Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
02/06/2024, 22:20
General
-
Target
2024-06-02_b3b8ebfa796fdb607214a016154f1e1c_ryuk.exe
-
Size
5.5MB
-
MD5
b3b8ebfa796fdb607214a016154f1e1c
-
SHA1
bc902e28274934ef299a055d8088015f1252dd08
-
SHA256
aa5ca01a4cdc71c10b1045e2b955b0308f61edb713800b62dc9016c7b29c6d14
-
SHA512
0a057288e58a74c900447b2e0d150728688cffb325e3d7ef9cd42b7189d00a5378611be1fd51dfca1ab8b2ad8186e6ee63c98e41405e7b1e8fe05ffd040a51e3
-
SSDEEP
49152:BEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfZ:lAI5pAdVJn9tbnR1VgBVmww7izY0a
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 46 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-02_b3b8ebfa796fdb607214a016154f1e1c_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-02_b3b8ebfa796fdb607214a016154f1e1c_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-06-02_b3b8ebfa796fdb607214a016154f1e1c_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-06-02_b3b8ebfa796fdb607214a016154f1e1c_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d4,0x2d8,0x2dc,0x2b0,0x2e0,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbdafab58,0x7ffcbdafab68,0x7ffcbdafab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2768 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x294,0x298,0x29c,0x268,0x2a0,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 --field-trial-handle=1932,i,9298239765655646132,15347097668954000090,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 7842⤵
- Modifies data under HKEY_USERS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD5420f65c6cf6b45df4b8c4ff036f59ce8
SHA15967879841662a64b66db8207e69c399bf77334e
SHA2565b3b3f0c4d7ea703282df1d65686a2102a157197ff96ed56f601bfb11c55728f
SHA5125d8ffab164b3e86cc6840d2049f28b8b854b40669cb88d2257ab25d27fc49c5e3a36229ea8f8c45a1d126f11b394c0c8a20e97fb88787adc0654efc49308a721
-
Filesize
797KB
MD5d09d7457e59b6fd24783ef82665000e0
SHA1373f1cf78972a005f23e9afa76f99ce28fe17ad4
SHA256a5d48b3a5b9a4233704d765c92d9e8325892ae4ecc6436c5f9898fe907abd678
SHA51253b2b80131d5195a545cc5fab4690c11888f2bfd3481da80c621c24ce0fbef42f6d8ef93debdd59211c38a4e987e6b437c867cb381c051a55f6ee71a6d799aec
-
Filesize
1.1MB
MD5eb647fd188ba9973e02331ffb04f1fd9
SHA1ec596065c0e5ddd26207963d9e6b9896910274fa
SHA2568e195976098a6d2453df250f758fffcec84a59d9640e0df75bae687465638413
SHA512b380c5e1274146398fdecc306be05749b3376e654a0d0d7aa3918c98ae3dca721649197a9fff7fb86b5c936fa6efb1cee643170841b153b19aeffa4d325ee9a9
-
Filesize
1.5MB
MD57e7a5c349eb095cf31f855ae56aeb4f1
SHA111fc33a7a97eabb34c7dfcd884c8469b057559c3
SHA256958bb20d0a113b5726db924cfe2d6c72a541baeb6b1c50ffc24836eaf3b16cba
SHA512417f6f3c64036bd412b13544bde491c6dc579add6b86baa8d7dd54b78b966bdec5fd8e4e4583e26f6dd0d2f2186ef3ef1e188c0669bce7999d7e9853fe4f7076
-
Filesize
1.2MB
MD5fc7dd221aa864837e0e32d910860dd17
SHA180c53b469ef4aa44b167ea7355e25bc16716f5f3
SHA256ea4289d041ba3db33f01019c762fd78c4f7011098f49319ed47d7810f0c316ab
SHA512435ca4e7308da6fb83cf1b8c235dc7eeef3911a702fcc5801badb20024e1bbd6dc388e18619ac2bfdada77872ea28a01716326cfd02534b077c750184725d168
-
Filesize
582KB
MD5e02c9c6a7b04d146d5417c1a64bbd871
SHA106d916e1724ab941afbf1c4f50bdcf4b2f3d5032
SHA2561b70493bb475eeaa4d50294ca910bca9b08e704fec8b368c51848cba9af6a494
SHA512a64be09abec0509363defb19057c289cd3622443b465a641d6c0330544e783a43d2d86dc66ed76784970289aa3911e9793de74ea7b9d94f2afa4f5f57694568c
-
Filesize
840KB
MD5c3d699bbcc2a0fadeccf95d1d833490c
SHA1e963ee58a4baf019343de3be264f82e95c0ce61a
SHA256fe7b853ca60713327930ff4d0a3eac939def9e2d9f4da8e4fe1eb869e3bac2ae
SHA5124363e006761a42bddb6cfb6f3f42b7cd5b6742d548e057461a3aa47b64c4b59808da814c14d6670247b04a80deadf2682c5924f99116bbdf2988507f11986bf5
-
Filesize
4.6MB
MD590f62f597479c73f803bb0f609814ecf
SHA1b4b700dd6cbb26b6d73e80ccd48e9f374fc1139f
SHA2562539c10f32c80ab80e5a3303256682345570ad19254d1e2e021072e9543f1ec6
SHA512c35a20af102a5a6c8bb225a3fc8e109d805984af832da564332c1c952d8daf9b11d5d991fdd765e934fe40fae25413609e41f6996c39eb3e2d731fea75ea00a7
-
Filesize
910KB
MD5a428b906d474bc0ad3398660ae5538a7
SHA1f48e04fa47346c5a2675698d4c73f2e3baf049bd
SHA256946fa0d29a57d992e19b5db9a1506311b8118973c23f548a9b11627ce4e1aba4
SHA512edf6c66480c054f5777f18bd3bd3a7dd945de0327a8662edb0968cd2b83245643f111990a52333c5b3f432815138bfd6fd67d6a3cb20eb78d88a7464a68884b4
-
Filesize
24.0MB
MD5192575b18a7cae952719e5a735f295f6
SHA139f397ca24bea905fce310c27c336bc890481327
SHA256b66a431151d80e612716997f02f83c161d7212b63ed8305085b1cc2a04b9fb42
SHA512b0368d5140b7fd6386afa365a85b1c7bf158568c704e503440e9ea2ace2663457ab909d33faeede0bce9cb13bb349f17c70d22110f99b7caef1f5f4deacebdd5
-
Filesize
2.7MB
MD51745517adccda876a0c4ff3e7477984f
SHA14c461b504bf7b28c54ab47d3323c55c5578d8a7a
SHA25625354ea2debfafb661e53ebc14866add881e5bc0e08caf13577d1fd08891cda2
SHA51246cb7ae5c46a5535d918598d97d1f2f21dd59ea74d516f57e42c29fd4bec6a090e3fa807267b4ea81e6c482181d8774669f8e656ff58490ebfdf477f72f28727
-
Filesize
1.1MB
MD568ce8e34d4bcb8979a55b4a2334e5840
SHA1de5cc2f4b52f55f57d81c8a325e5dfc8c8d9f5ad
SHA2566123f6b62638fda522e1eff3ce2fe4cc8bb968c478f79cb40ffcd33c5fd56eae
SHA51204019d0aa5bc80315d110819ba25aee13694c62ae8a2a19cc111fbcc86ffcb42d33add03e3b0fd1db523c0aee18236581b1a607f2a464c950d2c0a00e2dee8f0
-
Filesize
805KB
MD56b767383a005c5b6db4cb3de06b66827
SHA1631dbdc027cec3977ee0ed77e11d52faa791146e
SHA2564d9c535bf6182a7b3b0b68eddf28b9feed215720b0dd16795126a4bacef44ef7
SHA512121b76f2f2d4417656ba7d1d258ad8b11626b2803b2687a5517847c7b4a1b1147db39d2efa5511187f990c38dc87f8e88ec0f8f85b8995e205103f248c72fdfb
-
Filesize
656KB
MD5db7ba58ea76e86c80127d01247aa3e2e
SHA1b1fd127c206c6785c8fd8bdb2a039f98caf7ac7e
SHA256705a8a9d39fb550642e1a9e7c5587d13e7a84e6d6ee55bd34ae41acfa8b00bcd
SHA512bc2a5d0ae80bae8b3cf5255f0888c5d6e462456fbbece6580b1bca3fc4fa25c3ef5c5adf1be76b12080891ce606dd3580f229f6ef1aa3297249fd42bfa690830
-
Filesize
5.4MB
MD5648c5569560c78d4f88fdb24c22615f1
SHA16efca583548173840e892406c3c85488c1f4c263
SHA25603c6a0df5c801d38b7d599687d66402b292b3d6e780593e05a7f611211a7437f
SHA512a2da15c019da8da506399121c5c6399e4d95a9e019a6a392e98c7574e2788b4dee75996de47b85e47061cb4f72b019c1940271e6cdd106b5a6217ce524801433
-
Filesize
2.2MB
MD5ebf8d0f25ff617767c1d566078b1a4a8
SHA1df059e78e478c7dba2333fbd075b3405487b4dfa
SHA25697b01ec504451cf23c8908f0661181033aa33719c03dc781515499e37f478c9a
SHA512647ac567fc05e4229ea361acf0d8b533b66f7d2dea72d7d108193264cf8f23cd7edf746dfd9cffa2ff65e8c5f86552806b3570deb3ccac66ef7600f3e1159e82
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
1.5MB
MD5b1f2c1bce28927eba117e5a793d05c81
SHA1204c29e2cf5b9b90f88628826fad3b6fa157a371
SHA25662e9306b02b150ef3da4f518b650a3c3085f5e8624575da8129382b8d7639f2a
SHA51234fd85479e88af6bcee293c8cf4bef373a9206e070591192095659c49711dae45c24cdc6ac34f8b66007e2cdb197544536bac61acf9e27bc20ed7e0d07c99c2d
-
Filesize
701KB
MD592e47a7826fbe78baf585436faa64e87
SHA1e0f26f44eeee5d9f29e244e837405d90deb441f5
SHA256c64cb463eacea3d9324aeb74631a1fa7911510e8849fce81e8671e8b70cb0697
SHA51284732748e835e42ecd0671a68d63a44405e42eb74af624fa8a9dd21aa858d610245a1552c8d6faee73a227e5e56a2008ca85e9a5ec96c0807565a1a319a03e96
-
Filesize
40B
MD5e646991f9b7863013f4543e5deea2d49
SHA17d3ab1c249b15c5bc5761baef819fa96b043539a
SHA2560cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07
SHA5128b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f
-
Filesize
5KB
MD59e5a92449b384c5b141545dcc41e5b2a
SHA1ad432cb49dd4081434798f239f29f508aa264c2e
SHA256da74de63d45895644d78b326d7b1828a7ddfd1d780e41bed942677b0e6e70fdc
SHA5126fb8987ee07b071e5f1a12ccd183f36e7d226c9a282405765a98d715f402744204c52d97580262178defa014fa2baff266f5513eb87146c64f2d938c00b40600
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD56ceceec713b699fdbdd922e5a264298d
SHA1b6d08969b6f2fc7b895c0772dceb6c862eb1a0b2
SHA25602a318a39149742a4b159fd708cf3084d6217c3c774749b0aa50d911b0be8c2c
SHA51238d1c13c828c4cbda8d566b2451cd156981b13fa8b96c0f9d06e40cd8567c111c84cd25e9e7c204b5f3709fe733158604ee724bafb88b9604cf74f23eec79e2c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD56cbe396fd9ba1155ab28457289e20cf0
SHA1ba274694088d1a8eaf5ae6c67fc0a6dec26a3a18
SHA256408058a1b2e681c1c8de517b607555fc54b84ad975e660b9a96e9a1a062b1675
SHA51267556b37bba006294047d120f15cd8182d5488b74f8f1a2e1a692d9f9415dd0f73a7f0f92c8cfa5373ed76993228d336f315b7041422c93ff0b0d648f5c0ce50
-
Filesize
2KB
MD5c4d12c24a85b7e1aaf85cad983fe7610
SHA100bcb6e962cbc5a3d88689ec2f8c15feda6ff7fb
SHA2566568b506f3cb4367abf414e66e1e93a4d4e40339dd3a2a1d5ded1f1907484337
SHA5120d45cd5f36424147b7a67d4f154539d9ddde285cb363a139c5922814e6073cf731d61902a7eb84e9ac6547bcd52e65b023a2f97636072db478ccd04495a59aa6
-
Filesize
16KB
MD582ea91f54330f35583542bb77fce6bc7
SHA1b18213e17c3b06fcb56e2a0abec824d130f2ba54
SHA2564a8138e02233dadfba523279b620845732d4cecabcac897a2b55043a49cebd42
SHA512ab51a230d10c89678d5d49832053dea0ce49e41528aa125e963a2e631aabd38a03670b8d82a8380755957c7dddb6cf3ed34ff3d38c37c2bab164bf6ce137053f
-
Filesize
261KB
MD572d30185cf09ef97e00e1d93f9555d07
SHA1b7a0a9e773019984099779f88071a7837253fce6
SHA2566ce359e6d95f7e791e94fc0603223bf7910f9befd95b0b2863aeb1dc8888fe27
SHA512dd3046f1f86eaf1270b08457c77f048fcfebd847ac89d449ea30c82c1e820f13aa093ab30b9173a6390dc5df7130a695d01813253cc822ac34a83cf9c1ffb8b8
-
Filesize
7KB
MD5d74141d327b53dcaa7c3ee6b42e1cc05
SHA1050ccdecd0290d2dbdabf8ed267d19885c363515
SHA256838f8cce93f881589d285f0b3a04f9b51a56df280a7d7a7f8c9a98114991f506
SHA51245a7f5d4c69690ace3e2826af7e15a7f7efd7f78bcdb3f5bd59b669ffbdca0bb1ec111b9ab55e96211850c886184949cfffd0da0138c26ca3fb5acf912c16719
-
Filesize
8KB
MD570374a04d200979e35071a27f40dbfa3
SHA1cb0e118bd415417372eaa84af1c93b543076306c
SHA256c22b466b77df252e917543d20d7b55400f94c6f28d6021df5bdf7c9432e257b0
SHA512add1578d0bb4099d15b7d1c50254c433f0de345fcbab36fd5ed3e8953acebe8f2f4b7289cbbab2b5f5cd8620fdcf7bda61b2ec7ca068e3f1d2233c8d1b9e5cae
-
Filesize
12KB
MD52e45d1875e55375c32475ccfdf13b4b2
SHA1f9370dfa0390f74bfcbc9b4fdb3071b57956d7c9
SHA256000ed8d683e6d0c863fe3cad5f5536765e21e2623238afc71b5a34e5abd87d7e
SHA5125321e85769f7a132c030db932cec44c811caf6042baaba9e34eed3dfbadd9e2c97bdb5d3f5e31a3451bd3142b897927cda7a7504011d08518e3b99fc37493967
-
Filesize
588KB
MD5ad995697093b16e7f9a1d973a8c237d9
SHA1e42df965b7c124eee42a804bf2f2cba6ed393a39
SHA256fc50b4076ddab19258ab8d73a88998bedc7808073a92a233da128af978a6762a
SHA512ec2dc1745444abd3e781345724cf7222774e0e03aa9e78258fceb2d60dd6e10caf764bd72eafad7b24cf48fb45593debd4f41d516bd645ddf3e7c68e0dc6c129
-
Filesize
1.7MB
MD57efa3959b347e1d6e2184c63bb96f5fd
SHA17641260ba05c84c8185bb52d49499f1884c4e967
SHA2565306b7c3af561a552ff078108df80123b05595588b2e7b15e995efe5162c8d00
SHA512a6858d3eb2d55bf3480f3f39833dd91c6af8603bf85ec5b1f3c90667bfd0cefc5c1ed94d6314e79a3143de6b58f1c1260c44b57c4ad2191f297e481f25fec5dc
-
Filesize
659KB
MD5e5419ed1fa7a7d688b57b2ac7af492e6
SHA19e4ce74eb616d95aecf9b5f8f0b68b869e320c0b
SHA256170f133d340430cf1a88028ed9a439bcfa14f071e8676b2290e3d7906712e8c5
SHA512a1cfd7f90ec5a5e08cee9ffd0d204311ef985495e26aaae6dcf1daea0ad72b15028d38aff59fe337d03974eb40e96b5a65f6b666ad2a690ad662f68299abb9b8
-
Filesize
1.2MB
MD579b2926dc72069e5f0f0000ad554ad62
SHA1d22e9d78129272e3ce45f188159ecf9eb11e765a
SHA256bf4f428006dae99b54e280a18e25c1fdecc81c83439f56a088ed594475796d4e
SHA512196b74619eaf243bcaae1ce8fb9323717d1b29f531dd6a37374919d93bb14779060505ad0b37dc2c3b95a8fb96b1c8ea49e4bd8836c706377a2775871785fc2f
-
Filesize
578KB
MD5bb0b3c53f31e4e5c6851e95e963d13ba
SHA180dbeb568339ba6ef27778823ec6504b9800f113
SHA2561c01568fd82dc9152ae2989140123c92e2f347ed280822892fbdcdc3f08d0662
SHA51257c09181e2c7cb12018d59c76c81421f41690b635789d95ccb519ca3b8140df39c8e4c3b1a943701ae31a63d9b0561e1374321b7ed9b013d6ba08d664fe6d64f
-
Filesize
940KB
MD52bcb76974d0826abcd855985065270f5
SHA1b5aba8033a4ecbd70826c6c653c59952c4b063d0
SHA2563d24588124addcc9113703a9f1dcd63dd0f60b634ba46245b5dd4631c262a29d
SHA5126aca4ed1d989dc99702bbe470795d2f990a5990a3dfe055c94b33e16a6d16043a0f38769e241cdfa48b5e83166b54d28ccd5d9621242432654e1c2706685f564
-
Filesize
671KB
MD5aa430819ef1b17aba4e6269a202d92f2
SHA1c82dce43b7eba519e9a0593a272973a64e14425f
SHA256b941c30ddd3074995bcce4b8b91f5440eaf69809520f14bc14836c4ece5bd50d
SHA512faa628e7622bc8222e4a5d43b58996bd65b77e5e868043fa829d9e1376d38d3ad6ad06b24887ec4cf0a604d1cdd4ba604853dec08c8f27c25fe378ac0e2d60e9
-
Filesize
1.4MB
MD5700a2c60f603b566a035397fc94aa1dc
SHA1179daaabb01c76ad22aa01caaa6613376b151be1
SHA2561fb224d48da1536e13f07e07d52b5744d724aebfacb1f4c5693b4d73ede60f1b
SHA51226ba16b41d9a2f6fc7a2041647b66d6e3153a977c1ab9db70ae2cbb21186b672da637f2208a86c20e34f9cd61e46ecfff7551c412b09d8aca20056234537da53
-
Filesize
1.8MB
MD5f298ed5a5b5e3d864ef1fc3e3dd6f7c5
SHA158e3f0aca755c5d11f5da57be1e60052f4df5c62
SHA25636932ea422d9cb731fd60e4e9b34a897ba4a3f6b56dbdf36fbc0be449fc78d39
SHA51211f53daaed39f94e3e680209b726b2b7b3e8d6a555af3aab7adc8c51a061bb649550609709522311d4f5f07257df962a2a1b0ff1f36c57d096cf54860decdfa6
-
Filesize
1.4MB
MD5a88e5114fb21fa46adaa54893f1d7cc2
SHA12117d9614194d915230dcba6b38b5f93e79427b0
SHA25611d72b00115713adf06abca527ac848b5ed95a60e81b98eb1eec1bd01a34d3c9
SHA512880957308b01995deabb7d7f9cdde73b583fa38e0538f4136d5559bd3e2906bef6c9ef9a1d377434ea768c1b4206b90f24d3cc9d3123f17833cb9d1d51d6b84f
-
Filesize
885KB
MD5c40037c6e6f9d3c67af6267a73183773
SHA1e4ae6eaa357c670cbd7eae294d83371c92e70878
SHA2566a40061d2bdd5e6a72e027cd891bcd6c146f7e1cc02d34f2f0724ea3adcd7864
SHA512e3512ae963084870e8cb9cfda5274fb3be4c63e2b23710511c9476e28860c6bc2f505dd749348a73d85752fcbe878a583b02c39c69e228a5d581a586eaa83357
-
Filesize
2.0MB
MD5bce929b930ef2866aebde84c1d9ad213
SHA1be1c405c31c4337acc143083261c12fa2631c3af
SHA2561e44f7e93d839a2f130dbb88c56618a5c778902f2c7b68f72d2971d6710b1a6d
SHA512b4f2e6cf365164b73bf7e6638039a9676dd389111e830c7bde8949101cd8a8ed5793a7f168350ee470930da2476eb9e82931cdfb50a987bf33f02cbcf6e97946
-
Filesize
661KB
MD5dc6fb088bb2e58c21068d6733457b638
SHA1edc1964ecfe4acc7ae43ae5a222a3bd46b2dbb0c
SHA2561e562e6fc0f8ec578c017fa8b0b68b670831cf23c152b405ee27abfe7a604c89
SHA5123bf88cbce52ef8458bda3abacb51b2532f73c5d3936005892827973104d27276813bac2b4ab152e9dd18c624d2fd4892f505092ce563782d327a9268886ba763
-
Filesize
712KB
MD510acd19e1b4fbf4bacc550c0e1095dee
SHA1e2a8e488538d65739746c7a5bbe2247d843e52af
SHA256fac4d578cb91dec371395a839efbb1f6e725bfaa30a64a1acc31a87d9134644f
SHA512f68f19890d1f78bd36ebf9b08e0286c2f9534f692aa0ee4fd2c8f4e818f4d01ea69f6a225961221ae87a6666bdf06db5e0aa59b52fb4344a0ae1ceb4caf175ae
-
Filesize
584KB
MD5d224bea476d89c92da392ca1a8c10084
SHA1510a3fe842a8358d2e17df307a53465d3c61befe
SHA256d7c532fe7bee49eb5338a76cb068a752e96a08da9670b3010c54e1ba9459a68c
SHA5129448a302522e4fa8975b16ddc7238115991535cf89b1dd56e666857ab841863447b31d16e4dcb95a57156a6cc547297f7e803bfd11fba894541a523657c034dc
-
Filesize
1.3MB
MD5945f9e7680156538827647bef2c196ce
SHA1d3ba350a0326df528f55bae3dc4327b087f7c13d
SHA256f5b5c003439526e681138013a649b628aab3ad0a408c1b5cfed8378ad2a4b40c
SHA512babfb56393d2db596ad976eb9832ad344f60599d9d89a2c304ba2d01e4211463e99ae00c8a292e520a501192c7f129716a0db07ffe71022cc77151522261aada
-
Filesize
772KB
MD58c928f572af5398c476aed71643f1f91
SHA13f6c4137c72899428dd75cd5c6e8f3cc657d02e8
SHA256bdf6682aa3a327dd7570a24fd5bfe8c17916b9073029a8d7bf96150d69ae6a1d
SHA5128eaf6e8135a07bb7f55923f39c87da2b0c3954879944b299b21340b147beb8cb8acc08cdb398b049cdcb5083247c1d458353ca31d0dedc67c065e23da3c61ddf
-
Filesize
2.1MB
MD59ee39243a7032b066ff75f29f1ea3b8a
SHA102f0da6eef2025d1c1ede7b1e8a2e6d239394fbd
SHA2562454698f78c43d372f59c79782c4900bfd2879566b17e6a88d06a1fe1b2b4eb8
SHA512b87f64bf7f0eecec8b7f68977ab952ac789f3a02b654a58f08921a89466a0881a38f66e18b35fdd60327727307a192768b14174e5e25e572443faa7e0cbc91bc
-
Filesize
40B
MD5de12892063f81f60b11c0497ec332fa7
SHA1ccfa0530f55d277c3fe6d75260088ae08d5b7616
SHA256afd8ccad757251c38eecbb67fc9f41af5aecfec62b521b229c5b17e17ba05eae
SHA512441e809f431b7d1715efa1a6eeda910ba6945b9529a6330cf964a1d8f7233e97893e6eac6758abbeca4c61d315829371fa2e2fa02a5b838d1fb79e7a43b6d7ca
-
Filesize
1.3MB
MD5d421b66ee26f42c1a1f8c9a7fbccabff
SHA11b4db13a6dde2328e5fac7a10f4ed40967a3a27a
SHA256f81155e38f5bca661810c178a46f4ab0f53458ff4f1f4466fe4e3bc930196ae6
SHA51227913e812a7fc0b95f99d59255632e9277db599868572f84abddddd3680058c64f26112ba8dac58614f3b8e4f7ac87017f0389999be3ec42bf9671eaabdf4200
-
Filesize
877KB
MD5c2480cdb0b23d76686603a45502aa2ca
SHA1248a09108666d62d90c81f6edba68e4b67c0ff1e
SHA25621ccb278c1b5092b9a963169fe322bb72c046dbea8f991ec25e32117a4f97f6d
SHA512f675e9e86f5ed9ede627c035d4cf3b56684dc224b1270877eac2f8fb40f17f924f82f135561e2c96711d65a6f74cdbe43f7cc851adc9c1ae84d28fab8045c6b9
-
Filesize
635KB
MD57f87be937f63b6ddd33500aa38336d8d
SHA1194cfb3d0f2bef37431760aad359f1ea12d9dbec
SHA2561413b44495e74b92f79a286e07044cec8e338b3b22a1075636620638e6c2538c
SHA512f07a58ed38f41180f4674d9cfa177150549ec5d2286b48fbcdf8b8d14bfdbde829cbfa3c90946fd51ebb84bbfec5c07e8cae0928c6c1c1b70155701a3d982c7a
-
Filesize
596KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
384KB
-
Filesize
684KB
-
Filesize
904KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
792KB
-
Filesize
792KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
600KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
680KB
-
Filesize
680KB
-
Filesize
2.0MB
-
Filesize
1.3MB
-
Filesize
1.4MB
-
Filesize
1.0MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
2.4MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.4MB
-
Filesize
740KB
-
Filesize
2.1MB
-
Filesize
604KB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB