Analysis
-
max time kernel
111s -
max time network
117s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
10-07-2021 10:37
Static task
static1
Behavioral task
behavioral1
Sample
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe
Resource
win10v20210410
General
-
Target
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe
-
Size
147KB
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
-
SHA1
3a74a3aafde31b4f129e515baabe9833bf359f8e
-
SHA256
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
-
SHA512
7b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
Malware Config
Extracted
C:\$Recycle.Bin\RyukReadMe.html
ryuk
http://hqcqsw6et744hz7tx7rudmerk6fjyifovm6upec4ceqjndbmu34vs6yd.onion
Signatures
-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Executes dropped EXE 3 IoCs
Processes:
1073r.exeSnwZsutJClan.exekXVfjqNeblan.exepid process 1112 1073r.exe 804 SnwZsutJClan.exe 2164 kXVfjqNeblan.exe -
Modifies file permissions 1 TTPs 2 IoCs
Processes:
icacls.exeicacls.exepid process 1528 icacls.exe 1656 icacls.exe -
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exedescription ioc process File opened (read-only) \??\K: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\H: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\M: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\O: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\N: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\L: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\F: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\T: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\Y: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\U: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\S: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\R: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\I: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\G: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\E: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\Z: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\W: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\V: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\Q: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\P: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\J: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened (read-only) \??\X: b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe -
Drops file in Program Files directory 64 IoCs
Processes:
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exedescription ioc process File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\he-IL\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\AddUninstall.js b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\7z.sfx b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-GB\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-BR\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ru-RU\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sk-SK\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\bg-BG\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sl-SI\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\zh-CN\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\readme.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\Services\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\cy.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\History.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\lt.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\RyukReadMe.html b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exepid process 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exedescription pid process target process PID 3788 wrote to memory of 1112 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 1073r.exe PID 3788 wrote to memory of 1112 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 1073r.exe PID 3788 wrote to memory of 1112 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe 1073r.exe PID 3788 wrote to memory of 804 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe SnwZsutJClan.exe PID 3788 wrote to memory of 804 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe SnwZsutJClan.exe PID 3788 wrote to memory of 804 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe SnwZsutJClan.exe PID 3788 wrote to memory of 2164 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe kXVfjqNeblan.exe PID 3788 wrote to memory of 2164 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe kXVfjqNeblan.exe PID 3788 wrote to memory of 2164 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe kXVfjqNeblan.exe PID 3788 wrote to memory of 1528 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe PID 3788 wrote to memory of 1528 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe PID 3788 wrote to memory of 1528 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe PID 3788 wrote to memory of 1656 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe PID 3788 wrote to memory of 1656 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe PID 3788 wrote to memory of 1656 3788 b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe icacls.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe"C:\Users\Admin\AppData\Local\Temp\b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9.exe"1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3788 -
C:\Users\Admin\AppData\Local\Temp\1073r.exe"C:\Users\Admin\AppData\Local\Temp\1073r.exe" 9 REP2⤵
- Executes dropped EXE
PID:1112 -
C:\Users\Admin\AppData\Local\Temp\SnwZsutJClan.exe"C:\Users\Admin\AppData\Local\Temp\SnwZsutJClan.exe" 8 LAN2⤵
- Executes dropped EXE
PID:804 -
C:\Users\Admin\AppData\Local\Temp\kXVfjqNeblan.exe"C:\Users\Admin\AppData\Local\Temp\kXVfjqNeblan.exe" 8 LAN2⤵
- Executes dropped EXE
PID:2164 -
C:\Windows\SysWOW64\icacls.exeicacls "C:\*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
PID:1528 -
C:\Windows\SysWOW64\icacls.exeicacls "D:\*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
PID:1656 -
C:\Windows\SysWOW64\net.exe"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y2⤵PID:4520
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "audioendpointbuilder" /y3⤵PID:4588
-
C:\Windows\SysWOW64\net.exe"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y2⤵PID:708
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "audioendpointbuilder" /y3⤵PID:1108
-
C:\Windows\SysWOW64\net.exe"C:\Windows\System32\net.exe" stop "samss" /y2⤵PID:2312
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "samss" /y3⤵PID:5004
-
C:\Windows\SysWOW64\net.exe"C:\Windows\System32\net.exe" stop "samss" /y2⤵PID:5064
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "samss" /y3⤵PID:2892
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
649ca1bc4bb02c6e15c34c1361b2f417
SHA1764f90bf5edcb6042288557ac0bcdf755063282b
SHA256651fe411eb23d012ea07629665c3b3f0431f231ccda36327d9f70150df7b070c
SHA5126c4635a4b9e6eaf1a4646e40924980fc65b9ce52fd16657182957f2158e893a32ac32a00a2971b84d325e3b410433f2b370bb4d09ea4774a449db65aa913ae40
-
MD5
83c922e0143433395b29410e0abcc29d
SHA1be50a99328cfaaa5b17ed2c3d812696d0f60b0c8
SHA256c25f68714c88eaf9d0c68df486e69ffc184d8ddd1f2847cfb1a97a214571206e
SHA512b0e84d26244a8b43fb70a11bc893fcc2878fa8fbe6a527507efde4412f9155ae373a871a591d404a881305e23cad148dfe7728ebc1f494a3de729e906e05c70e
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
6c0bb20e1158593211a7cbcbacb3dd83
SHA13a74a3aafde31b4f129e515baabe9833bf359f8e
SHA256b42d07f0b72879bf21e99f39a21edae1a38c3fd62393bd4e88f1032f561855f9
SHA5127b882a2141435d71bc6602e1622dfb4d0b1734cf3444554e247a75700924a8dafee79c7f0153390bd800b9733ec3106f0864f83126231c268ce2a39087388a8d
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
5a4a329d7f65448ea0755e462ddd218d
SHA1fac326074433e0dcc2b684f1cab9e8b674f9b0cf
SHA2561f9c72169b27646c471b940e7864290e0016c7f19b539a7df616b7400c2060e6
SHA51263d320ab771cbf73db07efa575273e1c3e25d483494e26f2482bdfa52495c50dc687385842d170003ca558a0e68f555a45dfd819ef50c2c442d9140d5a8bf0a7
-
MD5
3cf5fb153f995486e8388ed71d1d9fa8
SHA15781584813c2a99e72e68f1c2ccdf8a8068904c8
SHA25671f5c5644df6f49f416d6d5342ffcdb297a6d23d901ad1a3826134bf9f3bc9a3
SHA512398a79ecce9d2435bed31bde7c6710a62b2fdb24139a78730e5fd3269a9f03bf4983049cc52b6c0b91302ae8ead1c5ad506540cd9c70bfd36cbcd16514601a20