Resubmissions
30-01-2025 12:19
250130-phpr9ssqbj 1031-12-2024 22:15
241231-16gx4svker 1003-08-2024 16:41
240803-t65kvaygnq 1003-08-2024 08:45
240803-kn1dqssgqh 10Analysis
-
max time kernel
236s -
max time network
238s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
31-12-2024 22:15
General
-
Target
https://www.soft-got.org/adobephotoshop
Malware Config
Extracted
amadey
5.03
9c0a5d
http://185.208.158.116
http://185.209.162.226
http://zapsnn.com
-
install_dir
cdf9d60151
-
install_file
Gxtuum.exe
-
strings_key
5866d84c2de724a41612b3c391bae33f
-
url_paths
/bVoZEtTa1/index.php
/bVoZEtTa2/index.php
/bVoZEtTa3/index.php
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Start PowerShell.
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.soft-got.org/adobephotoshop1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffaa384cc40,0x7ffaa384cc4c,0x7ffaa384cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1912 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2160 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2424 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3132 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,5592121916078711475,3352374167248813844,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5084 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\Launcher.exe"C:\Users\Admin\Desktop\Launcher.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\services\Launhcer.exe"C:\Users\Admin\AppData\Roaming\services\Launhcer.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "$AdminRightsRequired = $true function Get-Win { while ($true) { # if ($AdminRightsRequired) { # try { Start-Process -FilePath '.\data\Launcher.exe' -Verb RunAs -Wait # break } catch { Write-Host 'Error 0xc0000906' } } else { # break } } } Get-Win"3⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe"C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath $env:ProgramData, $env:AppData, $env:SystemDrive\ "5⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Roaming\services\winrar.exe"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\01 C:\Users\Admin\AppData\Roaming\services5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Users\Admin\AppData\Roaming\services\plugin342C:\Users\Admin\AppData\Roaming\services\plugin3425⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\services\plugin342"C:\Users\Admin\AppData\Roaming\services\plugin342"6⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\10000030111\d9fa3c2e42.dll, Main7⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\CiscoUpdater0009901.dll",EntryPoint /f & exit6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\CiscoUpdater0009901.dll",EntryPoint /f7⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Users\Admin\AppData\Roaming\services\winrar.exe"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\02 C:\Users\Admin\AppData\Roaming\services\data5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Users\Admin\AppData\Roaming\services\data\2plugin4325C:\Users\Admin\AppData\Roaming\services\data\2plugin43255⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\services\data\2plugin4325"C:\Users\Admin\AppData\Roaming\services\data\2plugin4325"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --restore-last-session7⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1fc,0x228,0x7ffaa384cc40,0x7ffaa384cc4c,0x7ffaa384cc588⤵
-
-
-
-
-
C:\Users\Admin\AppData\Roaming\services\plugin342C:\Users\Admin\AppData\Roaming\services\plugin3425⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\services\plugin342"C:\Users\Admin\AppData\Roaming\services\plugin342"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\CiscoUpdater0009901.dll",EntryPoint /f & exit6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\CiscoUpdater0009901.dll",EntryPoint /f7⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /K rd /s /q "C:\Users\Admin\AppData\Roaming\services" & EXIT5⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\Launcher.exe"C:\Users\Admin\Desktop\Launcher.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Desktop\Launcher.exe"C:\Users\Admin\Desktop\Launcher.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Desktop\Launcher.exe"C:\Users\Admin\Desktop\Launcher.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5261dabaea2a8efa21a944535be5ec758
SHA1e4d65271fd4764a09a20308f63d1c5d4afc86908
SHA2562ba1d25ce94fb821c5ee67f97ca9fd59721cb45823aabaaf2b2a9f90276d9a9d
SHA51212227eb73e953cddba5b75f470a742c42dafbe2fff33b4bd549b046179d8d7889b28f820623346c3043363944fc777168e801be3c1a0b83eebe7aee13e4a9b84
-
Filesize
649B
MD5a3abbbfe22826f661d1a621fc42cfd08
SHA12ea52afd5f588314ad805672398c1372025413db
SHA256eb5c5f55ac883dc49e2fee86780fdff851bb2a0be53c2f8aea296a2e3860718b
SHA512ebbca679ab86925954583cf190193f8e54f23f7c9f62888de6da141a2143f31a10fcd2fe29d274a150e9f30cd6bbe4b7af417b099cb1fc913b2a66c6b542f4f8
-
Filesize
384B
MD5616f8665ed0f80f887db391208d9ee2c
SHA1e15e3e97b582409d414d3b5d700ace5149e1ce96
SHA25615f764730059dddbc8c1199d3b7bfbbee43f3bfd20ba1b056bfa0336dc4bc9d1
SHA512ea6ea2584616a32b29f8a21647a3fe0d9cf95a6b154bfbb59d9e8d8da25f34db0ab713c7488130c031a2feac0451b5d445334085d8cddb94f2e7bed4f8621a70
-
Filesize
2KB
MD5c7075fb2a4ce8e76dda4b71bc11e0472
SHA19e81e25fe07304e4fa03e010041a2a72bdae4414
SHA2565269c549b81787282629f11715208407dbffb887e59d7032dc681c784f3cba80
SHA512b7ea74e9539d7c522d2ebf29e83c1a5a214af6640044e99593d90b2e51cac6a5d0603250f1a1aeb7c989c0ae05753dbded97c67b400bbbc1a3ecdfb4097998a7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
521B
MD563992d076278469ca70be0d6c0f84763
SHA1ba55384767f4943b7e445a237bdee0195446b2c1
SHA256a262715715f81e05d3f93e2b237a0a569566ae588ca8f1fa8441bb0902df0859
SHA51294fa82b645cd9c1f06c61b2690acd95e16067242a96046c2112abeedd9693b3b0206aa6feba12e7a1b48656381aaf02d1bd1650aa24ba04859d917669718365e
-
Filesize
9KB
MD5db11eb3cff0b44d43af6d2cbba87c440
SHA1954e9e4aac5b54b2d9c7707323dffb18f526f71a
SHA256426c71e55e82991f49f5c9a6960aedecf2a410ff679c50817b128a57db8c9003
SHA5127a4235669a5f2604c0c4ad5345eadca1db72e4650bcf3a6715f48a5f2cbc2d651778c07b2c95be51386033e620fd92131a29857397223e2e88b288b5939eb233
-
Filesize
9KB
MD5d0527f43070ca39bd9ba929894a843bf
SHA1d32495894e69cf2b752aa3e355b7b7397ec0b9a8
SHA2562f0df7ca29f49bc16c6dd5a2bf7a892a094ec6ef4e2286d20d502fbd70e06f51
SHA5124f17e03da21b0aa0b75d085384c10f0d2346bab8c5b8a3ac419d0ac4b1cd28f2ff52abb54e2b76553e22e3dbd2f12dcb21e522d6dd6ad0054c10a78683962ca2
-
Filesize
9KB
MD587f230c6056715b7a1a28d27bc318d97
SHA17fe049bd6532b261510c04757bc81360b3a356e6
SHA256424c8cb46443c70eb9ae6c666bffada6dcf6fefc915795f1d146df8fdc23a29d
SHA512d0d4a50cf36d2f0e7e7651fd3cf4d51fb291edbc24a159b981d1c9eb224965318be2c0f4fb166016623c79a9831e936e184890f686e043f6c9b89c0b14c8e975
-
Filesize
9KB
MD536274808df3722354e6f13ab9fb42024
SHA1d58c05c66f0d5b927fbaf07f1dcc11f61b46ac61
SHA2564363d41f207efac034cc0b0c591c6551b2b53ea65de55b3fcd239d97856dda27
SHA5122176697c84ee8fc194e9ca6155302c0020ca2e5ef47ac1c827b3db81f2e2100a487969231b63a3fc0657e8fee085d83932e07064a079528232e234aa5f64785d
-
Filesize
9KB
MD5ebc5ac8f89953e846fde2aa525323a9f
SHA195d982d890b64db6882b0b3b74b2ac1e8b7bdef0
SHA256c542e548224094cbe20c9727e99e09ac6e7db41a6937257064ce7aea42bf3748
SHA51231cada72ead67b70cb99bfb85a25dc1c8f26d1ab3953751c04d5ee5003e7a1486f428c3255dd7ad962e973cd4e3a8c2331f834133a7c947f5fe9913c32d28864
-
Filesize
9KB
MD5c1e37e0ee417d69176291742c75417d2
SHA15ed7ff4549e8f5f8900e3106079c7f15cb759698
SHA256cf6f9c75bafd48c0686eec70da8e42ae76e549b6865df6c3093aba83630c4e2e
SHA512004cb06ed456dfe95d92e0df76097ed2d6a38afc8e594b5194b449fa2d4f23114b14d5395fc1842e93052335759d9851222d5cf7aaceb29f234e41021126495f
-
Filesize
9KB
MD59f8327307d099ea3a6330b0537c217fe
SHA16c5cc3c99c49e9e2015880c9153d1b5808f0cd8f
SHA256b6d01df8fe6bdab064b936204c7673b9fb3af85f351ed4869c26be545cfd8f3c
SHA512583edd86d50dde5ae00c8a1b6cbe1f2c6274c4ab4edd34bd1016c34e0b99a258b94d5a82e79947d1148e4b0b3e0a2ae4498e872ddd24924fc0fca113c51748f2
-
Filesize
106B
MD5de9ef0c5bcc012a3a1131988dee272d8
SHA1fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA2563615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724
-
Filesize
14B
MD5ef48733031b712ca7027624fff3ab208
SHA1da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029
-
Filesize
118KB
MD52f26c11619c34988dd4a2d9d73c40576
SHA10fea3458b01cf7279a4e9744b6abdd42a2ff848d
SHA2562165d9ddc2d306aa1819a0890b6e48c1c0fb713a2621376a8f19fcddb405f006
SHA5129e73b378f7391221c4e2b54cd2b2b9ad893b361257ce830f700094bb0e283e2bc353825637b72938d1ca070251af59ec6e3468a1047e865b9155b9d89c3dbdb8
-
Filesize
118KB
MD51b0435bc70370716e42d5491696bac01
SHA1b034fbc755a1f5111077ecf95dda923b41906a44
SHA25689473d0efcaaa72f5bafefb7ff05d0f5041b098726b232d6466b268b0cd63c70
SHA512bf82242ee7b3beccceecb1c891630c52a0453a07f8a1f8bdc853a20f2b07d3c0a664fdbaac84b4b799abce41d38a014439e7e8fe3a5e9610b08df49c28746358
-
Filesize
17.1MB
MD5ccb0045c8c8ec80b900d1dcf6a5b6edb
SHA18809126f029694ced58492250fefcd5fde7566bf
SHA256c1442e99440a45c13a28e96325f67d97d7b3a586fb968db6ecfde85e844b5341
SHA512c23c2829795f7c038b5d0a6f98239b848ed9d9c99cc5ad1ab2c9c4c2d978d3811d6abc8ba4f3b0cd0c55d114723a6096e2cff3fd203d9092fee780f23cf0aabb
-
Filesize
8.5MB
MD5643b8217e0550d5e21036909d7afb9ea
SHA191b97edbcf5df0e7d1d13eb7f3940019d3a98b02
SHA256f0678e891ae23d18ef3e7af3cc68e142cb0a34bd14a79c6a68331777433b214c
SHA5121489363e72a0d995707a1de123ed7ac11dcb2f1193fcc8184c74fa76985816f688fc783ec2f7c7e87e2e86ad9c7b1e7f04b4b9e474f026b18bec26acfe1d604e
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
12B
MD5fa226216afe866556ea3a91d9fe8c14f
SHA192439d915f800ba484a98eb13fc3c8bc5696ebf5
SHA2560d6f5ae16e387967a0f9aed585ea0a9197529a5b71878f1ec0e39669e95d692e
SHA512ac3ccce64f552a4f690c574b3fa8b6c032caf1e6fe84a58cafa7501dc54519f3264d380c85b7babbc600c29d7a79c80faa2761f1ce9edf6a075d203917ddd3dd
-
Filesize
7.1MB
MD57a04dcd7388b330f4745f8de2bf9605f
SHA1ec746c2dc9b9f1c7667585a1fdc5769389d07b8b
SHA2566683f3e6c27fd2c204f5c5d9c9e202a50b226258a00ec0f4ed75b046be1c6110
SHA512104609c6b0a3ae8d12369d3c684d698bb009b3e849081be8d3c137d85993ae686e671abf1fa607cdc0b51fe21362fcf71cc1982eac8de31297561811eb19b37b
-
Filesize
364KB
MD5e5c00b0bc45281666afd14eef04252b2
SHA13b6eecf8250e88169976a5f866d15c60ee66b758
SHA256542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903
SHA5122bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387
-
Filesize
2.1MB
MD5f59f4f7bea12dd7c8d44f0a717c21c8e
SHA117629ccb3bd555b72a4432876145707613100b3e
SHA256f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4
SHA51244811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c
-
Filesize
3.2MB
MD5fd2f2543267e88ee102de87a6385a1b0
SHA11d23637a34ac33c1f842749877acebd18c70f00b
SHA2563e76a6a04eb32e640a4f2873faf2028703307bb8a2620b94d71c2536b0b6c5fe
SHA512acc5f64688a34482fed7e7d133c435c94df37b0097ebb15c5d1a5631f8101e23cc092a9282f4ff84155c7972009b0b77c23eee38386f56de1e404e1d0e2cddc8
-
Filesize
364KB
MD593fde4e38a84c83af842f73b176ab8dc
SHA1e8c55cc160a0a94e404f544b22e38511b9d71da8
SHA256fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
SHA51248720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
-
Filesize
5.7MB
MD5ce00e40cbce6d3267e210f12e4e87a43
SHA1388d00a34f419646a10de6aa028943892a0461dd
SHA256e2cf5cfcb918abd8a8b65b8e1d6090d975560b81a91dfaac3f8e4d4149caeb06
SHA512874049bcd9af9111111f972018fec5598d1e40bf41d9e4ff491c7b5bd730a25775438038a470655852d1eccf0ec9a1389c46f8c8243aa39edf0947244fdf005e
-
Filesize
2.7MB
MD5a0fab21c52fb92a79bc492d2eb91d1d6
SHA103d14da347c554669916d60e24bee1b540c2822e
SHA256e10f9d22cdbc39874ce875fd8031c3db26f58daf20ee8ae6a82de9ed2dfc7863
SHA512e37d3d09eef103bfe043c74921296c0b8195a3e43a3801340a9953f44f512e81acbc2051f0305a3a3f41bb98cd4587bb65c3b3a96d702b048199d24a120b446e
-
Filesize
31.3MB
MD587e3ee2ac2d951cb0751c20e8f1820c7
SHA133a7863d561226177939bf546919d7aaa5525e76
SHA256b2749a0bb4beca832bf697e8a5971cd8b4376bf9afe637c50a0ee95ee689dc8a
SHA512144b698d58e623f5ac38e025ad01fe9604ffdc1c61ba56c9cb843129096e105ff6a0d2e6949baef087e513307d5d8b5d49126dc7b23b16a22f511e627a88e2da
-
Filesize
600KB
-
Filesize
408KB
-
Filesize
216KB
-
Filesize
6.8MB
-
Filesize
408KB
-
Filesize
136KB
-
Filesize
3.3MB
-
Filesize
5.6MB
-
Filesize
120KB
-
Filesize
136KB
-
Filesize
104KB
-
Filesize
304KB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
6.0MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
9.5MB
-
Filesize
7.1MB
-
Filesize
9.5MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
7.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
120KB
-
Filesize
200KB
-
Filesize
304KB
-
Filesize
652KB
-
Filesize
6.5MB
-
Filesize
40KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
584KB