Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14-11-2024 00:14
Behavioral task
behavioral1
Sample
RippleSpoofer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RippleSpoofer.exe
Resource
win10v2004-20241007-en
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ RippleSpoofer.exe -
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 2 IoCs
pid Process 1828 netsh.exe 3560 netsh.exe -
A potential corporate email address has been identified in the URL: httpswww.youtube.com@ripple9cbrd1
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion RippleSpoofer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion RippleSpoofer.exe -
Clipboard Data 1 TTPs 2 IoCs
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
pid Process 3656 cmd.exe 1676 powershell.exe -
Executes dropped EXE 10 IoCs
pid Process 3164 mac.exe 3968 mac.exe 2608 randomizer.EXE 1548 randomizer.EXE 5056 21902902190121290mc.exe 3164 mac.exe 3968 mac.exe 2608 randomizer.EXE 1548 randomizer.EXE 5056 21902902190121290mc.exe -
Loads dropped DLL 64 IoCs
pid Process 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 1548 randomizer.EXE 1548 randomizer.EXE 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe 3968 mac.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/2856-5-0x00000000008E0000-0x0000000002560000-memory.dmp themida behavioral2/memory/2856-6-0x00000000008E0000-0x0000000002560000-memory.dmp themida behavioral2/memory/2856-5-0x00000000008E0000-0x0000000002560000-memory.dmp themida behavioral2/memory/2856-6-0x00000000008E0000-0x0000000002560000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RippleSpoofer.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 94 discord.com 105 discord.com 81 discord.com 82 discord.com 83 discord.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 74 ip-api.com -
pid Process 212 cmd.exe 644 ARP.EXE -
Enumerates processes with tasklist 1 TTPs 4 IoCs
pid Process 3772 tasklist.exe 384 tasklist.exe 644 tasklist.exe 3948 tasklist.exe -
Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs
pid Process 4056 cmd.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe -
resource yara_rule behavioral2/memory/3968-274-0x00007FFB2F650000-0x00007FFB2FC38000-memory.dmp upx behavioral2/memory/3968-328-0x00007FFB412C0000-0x00007FFB412D9000-memory.dmp upx behavioral2/memory/3968-331-0x00007FFB301D0000-0x00007FFB30343000-memory.dmp upx behavioral2/memory/3968-334-0x00007FFB2FFD0000-0x00007FFB30088000-memory.dmp upx behavioral2/memory/3968-340-0x00007FFB3D820000-0x00007FFB3D832000-memory.dmp upx behavioral2/memory/3968-344-0x00007FFB2FEB0000-0x00007FFB2FFCC000-memory.dmp upx behavioral2/memory/3968-354-0x00007FFB3D810000-0x00007FFB3D81A000-memory.dmp upx behavioral2/memory/3968-358-0x00007FFB3D840000-0x00007FFB3D855000-memory.dmp upx behavioral2/memory/3968-359-0x00007FFB3D820000-0x00007FFB3D832000-memory.dmp upx behavioral2/memory/3968-360-0x00007FFB2D620000-0x00007FFB2DDC1000-memory.dmp upx behavioral2/memory/3968-361-0x00007FFB383F0000-0x00007FFB38426000-memory.dmp upx behavioral2/memory/3968-357-0x00007FFB38430000-0x00007FFB3844E000-memory.dmp upx behavioral2/memory/3968-356-0x00007FFB38450000-0x00007FFB3849D000-memory.dmp upx behavioral2/memory/3968-355-0x00007FFB2F030000-0x00007FFB2F3A5000-memory.dmp upx behavioral2/memory/3968-353-0x00007FFB38990000-0x00007FFB389A1000-memory.dmp upx behavioral2/memory/3968-352-0x00007FFB389B0000-0x00007FFB389C9000-memory.dmp upx behavioral2/memory/3968-350-0x00007FFB2FFD0000-0x00007FFB30088000-memory.dmp upx behavioral2/memory/3968-349-0x00007FFB389D0000-0x00007FFB389E7000-memory.dmp upx behavioral2/memory/3968-348-0x00007FFB3D860000-0x00007FFB3D88E000-memory.dmp upx behavioral2/memory/3968-347-0x00007FFB389F0000-0x00007FFB38A12000-memory.dmp upx behavioral2/memory/3968-346-0x00007FFB301D0000-0x00007FFB30343000-memory.dmp upx behavioral2/memory/3968-345-0x00007FFB3BA00000-0x00007FFB3BA17000-memory.dmp upx behavioral2/memory/3968-343-0x00007FFB3D890000-0x00007FFB3D8B3000-memory.dmp upx behavioral2/memory/3968-342-0x00007FFB3CC10000-0x00007FFB3CC24000-memory.dmp upx behavioral2/memory/3968-341-0x00007FFB3CC30000-0x00007FFB3CC44000-memory.dmp upx behavioral2/memory/3968-339-0x00007FFB412F0000-0x00007FFB41309000-memory.dmp upx behavioral2/memory/3968-338-0x00007FFB3D840000-0x00007FFB3D855000-memory.dmp upx behavioral2/memory/3968-337-0x00007FFB41320000-0x00007FFB41344000-memory.dmp upx behavioral2/memory/3968-336-0x00007FFB2F030000-0x00007FFB2F3A5000-memory.dmp upx behavioral2/memory/3968-333-0x00007FFB2F650000-0x00007FFB2FC38000-memory.dmp upx behavioral2/memory/3968-332-0x00007FFB3D860000-0x00007FFB3D88E000-memory.dmp upx behavioral2/memory/3968-330-0x00007FFB3D890000-0x00007FFB3D8B3000-memory.dmp upx behavioral2/memory/3968-329-0x00007FFB41290000-0x00007FFB412BD000-memory.dmp upx behavioral2/memory/3968-327-0x00007FFB412E0000-0x00007FFB412ED000-memory.dmp upx behavioral2/memory/3968-326-0x00007FFB412F0000-0x00007FFB41309000-memory.dmp upx behavioral2/memory/3968-290-0x00007FFB41310000-0x00007FFB4131F000-memory.dmp upx behavioral2/memory/3968-282-0x00007FFB41320000-0x00007FFB41344000-memory.dmp upx behavioral2/memory/3968-404-0x00007FFB382A0000-0x00007FFB382AD000-memory.dmp upx behavioral2/memory/3968-403-0x00007FFB2FEB0000-0x00007FFB2FFCC000-memory.dmp upx behavioral2/memory/3968-418-0x00007FFB3BA00000-0x00007FFB3BA17000-memory.dmp upx behavioral2/memory/3968-421-0x00007FFB389F0000-0x00007FFB38A12000-memory.dmp upx behavioral2/memory/3968-422-0x00007FFB389D0000-0x00007FFB389E7000-memory.dmp upx behavioral2/memory/3968-423-0x00007FFB389B0000-0x00007FFB389C9000-memory.dmp upx behavioral2/memory/3968-424-0x00007FFB38450000-0x00007FFB3849D000-memory.dmp upx behavioral2/memory/3968-435-0x00007FFB2D620000-0x00007FFB2DDC1000-memory.dmp upx behavioral2/memory/3968-449-0x00007FFB3D820000-0x00007FFB3D832000-memory.dmp upx behavioral2/memory/3968-436-0x00007FFB2F650000-0x00007FFB2FC38000-memory.dmp upx behavioral2/memory/3968-464-0x00007FFB383F0000-0x00007FFB38426000-memory.dmp upx behavioral2/memory/3968-463-0x00007FFB382A0000-0x00007FFB382AD000-memory.dmp upx behavioral2/memory/3968-448-0x00007FFB3D840000-0x00007FFB3D855000-memory.dmp upx behavioral2/memory/3968-444-0x00007FFB301D0000-0x00007FFB30343000-memory.dmp upx behavioral2/memory/3968-437-0x00007FFB41320000-0x00007FFB41344000-memory.dmp upx behavioral2/memory/3968-489-0x00007FFB389B0000-0x00007FFB389C9000-memory.dmp upx behavioral2/memory/3968-480-0x00007FFB2F030000-0x00007FFB2F3A5000-memory.dmp upx behavioral2/memory/3968-487-0x00007FFB389F0000-0x00007FFB38A12000-memory.dmp upx behavioral2/memory/3968-481-0x00007FFB3D840000-0x00007FFB3D855000-memory.dmp upx behavioral2/memory/3968-479-0x00007FFB2FFD0000-0x00007FFB30088000-memory.dmp upx behavioral2/memory/3968-478-0x00007FFB3D860000-0x00007FFB3D88E000-memory.dmp upx behavioral2/memory/3968-469-0x00007FFB2F650000-0x00007FFB2FC38000-memory.dmp upx behavioral2/memory/3968-792-0x00007FFB38450000-0x00007FFB3849D000-memory.dmp upx behavioral2/memory/3968-791-0x00007FFB2FFD0000-0x00007FFB30088000-memory.dmp upx behavioral2/memory/3968-805-0x00007FFB2F030000-0x00007FFB2F3A5000-memory.dmp upx behavioral2/memory/3968-804-0x00007FFB3D810000-0x00007FFB3D81A000-memory.dmp upx behavioral2/memory/3968-803-0x00007FFB38990000-0x00007FFB389A1000-memory.dmp upx -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 4084 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
pid Process 3672 netsh.exe 5108 cmd.exe -
System Network Connections Discovery 1 TTPs 1 IoCs
Attempt to get a listing of network connections.
pid Process 4376 NETSTAT.EXE -
Collects information from the system 1 TTPs 1 IoCs
Uses WMIC.exe to find detailed system information.
pid Process 3548 WMIC.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RippleSpoofer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer RippleSpoofer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion RippleSpoofer.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
pid Process 3008 ipconfig.exe 4376 NETSTAT.EXE -
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
pid Process 3564 systeminfo.exe -
Kills process with taskkill 2 IoCs
pid Process 2212 taskkill.exe 3500 taskkill.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{3320CE19-1477-4A66-9D96-836DDCF1A3BA} RippleSpoofer.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1608 msedge.exe 1608 msedge.exe 4940 msedge.exe 4940 msedge.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 1676 powershell.exe 1676 powershell.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 1676 powershell.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe 2856 RippleSpoofer.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2856 RippleSpoofer.exe Token: 33 1568 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1568 AUDIODG.EXE Token: SeDebugPrivilege 2212 taskkill.exe Token: SeIncreaseQuotaPrivilege 2596 WMIC.exe Token: SeSecurityPrivilege 2596 WMIC.exe Token: SeTakeOwnershipPrivilege 2596 WMIC.exe Token: SeLoadDriverPrivilege 2596 WMIC.exe Token: SeSystemProfilePrivilege 2596 WMIC.exe Token: SeSystemtimePrivilege 2596 WMIC.exe Token: SeProfSingleProcessPrivilege 2596 WMIC.exe Token: SeIncBasePriorityPrivilege 2596 WMIC.exe Token: SeCreatePagefilePrivilege 2596 WMIC.exe Token: SeBackupPrivilege 2596 WMIC.exe Token: SeRestorePrivilege 2596 WMIC.exe Token: SeShutdownPrivilege 2596 WMIC.exe Token: SeDebugPrivilege 2596 WMIC.exe Token: SeSystemEnvironmentPrivilege 2596 WMIC.exe Token: SeRemoteShutdownPrivilege 2596 WMIC.exe Token: SeUndockPrivilege 2596 WMIC.exe Token: SeManageVolumePrivilege 2596 WMIC.exe Token: 33 2596 WMIC.exe Token: 34 2596 WMIC.exe Token: 35 2596 WMIC.exe Token: 36 2596 WMIC.exe Token: SeIncreaseQuotaPrivilege 2596 WMIC.exe Token: SeSecurityPrivilege 2596 WMIC.exe Token: SeTakeOwnershipPrivilege 2596 WMIC.exe Token: SeLoadDriverPrivilege 2596 WMIC.exe Token: SeSystemProfilePrivilege 2596 WMIC.exe Token: SeSystemtimePrivilege 2596 WMIC.exe Token: SeProfSingleProcessPrivilege 2596 WMIC.exe Token: SeIncBasePriorityPrivilege 2596 WMIC.exe Token: SeCreatePagefilePrivilege 2596 WMIC.exe Token: SeBackupPrivilege 2596 WMIC.exe Token: SeRestorePrivilege 2596 WMIC.exe Token: SeShutdownPrivilege 2596 WMIC.exe Token: SeDebugPrivilege 2596 WMIC.exe Token: SeSystemEnvironmentPrivilege 2596 WMIC.exe Token: SeRemoteShutdownPrivilege 2596 WMIC.exe Token: SeUndockPrivilege 2596 WMIC.exe Token: SeManageVolumePrivilege 2596 WMIC.exe Token: 33 2596 WMIC.exe Token: 34 2596 WMIC.exe Token: 35 2596 WMIC.exe Token: 36 2596 WMIC.exe Token: SeDebugPrivilege 384 tasklist.exe Token: SeDebugPrivilege 644 tasklist.exe Token: SeDebugPrivilege 3500 taskkill.exe Token: SeDebugPrivilege 3948 tasklist.exe Token: SeDebugPrivilege 1676 powershell.exe Token: SeIncreaseQuotaPrivilege 3548 WMIC.exe Token: SeSecurityPrivilege 3548 WMIC.exe Token: SeTakeOwnershipPrivilege 3548 WMIC.exe Token: SeLoadDriverPrivilege 3548 WMIC.exe Token: SeSystemProfilePrivilege 3548 WMIC.exe Token: SeSystemtimePrivilege 3548 WMIC.exe Token: SeProfSingleProcessPrivilege 3548 WMIC.exe Token: SeIncBasePriorityPrivilege 3548 WMIC.exe Token: SeCreatePagefilePrivilege 3548 WMIC.exe Token: SeBackupPrivilege 3548 WMIC.exe Token: SeRestorePrivilege 3548 WMIC.exe Token: SeShutdownPrivilege 3548 WMIC.exe Token: SeDebugPrivilege 3548 WMIC.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2856 wrote to memory of 4940 2856 RippleSpoofer.exe 94 PID 2856 wrote to memory of 4940 2856 RippleSpoofer.exe 94 PID 4940 wrote to memory of 4876 4940 msedge.exe 95 PID 4940 wrote to memory of 4876 4940 msedge.exe 95 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 2104 4940 msedge.exe 96 PID 4940 wrote to memory of 1608 4940 msedge.exe 97 PID 4940 wrote to memory of 1608 4940 msedge.exe 97 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 PID 4940 wrote to memory of 556 4940 msedge.exe 98 -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 4344 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@ripple92⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb213a46f8,0x7ffb213a4708,0x7ffb213a47183⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:83⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:13⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1730578732429029788,7718376635075180444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:13⤵PID:1936
-
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill" /F /IM explorer.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2212
-
-
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"2⤵
- Executes dropped EXE
PID:3164 -
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\mac.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3968 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"4⤵PID:2652
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵PID:1172
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵
- Suspicious use of AdjustPrivilegeToken
PID:2596
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"4⤵PID:4156
-
C:\Windows\system32\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""4⤵
- Hide Artifacts: Hidden Files and Directories
PID:4056 -
C:\Windows\system32\attrib.exeattrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"5⤵
- Views/modifies file attributes
PID:4344
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"4⤵PID:4376
-
C:\Windows\system32\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4876"4⤵PID:3624
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 48765⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"4⤵PID:1832
-
C:\Windows\system32\cmd.execmd.exe /c chcp5⤵PID:1840
-
C:\Windows\system32\chcp.comchcp6⤵PID:2420
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"4⤵PID:4076
-
C:\Windows\system32\cmd.execmd.exe /c chcp5⤵PID:2456
-
C:\Windows\system32\chcp.comchcp6⤵PID:3700
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵PID:3688
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"4⤵
- Clipboard Data
PID:3656 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Get-Clipboard5⤵
- Clipboard Data
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "netsh wlan show profiles"4⤵
- System Network Configuration Discovery: Wi-Fi Discovery
PID:5108 -
C:\Windows\system32\netsh.exenetsh wlan show profiles5⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
PID:3672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"4⤵
- Network Service Discovery
PID:212 -
C:\Windows\system32\systeminfo.exesysteminfo5⤵
- Gathers system information
PID:3564
-
-
C:\Windows\system32\HOSTNAME.EXEhostname5⤵PID:3296
-
-
C:\Windows\System32\Wbem\WMIC.exewmic logicaldisk get caption,description,providername5⤵
- Collects information from the system
- Suspicious use of AdjustPrivilegeToken
PID:3548
-
-
C:\Windows\system32\net.exenet user5⤵PID:2156
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user6⤵PID:4568
-
-
-
C:\Windows\system32\query.exequery user5⤵PID:4888
-
C:\Windows\system32\quser.exe"C:\Windows\system32\quser.exe"6⤵PID:348
-
-
-
C:\Windows\system32\net.exenet localgroup5⤵PID:4744
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup6⤵PID:4284
-
-
-
C:\Windows\system32\net.exenet localgroup administrators5⤵PID:2248
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators6⤵PID:3676
-
-
-
C:\Windows\system32\net.exenet user guest5⤵PID:4156
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user guest6⤵PID:452
-
-
-
C:\Windows\system32\net.exenet user administrator5⤵PID:2260
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user administrator6⤵PID:2480
-
-
-
C:\Windows\System32\Wbem\WMIC.exewmic startup get caption,command5⤵PID:3332
-
-
C:\Windows\system32\tasklist.exetasklist /svc5⤵
- Enumerates processes with tasklist
PID:3772
-
-
C:\Windows\system32\ipconfig.exeipconfig /all5⤵
- Gathers network information
PID:3008
-
-
C:\Windows\system32\ROUTE.EXEroute print5⤵PID:2020
-
-
C:\Windows\system32\ARP.EXEarp -a5⤵
- Network Service Discovery
PID:644
-
-
C:\Windows\system32\NETSTAT.EXEnetstat -ano5⤵
- System Network Connections Discovery
- Gathers network information
PID:4376
-
-
C:\Windows\system32\sc.exesc query type= service state= all5⤵
- Launches sc.exe
PID:4084
-
-
C:\Windows\system32\netsh.exenetsh firewall show state5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:1828
-
-
C:\Windows\system32\netsh.exenetsh firewall show config5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:3560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵PID:4100
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵PID:4016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵PID:1212
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵PID:768
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"2⤵
- Executes dropped EXE
PID:2608 -
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\randomizer.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1548
-
-
-
C:\Users\Admin\AppData\Local\Temp\TempAppFiles\21902902190121290mc.exe"C:\Users\Admin\AppData\Local\Temp\TempAppFiles\21902902190121290mc.exe"2⤵
- Executes dropped EXE
PID:5056 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c WMIC PATH WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER=TRUE CALL DISABLE >nul 2>&13⤵PID:2488
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PATH WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER=TRUE CALL DISABLE4⤵PID:3472
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x324 0x49c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1568
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4364
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
3System Information Discovery
6System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD521d02c50446ce7e69e0b61a74e25b2de
SHA14e4e79b1951b6cbdd78131e68b61e36ba16045b3
SHA256a179b27129547de8e47f7e214b6bde5337bca7f3ce91fcf1808013fe3378cf9a
SHA512a1442d495688c1c2b6e9f430f6c0cac507fbb0401eadda597415417f77fce1d1ef7de8a775740db60ff54b4d862e015bf1a0d4788b71151c56120033eee82973
-
Filesize
1KB
MD54e9f71aed77abf00c0aa9ba793e8698f
SHA189c353b7bcffc846528fa8650b48ede3b3d98b22
SHA25621af31f98c5fd84f487576757b5e432a154c6334f4553fd954da25435a493f13
SHA51264d84e6e0d927b069e4b6f4a1565672463fa64112b35a4907dded98bc3ff0c787c135c87c08e1a34ab05289feffc65522da6b159dd28ad3f2512a48ffb18e994
-
Filesize
5KB
MD52d568c1c9f29e2fc403999c56d689179
SHA1b889dcd78c8ef34b3d0032804bd6afb4271b0df9
SHA25642dea03636ea9be16830d1a316703701753447c609cf7cb1996d14817318bee3
SHA51207619c1ae918347029c591ce6c5c3f91ed744b8fd704ccf2dcd3ac6c8fefff0fcdaa04fcaff73b92bff58dafe784a0b4a729c4b43c4b397f94680a42364e7dac
-
Filesize
6KB
MD539fc6ae49a6cdd497571b8e70eaacabd
SHA143b6c5ece22f17847e0749be4c6117cb1cddc171
SHA256f28eb8a4cf353ccfdf04f0f5b3483195fb6a9c2a2e874a80b8de30a1a80d016d
SHA51281e6d0e28cc17289969cf305b38b1508744070f42423d5898a2a4dc927e34075dab1b6eaf2727e3845fb69fdfbefe1b16a2c45f960b1ee3722d2698413296c0d
-
Filesize
10KB
MD5584f7c298e31fd853b1481f5638aec15
SHA10349df8f88401df6c3d4a3f25b63e5849f6d2cf4
SHA25619d66fd3724b96ba23ecafbffbfdaf27a92588cb7e19e2c265a2a26d594881b0
SHA512534960ce7e91355228a7ef5facd97810af84230befa3b9b06f3115d7467e1a19e64cb7062278fd9479f62a9ab771c26c9b2a6ca02a0e8bf7787bea90364a8878
-
Filesize
124KB
MD5b3bcdc1db20a601d23f5e00188d4d7fa
SHA1d6af8c96e75315f30c07bcb12279cfb706f60129
SHA256bfec2fbfdb5bd631b56c6c6a6acfb85d92966324cf0596de15eb28be4c36cef2
SHA51247ae827bfc1d6588c46d745b05af4aa5ae6a1f6dfbece66015af5ad0f1d8e75d52497b1481d1644f84363aecb60b4a67d9aa9c53741d03892f8b64ad3f47ffdc
-
Filesize
522KB
MD5d62faa0cfdaf9fcaf4955cd6cca496da
SHA16d54147959451002d9317dd1019bfdb789cca57c
SHA256ab9ec82b74107e5d59948d1b1366d099ee537b2461974116e014d263442b1040
SHA512c94811edee72ffb9f7194ea1aea0ab438f6ed186fe22d486849abcfd5118075edbe249523be89b16edc6c65767b9bb63994a0977f6f0bbe9d1df444423a91232
-
Filesize
13KB
MD56016bd55ad4cd7aa0a2867ef35bbde02
SHA1cf1d6557327b2291d3137556a4b843f55a0e50cd
SHA2568306a2d4d65914537e6fe8f4b7eaa36c2937c345d9a06a4d7027b0db431381e7
SHA512ff6ac3cf86f5b120e3c41ed814cc2c0689a227721619e569a2d8c83391c72a2fea2b3899f1237e543adae8fd1fa18bf5d64e8695b3a9f43f9301388e971397bb
-
Filesize
9KB
MD5e6e51b485d9b419eeadda7caf4fe9456
SHA1c32f015afb0501ad2231dea86156aa09891e21da
SHA256fac0e9cd2ab2abe8e4a76ca8124f10f1f3b889ee5f041d826982b4497482faed
SHA5129932cfa26636845e412b94aad36ddb77948fc08d5149222c2b79b1bfceb5012a7bc3e517bee5624615eacb5554c18d453bfa6dd94cf058bb1c71a24565edb2a7
-
Filesize
14KB
MD5f2ef7d262b2096c644d9a9484f7c76ee
SHA10aa95f3aed42423badc4d5f21403e361156ef4fd
SHA256cb40dfadb4d5bb2e3a47ea0f9dc7b5b120fc2188279a13480ef1617ab61accdf
SHA512851f4bb84adb9f2d4135428a569fcae3da8ca04d60ae77b76be20f6ab2faa3480b1c61f5e7881384cf13512cf04bc8dbe2ec1501feaefdbe48f7fd7497f471e0
-
Filesize
14KB
MD53452fe6e02b630c0cf1086fb6f7f50d0
SHA146506d5f7a50663d05c88517a87038a75f38b6d9
SHA256b8202936dd9bf1668f136a6847c44107f47f821d434233790567113277953d11
SHA5120f8c54843cab6f9077f4654fb5dd0e49108c0461e71e387debe871b776cab7d2b39ab70aaba1a60d48eb8cb7957ac1d5aaf16a7a2178b1b015452ee97ff568b3
-
Filesize
510KB
MD550c0ff348630d3aa7d84b35c94b572ce
SHA1da50f381efd15254797fe91876d53a772d522ec3
SHA2560c75280759e016bbbc0550d2038150ba609a6fe7ec5c1b868f1058cf675e1020
SHA51290e5ddb30aae415565a80b5e2097e563d9e0a857c23eb4634d8cc5d623be0ff37be95ab659d301ed9fed8bcfb9f56b8cb4ccefcf1da576852d7a514055cb6f69
-
Filesize
315KB
MD541fc9a5bffbf03ceec872917b687e45e
SHA1f756b229264bf4d1d005a03376c1c5e67fc352e2
SHA256fe1934637947eb88a862649355dcf7a235bfe6cc1889699f07efa41542ba7028
SHA5124e2099cd0f4ff77ddafefa3676165753df474d2571b26690ba6a1aaa629419e8354d0f96b16d26e9c9c0b514d5ae38d16592279e1acd7f0d7fc32629b400d133
-
Filesize
330KB
MD587647a208bdd6a339e89ab1c94a763f7
SHA17232740ce66ee2cfc90e8f6ba995b729d490e431
SHA256f202450bf7bed93088c26efb3a6e06bb1d1fd2d25426857a41f91d3a0514a894
SHA5129012aba8e9dff64dcb0280dee9f767e453205e1a34fe6385af2246cadb34732b762d28d17a0e6330f6902ed8cdda5f1847fd73dcaf791090cbe7815e454ba275
-
Filesize
435KB
MD5642b0f8202e578313736961a5cb038a2
SHA1f8891dd74424deb48951a994bb0189aad23e97e1
SHA25649e4d28cbb167ce4c7d82824db05e6dfa8e4fe7bd09832598a7a43f4a5a51825
SHA512bcb37f5874a8f60e4b979319806f33a8e71e939f6bb1198e3e32c396379341266ae99062639cfd7d4fcf455501eefcc31f7595a2121e380e3fa8d46f12adabad
-
Filesize
705KB
MD536aff477c51f71f5e71e649e35e4e896
SHA195e13b10921f5910dfd18740890e16b6f1240f97
SHA256f0c14f98ef22fff906d05ec275a569b590cee77ad3eadf3f2d5fff5ececef7ea
SHA512c3d5479c36a8aeb7094402eba990331f2701ca08f75db7a914e025490fed9a2c38ae26efb04bdc44d8103ec8a6dcc0717ab95a4a6d13d22c16e81bca0490fd10
-
Filesize
555KB
MD55ba96cdb69e90d09f2b1dd2ffc26cae6
SHA1b67fad831c5d375c52fd09dc3b32899652974dbc
SHA2569177ae8b6290a6d4a3f23e8a4f5a5c67e62bd83fcf203384efa9df8162ce3e25
SHA512c211888637b658050e40ae98fa5ba18fb07cf002dee474c231fa02c5b6dd483c74ff240e640ca9bc3889aa8bd2517216ef515b1fee909b2d4d8d20f92c4b7b96
-
Filesize
399KB
MD5b0d28baea9928d0cfdc12ff7e9e151a7
SHA1eaf5126e6a03802861dfdc4c202d4370e96e1be4
SHA256a7f1a7be2a4c70bc830aecb72811adb46f10ebc600e7ccf4bbddfaa534dec184
SHA5125806d190cd2009f002dc5fe3a456d0756ec4026f8c39b402b4e1a0186881a1ef66ed2a5610a7a937edeca766e50611724471076a65923a2a4d764ecc82b872cd
-
Filesize
407KB
MD5ae48bd76da2b2fb8f6e9a7f58963b405
SHA14729b0e56305d767028b51ae45eefdbd01c44756
SHA256fe2aadc64d427f3e92b898dbfb16094e61f9ff13aa6bfc4de34cef668bbfa759
SHA5120d2203797a417efcbfbc3c40a7081317d2406f5f1e7a56cdae0d9b0720361633589f47beea176958ace98904f2247e600b66207e6b62b52e6116b0a9abb92fb0
-
Filesize
185KB
MD56bc25cbc22b363e0cfa8f803cae9346c
SHA1ce121e1d7f3facd452292262c41337f8097aa6b2
SHA25626871bf3d84c254942a36e82ad7a6c9a3f2788007c83166cf099f6623cd6402b
SHA51250d8657f0bf6318f4b2df7a384f396d18a3adcc9c6d93c3216ca6a778e7c79dd6109ebee39d624d0a0f821803f658a2b38eb22d1e3fce62228bcc182d816b83d
-
Filesize
366KB
MD546dfe57d8a563cd7fc203b77a568f1b9
SHA16dccb3c3b0f29f983c2706921ab09b935009d5c4
SHA256e6f6947248cd62529a5878b7d8ee64291020a6f9781432ac86f0ba17c725a7a3
SHA512dfc90183367efb5ece7acc53f6c94a4f1cadf7588dec5da9bbb70e079e1cff15c184aca808cea0d68c491f3fa643b9a5b603401d9a06f9b11ae77fcad4f3785a
-
Filesize
374KB
MD527dfb14f8aa61d03d7a0f48d3ea497f9
SHA17b5f98550cfb929d57da68c1c89ca3a2d4137264
SHA25696b2f7f6329d9c089d9d3f88d1731cf32209d669af927cf6103bf8e00a58c32f
SHA512ab2f334601dbab5f6c4a342bd45337bf993a9c443ca7b4d646f136c85768abac179fbf122a6957d02196790839fcc832f024a1accec20443ab47b11f27cd7449
-
Filesize
390KB
MD57f8a44ceaad56eed424cdc5059417999
SHA14d6fa4124f1b0de5f8d865734befd7995d8df911
SHA2565310e72699ad1f08499551ba6cdd6691c48b6f7a97702d38f3636a07cf1b2e05
SHA512d9a6de7850c1c96a9682e0df5bf0527fc3ce1e0af1540b8c07ded2078cb0838642bd9124e04a592c431671f1309435870f6409265ac18a25fad6fbd42a787b95
-
Filesize
292KB
MD58440ce0d44015782bafc926afb9c319a
SHA15935899d422413d72665f191214d2c20cacfa8c7
SHA2567f9f176ec36b17e55330b8a6e45c10f4bf57788e34a472c88217d542ce07945b
SHA5122a327a74ecbd1674bae5f77eae50f0e583e329a2e764329028fba665b9f4bf3c325279b5a984424bfcefb2c4c1c820f63ecba21296f95f96080617f0c5882e51
-
Filesize
440KB
MD5f7154aedc1509a7a4bc9eb1b03d674f0
SHA199a3382689925cb70871269c9ec678d3061748a1
SHA256e8b9c3460a2054b14704c2e1daa94e60b05a7dadf798830e74744429c8706250
SHA5127aef4b45d99d42a5b01f0ede25fa83a8aba7c68d77a821081c3ba5bd344282e32772c2cd102a0d0c7eb16fe37c7a7652c1d4c27af26d7c5974f8c996abdad5bf
-
Filesize
864KB
MD53bf479cccad3e40cfd165bc42d482082
SHA19a66e2022b72fec9dccfb9e87bccc2f3ca8840eb
SHA256c3b9f09ca979808e37e56187dbde8a2d4afbb11259eaf715c10e87c46c6c09e5
SHA512e4113569463eb8aa2fb14ef1042332c7c474980c3eab34180c8b444ca477cba6f3c1cac117a84b4932f6a270546a0456570e1d036fa7a8d2e1dd6d475376d3a0
-
Filesize
24KB
MD5a51464e41d75b2aa2b00ca31ea2ce7eb
SHA15b94362ac6a23c5aba706e8bfd11a5d8bab6097d
SHA25616d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f
SHA512b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff
-
Filesize
255KB
MD592b05a3a0f6b672db7ad7d963cdd672e
SHA158a083ac613c8133f25e8ffafe7fb3c1e3807a14
SHA256adf2de34a573abbb5a05d63a0fa0b0c9fe426c5aabb06fb6edf396903a188988
SHA5121813895267c8db3fd6196f13919aac091b17e5fa3767b0a0ccbee942a1a3d423fbdefc0fb1a92cfb537281453aa8293489ce4e89d1ee679dba49f319d15c21b9
-
Filesize
697KB
MD51a8e8915c9fb88fdee29f6d68ab36d76
SHA1dbfdb14b7cefd55f727f496fca390e1b0b148573
SHA256a5ad814096e8c2fd4ba9cd33e47d1822ba60ac6c32600840eee537bec335a5ea
SHA512c25b6a8c0d989a34cb7c217679fedaf275e7004edd02682940fcf6c4886a3f9308e6b859f295356782d3ea7e6321786eff4f5cec02e7dafbc986a5eb53ad4c3e
-
Filesize
11.6MB
MD5d08d717e2e79f16ae07a0f1e188df907
SHA1b25f509e2e40a7b2f51d5772daeb0308c20831c2
SHA25660520faf79ce1ed233d167dfa2c0f5d4d78dbc792309e218ff3a3ff362a84cdc
SHA512ff311037a90f031e33364dae40a8555150e71ef39f367f7055740dfe9244604b66b96fec149971a435e9ab6724aa89eef4e68f9f78cb0392550732f9244e2937
-
Filesize
96KB
MD5f12681a472b9dd04a812e16096514974
SHA16fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA5127d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
-
Filesize
57KB
MD5b4c41a4a46e1d08206c109ce547480c7
SHA19588387007a49ec2304160f27376aedca5bc854d
SHA2569925ab71a4d74ce0ccc036034d422782395dd496472bd2d7b6d617f4d6ddc1f9
SHA51230debb8e766b430a57f3f6649eeb04eb0aad75ab50423252585db7e28a974d629eb81844a05f5cb94c1702308d3feda7a7a99cb37458e2acb8e87efc486a1d33
-
Filesize
21KB
MD5e8b9d74bfd1f6d1cc1d99b24f44da796
SHA1a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452
SHA256b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59
SHA512b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27
-
Filesize
21KB
MD5cfe0c1dfde224ea5fed9bd5ff778a6e0
SHA15150e7edd1293e29d2e4d6bb68067374b8a07ce6
SHA2560d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e
SHA512b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000
-
Filesize
21KB
MD533bbece432f8da57f17bf2e396ebaa58
SHA1890df2dddfdf3eeccc698312d32407f3e2ec7eb1
SHA2567cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e
SHA512619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5
-
Filesize
21KB
MD5eb0978a9213e7f6fdd63b2967f02d999
SHA19833f4134f7ac4766991c918aece900acfbf969f
SHA256ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e
SHA5126f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63
-
Filesize
25KB
MD5efad0ee0136532e8e8402770a64c71f9
SHA1cda3774fe9781400792d8605869f4e6b08153e55
SHA2563d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed
SHA51269d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852
-
Filesize
21KB
MD51c58526d681efe507deb8f1935c75487
SHA10e6d328faf3563f2aae029bc5f2272fb7a742672
SHA256ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2
SHA5128edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1
-
Filesize
18KB
MD5bfffa7117fd9b1622c66d949bac3f1d7
SHA1402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA2561ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f
-
Filesize
21KB
MD5e89cdcd4d95cda04e4abba8193a5b492
SHA15c0aee81f32d7f9ec9f0650239ee58880c9b0337
SHA2561a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238
SHA51255d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e
-
Filesize
21KB
MD5accc640d1b06fb8552fe02f823126ff5
SHA182ccc763d62660bfa8b8a09e566120d469f6ab67
SHA256332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f
SHA5126382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe
-
Filesize
21KB
MD5c6024cc04201312f7688a021d25b056d
SHA148a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd
SHA2568751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500
SHA512d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47
-
Filesize
21KB
MD51f2a00e72bc8fa2bd887bdb651ed6de5
SHA104d92e41ce002251cc09c297cf2b38c4263709ea
SHA2569c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142
SHA5128cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a
-
Filesize
21KB
MD5724223109e49cb01d61d63a8be926b8f
SHA1072a4d01e01dbbab7281d9bd3add76f9a3c8b23b
SHA2564e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210
SHA51219b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c
-
Filesize
21KB
MD53c38aac78b7ce7f94f4916372800e242
SHA1c793186bcf8fdb55a1b74568102b4e073f6971d6
SHA2563f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d
SHA512c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588
-
Filesize
21KB
MD5321a3ca50e80795018d55a19bf799197
SHA1df2d3c95fb4cbb298d255d342f204121d9d7ef7f
SHA2565476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f
SHA5123ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a
-
Filesize
21KB
MD50462e22f779295446cd0b63e61142ca5
SHA1616a325cd5b0971821571b880907ce1b181126ae
SHA2560b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e
SHA51207b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe
-
Filesize
21KB
MD5c3632083b312c184cbdd96551fed5519
SHA1a93e8e0af42a144009727d2decb337f963a9312e
SHA256be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125
SHA5128807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4
-
Filesize
21KB
MD5517eb9e2cb671ae49f99173d7f7ce43f
SHA14ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab
SHA25657cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54
SHA512492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be
-
Filesize
21KB
MD5f3ff2d544f5cd9e66bfb8d170b661673
SHA19e18107cfcd89f1bbb7fdaf65234c1dc8e614add
SHA256e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f
SHA512184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad
-
Filesize
21KB
MD5a0c2dbe0f5e18d1add0d1ba22580893b
SHA129624df37151905467a223486500ed75617a1dfd
SHA2563c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f
SHA5123e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12
-
Filesize
21KB
MD52666581584ba60d48716420a6080abda
SHA1c103f0ea32ebbc50f4c494bce7595f2b721cb5ad
SHA25627e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328
SHA512befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c
-
Filesize
21KB
MD5225d9f80f669ce452ca35e47af94893f
SHA137bd0ffc8e820247bd4db1c36c3b9f9f686bbd50
SHA25661c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232
SHA5122f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b
-
Filesize
21KB
MD51281e9d1750431d2fe3b480a8175d45c
SHA1bc982d1c750b88dcb4410739e057a86ff02d07ef
SHA256433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa
SHA512a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77
-
Filesize
21KB
MD5fd46c3f6361e79b8616f56b22d935a53
SHA1107f488ad966633579d8ec5eb1919541f07532ce
SHA2560dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df
SHA5123360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b
-
Filesize
21KB
MD5d12403ee11359259ba2b0706e5e5111c
SHA103cc7827a30fd1dee38665c0cc993b4b533ac138
SHA256f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781
SHA5129004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0
-
Filesize
21KB
MD50f129611a4f1e7752f3671c9aa6ea736
SHA140c07a94045b17dae8a02c1d2b49301fad231152
SHA2562e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f
SHA5126abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae
-
Filesize
21KB
MD5d4fba5a92d68916ec17104e09d1d9d12
SHA1247dbc625b72ffb0bf546b17fb4de10cad38d495
SHA25693619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5
SHA512d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8
-
Filesize
25KB
MD5edf71c5c232f5f6ef3849450f2100b54
SHA1ed46da7d59811b566dd438fa1d09c20f5dc493ce
SHA256b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc
SHA512481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a
-
Filesize
21KB
MD5f9235935dd3ba2aa66d3aa3412accfbf
SHA1281e548b526411bcb3813eb98462f48ffaf4b3eb
SHA2562f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200
SHA512ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246
-
Filesize
21KB
MD55107487b726bdcc7b9f7e4c2ff7f907c
SHA1ebc46221d3c81a409fab9815c4215ad5da62449c
SHA25694a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade
SHA512a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa
-
Filesize
21KB
MD5d5d77669bd8d382ec474be0608afd03f
SHA11558f5a0f5facc79d3957ff1e72a608766e11a64
SHA2568dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8
SHA5128defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3
-
Filesize
21KB
MD5650435e39d38160abc3973514d6c6640
SHA19a5591c29e4d91eaa0f12ad603af05bb49708a2d
SHA256551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0
SHA5127b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e
-
Filesize
29KB
MD5b8f0210c47847fc6ec9fbe2a1ad4debb
SHA1e99d833ae730be1fedc826bf1569c26f30da0d17
SHA2561c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7
SHA512992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c
-
Filesize
21KB
MD5272c0f80fd132e434cdcdd4e184bb1d8
SHA15bc8b7260e690b4d4039fe27b48b2cecec39652f
SHA256bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d
SHA51294892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4
-
Filesize
25KB
MD520c0afa78836b3f0b692c22f12bda70a
SHA160bb74615a71bd6b489c500e6e69722f357d283e
SHA256962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc
SHA51265f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16
-
Filesize
25KB
MD596498dc4c2c879055a7aff2a1cc2451e
SHA1fecbc0f854b1adf49ef07beacad3cec9358b4fb2
SHA256273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d
SHA5124e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304
-
Filesize
25KB
MD5115e8275eb570b02e72c0c8a156970b3
SHA1c305868a014d8d7bbef9abbb1c49a70e8511d5a6
SHA256415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004
SHA512b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca
-
Filesize
21KB
MD5001e60f6bbf255a60a5ea542e6339706
SHA1f9172ec37921432d5031758d0c644fe78cdb25fa
SHA25682fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945
SHA512b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf
-
Filesize
21KB
MD5a0776b3a28f7246b4a24ff1b2867bdbf
SHA1383c9a6afda7c1e855e25055aad00e92f9d6aaff
SHA2562e554d9bf872a64d2cd0f0eb9d5a06dea78548bc0c7a6f76e0a0c8c069f3c0a9
SHA5127c9f0f8e53b363ef5b2e56eec95e7b78ec50e9308f34974a287784a1c69c9106f49ea2d9ca037f0a7b3c57620fcbb1c7c372f207c68167df85797affc3d7f3ba
-
Filesize
1.4MB
MD583d235e1f5b0ee5b0282b5ab7244f6c4
SHA1629a1ce71314d7abbce96674a1ddf9f38c4a5e9c
SHA256db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0
SHA51277364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f
-
Filesize
1.1MB
MD586cfc84f8407ab1be6cc64a9702882ef
SHA186f3c502ed64df2a5e10b085103c2ffc9e3a4130
SHA25611b89cc5531b2a6b89fbbb406ebe8fb01f0bf789e672131b0354e10f9e091307
SHA512b33f59497127cb1b4c1781693380576187c562563a9e367ce8abc14c97c51053a28af559cdd8bd66181012083e562c8a8771e3d46adeba269a848153a8e9173c
-
Filesize
24KB
MD5decbba3add4c2246928ab385fb16a21e
SHA15f019eff11de3122ffa67a06d52d446a3448b75e
SHA2564b43c1e42f6050ddb8e184c8ec4fb1de4a6001e068ece8e6ad47de0cc9fd4a2d
SHA512760a42a3eb3ca13fa7b95d3bd0f411c270594ae3cf1d3cda349fa4f8b06ebe548b60cd438d68e2da37de0bc6f1c711823f5e917da02ed7047a45779ee08d7012
-
Filesize
203KB
MD56cd33578bc5629930329ca3303f0fae1
SHA1f2f8e3248a72f98d27f0cfa0010e32175a18487f
SHA2564150ee603ad2da7a6cb6a895cb5bd928e3a99af7e73c604de1fc224e0809fdb0
SHA512c236a6ccc8577c85509d378c1ef014621cab6f6f4aa26796ff32d8eec8e98ded2e55d358a7d236594f7a48646dc2a6bf25b42a37aed549440d52873ebca4713e
-
Filesize
86KB
MD5fe0e32bfe3764ed5321454e1a01c81ec
SHA17690690df0a73bdcc54f0f04b674fc8a9a8f45fb
SHA256b399bff10812e9ea2c9800f74cb0e5002f9d9379baf1a3cef9d438caca35dc92
SHA512d1777f9e684a9e4174e18651e6d921ae11757ecdbeb4ee678c6a28e0903a4b9ab9f6e1419670b4d428ee20f86c7d424177ed9daf4365cf2ee376fcd065c1c92d
-
Filesize
64KB
MD534e49bb1dfddf6037f0001d9aefe7d61
SHA1a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA2564055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856
-
Filesize
1.6MB
MD5db09c9bbec6134db1766d369c339a0a1
SHA1c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b
SHA256b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79
SHA512653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45
-
Filesize
992KB
MD50e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA14189f4459c54e69c6d3155a82524bda7549a75a6
SHA2568a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82