Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-06-2024 09:28
General
-
Target
2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exe
-
Size
4.1MB
-
MD5
407c06b8ca7d849a72befc8bd8389d4a
-
SHA1
d748d62c8feeba6b7326b7b0b7aeadb5961bda9f
-
SHA256
81c971c0abeeecb38c673ada4b794f7b4c24a47a38a579fe484fc3c33665044f
-
SHA512
7d51babe620eaae06999b9db15ef47baa48b319429af1f5ead8b2ab81b181aef84e10770ee0f9c210aa596175339543a90ff1576a07079233616563ffedf9c9d
-
SSDEEP
49152:R5Viqwo4KxghcyJLBaSbvviqMjfBV+TFZ1bBzP7n1Y8/17MVfw1QSXm+RFvTCr9f:RBfr+TFFqRlw6a+DUf
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 45 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 45 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\2024-06-28_407c06b8ca7d849a72befc8bd8389d4a_ryuk.exe --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.73 --initial-client-data=0x28c,0x294,0x298,0x27c,0x29c,0x140315460,0x140315470,0x1403154802⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc451246f8,0x7ffc45124708,0x7ffc451247183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff748365460,0x7ff748365470,0x7ff7483654804⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8012398732937168147,10635367099956367199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3556 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD52a0717164abf82ebdbc1f1eca93ee426
SHA1cea253a10856a22c14c8439466acd5ec7b4ce7f5
SHA256b74b4bb9bce6f33f52a3009688db9d735db6cdf320db31230978c604bd60a7f4
SHA512ca7135196e0bcb40f0475d6e6f375815988b8f47a7a74898fde2995b0b57662c6a058498ebf2e3f64c1a631109f916f74bbf3dba03511f3856812fb56c266237
-
Filesize
1.7MB
MD5128a3b1b8f8242dd78170b02b0f97207
SHA15c647cd33a621b2d6ab37a62e02cf6f332936c20
SHA256c171c354dd9521d3c8c16a5a62c87a0efcdab18e655962c41c49a124f97e1843
SHA5123317fa2e3acd2cd79273aeb8f75269e1d84c54a26c5a9f02dea5fad8a9cd454a951e36cfdd2faa037fb9425c2aedcc85f64c88b0fe5259bf4c7d653d14107b2b
-
Filesize
2.0MB
MD5cbc3c05b710419efa0399be1d561ab8d
SHA13d4251b4df79ff40332e6a0deafd2d5bfda40f4a
SHA256d79980ce56dfdb68abc3fe52810a4a2f35a95169c1552d0b06b628f09b526de1
SHA5122348da9101f3421d92cf6d4029666a5ba704dcf1b15d201ad0340f725b25c9e097ee46687e911e075c1ba5b4262ded86cccaffe01c496b4cb96d5de8a2d71a98
-
Filesize
1.5MB
MD58333f15ad1a632040ee8d104f07c5303
SHA1a9d900fd1219ffc043c9ac0afcbb261b40cf4e4d
SHA25610c2e4086c993059a900845e6452d86f9b614b9f20e7a8e85da23fc31f081322
SHA512acd9b928132771ef89780e9807a8c98bda2c4ff5192f890488696b5def143e9e7c546cc7a7f1aceabfd848742bb4062ccbf994e707b4620e747e7300ab1c5f59
-
Filesize
1.2MB
MD518bd2f237740753662f3a6349b1c2a53
SHA19656f000ca07380eec0453313aa874a49e7b7107
SHA2564a54abe24c95e29ef62243dc0cbf40349e37e2a64dc80c2ccc8e40a098e16908
SHA5126f9d01462feea58d9de014e7e4dd7b819aeadb213356a3a7c740fa878327431ef50fd489531156da7282de51b530709873bea4338fb4124c478f92d1bb64844e
-
Filesize
1.5MB
MD54203f0d8dd252841c65183420186e8c8
SHA1221d8d8c550833dc7d1f1e186b0e19580074fa63
SHA2560cd9a567aa1115d4a88c8c7f23b8d866e1df5193f166135d0d929fa53c7f0e7f
SHA5126029dd8878c11d66653985ed5c0a1f5923d56ac8c2bd50b79c3a666e3642617fab61bf74f6e8dccd68f6d47ea4f13feb276169e9a5c6e8195143c6af6e6824b1
-
Filesize
1.7MB
MD52d5ff152e25c11bdc020b9059ebfa681
SHA10ba2179ed76b8cf0abc47a8e6a73a39b4dcf2dd6
SHA256eded7971bafd856903f505263c0a4731823b075aaa1a348f226bc927f9b7a064
SHA5124ccd7e9e0c7045f31c78020e3ecaa177454fdc7219ef021760b5388c667f5f2b1686fb631fe6fd21169b138da700dda349f3cca6b1991b97454e8f22fab20164
-
Filesize
4.6MB
MD5531d8d42f22e9cbfa53619299fb681a8
SHA1709e73bcb66ce960df3a3e5acea04a8678f950d9
SHA256a286ec7372191ff067babf55e5ee22c08aaac87e8021c704bc3a2b89fd5b8df7
SHA512f142864f053ca55552df5b3fc8e404ed5978e3ff69721bceb8eb5dde0bbad9808618678a570e6353c06991e543c3ad74e9b178a939eb5581211b8dad713520a0
-
Filesize
1.8MB
MD55542caa184d73236bad25d2faac42446
SHA1d11bf357a200fe609bf85306b547410d78630864
SHA256d47d1680a5b692e9d490c373c97faa2028dd5b510a512ca001a28b4f96622f9c
SHA512177165442f2848de7741f086a4504a026f3768b6694bbd73fa76c131e75d0e352f0f60922913e0ab36b88d9b3a005f993e2944cccbb65cd18a7a95911d5325df
-
Filesize
24.0MB
MD53b984b10b90e856ab05bcb588ffa0bce
SHA1d4c5d1ba6df0b0baab924ea1b7ded414bc2b8eda
SHA256f6e5ce82262d5d37340c6dcb997a8067eb94200a2fdc1f1972dffe710cf85470
SHA512aa2a94c1dba2078bbe44651d5119fb1d06e4d136ba7c3b2967528ea704803020b6de8833cc85829b2e3070ebb95fc53499ea899c85d9f7958ce2db1f328a2683
-
Filesize
2.7MB
MD5ff5c7f321c1e73866899f05ee5158c31
SHA1505ad8916998cbd1f4783b07d4e9f982d2bbd538
SHA256942f94e57401c347a63f4fa91fa937ecefd6e69d3c4fc7ca0c307257ebee8dd3
SHA512e3319435b9bbcf98ee7323724d41836f306442c4adafa846acae2ce713059c76c805b6e796228344debbf26d5a0e4ee8f63ef826ba14cdd83a0c08c85885d303
-
Filesize
1.1MB
MD54ba5ad2d9b1a64560f8411932b0889fa
SHA1b5a0fec7ac719ad449667862f768ba6fa15f6180
SHA2562043d8d409f2f2d067e60667358a0f5c09b67645d762c3135326889c8d88fdf5
SHA51252d99ff3da768f6967f7bf0145360136bb64c9c7207582266d6c9ebbec06c26c4238fff25659e86c3530812bada50d8571c1ebd66517fcf67a5ffb9dc4439a90
-
Filesize
1.7MB
MD536c1c80cc6aa3414e79f62a77e916145
SHA1764b25a7c91c06167954ec5cef707cc371ccbdcd
SHA2563e119f1d5012f62c02150434054a149688480982b0a162aa8739eb777aac71fd
SHA512e5aab4dda86354a111748bff87df364b559efa3cad2c39d531bff8215d2b9fac60821623612e6d440bc5976cc47b05a81437bcb65387749ac438d21f77f6c2e7
-
Filesize
1.5MB
MD5c6d886859d45110fea48f297bc872e58
SHA1ae3d4bc38db4ef498769518667c8f7f201541d42
SHA25601277d2c03183a109a1c74afc12ea0ef41c945ac3bebe21099bea7b2375fc22c
SHA512b9112a06f2dc4ef7f3faa0594fb838793451de608313040948e1ecbaf0de9b1e2faf37b1a4e3ed7d8ae9e6d2712c81678f37043fbf295a992e8120d32dfa91b4
-
Filesize
5.4MB
MD5b19350b4c474893c8ff208d6b0d3abdd
SHA17e5b1bf393e1a8f8e2005ee5356f338d5814b4bf
SHA25642338c6b59a93701a757c8dfbd9fb27195134b8509c6e4a586f77be32f473217
SHA512661c18c3e0311e15c92e0233876f4bfafc70a7d3406f116d859e5ba1ef25558f29fabccfd014268a65f38924be3c28310faa85c6ebd3c7c07505cddbf671a5b7
-
Filesize
5.4MB
MD5967d99a062a0256bfa304ca2b8d1c49c
SHA19ebdcfcf118ae4623fc0b7c3f5f348eabc309a42
SHA256b97278b38ba300990539b02403e16583075eeeca2329634dce2cce7e6a4d0c4e
SHA512e080e87466b2d20878bbae20ed865a27e847e00e3ca739eab776b506aa4676053706bf79b3365591c926f20d62780da31eb918b209b0e3294fa01f3f35d8dbf0
-
Filesize
2.0MB
MD5a23a4d1ae3f4efe1976f736986e23475
SHA1b62f33004b9af2ab6c7af092bfd4876a435a61f1
SHA25666b5f3080f4f3d386efcca5c02756ec5217cd4cb2e6e708e14f649ddaa6bf2fe
SHA512ddb679b00d5d4768ecac33bdb7990d5e621460beacb2a3ae3d619265ddd4a210d3db0ac68bd9c16ce45e6b2338ec52634c507e0a4885a410f1b0b40c41fd3d86
-
Filesize
2.2MB
MD5aa96d8b82d04ca4f8a84086bf340160f
SHA1bb5c643ac758e595cc072bee7dee64eedc7fb7f1
SHA256b3c92065aef472f7331913ed0d6485a797f6e99d5eabb5413b4e4f384f1c8c8b
SHA51266fb5df8671881ecf9b75eb7345ddc5e93b3dc4d19c9cbf8dc98fe3fbc75c62dd379bfe74c56a7a3b65478cff4d0f4f6c801bdde2498d51e9b14e3ba4e1afb58
-
Filesize
1.8MB
MD50db5fde65d974e8627bb70d3dded550a
SHA12243df353d1b7a96543375e863857f9a1852ffba
SHA256e95a283e0ac89b1d081c64f378ead0b922486f6f147731f69faa781eeb17de22
SHA512112871600edeea35ec967f83c2061797a5b48bb7b08ecd6a84efa71b7bc4d4a7b6fb81a0d3d585e46c9a9801e48e2bf0b5ebb433a10fcb0df7345600db2cd2f5
-
Filesize
1.7MB
MD52420a38b541640561fa597fbc751c47d
SHA1412faec79c5c15676c79473b4f91be1c1157db31
SHA256a3370144e6a38c8fa72fdffe7f4b25e09dab9ecdcf9b03e71268331549f1b8f5
SHA5123adc7d528a67d4179f5c9e3f03c8a4cc8629e81eb88b4fb8b0b988a489fb3ef0064a2335278f6857e8dd87d944b5458fe6217db1b473a6c68eb845a32dfd9d88
-
Filesize
1.5MB
MD5343b3ee3ae0ff678c4230287e5f9eb2d
SHA1a6a2dfe5e23c8b3a0e1d4d79ebff570742344d05
SHA25666eea3e6011dd9eacb0a5b3f60c8c02a2d5c066e5cad66a1f71230e66f3e860b
SHA5122769f42d016ae2d840270cb669184980469c13e9fddcae1f907b8816fbdbb1bd6782cf23848b1bee9515fad77750d4e1ea78399d442eb88554fe2440b87efab9
-
Filesize
1.5MB
MD5ad13776d3b5122fdd567d606694b16b4
SHA1d1c11de5d8c2706390b1e57e9494278ad0078ede
SHA256ec2d1335062a1662a4270b13204c6dbda0e788e78fc65c038d4031d26f343870
SHA5123316ae03abe3a3a740eb0d48e68f2e0c1851d13b7d0064ef6a35bd54530bd03e95c939e4fb93a4f1182f42d8c17ee6349e036947f1ff43b0df498d393b772e79
-
Filesize
1.5MB
MD525f58ad6bc2fc442b06820ce8c84a975
SHA1ed5c70106135012b8925a50f31d02418f6c15f61
SHA256108190ecffe4928b98c21a08941bc321889f96a8daf6c9b73eec441210c8d538
SHA512b8e7e5af3135a8c38429e862fd14121555dc7e21268d63827bb676bdbb774338e21b83527670879c9edb0ee68321833289c744fde09554d0fd381d3e5ba544f7
-
Filesize
1.6MB
MD5930ba5553a35a784b2b0ac36ab9e7061
SHA1a8b1d71697562c93936d74cf54da2dfb63a1d7bd
SHA2568c4e6b469eeb7a8a3b9cf51dee7599401aeea3685ea8bffeeeddcf3c1f9bed7d
SHA51297e76752681dc56b850d767799383a221c8d366b58bb889d8330444724270e16c837b34d169b9015066e6d763d994df3901cf9528c85a64874ea5e9768808b1b
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
5KB
MD5f2dff87d69de231b8e81da384d81a8b7
SHA17abaabdf2b44422c64354bd2a42a0a1d974a2b05
SHA256f7ba52bb91f1476199bc527ea27bc32e85ad7db08cb46e62adca2d4b6d197088
SHA512b985fb25ceeea980f9e06ee18ab3fe79dd17e429fbc35138ce3e414f40d62269f4ecd9d0918938b3f0e7d9f04e3e6d2746803bde338a4dff30c9ee7eff5d671c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD52e438445c75b2d46e6f567d3f26f9867
SHA107d579d7ca83a20b15e70202af9e3f8316bb9e22
SHA256cc067586d110c40716434b15528edf435f72cf37014e30c437ee6efdd05ee71a
SHA5125f0cb5e98c9482bd3b693ad9a30e811ecb057c24fdbcd953484a63cf67bcddc9711a2c3651ab9444e42b304554c7c5ffe308fd577613c5755cac445c5560b48e
-
Filesize
4KB
MD501b4147548bc4ef96759f8232d0e0f0b
SHA142f2ecc5e6b276167f8494a6ef5f29300476cb57
SHA256b56d4c3068cd093e30d45fa74436873bb01ce1957ded40c439f765e9e88a9eaa
SHA51220ca913807b38a7bb35927b5c72c4191861d69f934343e67772685b3c5642dd200ec0f56d973d5413b636856315cfb91878e36a074fdf326348896853fc468ef
-
Filesize
12KB
MD5ea860c6db7160b2e1e97c123abcf3912
SHA115c73445823324757dabdb0cf9757ec6af23b6b6
SHA256eb7e14c7706158b73239d3ec5409792f8b71ba5c22c80f46ecc44974cf7a8f5f
SHA512a17d8cde87664ee63014bb6d941f812b7c9e8f196e504908e6e341b4c38cac0c99fd788030cfc93b85e8eb91adc37f01559457fd3d5184ee2a98cba0b7c0d9eb
-
Filesize
2KB
MD52d7df11e4b0792ffe4a69f5055f3731b
SHA1da932952d1331acba8a832b9b9551852dc641afd
SHA2567264f573fbe159035a720cf6c050494b5335e8ff9f825b063a823fa521aa2ae7
SHA51261cbb3be9ff3027d6fdc21544577ed27c48d41498f84d7e84bd85b506ed5330cb053821972b24ebbe09d0a43c0b07794c25086936d3a35889e21cc35d920638d
-
Filesize
1.5MB
MD59b4cb01703e37c22346b219723485fba
SHA179637f0dee6ec2881383db9da621b72b02b6ea50
SHA256d9b31b155f492a22aaa7add6aa550b5441a2716f11242db20b236bc2372b93be
SHA512eb5a2de98e4a26d749a1d7ee99afb1d94fc3cefa6b2e9ab21e6ecf1f489c695beefc9fce12fc6b8fa807c730d3aa9ad11d28de86e99922dff2e500c76ffe667c
-
Filesize
1.7MB
MD56bae026f44147fc6e14710e871817d11
SHA1eff5e30ea056f2eba2f4e8af3854c299b92052dc
SHA2568decae9c9b7aea88062b79970c0aa6d5c2bf5cfee8b2042c993f42e3935357db
SHA5129a94a094ac5b1fd581a46d469b1d01d5d69d1db15cfca8039ac7d0f915b1b9023186d97f9a22402ad8e4800401ac03e1d1363c1f19f6c66e98f2e0133fb87a25
-
Filesize
1.5MB
MD5fb9e7b15733d76c9d80ebe9bf87e6ec4
SHA16c18cc4c7aaccfd4ca4c52bd131195d8fa1fe21b
SHA2564568f488197594f5b91f9a4fbed2da59cc1ec727c57c68f7303948c8fb645abf
SHA512621089650e574122a1459e82ac9d5cdf84556597fbd284c4c775f5d6c43b637c3729bc81eacf6d3279e02ffd162930146027445b92f2161ff92ca08786e98962
-
Filesize
1.2MB
MD5efa0aef022108fb68a6b91866bcdc613
SHA1f8fc26d1db5cad9e5ae2dc454f514def5cd86c67
SHA25652a519aaa4f7e21f60133fa694cbe048ce7ff14cec8a5e527a61cab0ceb64199
SHA5123b67290ab5442ae5a661010de2ff9f56a1054a0cc3799efed7718aacebfe77d4af6eeb31a10ddeef4d8b695e59eb34bc186f99b0e549ebd53aff38b9dcf64933
-
Filesize
1.5MB
MD535c5a70ce057c23a4a00ff75d762ddcf
SHA11e5256adb038ff32818aa4997ae1be4f9e5be783
SHA2567b709273c67131f40ceb9376ab4c52ba86fa6ca80fa4edc417876e7a761a4ec9
SHA51239144c4448d8def7f8489ec5b2b53a63a417555a27bb817a497f27599763cdf602e30cfcff28ac649cb519c5db1b29131c6246633f8d54ff5b17d82ac1e79021
-
Filesize
1.8MB
MD52659703aabf378f49613dc3ccc52f4f0
SHA1ba1a800fe71e3f2e84723c29abbcec1c35211608
SHA2566674009c8bbf35198c39f108d20151ac8223339f3b5f860667baf97004abdba9
SHA512b315d85f4a3d9ffbf7de13e7abc69efe78011e20b79c3712644778c6c4c9a540b8e8f5834c80f2018a047542af14d616f8618e70045439da94b78c699cf2a425
-
Filesize
1.6MB
MD5959ce929147df2542fc522bfbaed0ac5
SHA12205c201fd6058f5cda24b62da7d76b62d8788b8
SHA2564f2d952df50bcdf5575778463bc4a86896dfe37171516ee250d5fcd2700c8894
SHA512e03eca5b92bdfe5460da4a1ab1ffb87a87808ac72353f9c20589b10890fcab7068b46c7f3c83f4370f51f4395d3add68c9f51f7a2fe9d340f34a792fbe7b3c56
-
Filesize
1.4MB
MD55d950b5cafa026371303f50c2321bfb0
SHA18536a92076f1077dd70799cd33af9a89b4f21772
SHA2561769df1acc51a4252d21df92fb673c5da369ad9605a48218233002b914d12519
SHA51201e6cc317be73e479843039b6d00e87dc3b15810459c5f7561685a1090c31df14f816d6152781c3a17ce2a747093b69c52e4c9f36b64ca6eebe9c459c4a79928
-
Filesize
1.8MB
MD5cb64b4ade2a9e0e1bb17026af3baec77
SHA1f29a9136d64938c25094eaa17f58d82bc30e8953
SHA256f6ce48e3b160b4f08a894d158a516162435b1c0c97aa025bd42ab03d2f1fcede
SHA51254c4608d808188bde653588e04c6581b704fb234831bab97a4d8beccf797aa8bbbaa910c47eeb8bf463b27b750826e93a0044821e6a6aef01092873371b3cde2
-
Filesize
1.4MB
MD56e74604181ddca4534fb80880ded1853
SHA17772423bfe03fc57284fa1e4055cd8736bb253c1
SHA2561f8c79ae3faa3fbef7cdde44505af3905f9e499aaf1da55028f7eb073993b284
SHA5127c7243c91edff07b05e316cb01c6c1bc8ae5fdf1c7407728d2b51e55e5103ab65818c22b62e59d24c2532275bbb74c92458ecb1d5dcdcaa5840962b92a612fd5
-
Filesize
1.8MB
MD55b628f9d915b8ed58463dce70d1d3a2f
SHA1630b8052a65037dbb455e9d6cd6d297aaae4af8c
SHA256bf1c0ce64fe843d895203be60596dd2c4354bc467c751a2c58d46470f047b507
SHA512829371c93440570715440de055d58fd31f56d915d456a2979fc4a552bae6f60d4a643ba8b46ea8837a4d8f764de292fc28eacefc79af50dcd55087d909d55f0a
-
Filesize
2.0MB
MD5a60f943193fed62c679ccb0442fe91ac
SHA16dd855147ee197d5029a6a33ea6e13b983710cf1
SHA25650f908ac42f1289dee7f1469467660a759e036943a7039bc72bd51baca6c2551
SHA5121109d1d03c5b756f42f1593d5247534dfeba37fe49658fbbe20420d5a701bc490dfb69806beb8cc444250d55c433c176c8ee543c55669a2ed836edabfbacc8df
-
Filesize
1.5MB
MD5727e68199aa1ca7e1beecef8a1b035a4
SHA1237765b63647e0421d2d7d0e42f6ed34fda8379e
SHA256704f64b0d2dcdd88cfbd7c77209223c208d265a537803b2f7168e3f096817429
SHA512d5b3caf5cf7f548cff70d25090f0b9a28e96e8280e8a2ac5f888575ed8cd98f6a990b966d77798e4f60de6735aa54378b5777d343f47fc0c85b04443b7be7a9a
-
Filesize
1.6MB
MD5de15dfa1f18098f1dbed872e2bc18f0c
SHA1accad96dd2af04f270f1d505cd73b02a38654b89
SHA2566f709c401e60953ae7fde7a77dd88b8aee00ffe38168292d7eb53efc58fb8b92
SHA5128c8f211b56bfb3ec579ffae7af7b4d389ed4b80a8a0d9c1b1ee3ae2fdba159f44082d64de06fd3b5f039053f9c1f6e961f708c9d8aed28b9779944358db9dd75
-
Filesize
1.5MB
MD59b90eb12364bb881a997c1ac0577778f
SHA15b11dc19b9aa55610ff166009e1b2718083b2984
SHA25678ee78c0443c852d664aa272c8edd41bfaa1a686e53fff8df55f1c8ba09f949e
SHA51243790d947b374dd2ea465e8d7a32045a8b969d6b512d5d1d1205e17e2fa81e47deb594fd55e0b549d550d9f0950bdbe55fa4a3253f1dc79f18d6de5dac69be66
-
Filesize
1.3MB
MD5231b2db0017216c5771d7eb5cdc72e06
SHA1ef48804c743245517499f76f914f6f8f42e6a54d
SHA256183d2f4eb6447f857d4ad092dd52c63c5061e68d4d7c9a4bb02a3005e898f453
SHA512936fa3bcb01a869b63fc20074059fc3084069093a646ce2a449ab274fbc4acfdcf83ff0011f38c26bdfbddd403b2b715fa7d40a5e90b5da32c027dcfc7670d64
-
Filesize
1.7MB
MD5050bde71f8787057ddc66bf2fbcec9e1
SHA1af4046cba6192fd75dc7d5be9ad2d25d2a829232
SHA2567f3e98f40b7e24e4da22a9ee5d7b6692879b2b00aeb01f2a97e97bca43abd0e4
SHA512faa52daf1ca2c86441e90fc8a3aea2b26b05b8307a656d2d76f650933774b623112a24d0056f14ea0176416184d70c196591f2ccdce351c18cc8b2625ecc48f4
-
Filesize
2.1MB
MD5b1bf66a94906406d742ff1796a3cfbf9
SHA1a9f3928665b5a149234da54de82e22f294f6fd8d
SHA2563c630a819e0e02bd7152dd765224423b39720ea57f39e8befddb4bb18353c20d
SHA512fc9bbd53dbaf4a6f9d3ee5a20786d9d00f45965e0c8710288dbb10ab166c0dae1ca78f014f17ab45326369b0465023ad34dba26ea820b2e7ce03b360f03050bf
-
Filesize
1.3MB
MD528c95799351fc4c105ddaae6c5432f18
SHA18d5ae107f8874ea7196e7e494ac588aefdfa50f8
SHA256ba63eb694693f189dfd173b722a6c2fcacdb6fba3230d5c19c181230df21cb37
SHA51273e4c1edf22df57b2ebf76670dab2d5d610cfac09e9f1ac806039c5b669c2382dae32b8a384e9ab92b22e5f6800e8298fa19f4f011d54c0ed07ae3ee78068263
-
Filesize
1.8MB
MD5234a54207ea4e3da93bfa618ec99b919
SHA155444474e04de8478a52fd84c4374a2fd5940fe2
SHA25690acd96dcfe34a7a06412bfcac777dc47fde4b7bdad935d98bc33211f11aff59
SHA51244e85f11efa52e746aeb7edac41d8d184f2aa200423cbcb0b99d4940db8618f7c2a8888a7e28ee0b7cebd1541c61e4c28c53b34c032ca47c4ab3366ae0cc8378
-
Filesize
1.5MB
MD5191e8d98064f66af519f956565cbec59
SHA1d08056e281af72fbece3e8cd2d73480e34fc638c
SHA256db51afbdcf6cd3a7f39d143448ee2a0ae3c60aa0ab276fe7af5f271188efbb48
SHA51255a69dbc277088173d5f616628d0799f79d3972252fa25d19b7dcc2ce66d47455a8eb061bf7f8280abb57283d160c6b869354b948c3f45b39e66736ccc73612f
-
Filesize
2.3MB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
4.2MB
-
Filesize
384KB
-
Filesize
4.2MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.7MB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.6MB
-
Filesize
2.1MB
-
Filesize
1.7MB
-
Filesize
1.7MB
-
Filesize
2.0MB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
4.2MB
-
Filesize
4.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.9MB
-
Filesize
1.4MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB