Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05/06/2024, 12:54
General
-
Target
2024-06-05_85a4f55c9a7b631e7534483af8177852_ryuk.exe
-
Size
4.6MB
-
MD5
85a4f55c9a7b631e7534483af8177852
-
SHA1
b55023624ef4901264e95ffcaf113478ca4da683
-
SHA256
89277452b8c618906e8de27261b835de821573f41434079816ccdd2ce02c1764
-
SHA512
3eff68284b5470a5f460166d5748860e139d720c7596a43448f4ec4fa4f4c7c1af9a83ab5515ff1136a71486332e797240946d4c81ad9e859f4710091f354773
-
SSDEEP
49152:TndPjazwYcCOlBWD9rqGZi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAG6:r2D8siFIIm3Gob5iEOUtq
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 33 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-05_85a4f55c9a7b631e7534483af8177852_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-05_85a4f55c9a7b631e7534483af8177852_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-06-05_85a4f55c9a7b631e7534483af8177852_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-06-05_85a4f55c9a7b631e7534483af8177852_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x2c0,0x2c4,0x2c8,0x294,0x2cc,0x1403796b8,0x1403796c4,0x1403796d02⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be90ab58,0x7ff8be90ab68,0x7ff8be90ab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4256 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1924,i,10051224660240429367,10345311588423772183,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD504800bd60198e049994dda9e4465b0af
SHA1c604fe410abaa65d4473eea9ab193cd3c61e6655
SHA256c039072ddb1d2e7818fc3d257881f801eaa9230a6c923ec6ac38cac22119afa7
SHA51295cd2d1cd74621734ee007a03488ba8899d947badbdb0bfdd859dcc2575349e87eef2b8f3b5cda1d99897a69d77fd7c55b3ddbe409727d4c9566a4f5cfc1278e
-
Filesize
797KB
MD51877b44e5f100f0bb706c59f154de5c3
SHA1f25d4a44457b2ea9a268d71a4e4e8e424438f546
SHA256e41bc2a6754ea24e580fb9a10c72f91089a7608729882eed0ca9dd6db799d99e
SHA5122486752a0f4e7870c34252e753a3f2ce7981de8144132ec80a009f547b1439d8f42d218439418ad1ba3b530e4e4c3d15e461a4f2a9a02382345b234915c8f7dc
-
Filesize
1.1MB
MD53637e257c5ddb129d7ca08cd1a7ac3a1
SHA1dc01fa90fb3ccf66311a0d7a3442238ad74bf4fd
SHA256fe932d37367ab2434005463d1158ccb3265b7beec4a485884f2e9f5193c56282
SHA5125aa01add667014a6f319021418ef711bf3ff84391b742c8a27c6e0c710133f9655999fb63e4073c018c9623b2d7b9bf730c87eaabaa4cec9443a1e12b7cc21f5
-
Filesize
1.5MB
MD5783e0fd3202ae4d57a7ead694e85f709
SHA1425897d41eb05f5adc421d1bbfe7fd02f99ff74e
SHA256698a926ce1d1d7b6e519fe52626d33e00d48ec7f62a7b4bc1922bfeb443862e1
SHA51295356463a9fcc130844498d2ee0b4b9417606e90185b020ea4296c9dc028c7a8ff2bf1102074d857cead10266f79a96be6ffab1d81e51dd8453291e5641c6058
-
Filesize
1.2MB
MD5249e673cd118fea562c90724a4c0cd84
SHA1b6707412ea4dcb53d070022d844836861329de87
SHA256ee3cba95cc64b4cf22eef7258027fdfc12c4aca1559c6efd02701d7ce77467dd
SHA5127d84fe29ae66241837871ee45da2e000bf2c5c122a31db0c4807c91e04b9c224998990e5244792e073d4226a32da8f973379e2263de56b2222eeb6c67ba2c31c
-
Filesize
582KB
MD595ec79c5d754793f2f8afcec5791cab1
SHA1e98a202bff1829cc0e064a7d628608ca6a006a28
SHA25630a2c20abf1aa0280bb99e0c3924e84b3fd78ccd88c46e5e4df79b0fb0fea393
SHA5127f4c94016f2c15121391afde2a4b31ac02eb63af5ebb3b9331d99747a74ad546efa0cc82f1db1f7c119eafc7b8b8f4e4c6e8f893e8a88a9af476eec83ce11aa9
-
Filesize
840KB
MD56333e44c864783112cc10989905c74d0
SHA11530cd1fa62e9dda27ebe6ec9e1e8b01728ffce6
SHA25603cf2b94b927e1915625c900029ac7e8340c15714130b5c19cb0ca47fd22ed8c
SHA5123437dc099801050cc013c5fbeabcfdc37b37d1d284a3c66b10bbd434a8b96326bcda80ed7c903e1d8f39589bdd382c86b7f15d39f03d376bc8a962a807e8572a
-
Filesize
4.6MB
MD5152fbad6de47f53364eae4e435a94017
SHA116e69dba2399579c66d2ac4c4908a9b60fb120af
SHA2565bd6ab8b3c0513109a58711b49ba2feab2c758d97b204f31a50db54785adb701
SHA512c4883c089056175098238c42fc5e57552f15eb9d9c9510de461f2b42153a6b1938dd7d80bd301dec706b79aa755a7af7005050a3c283b5381dc750d3f6cd488a
-
Filesize
910KB
MD5a17d41e86a7330ac4c4fcf99411090d7
SHA15119cb9be6b986226f3d9658309a2b3a4d72058e
SHA2562404df1201e9b9ce90eba01b86aec4a4dc0ddef292f0005dc66cc67a4a965372
SHA512ea0dc849dcdeaa1737270064b1ef8d14cf4fb0def4449efe275e7adc79540d6010883a17224f3468769fd032cb448751e97f25b44fff4414fac7faf4a4fb53f1
-
Filesize
24.0MB
MD5d7b34eebb58f75afc9dddc29a0c7524d
SHA133e84d97dd73e1505f2a95b981583e2b13e65e5e
SHA256b81b7edc934d3b839b9f02f1a08a26729d953bc8ece6de5d97a4a13c3c161f4b
SHA512ba7f9ce8170f7bee5c3dc11c931355b01092bafec978aa81b0f7246766123a578c34d3e1c7208f8d5a65f058fdeff4a8c7b6d98191b4233e6005d1d05f18fedd
-
Filesize
2.7MB
MD51d467c191461259154aa4498aa2755e4
SHA1847293116c5f270d477b0a4434ccf38251d7cfcc
SHA256cb3bd6e39e209f4f3949c39523bdffc53c3e3e50f7e513ec331455f4fb9b0f40
SHA51232d28be0e78ec9661f65d2a69a51577a1fdba895a921c7d7ced70f01de9343e89ce62b19987a3b66dddedf457a70600e68f02c617ef66cb58ffabadecdce821d
-
Filesize
1.1MB
MD5af4847eb62f9312f0ee178ccf57eaa31
SHA1780401b79c5567afe94ea64e568fbca10befe2c8
SHA25663478552f1a53b818e88e31716caa6708d3c64751de0d068ffb8ad5774ae4f65
SHA512fa47f423dee10e1ed1d1303d0c0d82db8482c058586672a521d7f89e02b1e2b64a84b9e8fbc2c3616aa30ead346b7b9db96e4ef973ba257a36063a3443bb5ec8
-
Filesize
805KB
MD58b4746380661d9b29f8e90d14d56219d
SHA1e0d0c791190bdc8237839ea96713bc09b4e30f9e
SHA256b92af6de70278d4957813bd6a0c528c58e24c5c779821df92688b4a2a35dd5b7
SHA5124de1525f797244ed676aa164a275943b974f9fad2bd18d23210cf901cb4842798daa647846b8374b50b1800279b57e35c2e9cf2d2afa36c103a13813a1a89d95
-
Filesize
656KB
MD5750a9b2f650232b5190ef266a8bcc4fc
SHA11efa5c71fc034a66eb35f52f2d483dd805b98c52
SHA256bd6f8723f0e87aa3f439d4a7b589e3ff53b728a036ee589a1bde7239ec996729
SHA51284165494f138447b38bbe5d16a0e0d0a4bf23285591a675df8d372a7b4e1a144f49adee195134e0b794533f942bb1ae2bf46ec8ce42c90aad214ed16ed7245b7
-
Filesize
5.4MB
MD5b3d6b6db475c78bfcd7567cb9b69eec3
SHA14ac2daa54fc30b9fe24549616a9b2aa8f2d136fa
SHA256031e273b755ff5fecb858e29797b3457b06da64fbcbaaa76e8ffc9043dd13093
SHA51207be67701aafd18aeb563d423064bc8cfcabde78597f90a6a7128fec2d83cbdee4f8b5666500f04643dcf097f73efd19fa4e077d5808ce09d1bfe5d8063704bb
-
Filesize
2.0MB
MD566565c4fbbc97e5909e3bf71f963b45d
SHA159b1e2584afd775a3e7a944ec0dc25f2bca42108
SHA2564612140d13d1cbf420a886da738a73921a79f3bf38d7f689705743b61cfdcdaf
SHA512d9f9e34954607cacdaed3201a4923da2ecc5627b35d61ebc40678871f484cc62591f5801b8929a1ab6e868ffc70f01414b6fb199140b602256418594183d16a5
-
Filesize
2.2MB
MD5c794d673d8bf5d6654a711ded800a9ac
SHA1e62eee6e1432f51ae726c5a5c34f68d4bbbf8317
SHA2563e6ddec0528f5cc025c95b4039435820f55c11266797b30ff174eba602f2bf70
SHA51229c83afebc402c87b1ba0468246ff76e1d5bd0c3990d23f06a551af5a1fc790759a3a50e4e9603ed3299a00d4e00f3dbacf91bc2f93c6ffbac6c1dcc1b5f4ab8
-
Filesize
1.5MB
MD52c28657ecd965f1d99b69ff05ba0b65b
SHA1fa0441169bb6ea7a0e3a9790026c14472a54bbfe
SHA256f8eb6e34cd3a95fa0956e578fc64090ccd76a8425ae89ebeea543c3d5bd108aa
SHA512a6e3886fef212fd23628abc913dddfea2e88e03f7d02ef3bd4e76b8aeb9964149c85a567eae72232683d8390bf98c0cdd2eecbdadbd0e938fb4c9ee175111237
-
Filesize
701KB
MD588ffe9f8a6540ef518914b40c353c9de
SHA1295e17b8679cbb0565b9d22dcfc09bb37a99c4d8
SHA256793a6cd775e3b440706bf7f5693c7b0b39dbdb65541a83f909881b5b105b730e
SHA51261403604f39f1a73f855f6fcf1c09de4806e9f73a2699cbc481d31b8244c78b55ef4f673ab9f705908419c44877576a85295a4a69a55ebf93cdf42cc4f4f83af
-
Filesize
40B
MD50cd429098412849541cb95afaf497de7
SHA134fcdc8c1708981ab8e69a9ccc50ab898d7f7df3
SHA256d987cb1f82d1cfa20deebd5947b3ce1b9ae9ca25cb7df736727c507a3a17700a
SHA512955809ff9150048d9b739222dfe4c1cc7b4f330cab2858b74ba1b8af8514f1d97268812c0ef81a3d926c9928fab845515a0fbd834a8dd1d0db39359001ce5f03
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD5d654f30de65f87b5e4f09c84a4a034ca
SHA1c06c45e1d99eec0649b2dc2ded34cbdc1fb13165
SHA2565949930455f00500eb72ea46871cfd0f436f331f5c62741853e293f92b2c6e4d
SHA512f073670547fbea722fa9209273568193fea2daa13117c2c3eb2741a80631f0954f216dada3839cdf80a326f0038454722267fcd2125576b4da82f8fc03b0f520
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD55f11d4c11994b4e87cf010632215578e
SHA165471611ee79f05d39d07680348bca8f5d10a339
SHA2568b3411c7622012dde3730e353935126eb742d7e5b59da1785136ad93b40d880f
SHA5124b389a19a89c660e9d30ce1f81248ddf9f5cb493492b75e77e19241a5adfa495d5291a10ed137acc475600c08cc184ce4da5e5a0d226c76f280daf505ec5a849
-
Filesize
5KB
MD58eb7d2ee1e4a3b78d15289985e888210
SHA1334460ee68179cd96d18a653d54e169d88bd9e10
SHA2569eff53f10e7786b63a8fb303fc438b2fb883bf706ad72bb99e9f32c22f96fda5
SHA5127105aee8c8e0e95ad96fd45dd4955987d41b38d0c049e2318cae8810ad053f946033e9eeaf5c9a7aaa1f67f2847bca08588337b97968b966b04be89303cc51f1
-
Filesize
2KB
MD5411ac782e18a3f8947b5bbdc13773829
SHA1d9a709bb6b79ade9df4024e8fb6e36190070bc21
SHA2560217b1195d87db614149675e331d00b581206641c58f6c7cd8cadb92e718f8cb
SHA51203cff6f4f72f375b34a35df614de1c0837ec423b3b232e5b863a2d85ccb2f2bc025d1954ae0ba9d117930a84e7fd1b44bc82b488e5acd58370c36e9c24717d5d
-
Filesize
16KB
MD5e15a0741560b40b4b70641906559aa59
SHA1b4bba168c78cf60d77baafdd48e9d2974895c7c6
SHA2563faa788333640262616b968b1f0a2140e0d903644f4f46128042f57bab097c41
SHA51248987f3d11455898d78c1966e91a3b71956ffe0fda46f7825094b87d2356e9cabd1bfdb4bda0e8f5a4c78247a00597f881cc2c3401f004a6f24677ec9ac57cba
-
Filesize
261KB
MD555a1e9d66c64db959a56f1365c759809
SHA1ae5ce58a1d56726212882eea49b575047eaf399a
SHA2565234c16df2b240ad7625a46600858021454cd1e9b896ed001f885e7b7f16f66e
SHA512ab922e822660c174d0cce2ea6099d736d2dbeaa42ab89c19bb8fe1ad49d4ada25375e0dcbba7285d9f1ec9a26fe1e403ce182eb83647fbd67865f014257b7aca
-
Filesize
7KB
MD5c6a2d3e7e863802dcbc0d763e89dfda2
SHA1950c6874648a70a62ec3ef2f897382ee09903b7b
SHA25604f73660644dedb7a19491b9a98a4230c9e2a7a41a2961f45781218eb7dbc9a8
SHA5120e97279c09349c00b9d6f8ba1af7e0571c6f10077a171b889fa7c0bd5e826a17265ed502eb9b8a29dc24142fc1e36a092498d384f4c2c631fb7032425c80423f
-
Filesize
8KB
MD5f7502d6cf904f6d3a5a636cf60324164
SHA1e8b5ccdb99d5639615056430a83e582f79af8e15
SHA256d78c7f436e1fd5190709d3870257c31f7ddcb36d1d20acb4fa535a1b95fa6213
SHA51299dbe90abb4124331144417a122420a45efbbfa5e94a11e876a0989d666b46d210cd95c7efb31053aeaca379f2e9f10896466a21398bfdf021b73dc3ebe78dfd
-
Filesize
12KB
MD571fde3dacd6040ee4e039351c3e1261b
SHA1e902817200ca576bd9bdc27d491de8feeb853f00
SHA256a13bee54b034acc3ec156e9362c536b87a6a0b31a8b21c4d3845aae808872974
SHA5126f59585d70b1203cacb3c351a88a5c55367f0d27265c28694a65c4f9972b45100333ca6eecf110b12fc23c5012dabba24a990660389ae791d10e191e958ff89a
-
Filesize
588KB
MD59877a51fc63eec5c21af0de984fa0dbb
SHA1f104470e8dbaf7ec9f7c6d86e00a090b8d752e96
SHA256b295a944403fc31ba16e7382d4594527b261d57ea34a53c2e5e2b3ed8d4e9413
SHA512a6d130b5f2850e1c1efd234136a9d1c874db1dbc3ac6c4886a0f238da6119291a5158feee942f30d68004b26e0f3f64f31fcb931808467991af445af4ce01ad7
-
Filesize
1.7MB
MD5bda646da2d034a7e71f89bb7a50ddefe
SHA1f43b2bab4433e7c422ead35e11926bc61e848906
SHA25681015b3a78a845d04e356fc0c764b96ff212938d31719843a1abdcc5dead2707
SHA5126f81e2b537f366d369d933a7061bab9da7d0116e4c7da7bbd2813e2d809c8460db58fa0f8bb47230704c7b1f385d25bf66da1a3993bdade7c0a2693ef4d4a3af
-
Filesize
659KB
MD54f6d7bf09431298fc659397b7ca84c71
SHA16b42c4de2642e32b64bba84a4f0126b8f91421d8
SHA2560c3542d07294bead171e9ae9ca94098bd461ffb304bb3405e4ac0c259dad7808
SHA5121153a3fa8912e601a7f793d472875c13ead14172aa9fe58a7ffceff70ebb5cf6eb978293e9c3d515b453201121d88ea2e6a376840392e879d4a00d0b1adcfa33
-
Filesize
1.2MB
MD58247260394ae2205872ad6d52764113c
SHA1abd8ed7b7fb9cb30489699f9a187e51e5d85786d
SHA256f405f337ae441585512b59e581206dea59109a04d73baabc3d8f8d9e343d5d99
SHA5126737173638e8df2bea1a1547a1b696cfe78b51b1c391162ce7677a34a655e9619d53326a7f4a83cac77a368e6254c6e5fba3c99bc83e8b1faf86aeecaf1d9a30
-
Filesize
578KB
MD5eac316dad9875222ae731de1fe2d4179
SHA1c689f1b6a4f1a482aeca789dbd879011b9556bff
SHA256b1cbe075d9bb72efbe62785104adf2390ec3ae80bbc8254cc096ca4229bdc306
SHA512e5b334cd605990b23e5d5464ea17a529402bdcd7be4471e56dfa49fbed8ff64c55b2dfdfa6f943359c41e21f306767d03d622a5e827ef5f289b030bf6b87f779
-
Filesize
940KB
MD5b75b93da7cd741665bdd89561662203e
SHA1e6591e709a99219f6a4a3510bed1ae0d00edce49
SHA256feea11a365994328cef77fed3e65585665a346b37ac2d006d7cc50bd81731953
SHA51252ad26a09476881e0153e0e7903696a5698d15008f85c7c757b4256eede4f494e9a2a3c9a9ffcece78165d5fd5e76d0558abd3e4cd9d726163538a42c71bca70
-
Filesize
671KB
MD55e8b866bc21d9d6105671ef25a272ee0
SHA124366ec08977c9612f55c5b62ac06b42c1a85d73
SHA25685d77a4b635ab2ba2e50b83ab4fde4a4a59c87146e91df44b685cd97e906c840
SHA5124e6612b7a0ec7728670cc926fbbbca3ee5454bc097843bba0acb252d3819210e7510e585698510591c9b6d39b6854efb9115548bf5924499a5f72ed44fe04da7
-
Filesize
1.4MB
MD51ded24d76831793975d9f4730a1e7b01
SHA16a953f45a70b365f0db488f6ad158cb0b6d78102
SHA256172d420018e1a8b2484b24c6370710463fa3270319112798219c41610a85fcea
SHA512e5635d7754bea071f641838f635688354ed1545ff8867ae33b8acf69370725354b3d8db947beb9c3058fd1833ef84f8c682bb2e1dc6b892290d68cd969fa68a0
-
Filesize
1.8MB
MD5b358a552532aa44a148913eb6eca5434
SHA1341c59bce40cbc05946e0bcf6ad46946ab5cb62d
SHA2567136cca8dc6868dd6aa2dfd0d8e3599aebad0c190417d87f73c5d4d368bf5ae0
SHA5124251e26fafd3903a22cb35fefef5ed8e55773b5d4b26fe63cb518e6f536473d963f2dcd0e1e79916f99d47701c86d61091f86e910b0a877a2a2d2b65d05a50fa
-
Filesize
1.4MB
MD5ee792e031110d50fd1344394fd04d6d7
SHA16e7967cd44796042700339a83c8803c63932b6e1
SHA2560741134e5c89ebeb0caa981b2be57e4914775e1f170edb0fedcb3920608114a6
SHA51285fc1e44ae4a2d5b160f37ebe64588fefdb73edf9fc4d89fba17c868e669bcb8beb5e779045e2f3628be574adb0aaaa26a03f60036f0b4f54eedb24cf33dab76
-
Filesize
885KB
MD5867a080c13b8c46c97b0b856c9eaf58c
SHA1002281adfa54bb403be1c2ae742d8696cea11574
SHA256fa8ca4b501befd0fd7e7e0cfb045858909b0949de2dd4668f0d82599ae81ae41
SHA5126ab81986df1b757f88cf406efb8fe01aaff19fe8b635d07b5661b5a686308fb33be5958d093dea902ee283e254c37edd2a0973219d615fe301c32b097004a9bc
-
Filesize
2.0MB
MD51d3cf99b4d5c388e3579b3df5a00f779
SHA1944df95efc268a04a701e16739521ef4ccd0e929
SHA256e798ad19b774ca4ad87dbea0387ed9f37adbbc6c2a76545992752a4e21cff045
SHA5126bdf80887602b28ee825432a8b2b909080eb5057870b9a9f610df0bbd16f0c2904839e2ad9a6e799a7a1d5cfbc82d56fc7ad44ec6f820d7e0b760d1df333d67f
-
Filesize
661KB
MD5753b97fc8e1f4127bb2f188cc845be9a
SHA1377fc2616edb5c84c60333246d2eb25f59015cfc
SHA25644d6bb4737a62de450355421722303c0fa6d05c4b05f058c0fe7c5ba57e80ac8
SHA512bc8cfbbe51ae8c82d019e4da432702665aa8316294e2632efe4f00d494b01e49cd35daf7f73347809f8778f29bb5a1ee6e8dd8054f60c2fe82017f876969ebbf
-
Filesize
712KB
MD592906e6098db6cfa3fa63ade9f240ccb
SHA1857fd58cfe2f977af81d8beebcd1fe12c5e303f8
SHA2563ea977eb60a100ed1efde21be650626be2ae7a139366f2096c26d1e7cf21a7ec
SHA512965e1e679e9de2e562349966bd8755e81bcce5fc4febe33e909ba8464a37ceb0747cbb89a76eeaaec4e75cde44a6341120b23cc78453f9f544ff9d0c40ca95da
-
Filesize
584KB
MD53b6ce18998b5b6fd15ea6904f96bf4ac
SHA1ef2f0dd392e0622d909e336f6be8023f6805d314
SHA2562c7e4a3851f5adeafa6547f46b60ef664cff6c30243e2afaba93a3d42cf2c7c8
SHA5125c2a015acdb98cc80ace13c47d37ecea097317d41fb25862246c8e3ec9da076ede0897a70390aee8bd2b8b49da0e06694a3fe8cb2e12d0a51d10e2c3d9b95277
-
Filesize
1.3MB
MD5dfafeba501d2a85cd459246e74ff08d9
SHA12e5baff1ff6bba8a94ee28baa503b9f65413be9b
SHA256d1407741dd1037d43109270ed3628a299ffffd056fc85d6c978dcd879e8b999b
SHA512b5008ca8acf54792694bd97fba9acb6166171a6893edb72da5b3c581b485c6490e38997723187c3579d611678c5bee4e8111df5c5258bc5cc70bf3f7cf447c32
-
Filesize
772KB
MD5903f7ef5086ff8c4f5ae60baef9915a1
SHA12aaf7ec5e2e6c52cffd59ad0c7f2131c5b46a8da
SHA2566881720d99836c715e77367d9012f234e1758eba5a21b0320b879aec3ab2b31c
SHA51271fadf0f798fa8f1d8c637d283f4109825ab18a466e1d5bf2a29e70d5b2db5886b57b9b23c75381cc1a5040f2ef5f7f1ec9250dd8ac41f6f5f302da92ad28967
-
Filesize
2.1MB
MD58a926a255e4de8c6e8aed8ba89425601
SHA130d5f98065aac63cded762bf414eb43833fa38d1
SHA256d41825773fab5d315a994b3a82b4eabb3465f84baee68fd0c2aabc0f89c9e5af
SHA5121e51371952ebef4848e95ab591b5cd49687dd5677cc3c633d08b8dad03370ba0e298d7b48f3556acea4641e342f7bcc8f2ea7e59480beefc42edf5ef3bf12cae
-
Filesize
40B
MD54d858969f9b63ec4e90b337affb40980
SHA1c5f517b47ddc66cf8fe32495fe14e425f905c252
SHA256d228412aca7296096c2db6c01dfe1e83ca0db6a7fc2512468473c94bbc3e50f9
SHA512df058b39862395921f86ab56ac87eec0ed1adb201b988f3bae0fb037e14a1c33d842b7fac2354f0daabe15cf41c5b6757ed9971dc8237e7a5e9377314c6b972f
-
Filesize
1.3MB
MD5323a0a1f7664cae731814a458cc1c9eb
SHA193b47cb28132707688e3978f35ad069a906c71b3
SHA2563795f4eada195dede6e5c640571beacbe120050460049ffa094466e4d69c4ff0
SHA512022084401f6f54cb5380d6e881eae208847f6f6e77c17c519a754eedb0b5a69b4116f02f274f94c54fb146449cb252bf2a12f56b287a64707d92bcd0161d00eb
-
Filesize
877KB
MD5f5421ef12a84592a9ae6aec6395139bf
SHA1444793c6f853ed386419d60f5c2898b61156590f
SHA256324a19035aba0a276385b86d2b91995d97237dd135a09a243e845cdf9dab8330
SHA51232a81ddf6a8100bc3a976e5ba039ffbdb4fa8c2f4d557e3ddea61442070b34d75ce63b174e1fa6a9f10cdab64c95582c802c998673149abd5fb9bc1f3e6ad71a
-
Filesize
635KB
MD57a95355bfa09ffd139777741d96c958d
SHA10e473f1bcd074860ce97b513da652dafdca28992
SHA25620a3e49de8323f65e79427641ca5da161d497b2c0d7d3d5c0b7727db1f1e20a5
SHA5126daf24250d3292d5e8e801ab571e124d5ee25f8af67a277f9cd6e6cd960376a027aded69f6808bd8c0ac7ab721820e2c271c4f4773946434a7a70bb0d7743996
-
Filesize
600KB
-
Filesize
600KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
828KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
384KB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
596KB
-
Filesize
596KB
-
Filesize
792KB
-
Filesize
792KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
904KB
-
Filesize
904KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
680KB
-
Filesize
680KB
-
Filesize
604KB
-
Filesize
604KB
-
Filesize
740KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
684KB
-
Filesize
684KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB