Analysis
-
max time kernel
96s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
31/03/2025, 19:16
General
-
Target
2025-03-31_5b6e3b7d2caf73aa1c2c3a3074180cca_amadey_black-basta_hijackloader_karagany_luca-stealer_na.exe
-
Size
10.5MB
-
MD5
5b6e3b7d2caf73aa1c2c3a3074180cca
-
SHA1
a7142ce1c661188f78ebaa396c6733ff96948c6b
-
SHA256
fc011459ef77aeee926d4a12108ccb24eeff74f7687a700794e42980491a1417
-
SHA512
0df8ba1966fa90e77e6b582715e0aba70def3060fa570ec7ab34afe672b7ae03e0c530d078398102d3e27664a67e6af963c50d1405521d2cc897886c444e79b8
-
SSDEEP
196608:RPsCqzpQMuKHfeLOrPY9lLhj1WUJC3/pxd/eb1j56ibMMsA8YzOIWwn8NZp79k6N:5sCqzpXPmLO0bLhj1rs/pxd/eb1j0i4h
Malware Config
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings 2 TTPs 8 IoCs
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 28 IoCs
-
Loads dropped DLL 33 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 4 IoCs
-
Modifies registry class 64 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-03-31_5b6e3b7d2caf73aa1c2c3a3074180cca_amadey_black-basta_hijackloader_karagany_luca-stealer_na.exe"C:\Users\Admin\AppData\Local\Temp\2025-03-31_5b6e3b7d2caf73aa1c2c3a3074180cca_amadey_black-basta_hijackloader_karagany_luca-stealer_na.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0001018_1.EXE"C:\Users\Admin\AppData\Local\Temp\0001018_1.EXE"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "SMTP Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp7D1F.tmp"3⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "SMTP Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp7D8D.tmp"3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\CHROMESETUP.EXE"C:\Users\Admin\AppData\Local\Temp\CHROMESETUP.EXE"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Google5084_752616483\bin\updater.exe"C:\Program Files (x86)\Google5084_752616483\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={B332B5FE-BE45-D11A-548C-6400420F2C10}&lang=en&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=23⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Google5084_752616483\bin\updater.exe"C:\Program Files (x86)\Google5084_752616483\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=135.0.7023.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0xb0,0x258,0x27c,0xb8,0x280,0x10a4850,0x10a485c,0x10a48684⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbcc996f38,0x7ffbcc996f44,0x7ffbcc996f505⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2144 /prefetch:35⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2016 /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2528 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3256 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3820 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3084 /prefetch:25⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4552 /prefetch:25⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3196 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5460 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2020,i,15698877015441096700,16918158756462543602,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Program Files\SMTP Subsystem\smtpss.exe1⤵
-
C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe"C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe" --system --windows-service --service=update-internal1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe"C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=135.0.7023.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0xa34850,0xa3485c,0xa348682⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe"C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe" --system --windows-service --service=update1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe"C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=135.0.7023.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0xa34850,0xa3485c,0xa348682⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\134.0.6998.178_chrome_installer.exe"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\134.0.6998.178_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\3b7a3df2-a43a-461b-b54c-ed660a130fa7.tmp"2⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\3b7a3df2-a43a-461b-b54c-ed660a130fa7.tmp"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Program Files directory
- System Network Configuration Discovery: Internet Connection Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7f5669ed8,0x7ff7f5669ee4,0x7ff7f5669ef04⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping636_1375743403\CR_AA4FB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7f5669ed8,0x7ff7f5669ee4,0x7ff7f5669ef05⤵
- Executes dropped EXE
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\134.0.6998.178\elevation_service.exe"C:\Program Files\Google\Chrome\Application\134.0.6998.178\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD5962cc41d4ba39ffcfe4e5b513a8179b2
SHA1b0d05bde9773dc18b5d155e4a19845fd0274d162
SHA256e3eb70a25da3cf0563ebaa3b95622cad7423e447273bc7c779c7466f39eac7a2
SHA512592fa45ee4e156a08302b53fd69ded29fdf118a70cecbd2eac0e3480e029b79c13c10bcfd508fe43ccaf123fa5f78ca265f2982c165034407736590d9ba12742
-
Filesize
40B
MD5f12614f6dbca0e94a3b7f556ed23a058
SHA1ff540224cd48541d4c628a801f6e2d0b2796f282
SHA256f650c3d1b9fd9712ea8c8dc84bd2f221a78d0ad100ed62ce05cb67e295536e33
SHA512c1183c9001d16de480222e082a5e73e048bb82f7651e36b7d13286a0add3e737712fb72aca965009865e16307f80e5f4d3ec66914cc2dbd24929b779587a04f6
-
Filesize
19B
MD5aa2d0c0c72bb528cf4168ea91c1c9a56
SHA167be5a0c29b13b92dd86ba935f605c4ba7eea2cc
SHA256e03e9d262ca3b7d19e37c3a69c7d8b46bd3f5542aa555a17d864071c28257b2c
SHA5126bdb9a72b73f11f7627e6fca0ee1d417201b038cb255d445dd29e5f27de08e99a6c4729c4c893ffe97e4bc1835532879c47cceaa051f07b3cdad06ad17b2d5e7
-
Filesize
489B
MD5f1e03ed32aa9f516733b108dff0d9e15
SHA1ebcbcdbb8f60da3a5cf24101badeace2a1e85683
SHA256a79dbe649b985ddc951a79a36321e23f1be13418421df3139e215a52f7c10f90
SHA512e9285e8b5ac622d210168527b0d745a61ae4d58ffa6ca90c8b39991d3345b168d311ae1863d6b02567af31ce7c3c7530ec413372cb1798c74838298f79392252
-
Filesize
415B
MD5fdf240ff980b7de741e667479401ef58
SHA1fbabce6126c4eb5aca17042f3c27c5ee42ad140c
SHA25698e3f8c9ca9d37240546c3c1f7216e47632db57520d300c5fb990cd1807dab9f
SHA512da619684c56831054ddae08bc6ec4dafba78dc7bfddc7a8dba05b5b91fa986457f560625eb8f2979d7c40cc3423546f34bcf20bb2326207dd91ba8924cee9d69
-
Filesize
589B
MD5e6c901de4e3ddfee6fe78b0551964591
SHA149802ab68357fc81504da3e2ab8313b7d12d97de
SHA256ed5861637be9a1742085b686664e22f86212981bb34d89a7ba07f4182a900b2a
SHA512d8b804e1ebbfcc4f321354c7b5a766f6b0bb6311c0492b46a786250683d09bc0306e08acdf85db99302f2cdd76e80d5c49f12b3a622da432524ee1dcc66f00e5
-
Filesize
414B
MD55e897b4cd24aca6fd9323f6febcfc466
SHA113084801640d3de3048757323f5afd2e3beb388e
SHA25663da2a4d1f916e2542fd059444ac3114c8a118b8732d832994af9d9bdffe6a8c
SHA51273520d31dc3a11c46e8c1e9c6a4adddaf57c819395c4fcd3a2903df69e48c9bd21d712a362f3ac0d5cb5f3c8da9ddbf491c982745d7827ba8e6f7c37d825e534
-
Filesize
22KB
MD554251f94c9f5ff539d943dd655c882a5
SHA1a30319e4e51f8c8cf89bf7d386b14638dec48624
SHA256b5587799641a44d735d5960a34a797b2d623464032cc7a55a632152f629e1f00
SHA5125909413325d8d9e1d4a048eec73b2b7c99ee0e0511d30da3b49716b946be68e3c1113a56d2152653f35d48e5adac77e5945c2e1515d5c802505ad3ebdc6d33de
-
Filesize
23KB
MD531a013e866b53543f43c98c4c24dcd91
SHA166afe0b1953495baa241cde41b7b56486bc8529c
SHA256602cf27dcf1bca20329b9f7354760bb36335cdc63b41b3568c734321c0091e3d
SHA512357d21c6c96860b56a868131243b477e15afa1240ef573458445d2ca7b76b5e4151a27b8059b8bd673202b6fc12774f75a526a195058507706ad41f0c57820cd
-
Filesize
25KB
MD5eb316e34f9c9d5c3ca729209897594f2
SHA10ac3fe37296a536a446adc5055b7b107e7c16fed
SHA2566f04470271cbfef3aaa56b032595c947fd45f402af898bbacc380d68af0f5b88
SHA512edf2c68cab65ac63caef1831772d84613e31848deff84cbd3a4d1bab4c51337cf891e9dd3c6e75f9ba76b249b14b23b809afd912e78bf0871421b414f0c68a7f
-
Filesize
27KB
MD5a7a6a753d7b6bd3478cd0de11b940ccf
SHA142548e10e8ad8b6f2cbcfc45137d5e512359e5c6
SHA256c8731a57019a8503b53f82baebc3b2c5b8da9bec13f0418da4241fd49a198504
SHA512da208b937bcdb39d47e5401d8ab4b5f4135a583c7f2d7bddb87e175ab2c1d761d164e394546c02390ba939f8176d3c71e56833636066b54e09578898757b8c9b
-
Filesize
29KB
MD5559dee2d0e0c84e9643f669e89bf9723
SHA1511a8178d7dc4f4ce796d9c07366b3cba0de8fc0
SHA2564c58f0d79902f5a9f709a56dd782494fc43c07b222d648bf88ff1983070622ab
SHA512f64b1c65e692ea35f6869b89329d5f0b7ccd0f49c335ec5ac4192e137394acb20b29e3b72a17e5cf6457f998ea2d97c7ff66bf672b8d3515c7516f5ba7eea0e0
-
Filesize
31KB
MD5fa3015591eb8a4ce2c2fdd456815daa2
SHA19a59a2fa47522ac501a78490d429611616c61f62
SHA256a2899a49e1f8815400f6c2ddff8cb482ec63b686a55bab3c1a08920deb8f2144
SHA51295be4a104777bba090e796768da4e1622b855c1a776e4a29043671f121ac5b34bd4da8b85010c1ceda33b5f16e394bdb4feabc6f8c0008104c2c016da9299f2d
-
Filesize
695KB
MD58609a96ec26a3d23a8fb339fdd282c42
SHA13cea849a346604223a74b27c874df76f7bbf0ad3
SHA2561b65ba8603cd8bf856936eccb71d9ce43f54d281bf8d52e5d41d7d88d6eee48c
SHA512a280604c27fe4ad2d6ed1d79d3c3b037f225480f7de825f1467f38d4cc4f2b4bf7fc1716202a80136ee93b4341771782b7a642c990a4c29778a3cf5b8ec9a7fb
-
Filesize
6.2MB
MD534c2dfddff8a68e70dff4068fd425bbc
SHA12816c4d729e655315e283b1074b4e3f771afd32a
SHA256f7258147da4412c75f2b665c8c0d59a0c841a19a6bf3a7f2a1e329e3db4a96c6
SHA512ec5ea8ceae64ff86514e7d6df2e15ab5fbe828503acb297987a3d67d5db30d03fdee32f808a937bac9bf982e8422660d5201c05ee08a573b3036338a49ee4e08
-
Filesize
40B
MD51ffb32f341d231eb3a3cea830dea806e
SHA12799a581ab7ac50fb410ef82ab183290249be803
SHA25602f3b9a6f5ff207e1c6cbfcb309bbd1a1c80f3425e91b16d2d85c94088815e55
SHA512f23b407300a2abc3b70a6b2e483e603ea9e5fd70d2217b7dc978df2a13c14c09a99b82bef6ace6141e46bab23c9258ba0ada3418b090b6f50b61544ab0e44c23
-
Filesize
1.6MB
MD5320553eddfbd2ad79942e83570a201bb
SHA1598911a4167ea3e1f3ff32dc5f735eaaa2824f01
SHA256c61014297068640b4fd56234a7813422464e84c5615f7d5c9f2dc6f835366b05
SHA51238173db9015dc4809f81299e390c887d1532c00ddc7ff39f6caa3d14321050ba660210b0b0d775ad452ae18c3d812f75322ce7c73e94bf5776ff0c4d68ab8521
-
Filesize
4.7MB
MD5a7b7470c347f84365ffe1b2072b4f95c
SHA157a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA51283391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
-
Filesize
24.6MB
MD53e3571b1d34abf8946940a815f1df3dc
SHA18fc2d95ae5f3806e87210b976bb2d421ebc90ded
SHA256ebe4015922c44cb5426595d930b0fe753eba401475a33d9e8a977b6b17d1d673
SHA5129b5a7e2d92e440721c187d793318eb4623bf2d120668d97a2fdabe1c4d6c6c2193884724949792e2c64135a59bfc7b373a78d99761fc9bf390927ac1f34ec0e4
-
Filesize
1.4MB
MD530da04b06e0abec33fecc55db1aa9b95
SHA1de711585acfe49c510b500328803d3a411a4e515
SHA256a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68
SHA51267790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08
-
Filesize
493KB
MD51c80b3259deb09c2fa9df94ce39c93d0
SHA114b4dad2b90e9ddd0d61da0a78278921eb1b8fe5
SHA25697d75ac786ab1d7fb202c6dde4caa5d0a5c8b17ffad9cfb0fbb0ee976e123fa4
SHA512e1e24e98a4567ef03e777fa2e330729a8f30597e6fe71c9c47c2180b7c545eaf038265ed24e6943b1787dd6a739f095460208c0c5082e867df88029343d83307
-
Filesize
7.5MB
MD5113ea6dccb4405228e6ba99d4c6ba866
SHA1655ee989d1e5f8f33de4ac1b875760636dc95fad
SHA2561f35bcab936bff5329fc3929c6cc765d1fb4cd69a1e30188c5d6999bd037c0b3
SHA5128476419127d4788fabe9b5de1863808bdb043b103b9722d4d675c9e3ab1489ea357ce7c60dd33387b809ee5b60b713722757436ce21b4fe74d47be8273ffda18
-
Filesize
5.1MB
MD5c815cc49d9601092610ffcf49d706a47
SHA18a8200bc22b6ac44919c5e5cd2503ee381b866b6
SHA2562b45c9f43ea3063b004acf98df138cbf2b0932113f26b3126ecb09ef44d368ef
SHA512910d39543096e0acb1c3aa5f444514dc18bb60916ab7bf7492ff9d1b34fa1d5bd5afafe13e77e29c902651cd25f2cb387b930542096a4920818abc33509b3100
-
Filesize
3.2MB
MD569a37696d89d819e0432d6f19dbc8c5f
SHA12347f3a42126c10ca65f02c22f86b93ac1ba684c
SHA25603160c5bcf955799c790bc2f08261fea8e1db873f8e013a023606f2c5e088d9a
SHA512a9a1151dd5ff763a92bb96bb135896b232dc14a28999a05542e1bd24ba7116c4e35e4c043962694ea23ffbbea935641c41de7fd7def75e55c2d71099e38f245d
-
Filesize
27KB
MD531ce114cacd5316618af933a94374c0f
SHA139a10d8acbe2c13be12113f7e13f7016c0a19552
SHA256a9cd968f8d3698826da0543b10001e80aa37120d2c843acb8705696984b04494
SHA5123616492d387d679dcf2ae0b820008df69970c89161912e92047814aeeab7f9733d313f27a1672113d060253ef31d11c33ce1d0d642c77e65d8403c30e205cdad
-
Filesize
2KB
MD52f7898b50a3d26f8f9b973d1f49145ed
SHA1802e8cfa96c07ca3965a7bacddbb70a15a15503a
SHA25693512c152e589c984af9c01c02720df1e8553eb4719ae3de7bbc521062a81028
SHA5127c58a83cd438b0a7fff88b368b8f85b6a65ab272ae09f15eb5f2a67f8684a005d3d225bbeb788f625956455ec9a4ae8d39b2885a5cd1674a29ea3a16af02ed3d
-
Filesize
649B
MD568859fa5a384b13ded5f3a67e1f2a727
SHA177661f302b0a8004055d6c8a2638fafa324f0e87
SHA256d98f319fe009b7f1161dd330236f39787ba66a93c6c3ee012ff5d022d5025fe8
SHA5124993cc2afdbd981ab69704c8328f605e3437869fc79926da7d88018bac46ca7982ce67a51fe5b54538651f7c0d4c5b48a51cfc935ad4b35c990aa868ed710204
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
3KB
MD5172d34749ba8c79ce3fb1e25046b3dcd
SHA1ace4d3474b91a529aab662e5fcb3601b7d141a71
SHA2564193f1b9071f40a2081421e7da90df150a92e46cb501dc9640679fd068a259c1
SHA5123d3975db01e2d09f5a1cf8d33bc5daa3d30144cbe2125bbcf68204e0d9ec22bc4d6a19a451337669344003eeac872d2785a8753b8dd9cc5f2f347a73fb6b8268
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5a964ec12d6fe6d385299c3f52f647cac
SHA1abb5ca01cffca385a2ace75204af8aef4aaaaa1b
SHA25639c88153eed18ccba0d2268c4f6b44d56139514226fb0d06d776971d1920f39d
SHA512267f491ace6ec92c5afba8cd87b320b69d97aa1105271e62c88cd6b67e243855e9d13d0baf277a8dd21ed54d8719cf62e7cac4a1b6b219cd3d3527b3b08c1594
-
Filesize
11KB
MD5f80892f6d71e0a16ea6ea69f611c63a4
SHA126e795f69dbd46d5985aac6bcf93288320b1dadf
SHA2562a9bf4a51b607a18b250c37b0da69dd8b462befe322f9560256c5574062cb780
SHA51209a5dbc71f778741dbc487879da41c6744a808ada8ea2a556cf1751b873cdbbf7c25d33843b718aae7f5205d5f069c788b17af9d2ea3a1974f00db61e067bc90
-
Filesize
18KB
MD5dfa1bff2a942a688da81c93ff1379845
SHA177b84e4c6741730bbf8bdee3cc5d276dc998c98b
SHA2567085eef7db1011a345dd3ec569ef73a938e1836d5f9db550d6c040a872a8729c
SHA512043e656c48b7f3d147098510d9709ef82492c14ebb001606e1168ae33179dd3982f988a2589546d380748de337fd559f785f428fb61fd71fc38a55356845cc7f
-
Filesize
72B
MD50070860e8e81930a000e047a47a89642
SHA1d53a748d176fedf8d9b7238e7c4e2c3cd66c99d2
SHA2566b58ae4b37dce97c22b0928a6baee5f5e2faf5c216505480e6127f38420b91b5
SHA5121352ab22d8e335e9596e2188f63516c46930bcbaf3a58e217cbad288bcb4ac600b6aed7904d4ff582ddf643b6af5f13d12e2e7ee4898d9e4929af15a67b19af7
-
Filesize
48B
MD5cb5b457c9252618c8e8f4873d4a22e68
SHA16933e820c505b9d9a46be36f4bbb23bb4714bd06
SHA2566cf7c6e71b6176b359e0c9938b54e02eb28caea033f42a92d52f2087462d578b
SHA512d4bd6ee02516c5085016e91b05d75f8271e3b681b2efafb0d00a412936c65b618577d9c922afc095dac6a46db2340b91f50c7b639d0ee67dc6c4d65c1be46ed5
-
Filesize
38B
MD5b77fc97eecd8f7383464171a4edef544
SHA1bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA25693332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA51268745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3
-
Filesize
80KB
MD5f5d74939b8f9f175e0cf3adb585abe78
SHA1f0a82713e4498a7063fb72bbfe307fedd1fc16f2
SHA25687267fb43cacc70e5866fc4b1bb7a383c33f1b1affc437e274c4736f3c638a6c
SHA512169d4eb190af5a20724ae4c159f890137d905b8d89e816604e9f1706dc6ff8dc3cb618ddd3b2fe956072d8a23202a8da6dd90648ee45c79787d0840a486c70e9
-
Filesize
148KB
MD5ef0d5d622f684689839b1d5790cb1994
SHA14375edbb5900033c9381a8e647ac044f5b08cb2e
SHA2564c3aa165f94fcc68b5e77ec7e649a8ce994e7925e8985546d92f1c2206797d22
SHA51251358656317cfe9493df67e17cf5f1fb67e545f7eec0a01f710c930eb9fce238e5a302cfe87ae42ec75f9ec49f441397d5c04e457ade9e7bd059fd3713af7ea1
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
203KB
MD50314c163aab1f683b3b180dba43dbaf6
SHA1a23fdd170c89cbda3421f661361715de45f57b56
SHA25640c58719ce3d5dfdaaca09eb789d020c66901c99df0e5627328c800afa8abcfc
SHA5127fdb551bbd42dad814c6b9be98a617bf734d712c3a3528ab842f2281cb8c5333220b4969a347bfa4074a75c792d2823dc59ff886d716cbcee7b18f10b711b4d8
-
Filesize
10.2MB
MD59bdf1105236c37acbeb8f1cc04e7a94a
SHA1bbe0581532a8cbd35f8023568114cf3970cf6668
SHA256305e44e430ad3933d494e274c27fd64cffd87a4fa990574aba0355b83410ceea
SHA512a46dfd7b68fe2bac6a71ad09350ef220b8eab6cec7b8c3d461f3fd896df1c5b7981ca1f149f63413787477ba4e875f0e2f59c8d5006deb0a97d45a4b6e51e2b6
-
Filesize
1KB
MD559ccf1ea8076f90d3b5c5261a88598c8
SHA135f4931bf2424c416024cf6a2bf078c5217794ae
SHA256cf9724d9aa8854180fe30e6a637d319150ccafb15b19e83e225108be4189094d
SHA51211414f8e30264c477a09e47a62a5d3e5d8dc3c4cbb7faaf4965ab41ffc7ae64e52bf917b18d8c4c932da0876dfce50f5be8d9b3b1c7ff5d4252875f003ea7d66
-
Filesize
1KB
MD5f4819a1db9e68dc60cf594a7262a3f4c
SHA1105f1392b72f117e378e502436eafadac5d6eb95
SHA2569648afd55d1ee72983b04b574bb1fa870549d3db91dafdd7a15e253858090f2a
SHA51218a71e6ecd89ee2f8cb9d55abc0507acfddacc18c6fff9bbd2e891cf4b3dacad8e2a2bc5a76071d6539ab23b905b8e0e313806152795b9b3a20882d90f6cfa2a
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
4.8MB
-
Filesize
9.6MB
-
Filesize
624KB
-
Filesize
664KB
-
Filesize
9.6MB
-
Filesize
40KB
-
Filesize
120KB
-
Filesize
40KB
-
Filesize
4KB