Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/06/2024, 10:44
General
-
Target
2024-06-20_0be9ff0dd5bdc1e9efb80187a5ccc0e4_ryuk.exe
-
Size
5.5MB
-
MD5
0be9ff0dd5bdc1e9efb80187a5ccc0e4
-
SHA1
24f1f011517fdf2502593b59186f523bc7a9d4de
-
SHA256
aef8c72aaaf8e72b6e10af95db0e7925dc9b0f4679549c7d275c919abbb65583
-
SHA512
f7658289b2b41661f97fda3b4538f41b4f815efb87723ae1b929eafb93802125a1cfdaf588adf7680f2cce46c013d401d4012600f70a7b4e9319b4cc9c674878
-
SSDEEP
49152:EEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGft:iAI5pAdVJn9tbnR1VgBVmFU023W
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 24 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-20_0be9ff0dd5bdc1e9efb80187a5ccc0e4_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-20_0be9ff0dd5bdc1e9efb80187a5ccc0e4_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-06-20_0be9ff0dd5bdc1e9efb80187a5ccc0e4_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-06-20_0be9ff0dd5bdc1e9efb80187a5ccc0e4_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ffaa37dab58,0x7ffaa37dab68,0x7ffaa37dab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x294,0x298,0x29c,0x268,0x2a0,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1872,i,7713982022425239808,4952909084767971323,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD55d80ee61c79564f708935528ced17411
SHA1afc3543c769dc02ca97f06e8a411c5d4b8e808fd
SHA256604a31c2cecd855fc743fc6e02981af1210be48be951a463c598c68f309f4b24
SHA51245cf071c582240fd5418d86c32a6b6e4d726d8e7759681fb1a960614611ffa88c3788eced6845dff1ae96cd4970555fe3f0af540c77af300d71d127aaaeaf2aa
-
Filesize
797KB
MD5c25a7ef5ff6fa3de53c11c427927aaa5
SHA1cb06c5084ee58188212b08fdb11fadda61051a80
SHA25645aff1890470451e37e6f2efe0ac8cf1b4483f9ccc3e7d10260dd04029ab3944
SHA51208e8a1452141d318a87d796d4f22b9820be387b8fdc8f280c6c60c79f479ecd1a027078a7c65293812e50d63f020d0dd08e4fcabe7d93f9a35a3ae7ae607caae
-
Filesize
805KB
MD5444bb510f3b6b688bda8b358e2cd2ea0
SHA134e5e05be9b80cc514849e113b4328ab93632387
SHA256058499b0d95465ab32bad57daa573bb4ef12db37a8a008d2dd85e09d53e9cc87
SHA51269224b20724ad59e3b22d26105efe45fb1c8f3fee08a4bf869709b23440eea55db978ee29361459d92c75654eeadb398750540f1cb182a61e36b975ea20ccd00
-
Filesize
5.4MB
MD5017caf955b20dde0610e23ccc3ea197b
SHA19a67fd388ce287e4a269d466b131ef8229b37d08
SHA256a547928dbe295ce6c1ab5019c5f9bf1de06f40f10ca43993c3a5eaa4b9bfa9f7
SHA512e30209ff58c1dbedc91b2160d5fb8a084b3b8a3a079bc4f37ba7efadc12bb0dbf6634e24c5962ff24e71fd2ed1cf5f7c3553fbcbc4ce7e6d487b560c501fd6eb
-
Filesize
2.2MB
MD5e8af62ef794efd170397f852172e0419
SHA1d9f53d51c89f76e812b6aa168590540cdbe32489
SHA25684f9f0014ca0c2c5e097031f170acf618f7864ec0eaa3fb118697a5f62643532
SHA512a7e6bbf60e987a9ae4aacdf50bcb6ccdd5e7d006184ec1aed06881307b876d7386e99c8b0820c75867e1d61ff5a49416c75a08897152daeec90fa99180879cc0
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
40B
MD523e6ef5a90e33c22bae14f76f2684f3a
SHA177c72b67f257c2dde499789fd62a0dc0503f3f21
SHA25662d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790
SHA51223be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
5KB
MD57a270895a246b49c54951716c477b0d3
SHA19d9f6021567984b20a982297d7f915c2d52c30f1
SHA2565626ff55c40526bd9ce531dde521d158584a41cfa5075bf9a9faeb68da52d949
SHA5129f80e12e8b829f41b05849274cf0b607c95c21c038425feb94ce1fd1c6a28476da503eef1d099d1f65aa6c19fe17880c50ba618d403aac843d002e7e3888bb45
-
Filesize
5KB
MD54c5e83a31c7d4f515dc9fd936efc968d
SHA161b063a561b53a5db6d9e8e23f8d4a4ed313e4c5
SHA2564a536cf47bdde28197e4887bc8476bc0aae9719897d85029ed69af20ee81f502
SHA512e7a1f7dbc430c4433c105deff633f4af322df2c8112f25d0bc7c53c24c0f8e41fb7e36bd7ac6aa35459b9e6d855a2f14d2a82a36bb68b9b4216ce7a648dc0f91
-
Filesize
5KB
MD50e36c23fd0cf3afaf712da670d1c6a1c
SHA1cf7b57ac2683c3f118f8e95b413b47e066bb06a8
SHA256a076fc8bf8f318e80658fad4af7862572cbdc41d4901aed64ccf94f7ccf17e6c
SHA51242d62c9353b20f05d707b3742a63ec88b171b0f40f93c2f36823c56590f2ab5a64c4ba971a5c2306b71f0fe9a17f7ae4c84fd232f08acf852d423b984ca56ac0
-
Filesize
2KB
MD58441fa327ce1f6c12f371a1535e655be
SHA17ccca62179f1eb9a2d47c3886ad8ad4bf5b15071
SHA256975c8308bab1dce91143c9ad18effdd216bc367fccb3195ec2d4fd50177d2158
SHA512986088d4595dc5a9e166ecc0b439a878a24d512f236b2756e377050c0cc7423143d3aaa3033ba5163b28fe8551313ff985d6df2ab109117186e878ca4a98d0a4
-
Filesize
255KB
MD5c415e408302e34ce933123a4d5f99e35
SHA186cdc0a676dbd3e8f00c012fb403d42f9c2a7404
SHA25617ee5c0f18b59e35fed7a9516a8ecf74baaed2f515630edb01fd6e7b0405f12d
SHA5123de6d989f12a71e61bda9cc5195d25f2f7a922197af046cdabde6ff8db4672ab799b8dcb294b12c07c53707381084e84b532093ed4c5e30d0e0236c562dd2b1a
-
Filesize
7KB
MD51555ba35deeaa0ab2bb5960fb2291883
SHA1622d6416219353d8b28c157cf5fabf09e43c9a75
SHA256c71379617588adb66095db011df4d26dbe2b92c1f36236da911cdeac9937992f
SHA51273356498842d1bb8ab7db2e019eb686b53a335a7ce1e1f1630d314fbf422e40138b09ac55438ae1c56266414642ca35032a3d7ebae9604f688a35cfe1fff11f1
-
Filesize
8KB
MD5ad6d4d7c4188d621d14fe121065c5ce9
SHA10ca2aec32709f77b29f16675d3e672ea781fd631
SHA25641560399e5f612902c93fd20fe8c38273a91ebcb25cb1b37cc42d480ffe4ef5e
SHA5121327c9762e1c71a89125ae9991c85ae25891690016e18171f75b6737021868b5b43c159efedc042c8946982504a16da18bdf6bc172632abeefc1fa8bc8eb9c88
-
Filesize
12KB
MD5b61ad977997c0ce39f99675b71f92dd9
SHA1fd4d3e5be1fa11e18e1856556839f8e7e50cf8ef
SHA256fcfb44575502c9a3f0187dc8b6a1ce872a9957952ca73f13098a06e7380232bf
SHA5129f8c46869d8f031cd7597a50b258f50a700bce5b0cafbc995f3fd689f89eda975655b58bd21fc27db227d90f298687cf1019153a1b4d9b9b1b574cdc2a35b34d
-
Filesize
588KB
MD5da125604cf3fa9864658d0ac65da0444
SHA19d48191a21e56ab60422ac441820139d068f9ade
SHA25651a9334ab3e29cb35853874fd08a9b441b2343abd48d2f1a337f9eba95c8b0ed
SHA5128afbe5b82ccbe468da677c4b16b6e9d09bddf3445aa768191ae44f5be3802f7c9f50621280382e8be02d26cce4986b414545fd907da8cb457200cc269c96e07a
-
Filesize
1.7MB
MD53ebdf79d9ecb0fbe06c5e1d02285b75b
SHA1c848dbabded066bbad84846343cfd5f4a4b95e21
SHA256a7a2a592614ed66b7df61337be8a9ca01422fe53ed545f091cbc74290b7342ff
SHA5120f27ded07f9de11faa866f3ccbd329b1685d1ad13a40d0e8bcfe6e358d93e8e881782eb37a3c3759fce75856e7b402cd6a13673b9006e2585360e4d1ae96ac7a
-
Filesize
659KB
MD56e5cac73cb1ee5fa736102930dc51538
SHA1ee3d3ace493bd4eed764654ef6b5eeaf00a44677
SHA2560e614149b8cd25e2f30cf568fa046f48d59b0a44d18f08d36f8641284301114f
SHA512d9c7b212564917b47746ca702a24596dcbc4b28b770ecc7aa7a59dc212cf819c502621d8b06e811ca815a531afff29e7e98052aee175aaf5198f1a20a31bab90
-
Filesize
1.2MB
MD5e2465d252b11d6286cb7679836ea412e
SHA100391cf61c4677daec6e4f5ce3739e04d30d7dc2
SHA25626e1542fc55f02065059bbe51b972ab48a13be47968ed7f2ab771ee0b8c10563
SHA5123f22d3afd961b756fda345eefcad3952589940b6116a919ba372cd5de6938665ded748bc4570c1ac8720482479b7072d786c3358f00ee1d9398b7a055c7bd0d9
-
Filesize
578KB
MD5a744be73a2b60d3c0bd4226756026aae
SHA186feb3a3da9e741a61c76174e4a35073e311a53a
SHA25690426a596aa2d42b0012ab043fe807285e1fdfcfb9a4647416ca8b9771285c9c
SHA5128f2145e8cfc707f8d78fdd684826bd4d2917b8841c78f3c52e0e52bae9fd368ae92217c2f3a8b9b05e1c8fe4ee38337aadc4f8e4ee7d069bc28a20ddb5123f4f
-
Filesize
940KB
MD5028d5627f3f03d7109eb0a1962445476
SHA1579f0bd0ec0bac1e429b3a59477c7fa4a3ae04d5
SHA256a2d832f128e40104e26560a21b9a428d2c87368aa186cf8cc9050af04d126b59
SHA51258fa47a95d3c1774dff2f33c15e29238be7c9a8940741babedcaa168be3145209ad65cd7d0d4d47542aaa7632ecae4a95b5a82e7c0d86fa7239a260768d1739e
-
Filesize
671KB
MD597b58c1769abd78b8188d2c3c767fa74
SHA166448dbd87917ed6a3a584ad03cab04a078d7c08
SHA25655c56045d4609c023648aa72627aad245313d964f3db40bb6615549932e0c450
SHA51238d4c6eb5dcf72d5ab07ffd81e778b65b558c2e8ea88fe110051ab333dc463854cb91bbb9abff97650c2bfd33e88f720939ea66e51f6e75ef84d8077c30cf23a
-
Filesize
1.4MB
MD5ebdae981c9d918eddb2f25ccd2dea01d
SHA1eca3ac025aefc8b6e8a73a5c4fa396cb77ad4180
SHA2568b77f806a168dc00f5252e76619db69ac169c22661ee0ad48866cb0a16412f12
SHA512900b143d205f992a1ea20f34a63cabeb994dccce69c3000aac2b91293f1e83c3a8add58a5e639760f9f063c9d5aa5c1e248db66456b94316f69c8f5ec9d30080
-
Filesize
1.8MB
MD5759df105ffd4cc0e012b894c0335f15d
SHA180837fec3775a9b3fbf191e825d262cc01e6c845
SHA2564922ec61101e45b1ecc5275ec6c21f24a483865ec559f82bba017ef627064575
SHA5125c0e2703b0c5f666624fb3efc646bb3a13e206227ded7ad2ed97987cc3a77b940b948131e368885e6172af46ba9ed361aef915abd5b720bca3a06865a06f21d5
-
Filesize
1.4MB
MD507275fdba359b385e3d8082db9138352
SHA1431cf8fd4386aa1b456ddd8fa7ed3ee309eb2d49
SHA256e581a93bb9f4dbf499cfe6a3ea723f9a00e1c0b63e3ca5fb18f3be9d125e773b
SHA5123bde36944eff71449e4a6c5dd9eb239b92cbfc691fc3ff028bee498d9d22753159ce2fbe32953b3cd14451d46b13879f3955a6b8e305236b2f454d657d81f67b
-
Filesize
885KB
MD5d95cd401aee62149ef8ae7013b11276c
SHA1bcf8d67f2add1adbc5a0acfc0f910cc65718a158
SHA256297074f63754c0f51561b100949fe377203e5d306e7992eff6f282f17db4ec18
SHA5129269a90eec52f80fca704665500beae1f388461fe09be95f0db0a981c9428a8c707e681d4cae402f6459615f9a19d2c63934a4602528d70fbc17433111ab9538
-
Filesize
2.0MB
MD5913e45a62328242d440fd519d2e729ed
SHA1f8c59a9d7be452442549220c678afdbaff7b7d75
SHA2565f62684057c90b2d73725a52fc77f17921e4e825c148565ea962c8c0765a1d88
SHA512d9bd94872c541b25bbed0db6a09dc65e242b79ffdfb51357e4d9a57c69ab71e10ee113e300e3e4abcfb447874374f9e69a3e7f7b80c1751f5f5ed750eed4b138
-
Filesize
661KB
MD59d6918502df130b0b0a064bdbc14a27a
SHA13b00009e8e928ae7119e007d8207d77073f6ee41
SHA25640cf555434515f6f10477c493442e735132ae716906205d4cae21d3442aae114
SHA5127ca1a46448f3aef6a48dad2035397bd3d748b6bc17f9210461b2a919c28c43b4be7787421fca39db13a5c889b43d223bdebfb4317b5f067cbed33dd564740686
-
Filesize
712KB
MD5d9a78774d5050e173f4e00b704d8aad1
SHA170a63416162c1d03a8f254cd6dfe5f4a70c1fb21
SHA256bc1c9356282f1d41551ad7be8869747358716fe638ee995f86c303caa07b6265
SHA5122d38d0add3a58a74df80acd079324772f771899e265ec3043dd3a5605241a09cdac5dc4207b44f36c17720173c1d53c9ba220bcd5a2164102b83945f92785896
-
Filesize
584KB
MD57c8cb7316ed63c3bb2a40ffb89055852
SHA11168585e674541f3c2bdc4f2a597242e551e48c7
SHA25637bc5fbf51d863b491c888894448e325b5acceb02f119a8cf404722217dbc5a4
SHA512a93da6bf33a67378e15747b27e50b60d955ec836160b82d6f005d6e4aeea3e8cb77e52b6c9880f8128f622ce00000639a8c93527ad21f2bac224ae44b053ea25
-
Filesize
1.3MB
MD5cae9bccafea1b94e079eda18beaf022a
SHA1b049123e769c637cd2d8213ae20433474e23ebee
SHA25654c6960e88158871bb0cc05aef8bb5c95842c509696af31864b163e74ad68665
SHA5126a6ed54daecc36a81abfc0da8a48e2764cca622583be3c226c4fecf496c60ef3a48dd91f86b7953c91b2c0f4f38aed813db9f9b7726c5074773517a25de6c6cb
-
Filesize
772KB
MD557c48fcc83d2b9929aa722aed04f2480
SHA1293697ef8abd585bd6a44c460a756eff0ae7a45e
SHA256c8199df1eba92668490dcfca13a74ebfe06ef7a929d3187037861a18c7f6269f
SHA512444d272a34629058dbd3fe8d2e742c03bf4eaa152a94400092b519f6de355a9a7ec040c8383268e350136da9b7a6202636a9a3a179db3071af78cf081cac325b
-
Filesize
2.1MB
MD5bfed953d467086602d736ec3e1524343
SHA1a0056f7d2ce8629f2216745805804769dca1db82
SHA256f2dda78c12e61eef817de5437320cd5cc12c02dd131c882eeb67e33b9aaf90db
SHA51210bfce9475d207269c159043141a540018f8a56617b6c406075cff332db28f72d5e060324f62494f27c904121667e3dec391860513b7cdad3c8e0c0b197a7084
-
Filesize
40B
MD5440112092893b01f78caecd30d754c2c
SHA1f91512acaa9b371b541b1d6cd789dff5f6501dd3
SHA256fdf37f8111f0fabb5be766202a1a0b5a294818c4c448af0fec9003242123e3e6
SHA512194c7b90414a57eb8f5ba0fc504e585ab26b2830ed0aae29cf126d5a6c4888d508c22984aeedec651c8644fb1f874fa558b2090488516b33165fe7985d2815ea
-
Filesize
1.0MB
-
Filesize
596KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
684KB
-
Filesize
740KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
604KB
-
Filesize
904KB
-
Filesize
2.1MB
-
Filesize
828KB
-
Filesize
1.3MB
-
Filesize
600KB
-
Filesize
1.4MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
792KB
-
Filesize
792KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB