Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06/06/2024, 18:05
General
-
Target
2024-06-06_33bb1bee1732d04433d402e48fc4de0d_ryuk.exe
-
Size
5.5MB
-
MD5
33bb1bee1732d04433d402e48fc4de0d
-
SHA1
77a3579ed56f3364935c4fb0d6c5d6103d913a81
-
SHA256
8373b546e0befdd0b165c4f095522f2603006a338d7e3e9e061b68cb3bd05ff3
-
SHA512
3d5417ce35c65240e3c21601e7bfbc20d94f7fd2eeb90a6bb70f594fa6b3eea82047e65a0555045ca170e65901704a417cabaa07ab701114f129d6e0fbd2640e
-
SSDEEP
49152:lEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGf2:5AI5pAdVJn9tbnR1VgBVmwlI7K2mF9
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-06_33bb1bee1732d04433d402e48fc4de0d_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-06_33bb1bee1732d04433d402e48fc4de0d_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-06-06_33bb1bee1732d04433d402e48fc4de0d_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-06-06_33bb1bee1732d04433d402e48fc4de0d_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d4,0x2d8,0x2e4,0x2e0,0x2e8,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd790ab58,0x7fffd790ab68,0x7fffd790ab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2728 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x29c,0x26c,0x270,0x268,0x2a0,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2440 --field-trial-handle=1912,i,6013592127255972363,2293558434646019184,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\WaaSMedicAgent.exeC:\Windows\System32\WaaSMedicAgent.exe 9a52ec30a47c03d91e4157e81fd17a36 Hc6sLmavnUuVmPXAeQ6v8w.0.1.0.0.01⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD504a11a3e04508ab954b34ca7a9a670d3
SHA17a82f4e8b97e7e9a470b5c504240d1831bf4161b
SHA25668a28657dc710a8134a89efd46dbb1d607ce7ff0b61e5833e002334c5f52db1e
SHA512eb4db48a69733e61d98d32bfd5d60542e39ce50826ccf1e0ba6f2f0a7e2f393fc4ac3ef950466a52dbb0b56a09511a36d889a4726e8dc2042e865caca1ad6e65
-
Filesize
1.4MB
MD5d8e4747770b1979ca7685e9e80dbf516
SHA180d6b61254103c53e3542aeab5ae8eae286320e1
SHA25620d7e3a5ca1b8efc52a47fcc1ff3a1581571cd849699b8471dd6cc20968aef25
SHA512f16e25ae3772caac9e460168e6c085ff0fd5bfce2bee161ebf5f5cca1983e48922f93a70fc4cc18d9e154216286912129fdc507595aff7c5be33b2ab4bae5f64
-
Filesize
1.7MB
MD5efab7edc3e3521decc88a4f709aab315
SHA1cbe9b817c3fe09848600953640d774db3f2be290
SHA2561742092149c3306aef3c42a0e60925468a9d7cf0163b3c00d6809ff6a3c8a5c3
SHA512c4b1f614663bd186ab5b35d72022a98559b3d7255797095022955a90d774814748b9307c26a1876b35afcc5113efeac3e81d8422f991223033ecdbbe35511779
-
Filesize
1.5MB
MD5412c054e2dcc7f6df7d87b176eb7584b
SHA105e7ae33cd469be0d8b3ffc6c3637895d00ccd7a
SHA256968c6a9f9f67df303e61f3f7e5c59dd5fc7bc8816ff7b8d0ee867ec713a049f8
SHA51281415f57f6c4a00589f6545132c30c7be715ad80050140b67d9023eb5215e6a6fad86ecb9830b8507b8040fc3b214a515e61d468eed42a46690f476c3ec6fce1
-
Filesize
1.2MB
MD5c6aee0064eb3e7bc71d818314da1103b
SHA1eaa167b0d2db20593b23f57a1cc4988a57b02411
SHA25696aad930aee6a33b41727d0147d1be136e6aa7f72321263201730fab6a314be0
SHA512458e1881cdce7a028e528937a5161e76f95786dc8dd6ab08dee37c0039564e282a515ca8de975b3f2c8fe7bb9a6f1841a02c464c2f286138d91f3a9eb2887a01
-
Filesize
1.2MB
MD53673a44f1ec55a7a2a483f7bb6f70b62
SHA16f1e4330701440306045e5e90f171373515d610a
SHA256e53e4d60c50847b46464ea8e0aa89c5846035fa11e1b2e72bc99efadbe3e0e7f
SHA5124d208d790676223658222e3723b10638505510a2b86ee33822c08483e81ccad0facd9218ad9709a9fff98b2748a7fb8c86cced1f89bef116ba34ab8fb1827ef4
-
Filesize
1.5MB
MD51f92fba17b8c17a88f52ec3f7e37cce0
SHA1c3bdf596cbd61d4b78e9285f02788edb3a014a11
SHA2564765781456808056481a7a07fd2ff99f6648b02da355461f502da1bcde47fbc3
SHA5127a562b5cb22c39174fa57210c5c9a76ac0759a9f302c24975c25fe72ce6fd91fbcccea76ff83997ffb61cd1ca582a77dbafcadc18dd30d12baeb42c3d6d5023a
-
Filesize
4.6MB
MD5f44af4ece404b07ac6707f47ed1868be
SHA18f27238abf64b68c6abcf8de181a1e89dacff5de
SHA256bec200d1a4674308e73e98a4b93818ac67bf1f2a0f3d278f77a8df5e07771243
SHA512bb93a1ed945d2c4d1e00ba3a9a46ef64e75e9cd04022c871fd4e1f94d6c4466ccbc2b74607a429bb4fed675e243919d0e0e1145cc905f066e4ed1a9fc6893005
-
Filesize
1.5MB
MD5478a3c6cbee607d3a77eeba77d4adcaf
SHA158d5aff5ab1616d5acb74ef7635f8555cdea58aa
SHA2569a99dd37a54218ed4395e25d5a77a9e5622d69232876ac764cdc6ea14fb5eefe
SHA512ddc5242dc62b400d52e33a32da4ff461d5309baf9c32c76e61cdefe5a801f4336674bbaf443fc3590ee0fccdf4fae6d71f6c2e8b2633b6fbbbc29cae4eb0d118
-
Filesize
24.0MB
MD5a3be4958fe34f2708d4b3a2a876ff59f
SHA1fa1973b2dd77a41e655b9d6b50eda4e2a239729a
SHA2566fe13f5b43312a089f8a5db2339a29c1ad1654d82e32b1f1f6ce17ad00804e05
SHA51210768de637b078b78768fe317ab3b2a585fdf441c6ecc510f944bf6e790e6726364df76cb192cc592fed1da359370887e588db6885c6a4fe179b6de2c13c3f81
-
Filesize
2.7MB
MD55510bf0300a25f15ba84cbe5b32abeaa
SHA1ea65c02f98d80d0d3747c7152f4040ca092283fb
SHA256a3e52a6a30329891433b34d6a750c146f7ff6d4a59afe7e198d65374e5983ac2
SHA51227bf55fcd416725b2800ca15422682b79f6ab2e77471b0a328d53af9bbe2066e516b8f218522625b883f8dfb96c7a1422a0145c8271da738e00533a7e65f389d
-
Filesize
1.1MB
MD598517d6b6f0dde046c929b854fdae43b
SHA14a9d090d9ac0803729fe782e3ff9ac856228147b
SHA2565895977dbe96efd04d172ad47bf55ad94ce241b803db48e9794a9a74294f728e
SHA512295e4413748390e0fb28c9cdb0e56d07fd4426737a1e6d1151aaa63f5c9965307fd649a30bfcb02563257a4284653ec308238aeab95117c29e81df89db017943
-
Filesize
1.4MB
MD5f713070678c74631f041f51903a787ec
SHA1b74a1423469430286eca7f36e15018c820a2955b
SHA256796b0ae4705d1d0320aad11dbc4925a05e30cef27cc13acdaebe15543285fb53
SHA512cf24f0da27ead5462e121dd9598989a3e56b80442f4ef4cecbef7e72b8cc6d4ce00f7bc3ea1057680324b47d85133d05e8d92f234b1988e5d4452faf74d50fc7
-
Filesize
5.4MB
MD5ef56995e6ee704a239f37772f4719f54
SHA14b510629db48a8dc5a1bc834f00dd51e7462ab7d
SHA2566285e7371b6d3734c139c78caac297eaf0c782b41a97a051cec80c997e4acfcc
SHA5125eb17c8a327354cc3166703789062f5932b8d8041d1846aea5b748533020c1ce2e43d9db7323f94fb9457692dc86f668002888bb50e91da3f4c2d7ad12b26685
-
Filesize
2.2MB
MD50b87423698cf45096ae36efc020f9ef8
SHA14e6fcbda7e4966ab21edbae8487ee345de2e0cf7
SHA256e0113f1d0195a718473dc610503c4dd799934d33cfc54096ab09ad1ffc54725f
SHA512f4d7db62bfef131de3851c0406c091bc2e6cd25b130fed6e8c74a96b4da68a73013181c28f1f84dcf57640b3339fa14aa5b9e888d56cb0f43b45e70f845a7fee
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
1.5MB
MD5b67058b269b3d62ec7ca7121838c7dc9
SHA14c179c255524f3877810d3e73b68f8a10ff3e942
SHA25663012bd4a1f0f872f4dfc2512f1743e9581a0aa8dc3b768e49621d820554da25
SHA512ea4d0789f0318d34ecd2d3acbf194758dbcb93da4bbd33bff18b0f2c7f8790e25aa20016091f7a278e327bb5ff3ab2637b56b692a634337960b5bc26fe08882f
-
Filesize
263KB
MD593d92ca963dfab82d22ec27f05269089
SHA14f4c36d84c9a45b9e7df0eb2d4402fa87cabff38
SHA2562ffc0d041530f2c7c39d4e01df79d368e427efbe051267222094a79831a94bb2
SHA51242508943a296f27a521e6df6dd43c80c80cd46827a3a06531b1e5ff15b750a321ec88710dbe26fb2b165398b47b3ec6be4322d03f0a2fa3a1390ccf07fb9c30c
-
Filesize
40B
MD50cd429098412849541cb95afaf497de7
SHA134fcdc8c1708981ab8e69a9ccc50ab898d7f7df3
SHA256d987cb1f82d1cfa20deebd5947b3ce1b9ae9ca25cb7df736727c507a3a17700a
SHA512955809ff9150048d9b739222dfe4c1cc7b4f330cab2858b74ba1b8af8514f1d97268812c0ef81a3d926c9928fab845515a0fbd834a8dd1d0db39359001ce5f03
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD5def7b55370bf74cf74751f2cd0ffb607
SHA1ad7ae0d8908ff5ad9958f59ac8634afc018ff0c3
SHA256fce1d38fe5a4bdb8ed1e446d52a7aeb2ebe57a58183112c3469cc4abc7bc893b
SHA5123626e717b65da0dd7b4f964f8c97895ad376d89319d9946784e0fa2b9a1bb690ee731fdfda5aee72508a4d8c4a7027cf54b163a0c316c89a62a10fa909bccf9b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5c872120bd38c01c7e842ea10e300275e
SHA12e37ea3ff1ed0703337803217a3f8f61bb004be1
SHA25679bdf26d852bc26124a7c92473cc32a9b1f6823323119edd7806f44253c75d9d
SHA512d7bf1202ccec2eb5b0afeb7ff75da2f2860bb8e8bfb5b89195e3c85fa9489897db5c04a971a49dd6b51c53776baa23598d3515cae05db3d61887b20a7e2ccff1
-
Filesize
5KB
MD5a9b4616dc07ef44340e12437023d1c38
SHA1f119169cb44ca71f446d56fec63e39e593883fa5
SHA256be424b73a5f777b13751feae1ea3626a0d3cb5d25944cbc3f2e611f385713db1
SHA512f45572d18dd10975c538b60b54f477ac6de655efd0bfae187251a70f1830898c3229d3b83e52e41e51284cb57cf8fef840bcab27af1cacbc33644d03a5cb3cad
-
Filesize
2KB
MD5411ac782e18a3f8947b5bbdc13773829
SHA1d9a709bb6b79ade9df4024e8fb6e36190070bc21
SHA2560217b1195d87db614149675e331d00b581206641c58f6c7cd8cadb92e718f8cb
SHA51203cff6f4f72f375b34a35df614de1c0837ec423b3b232e5b863a2d85ccb2f2bc025d1954ae0ba9d117930a84e7fd1b44bc82b488e5acd58370c36e9c24717d5d
-
Filesize
16KB
MD531b23ba009c598796ab3c2dfb7e8fa41
SHA1162393d7283b44f179b73c1ae21c18f3fd25a479
SHA256fde17f082d4ba61f90e2b0d5ff1eaad9e154a9c8c6b5409ef07ea6b28faadd98
SHA51280844383dd8a66a630c888340beccb7f8ca320e71d2567ba375ce8ce7267850f2e30d3dd2779bb883dea0d19575a786f49efab15b8c84924d67d9c79f25d90e3
-
Filesize
7KB
MD5673f529fc7d417569881fa0d1e24f2f5
SHA1fe9ccf37ea6f09d9f72e4cbd7cc3baa4e22bf6b6
SHA25683813f33fcda0ebdd02ae38e04df5c884f10b381c7ff3bc8db9bfcae08a2ba3b
SHA512ae83d33f40fb92ff47f305974f1c678304cf7dbaaaeda588ec2d3d55a5ff30a542fea1d577e43ef122878712fea06fa0736017cafa643918ae62b33b135be9d6
-
Filesize
8KB
MD5251e693ac931826289d9cdbfaf89ba30
SHA131b39d937c99a617da88dcd032005099e0f0ae88
SHA256490bff5a962185a62a6f9159d420361bf04efaffdc9dccaa15dd942e10433789
SHA51254035f18aa25e9bb9bfa39db865ff698e09f7ce2206852d5735ee7506bcec40f46eac8eb42ffc8146b106668db776285c615d2606623322e275a4a321676c462
-
Filesize
12KB
MD5fba82bdfecf85237c8927a37d970288a
SHA11d9e017ea88cff8ff40c6872a1e1e8274ebb323f
SHA256c07043275bf82bb8dcaa3937c107da9365ad8fe7022127721e51da0f37b37b33
SHA512e0deb227a59e82aa3c79c63f2f1eb4847b9f220833603cf568bad98f220895c556db0899e9f094bb19b8a75517f17d57b34ba626b7cce76070099b29909abb0b
-
Filesize
1.2MB
MD54ea8f83e999bd143dd0869136b1ac10f
SHA1c30ff9f5403b918f6d0c1c22f45f6ed1278a3bc9
SHA2569dfe80b86e3ccbd2eb2a0ef42c85cb85174549edb6b3b4ce2519764227c8ebc9
SHA51278fbcfdc9e01496429f837b77452d87eba664630be03c756f867df8a0641547c0bbeb7b0c01870cef4053f3e57133fca75a33df094bff0afdfa5766a6c4a86e5
-
Filesize
1.7MB
MD5f208dd376348607568229f1b099721c7
SHA1d96b9446d255fb494972ec045e3050dbbe58085a
SHA25627f4248c2f74fe502413d22291b82fc6c218cdba2a361f84fb52d5ade513da91
SHA512f9dfef357e95ba02fcd02ae14160b9addf34d0371ad653bb5dbef66165a9687634730ba8885b6c60d4667a92c50c7e979cd6dcedf0da1445ad55da17a11f2116
-
Filesize
1.3MB
MD52129c09ec45e47d21e10fce3fa6a3cb4
SHA119479c2c394b0fa672e235f048467dd669ed8513
SHA25641a02343bbaf9f055e2ce267eaffcddd8d285d78308b64377102307c6ba3bc42
SHA5124fe961ca39c2bf77b3fa3f3b2bc23cf50613d50ec955dd98d597529bf847e89f135bac6e77ed4efb1f291238c34db599b62d83d897f62391788abd75c959865d
-
Filesize
1.2MB
MD5f543f68827c69ad76814e6402b4d2abe
SHA1898087920106e5f5d822e184fd7ea687856a3a7a
SHA256becb2d97b7254c4e4cd93373278727ecc06c077fbce776d9bb41a4ae3fd57430
SHA51242fcf5d83d8399b8483bdae7785682578c9d219ea878ad4a252a6ff935a9617d4a6e7b3ee51da6f24e488deae3aa43770422d385b716c014973a8e4322a3b343
-
Filesize
1.2MB
MD50d08786b27872257d701dae6329758e0
SHA110dba3dd2b8ba3cf552bebb04485d3e650b1c5d6
SHA2562c20249cf48aa9b3fa8b412d4c858621a53d32f4f2069efd5d1a8323ea552e02
SHA51233f11d8186a3c77dd9c05e409bf258a7a5641193555b3568ca73d0b64bb5413f3d10e2eb4ba31ed230e49fd5a5831ebf91c1c67aab67cd7c232518613f0db009
-
Filesize
1.6MB
MD58e3e0ec5d630f7e0550ca562d48c80ba
SHA1b2adfb7b53facf6227f76140f100efdb9b30e773
SHA2566895a5bdd8300c1bc0cd0baf5e3c1b26a295958a42074417ffef83598dc3c60c
SHA51255ac1de779b0a7fae1925edafebe98903e4af37a84f3fae579a1e45212038791e8abcc7febae9b9617e682838580b09a0e18b5ebd4c55a62efed3003fd7b26bc
-
Filesize
1.3MB
MD565ee303b84618bcc8831cb1e0369e474
SHA1e16d0691648446bb36f8b85651a7c903eb4d3118
SHA2564f97d036acc37c5b6081a11d55b47f8513142ae1ef1b30a6a3994c12818b6e16
SHA512151fadc0e0b20c62e41aa8514381562801499f417958da7a868ee1d2f7575334e610a9758ae559bb1d5a90fbef52da86453fe868ae0aad136d238d7506675732
-
Filesize
1.4MB
MD57a2447f935fcff9a5d129ba587095e22
SHA196442d2bb7b9b48e134d32d6cdac92b8ebcb1e71
SHA25650de0bdcb53739a868e8c141a8dd51bbae3477e678c33967a1db7331b49bf95b
SHA512d4a11b57d408aff5489bae29f115c02ffbfaac544a2e78caad7331414b1e4492b93187a520baebb586edeff25f34f835271599f4c99c3c9fec9cbed3dad60fc0
-
Filesize
1.8MB
MD5850bab48b34d2d048400e81a3fbe251e
SHA14161ced68777571f99b230d894171965d2c15564
SHA256130c1fc228dd0b6a6d40a25442e3a9e6d0a580ab31cfbcd2d08ee76472e0215e
SHA512880476cf8aeec33152dda11fc72f7e4f0d3964934f21ba26905a08fb14e1a5aa87e0a152edf992bd7e3fb3569e77065c3ea123709d200ef6c3c463e7e831071b
-
Filesize
1.4MB
MD59b2e1eac420593c443d4dc7b51c79796
SHA1e8921d786a606c8ad0fb73af13d02cfb65890284
SHA25674775872233946065569c91f429740db50c635a8bdd213433891e9729a78ad1a
SHA5129642dada14a46c03ce5e2f1b0adce2c2306ba298af1b3a3085083dcd8b10434d7749813cb437a90b842b855a9bc5d85d75271599af457e8d0e0e07c2887c6968
-
Filesize
1.5MB
MD5a1461dcf4cf76925afbef4d954387246
SHA1870b1d2d3576ddc610a64610adb4f91d9453fc30
SHA256ebbf73863390706474659a2301cd2b498c95acce41d4bfbf6865981a29b279a7
SHA51298e857fd07087b134ece82c3e683789c8ac5aa3bb4d6021adb0a1029ae90b8e501b6849c873fe9e72a07a8fd5ee2cb4944c6eb695306d7159c41e20df47b086e
-
Filesize
2.0MB
MD5f4d8808800dfaa04ef77af4c8796c094
SHA19733b53302343879d22cc8f5c4c1e7f012cd02b7
SHA256d0bf05fd1289d5abf07334ebe762732f4b2b53fd55a3029d0d6b4e911095039d
SHA5126104e64a5d8b2bc97378b507ea7c36c04979f3efaab2136f3897302021eeb17a310123bbb9dc88615643ffcd9b305f451db2bbe47bb4347b0c038e92421726dc
-
Filesize
1.3MB
MD54af6db8dc48477ebdce17d404562c436
SHA111a886e93377d7d470ffda868011b8e6dd713a93
SHA2563aef5921677f41c25090cba43a434e26fedd6e09f42553643579fde3c972e426
SHA512668c9e637d28993e50015d0be6aa4d8fb403de3fb6892bf21d4d86d4f4a4133cdf025168f13b943de2fc9709bb763b586476efcd1cbe77796a1254bd191111e5
-
Filesize
1.3MB
MD5cc5e0938f231b2583a990cd78fee893c
SHA13eadf2674a3762d9db8572a248210c2126ff5a88
SHA2566c4154a9e9d58bd24d17e26b960d9794af7c583e50155210e4117d4dcfedf0b2
SHA51244a5ac23f20f107ef4c716f688ea1a9e92bd604e059bbdd74a27d5b6d892f29f3bc18bde4192fb49c9a30d693d158abc16f2c94af968877f13ef496110a7ef09
-
Filesize
1.2MB
MD5c03a952d7e76e630378d48e4469e4e55
SHA17267379436f620ce1fc5369f8ed2da1b9693ebcc
SHA256932323a501c1f56e73bd3e36c8bd930efa784012d7952464ae55ca48c049b374
SHA512f351bb3ecabcc3b3b5de6acfaed3cffce30cd86dd3848785ee624f12ba4939aa9f00ecdefc6782ac1c2c42562b52122eb9e5d546b3309c7eac9f25760fde3c71
-
Filesize
1.3MB
MD5ef1463d10a08997f59a89f020c3f7746
SHA1cd10a4ad6dd6689ccedffdbf71e1dc6418b5b543
SHA2569f19edeb5802aa4e1321af851d286d49edf2073f1b24d4bfdecc5b7ab8b333f2
SHA51295e28f1a52c888d1a6b5d7bb60785e2ddc3b47cf1b4164121a58760f561654d84c57fe694bcbde3a2417e21521b8ff3cd65f26868a3948f8182d75a6e0737059
-
Filesize
1.4MB
MD56ff5a6b1079e0635f2f0086efe4abeef
SHA16c9fdc4a4eef59c1883b2fd04afe11510c5bef93
SHA256aeff6aeeaa872b0a31e44ebd3b65d58cf777e22c4df90837d0d74ce44ad8f9cf
SHA512b952a042955f056791daa166cc23cfbd05134c5f8f66ef86b9af641a49198446b87645f6bbc81b8f6e644f444ef8e2647b09a453ae563a4684621386139f97fa
-
Filesize
2.1MB
MD546fdcfd6e3c233d5c6517e91513f2b61
SHA10765e1906074917287897cf1fda10b0c30723f09
SHA256f6facb9861413e42bb8bcaaccd3f9b2342a04098eb57e3217e8e17473102fbce
SHA512554b903464a53f5508ab063b24f95e1256813075ebc160a0270ebed1e29ac7f83b4c1b925e9bf88e73ed67bd27a97c6d1479823f9df8bb1cfcd7e97371880348
-
Filesize
40B
MD54d858969f9b63ec4e90b337affb40980
SHA1c5f517b47ddc66cf8fe32495fe14e425f905c252
SHA256d228412aca7296096c2db6c01dfe1e83ca0db6a7fc2512468473c94bbc3e50f9
SHA512df058b39862395921f86ab56ac87eec0ed1adb201b988f3bae0fb037e14a1c33d842b7fac2354f0daabe15cf41c5b6757ed9971dc8237e7a5e9377314c6b972f
-
Filesize
1.3MB
MD5c7de663340901beba9d07011b95572fa
SHA10c359aedbdec1cc11b076659972176ba79e89c26
SHA256cdbb7a791eedaeadc809fe7ba0467b5e1f68728f01109f26bed57f5ebd6fb6e8
SHA512a3bf9424cf0d0ec3859fe5add061ee5dd5cf0a29a16935c6fbf5efd416d95211fef57ff0fff3489f9007e1fc2b1fd45f4b159d0946aa7b83c41be3ab09d72a4b
-
Filesize
1.5MB
MD55ebc971ec01920d93ae94d43aa107460
SHA138270421ed2bcd13208892c642fd3907ad7eacca
SHA256c97eddfc9fe964a22af93658e45e75adda3b31b53a8276cbfc359b15cff1a1ed
SHA51231581e27da8f1d1d94445c8a7737fc1ec866c0b6056edc0282e74a0acb53a37ba1c810dec72609c3deb6791a55bb216a9a8c8aca4e50598e16a528331d40499e
-
Filesize
1.3MB
MD5fb0e88076bcdd816a143c6d6ab646ed2
SHA1c7a6aac15ddd23752eb390645625db02107499c9
SHA256b69e43072ecebc63e452b8cbecc5c9723de355c83b3d2371bdf8d92e0a6c5c01
SHA5127243ea3d5641ce270e3731f79348fb4bde8171d39ac3327cfd6a28a04132e89a7d9fc5403ba12c7ddc25c03f4b4b67061e78ba5763d905896a6c71ffd3c0c0ca
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.9MB
-
Filesize
2.0MB
-
Filesize
2.3MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
2.0MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
2.1MB
-
Filesize
1.3MB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB