ryuk | 11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0

Analysis

max time kernel
157s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
05-03-2022 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
Size

122KB
MD5

bd0d931b21e4d8f85cea56b3e17b5f49
SHA1

e0c604bcf4dc48f5929d382f7af84b157ceb87db
SHA256

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0
SHA512

a6d6f736e4b86e3544ede2b0a285639a20295de75b26b606add66504d7e238ae2439e6d9549bc0cd13cd8ff6917a481fb275761991444d70497a27c10f368d29

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

lpuresneko1984@protonmail.com balance of shadow universe Ryuk

Emails

lpuresneko1984@protonmail.com

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

1972 icacls.exe
2848 icacls.exe

pid	process
1972	icacls.exe
2848	icacls.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe

Drops file in Program Files directory 64 IoCs

Processes:

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\fontconfig.properties.src	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSAN.TTF	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk16\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\ext\sunjce_provider.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_sv.properties	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\cmm\sRGB.pf	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INF	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP.bat	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.access	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\RyukReadMe.html	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe

description	pid	process	target process
PID 1320 wrote to memory of 1972	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe
PID 1320 wrote to memory of 1972	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe
PID 1320 wrote to memory of 1972	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe
PID 1320 wrote to memory of 2848	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe
PID 1320 wrote to memory of 2848	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe
PID 1320 wrote to memory of 2848	1320	11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe
"C:\Users\Admin\AppData\Local\Temp\11a6f8c683b66a650f39b56daeaf4c826a8661805d5556bed5f2ee2de46e3ef0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1320

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1972

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\$Recycle.Bin\S-1-5-21-790714498-1549421491-1643397139-1000\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\DumpStack.log.tmp.RYK
MD5
7158be9b53c26aac7d094fdea9f5f880

SHA1
7b3e93739a982b09ad0eb304795a36d70720e239

SHA256
fcfc825df4132ffddd1a19bdea74944815929cb53ce64d8cdb28d0acea4ca9fd

SHA512
ddf56312d22fa6756feff8a36c3e20954e4e596014edaeccc7800a903b1dc6821161c92fc996dac16c4055061a686a584a9bdd0e3927226d87d24bee2cc4d1bb

Download Submit
C:\PerfLogs\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\Users\Public\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\Users\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\odt\RyukReadMe.html
MD5
fb97d5d2efe25d85157102168cddf1b5

SHA1
b049ba7299eb29f5ef3f8c30e5a9fe75892b3e3a

SHA256
036ca2e6b5bae8b32dfd3aa05d2a48ddd02e30d5ad9faf62a70c4a77145a131e

SHA512
0c180ee4466b34bdfcfa545c63c1653b676a01102a5f5f89c9cd7b28c361034dd9bc98a9187eed7649d17fec6eeca2975afed5df74ca18fd0eab2583b02212ca

Download Submit
C:\odt\config.xml.RYK
MD5
a2906fa742158348e9bf29a3d3ae35cf

SHA1
3f98661ffbcf0db833f58c1833e52f7e2b85d746

SHA256
1a822fe6a6df86006839c39e114bdfa597589b657f6ae7fe76cf0dd522e47b19

SHA512
677ce173a1ea017c2ebe9da06061787fe861532c865b983ecb834ff5683c6683ca5c087cf7e528814741c28ede66730515fce99f9479c03be0e0ac50aafc4cf2

Download Submit