Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
04/07/2024, 15:04
General
-
Target
2024-07-04_7ad773b74c38d74338c9fa4611d2c480_ryuk.exe
-
Size
5.5MB
-
MD5
7ad773b74c38d74338c9fa4611d2c480
-
SHA1
26481ae93065981dfca725a22ce4310525fbe961
-
SHA256
65b41dcffde124379df0ead0f187fd68a8148af3d0b8acb9955364f15c8b2f56
-
SHA512
dfebab2e546cc048a40bcbda1cade2b16af069c6c6b473fe9a06e60689df445fd4380777090f866d5663373560305781b56bf278441c69a3e31eb6efe239fdb1
-
SSDEEP
49152:OEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfy:UAI5pAdVJn9tbnR1VgBVm6Okf
Malware Config
Signatures
-
Executes dropped EXE 26 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 24 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-04_7ad773b74c38d74338c9fa4611d2c480_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-04_7ad773b74c38d74338c9fa4611d2c480_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-07-04_7ad773b74c38d74338c9fa4611d2c480_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-07-04_7ad773b74c38d74338c9fa4611d2c480_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd8ab58,0x7ffd4dd8ab68,0x7ffd4dd8ab783⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x29c,0x294,0x298,0x290,0x2a0,0x14044ae48,0x14044ae58,0x14044ae684⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae685⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1900,i,9681436100388160240,3371470635448075916,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5aec9477483462ce6414b5dfec4e581f0
SHA1c7fd44b0d78467e24bd2d6b0bcf891dfa0874c84
SHA256786d02677a7752e82aa35ec4f398232cec2250fb3f3ec1c77fc94b4649deada3
SHA512c570ae1c2b3bac402ac97db4e8479125a71f091580f0610ff48731a6adc2cd5c97b3c57f388eb6ce1d9e38ecf467fe9946030a5f7a8aa74bdc83365abb616ebb
-
Filesize
797KB
MD5579b4076476373a5f3a2fa41a96c3477
SHA1129064d4057b75782df5da0794760faa19309a52
SHA2568873dce0360a4a3413cd19bd9113d6ea2a2433cba0281313fb0eec2b1d4a6414
SHA512fff266fbfc03a0e4301f8a26cd12448cd06454dc4c4eb35d0b4bebbb48252af0340706852473993588638e6ae65e6d2a27037380d1fb3d5843dfeb2db495045a
-
Filesize
805KB
MD56411821140e4193469807df05f23dfbe
SHA177a73d5b59c96ecc03298ac08b84bfc145398321
SHA2564214236deabf8f2b6e64d7dc50d91108eb74387c4eb5e7391f40efc654e83f5b
SHA512ccc4fe48b3160c18d54d32b095e80af678830bf51eabd18bbb1064717b1bf6756c1ac2033df0568da7ce3e877f88c89b2283e7cc557409cd42e6b085ad7f78e3
-
Filesize
5.4MB
MD5221981d213d60bff67a58c629f55048c
SHA1f9b29340978eb687d23ed2f1f9dae5d23acefa3b
SHA2565c6174eed10248095e1b2c08e2a458c39596c39ddee9c78cbb88e28844bb2823
SHA512d069a77618a18f7d6bcf6b76a2bd93f45585023de0f23b5ad06e7b7a6653f4e126c206af969f9b0722b9d45c4a704e9da608a4e3f1c6d543efbb56ee62170db8
-
Filesize
2.2MB
MD51edfbf2f9d063ad4cf8b1df0605fe0f9
SHA1aa3923db6217edaf8f4a2e99049e3a36e24fd55d
SHA25665c53c5b22c85771f0de4de1a2513c992926d89a22b4de7caf724e7165862f05
SHA51224571276b790ea0334b06ef07f5ed7cbb6365e977cff1e01695ca19a1412d74112d88c26c3968e62c14521937fedcf317648df8b97d52e49ecbb12fea48fb38b
-
Filesize
40B
MD52cd879c3b1b25f881f4b7ab71b67a095
SHA1e8c477526bb5bdddd659fdd44606060d83e703ad
SHA256d15ec0b42a1305238584533da0ddd5ec2959a76896cabc74599185af8af9e92a
SHA51295c25065ecb23b375e233d554beb9c5fb61d877f6b5586155d5b5931d270cedfd4508a8fde3dfee5073af2215b256d7cffde9f77923d41909d4168d9bc61123a
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD50fbda3024826305d86fc83c7ce128f1b
SHA15a0cdcf11e8e9850ac238b0a56773acecb35964c
SHA256fe78164cdd1ce82e942a53198b0b11ffea34b5db616c3495433c2178e38bda00
SHA512c8e5f4dfd499954fb9a0e13453e3786912cc6b698fe60f06976a7465e00648af2581e4959f53ff398cc7e61c4ace4587c4e61ab7c85133d55c340b8b0e944e5c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD55cb245567329f29f555af1fdfcc902a4
SHA107a5973ce3c1cc718695ab79a6386797dade4298
SHA2560267cdf7ef9faf0d4d7cf5efeafeac523f65d5f973eb18311958bc425aac5f58
SHA51295865bb8fb66165d85b7c5eed15f3b236412db89413181402be0a6314f775fbdd1f542979213425d5b6bf8ac4582c64f5229685dcac44c2c4df47e3f40bf5bd6
-
Filesize
5KB
MD5b9a370200748f110dd939668c95bbf71
SHA1a49aeeb5878dc5c5dc48cc4d72c25f3e63d41eff
SHA256fa10b9189d40475129db25353f9a3fc55a3e75a9f99218b7aa62a13dd2456ba7
SHA512b9f3f5be49e6968bf70ce8ed3d352524734d70ca9ee80bde14a3533cea2c0062596f1cc945f9c8b77ca826f64fb3553b5db4fa0c3bd1202becaff123cecdfe33
-
Filesize
2KB
MD51f497c78bb1cefe5fae1f2d3e5c467dc
SHA112ec3f79d43fc239252d3812f8f0c2edc492bc51
SHA256e7fedf1f3f9f65c94434b56a0a6b0be4a9773cb80c1fe09b6391adaec9849dbc
SHA512f7ce6b59abe22c099ba4ded438dae24ad228fad07f742fe053c580f2c052a91d5af99bc7616681f0f377f8b5bbbe7ae2defab99203bd1af816724a1e63b62e92
-
Filesize
16KB
MD54319c0e02b7d4d976a1c2d5b42d8b8f5
SHA1169e6fd33d732999fa146e5954bd6260bf0af327
SHA25612d4b34ea2063de4122c0cb2409fe740ce5d829ca861a2d3f3176ddfcb3fcd5b
SHA51272a574a8e19f0ef64e088233b390ec0192d44bd1f19c4a1d863b1d0dab9c7612b42e2468e04fd01b956826d9cd0bffb620b69c633036bc7dd6b66b16d6e4cb51
-
Filesize
270KB
MD576029e0ff90f7a165ee08ff7d6ad98df
SHA16c80b1ceac0481a3640bf44fbe63072392024962
SHA256fb962c24f013e097559ccab487417ceb2cf5921b9f7fbc4c4c6691be4bb1dee7
SHA512a06c9afc5d0e4847bfb49a87f1bdafa6bced2a90d2d6a0b8a4775c4ca0ed6d2dad38f7bb085cfadf7cbacb299849253dfc6ce3c545907315b27cafa1466bc8ea
-
Filesize
7KB
MD5643336d70f3cf53d394fdd90fdeb73d8
SHA1cf23743ba496ff153ba6eaf32fdd5af4f8141136
SHA256abfcc69d14e062d9ec4fb347ac96c2623aa2d78420576079f62af5f6b67d3748
SHA5125270dbfc86c346d8f32998808251143e359045adc4d29144025d6cf69baa31ede85d33920f3d5996da213e21d3ad1bad5ea3d6ef5abf1e894ccf2d407ca2aa9b
-
Filesize
8KB
MD554fcc89e779dc6f32f216c2e227a94b0
SHA1f9b6833e4d0f48b7329fa73507d0af126c03e116
SHA2567b6de54fbcabe990777d03035019b9f3f6c5a9e089d07a9aafcd517cc69a14d0
SHA51267b1748f6dcaf772e51c55b85fe34c5faefdb8c6ae1b5f808a102f0caef58fb5eb462bd9a15a60e7087b299de4ea0185369056df32e2122e84da615ac3bfd5e5
-
Filesize
12KB
MD50576c06f481a8bf186d222fb8467696e
SHA1687df7b9c638718199ef7dcb0fdff9907e433c16
SHA256342d626fa7f61b83d353a3cdb784045f34678b50be58082d0a3ba6d81392177d
SHA512a96c24f809913c37af1cf1523131e99b90340b3a78996a3db6adec4b6b761346d70fb64759f6cbd668e8afc18afa35507e18c68a704dbccb66c1a480088d8aa6
-
Filesize
588KB
MD53cd8a512100996eff9613972922fecaa
SHA122fc71e4b0071f5f4ea80ab5051ad448573f5f7c
SHA256db600a9299ef1e0af7b35f363c16aeb41ed5877a0ca9c02282fd7b361812c1b0
SHA512555637c03bdf39667414cf5d4e3d5f55765178355262448d62e349b01fdc9a9baa53fceedb8ba2c55f4f67ce7d3ff8cda4054abb5710bf53535dcc9b53b03be1
-
Filesize
1.7MB
MD5d0a107a104b3758ea77b0e31f8a571ab
SHA1eaad5a0cb17ce846ada918abcaa3842d90352463
SHA25684a5d54687ac059f3a5643116b03ec8ea8a3ecb94c38b5b271a407b5af96f3e1
SHA5129eeb0216454b88564fbaf26d03b6dd77e3f61d61074f0b4f3f9000258541c7a63602993d5d5d30257308a4ff11b389c4efe3fdf5128aa9e5de3920d2c3002402
-
Filesize
659KB
MD57e3f411c9f6394bc8ab82f163e416240
SHA1e96e81844c37ab873a44b8c77c233820f19f598d
SHA256ab4e564d302c5225f1cdc4473e9d8d32f86ca827f8f231b30893a01f1cf2e1c8
SHA5127ecb5f7d2b6544b0de523bce5ee15d3b6d8278a8f272bc62dfcb1e208b06f3cb40bf4b5544e58cedb51581520acab02a7e2896592606b5c0a34895fba4667653
-
Filesize
1.2MB
MD53ff6d8d840183e8eac463dd99154767d
SHA19a0a2332ddbf89b20775e5610540f50769af37dc
SHA256400d00f515e6db23fc0a365abb98fc5436494d1a450bb4b3339cecb21dbd4d82
SHA512bfe5c985b8b22b746b09e9b6d8ab1b21a904462af4b6e5c78b47f87402e49b2bcffd59c777c6aec58eed1d9ccf583346810053b9fd986a66320ce0354ec00a2f
-
Filesize
578KB
MD54ca2c1ecca437dab4c6595b7195aea11
SHA1095f23df2bbbf441c2623919f100fe54abd9177e
SHA25612d4cb9c9047294d237266bbb1e068a0d3c52ce1374d5134ea6380a5e581625f
SHA5124ca8486a178b2f7cdef8cebc2be19a20da6d79759352a5d122fdcfd73a728924e2654dd5781476951f7a2edfa1932b1b23df38a914a1a63d9875748bbab21af0
-
Filesize
940KB
MD5a28e6199ba4b5a31b14159dab340e8e2
SHA121e89327a4a9bc80d0a3e88cde0ed47b80385e38
SHA256209cc01bec862973131fff631aefb433c8529a60ba6e28585765d46092f275ff
SHA5120057ccd20545a260090818f3bbd9307043c102d5dad1a24467341c039c903161d0587b2a9fdf8ceaf355af4a2fa98d6fc59c6578f7770460e4dff6415f8253c4
-
Filesize
671KB
MD51b7ccce46a4b66e291abed0f49406399
SHA1f66fe1967dc13406d084d688d4cf76c677db3518
SHA256a0c63ab703a3c125aff7378cbfd0dd38263f06d9547e56fd5fc057c749d4cee9
SHA512bf70a4d553946861503d80fa2e3aadddd37dcd4a36643c965c866cfc1e30fb9b12e6200bb0cc2c6b28b614d4866492a074b5fe0e5528a66903682fc7ba39e45f
-
Filesize
1.4MB
MD551638de9b65221abd8b15d335a264c0c
SHA102074a9ce0515990233deafba9c607672c53d00b
SHA2566a494fcae6f5058c1117ac2033e03cf3a5359e02098ca6a5ab7cae1907964a81
SHA5123453a9d65191e54dfc62eb8c051a0e303497f7cd2b464e0cc1f349b828fec5d034a7c6dbeb366647a66e682a6cf7facdc888dee0426c57253fed3340792ed694
-
Filesize
1.8MB
MD5d4c3f3c7b12969401f22942107d577d1
SHA116f3b56febe25288f584de6d127b6540ca3f2084
SHA25657e1cd30f332a56955e7862e22025e0418e5af644ea8d78043d43c4b139c4641
SHA51278849dcdd86bcee79de98988dbed1879b3d8b2d23b7beec3c56bb7a7dbb19f946ef38626a8abbbf151b140c73809a2c263a08e945e27e74089e724e9f63b07c9
-
Filesize
1.4MB
MD5e2a1c9f9e2801ae25ef7b0498aa590e6
SHA19f78eb6b924ed4cdbf484914d32133966789f089
SHA25619d741f0037d9ec31221059be1e45c0ba9a83b53ae2be6d590d56ca5e0eae1b1
SHA512f75a534357acb763ce50f9968a2bfe40ab7504231d49a46f137ac3471b71552575fae2975278cf3e61c474bfb2a627bf8b28a404b333cd888903467f1c90d4b5
-
Filesize
885KB
MD5ae89c962f99a48143de4e348800d913d
SHA169e89854d5e25ededd034ec6834cf3b81fab7f3a
SHA256b0f1714ddf7a87ebcc9afdd3683478be83404a03c5082b9fb10bbd67cfb2223f
SHA5126a670541e37edf1422b97dae90324e5e36b95ba1d66e8f297048febb0e0277e373a9ed1248e3dbcffd3ae5f09e9a7c858cef9ddc60df5a9e36c497354f09c6f7
-
Filesize
2.0MB
MD5c3e85ead4a2722b38ea93b6876d74fff
SHA1cbb141af650579f88d0dbccedadb84213bba3358
SHA25690182376581f1b42f9a465ac3bb17f308f6a291fa280790d70f280609481d6d0
SHA51218c6337b0305fddb95a62f8bb27b9feb0152729de82a3846852166187f9acb76f22bd1815dd752b3ded3aa5a7b6e91b0b9579f85890904e0380cade4c26f08e8
-
Filesize
661KB
MD5d67113316bc9eb9c5ea46a597f96d883
SHA1fe5de26e857284c260a23cfe61d776f4b7c7e66d
SHA25687ca181ab923f15efb55f00ed858fb93522a0cc9be6eaad2ff09bd92b54326e1
SHA5122922b50f4a46f40c6a508930c9dff87ec3489f5ddd899cce4bbaca15caa00e79649a481baa735b702924ee1b30ff5690dd6cd76c0c195c8bc707137407861a12
-
Filesize
712KB
MD50080878bfddc9029642b6b335ff1a2cd
SHA1270ecdb826f44cbe8d44e868800ea429097d6516
SHA25655ba7b7ca40ae7d2f918c1c23ac32fd7d45a7a9f80513dd613c2817ce7a1ccfd
SHA512d2472142a3fbb9906137972f445a5d75a6ea3bc76087645c573b8801dd2b4a889ead5157bb3a94b230ca672a901f91437ac0f729d7d3615b8c4573ab5d77267e
-
Filesize
584KB
MD565ef9fcec0fbab02dd56c2874ad1b552
SHA18f5253a7834cf77e156e6f794f936fd0dc7570a2
SHA256ff174ac134b1ade073a289bd67e8b1bfc3a6f3153ecb651d761847f801af8dbf
SHA512827e3c6a4d4ce3c214b3820430c6a61b9a20d4c90a462180cc599d9501c9c50d87b32e83ac1d586113484072075dda2caad8a0116f5d1079215d845abf9fa2f1
-
Filesize
1.3MB
MD59c71c08a4863510c6cc24d0bdafd894e
SHA18a83f2060aed33b278ab74517c431f836880da61
SHA256971945278641801ad0c3f8a79cdc9c68159a97031e2de7c9142d767dbab2c1ca
SHA512b83e9e754e86f896a8d9472e0b4c789005ed91ddce54c00859fd5d98a2169249be3c9cdbbc1f4fffcf34f5368051f69aa527b109b6e2a6850b9baa93231f9164
-
Filesize
772KB
MD59215369d9e7392d965aef26005d30b00
SHA1fd177611a4368e2cd3a996a170c7c5c6029ce13d
SHA2565715d9c279d900ccad8ed0121e4eaebaaf67b74fe5146659b5640070e4f27fc7
SHA5125247268b295b1cfc14cabccaeb8a4f930947dda3a46bbe61f82299b0d7c15ed80a79b1e96ea8ef0375916168164b78c1dd77c4f79f2d5b045898e77566db4abb
-
Filesize
2.1MB
MD56acd112715e42d45264083c806d8ea48
SHA11844b6a9f6585ff7c36cb33a0696c5d71940f0ea
SHA256e9a8c3d11e5565d5a627b58805a2f9fbf66ccb6ea24b64f59a87ddca06ee0720
SHA512b592513e727828a756aca8bfbda459a4ffdb61d0216de3e8095feb502d7500a3c1c8756b484a01368a8f9bfc5407928732561854400f489d43e7084917b24eaa
-
Filesize
40B
MD5b2c359ffd4bf582baf62f6e8adf87a6e
SHA18e9a26cf9202a00b2f38b9cf92a2cc0fa2e76b79
SHA256ee8fad0e09119ff89b6f13fc18df351e81b41199adfc10acbfeccbbb88e02a9d
SHA5121b1cddd7353d0e9300f1c661feda7f8d1a71e6d90279cb72c3adb51a7bce9c64e2fc87777926db50a8d41cc945445821d1b3cc1628f7446a7c03e64bcf8aff92
-
Filesize
596KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
1.3MB
-
Filesize
740KB
-
Filesize
604KB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
1.4MB
-
Filesize
2.1MB
-
Filesize
904KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
828KB
-
Filesize
384KB
-
Filesize
792KB
-
Filesize
792KB
-
Filesize
2.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.3MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
684KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
680KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
676KB
-
Filesize
384KB
-
Filesize
600KB
-
Filesize
1.8MB
-
Filesize
1.0MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB
-
Filesize
5.5MB