3d176388cddc4c94550
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD57c6de1625f2b77352a6d330e6c107f7a
SHA1b3ef5c085b91c5010af5856ca92a0fcc7a20fca8
SHA256598951afd0e482656ed774675b00ad12eb808086d0bfa906a3ea9bb8c71a5cbf
SHA512ed50b38f95c219eb1854234624db75beda311eec6ec32bda23e38d5e4e9652e0a4967d3de8e9af5244d17a873abb28e7d3d3828662986db75a00941805434777
-
Filesize
5KB
MD58b4376a29689323dddf713d26a3d65f6
SHA128f143001bdf16065b2f9d3ee43e373efdd383f7
SHA256e4a878ce94798b528e29318aba87039b935a55fb658ba33448ff8f10556aacb6
SHA51218c807e81c7f8175c2e0292ff6d5ec8e0636b59bde9664c3a35ddcac427b1e84d5f74b59d3f90f6190ef6d96893a17606fa2ed5f0c3e1847fd7fbd10cec462c5
-
Filesize
2KB
MD58441fa327ce1f6c12f371a1535e655be
SHA17ccca62179f1eb9a2d47c3886ad8ad4bf5b15071
SHA256975c8308bab1dce91143c9ad18effdd216bc367fccb3195ec2d4fd50177d2158
SHA512986088d4595dc5a9e166ecc0b439a878a24d512f236b2756e377050c0cc7423143d3aaa3033ba5163b28fe8551313ff985d6df2ab109117186e878ca4a98d0a4
-
Filesize
16KB
MD55062973f287feb4985502db538999ffe
SHA1a7a4803c379b4b68c077926dcd8108ca8b05152e
SHA256b931e16ac6cbc2a52cf245dea319656da76cee8ae62ff498651f5aaba15ff110
SHA512ed9cebf320a4452abf51755bef655def5032fb9728bdc6d08d0dd4447eb424714cd5185d67505f30f42617c770fc3bd4a66dd126f732b0856826ef61c56efb31
-
Filesize
260KB
MD59caf576c6c6bb3598b47e86b4480cee6
SHA1d8627cc220bbd2400d958d21a0f9d90048521058
SHA256d172d52b65d21052522cbc9bb43d6363d4b0d93b2b7fb74c14d5c33e36f38860
SHA5121d4d271f0194028318132f80487913e4363f422905dd5ef4f9667381a7e4334bc557f94d0296d0b2fa87ff3ce2997deb8ed8ed787c23437eaeaef003d76d5777
-
Filesize
7KB
MD5843a3b2255cc6dfc296b9bbaa4cf43db
SHA1024e950bb209913ac8fc370d61dd48786c6600ed
SHA2563daad50f98ed1b9959cf0c2a2d3c0ee9b51bc1c4525dd412d9b443764ad20a54
SHA5123490a20026ba3678bc4b3a33eb4dd5b3a20e5fcb55e299a2f56007c3dba1c1bef1eb5ea68b7d3b82804314e06fd038cba58d5ea740a109244ba99049779f973b
-
Filesize
8KB
MD551ef380baef1a4941ccd622266a769c3
SHA16498984b701cb568c411211ef55f1952a5da5ca7
SHA25612405f56b6462f9d827891a61075187f7e76714c413eb4cc759f4650c49e472f
SHA5127b923f24591f0d23e4bbc18a48879f26bb9042dad4c3fb912ce62c43f614d493b2a38ef59d2a36b7cf69b782306b377efdbbbb333a39d67adc416929050f98f1
-
Filesize
12KB
MD58e5a817d0b084833e26fbc92800b6c00
SHA10e0d71482f1f2d3e0a15c07fb2f5ab701ba42050
SHA256f74d0c79ba997ee8015ce87a041bf052d3e8fb352dab850e8d077337ba750d2e
SHA5120bf5e1ee934ca71d066601f73f4798a0262a73098376b810464efa1124cabb175bc84dfbc7253be5e573c55536a3389e7622b50ed87a3990fdf2f535193d239b
-
Filesize
1.5MB
MD5272c0ce5cb2f108385fba1ed2b425007
SHA14b7ddcebe1e83b480315074b1493bb289255df56
SHA2564f2c186f6921235575f3279ebee6c369cdfb3d08628bfdd10866c062430f7af1
SHA5121fd1d21f33093f8fb612b68dba8de7ce6df0a56f93717f530897c81f6b3ea155eca6124b7e492cb6c6fe53b0134c977493b9f7bcc99dc954da1004f7455c4375
-
Filesize
1.7MB
MD5be1f0995e70621edecc5916dd69ef266
SHA1f71a1742171b9c8e3447f31fd997b5e3e1af76ed
SHA2569e6a64a8466bb61a331124b331f6f08941ed10d115a4124bd54cb837c586a3fc
SHA512c7f11a48c822c1f2dbd05d6961092a0aef25baaa28bfb23d30f543bd5782515c33e7f297975761e88fc46fd84f5ad1435f0b2e63de1b6b06196a41db0d68efce
-
Filesize
1.5MB
MD57f9d05910c53213c2c9f641c9a7922db
SHA1e5c00dd9c1caf4dcb68b7a5011e272e154968a41
SHA256dec9ada68a6877b7e13a724d43b28aa4cccf278f4afa188a50cbfe474749d198
SHA5127fcefc0dab7e296d1b591e23f87403863a6894f9f721d47007b5b049dea82c7e45863fc37a35cd92d56f0d88e3f139eb4653227c136d9f2ee01527c4a79cd96e
-
Filesize
1.2MB
MD51c2b7ffaf8cd51eba2a9394dabd467d8
SHA123788ee02d468f6d624d6fe5963a08fdc3f20188
SHA256c81ba4004205a3e6a14b381875d6ca136f520987ae7c9b1db9f3b3699f14b57d
SHA5120726d2968babf26308c68be03cd7c045c58c363fec32fec190a2a859e0369e8f2246fb52f8d6c3bcdde5d9ac86c5f69f3d01ac6bac65e81fea7cd3132579aa6a
-
Filesize
1.5MB
MD5cc4b0b7252d5adb822e5dcad517837ba
SHA10abbce16bb9cbbfdbb761e1c4f95071b1a2c4867
SHA256aeb3119b377b27708303139885e5c8da27b717a9af4f3843aee8eb04cbf2363b
SHA5128030e18037b49afc25602a3c10e555a54cf5386b84b4fd05fa0ade69e447d41b39249ce8837228ff7f81d48224a67a33f4394f5bc6676130feb10aa3329b741d
-
Filesize
1.8MB
MD56657201b9ff9d1bdf344d4f7a442ffc7
SHA16659b26beab59e5381f408672413f4063ee3e3b9
SHA256d80e78255c619772a45fbd44a43bb631a94e4813c104e7348fe79252c181e12e
SHA5123af446ec6e0c41a4bfc3dfc937026cac0a17d2a9c6cda5139ab9ee5729cc1582ffdb1980bd259c2951f9535cdd2a6914d55fbf729519d12c5307a5ac28bee6fb
-
Filesize
1.6MB
MD595494515638ce5f08b67fae0eaa0b1a7
SHA12a789539af92d3b4384dc25ee4b1ca82e357db0a
SHA2566e05e7756746acf03f66ad86b3343779a93dfee031bb0f7658dd407aa6ccdd11
SHA512b5ff6c166e8e28ccde6ea1a595d8be4e6f5f47830bc98c7bacd9291af0ccff6ad888d50670914b60e4687e6ba621bc79fb2527d7a1d0f433f945410f37e787a8
-
Filesize
1.4MB
MD5dae2ac25786d2b1f882d979e6efbf164
SHA16cc3b2adc53cda14fa6f0eb729594c8630d371bf
SHA25642128e8a8ff43cc588485e1e1fe81167bf247080de5bb212ab52bbbcd651ad57
SHA512f3d5b60cf934e8ac50ca4d5f3ed091fe66e55f284bca0a14a7403a99595350dd20ed0b4d9568c0765eb914f5b79ad1dff77040992c28c1f33e9fff470bd77afe
-
Filesize
1.8MB
MD51e539b47583ef045d4832c4f780dcd6a
SHA19899b1f4d00247ad68482a4c39d332b21a18b1a9
SHA256b1358ad2b319d26aff19f6a2c670c8771925dc9f6c82c05bcaee934ab0144a9b
SHA5126082feb396510e4bdf9a86e293b698ba159e56adfc12ae678ac788b1ca1e67a6a64b5d2b30158b8079f8985d02e284f37d7968ad0dcfe3e607704ca908305875
-
Filesize
1.4MB
MD59bcfea97a7dab1c549579c1c11ef9466
SHA1cc781fd1d0099d8510a997b15268ff5484671f81
SHA256561ecf11be7497df792e9e9833cbb69c2de946982671d1ed86e24c0b38c3fab3
SHA5125e67d3e6a4b479ba589885b5ab6c2999423641aac5b73583cf9f5f2601bfd43a0480c5a7f7e4dac74a59c8707e0a124c8f64e9d8dfde14977b097e3a902fe0fc
-
Filesize
1.8MB
MD55e75f78ccefd716d96ded875cfa8acc8
SHA1ce64e01a1f93092a34288215465c09248710a582
SHA256a23d7710e3b5ef9087fffb5dba55bdf62444a0ee4fe33a9e5a5f4849e50bcec1
SHA5127d725fb1d648c175189c96e4812457cbe33936be97a8dc0d469beb14b398ea834f9b65a0aa1d44e507565c07690f2df3eee232f256f9f8df0dda474928212083
-
Filesize
2.0MB
MD53154a18923fb15b8ea3f9416ea9923bc
SHA1a5fda9c39e49392762695b8a3976ad2f66f0aa31
SHA256fba92c19d19daac6513da54ad2b243e00dc4412d53fe96641beac76299bbc589
SHA5124d5b58d55f879adee6d7fc055650c5eb974937ab96494f826358141c44b3c0ef320b78ee8859d824b2a46562ff4676f90d28b75dc09e103a42bec21a4be5d051
-
Filesize
1.5MB
MD518ba7a7cdbd123c404d0f2ec862fbc89
SHA10005859be03014672c0691215e4cfffeb2db2e79
SHA2565f133921ed76ae2af75088f98542654a67bfa3a7cad4c6e0eb0a7c62139471df
SHA512d0df000e6c828d44e1bdd344e44bbc9723975e9081f88dadcdacdf8bf2f3e9cbb8c4d77a093bdfe6db7f367d968298d2e6fe9e9951f49df05028507416b0b290
-
Filesize
1.6MB
MD581c629d1e46214adeb841113952669ec
SHA16c341eb461c4e41d50364047563c6c48ea4318a9
SHA256ce889474d75cc6b34b53c2b12d2f17db0f9a3cb501d2b9c03ee6390ca9a35233
SHA5125b0588481b63a8b713cdace687eabc66a526bf11209e7218fdb48704fe85614fc213c780f03c1885bacf951f0c24ff90ab80c197da6eda4b2e69ad6da5c9a712
-
Filesize
1.5MB
MD5b0c4714b1e20c72ab79651659805a111
SHA11a3610f65bc21889e2b047c2aed99afe663ed733
SHA256962efd13e19f2f516f54337b130ed63c7ab626479a08dc137bbc333537047834
SHA512f50d67bd3b9e57e83edf2ddceaea1554ebb5cf2577899c522f59ed605c8b7a307400e43ea9166aacfa15cd96f22be0df2e52302582014c277bab666e5811b56d
-
Filesize
1.3MB
MD5d5304ec4d117753894b9b02057e14f0e
SHA189c539955c2e7d85a62c3ae3304d791820cc82c5
SHA256576b6d38d0699ede190bf13dc085bd1bac1277a90e06560a3ab0ac4135bd59a4
SHA51236efdd601595525d70b078a77fead3369d86791ca7d0684f29c2e2ce107c0032635bae2ad6b2c1a9d2a7e228b3147b34f4e13701514a96fc1c217bdf70857ced
-
Filesize
1.7MB
MD53b8f5c176efe7bf0bb14d451a1e86039
SHA150070f395118f1b8a113495e864cad0a6e78f3d6
SHA25635676dacc595ff6701df73fa2a67d760de2c49ed61deb0875fae5aef6a180ebf
SHA5122cf9487d99f5a9557fbcc79cf2d148e3c5b8717a81dc2f5295d65a9a50e452ad53bde21a08883b2f869e4291f0bf4bd661c682c954bd96d55ae5f4e074c859d9
-
Filesize
2.1MB
MD5acfa74db50046473364b3ab52683e4dd
SHA1ab226737fbc5a0deb107fb93e555bf7a9f29386d
SHA256c1f6f393384366eb496b2fb70de435e71ae7b1c8d63d03d7aa5c70e97d94a310
SHA512d6fab4c5e0366334183220b23d85e961b11317008ddf0f679e15fdfbd7b2f7a652c869f7cba6b4be6811fd3f5f56299aaf2fa767891e23b6bbe05aac0ec6ef2b
-
Filesize
40B
MD5440112092893b01f78caecd30d754c2c
SHA1f91512acaa9b371b541b1d6cd789dff5f6501dd3
SHA256fdf37f8111f0fabb5be766202a1a0b5a294818c4c448af0fec9003242123e3e6
SHA512194c7b90414a57eb8f5ba0fc504e585ab26b2830ed0aae29cf126d5a6c4888d508c22984aeedec651c8644fb1f874fa558b2090488516b33165fe7985d2815ea
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
1.7MB
-
Filesize
1.7MB
-
Filesize
1.8MB
-
Filesize
1.7MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
2.0MB
-
Filesize
1.5MB
-
Filesize
1.9MB
-
Filesize
1.4MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.8MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
1.5MB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
1.6MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB