Analysis
-
max time kernel
150s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
27-04-2022 14:32
Static task
static1
Behavioral task
behavioral1
Sample
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe
Resource
win7-20220414-en
General
-
Target
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe
-
Size
4.1MB
-
MD5
cf430d5f775e4a32801e55af43db9bbb
-
SHA1
f2faf3d9fbbfbaf5296da25af0c7b37ff26a858c
-
SHA256
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379
-
SHA512
aa49f98c13ff17f0b2060f02cfe5d33518679bacb39bab7ddd20c9c4d3a302b941a39505db19dc96c46f71da74832bb57f6e783dbc687da2d2caf841643d90bb
Malware Config
Signatures
-
Executes dropped EXE 8 IoCs
Processes:
pr.exerutserv.exerutserv.exerutserv.exerutserv.exerfusclient.exerfusclient.exerfusclient.exepid process 4636 pr.exe 4192 rutserv.exe 1128 rutserv.exe 1272 rutserv.exe 2548 rutserv.exe 3672 rfusclient.exe 4756 rfusclient.exe 4560 rfusclient.exe -
Processes:
resource yara_rule C:\Program\rfusclient.exe upx C:\Program\rutserv.exe upx C:\Program Files\Server\rutserv.exe upx C:\Program Files\Server\rfusclient.exe upx C:\Program Files\Server\rutserv.exe upx C:\Program Files\Server\rutserv.exe upx C:\Program Files\Server\rutserv.exe upx C:\Program Files\Server\rutserv.exe upx C:\Program Files\Server\rfusclient.exe upx C:\Program Files\Server\rfusclient.exe upx C:\Program Files\Server\rfusclient.exe upx -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exepr.exeWScript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation pr.exe Key value queried \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation WScript.exe -
Drops file in Program Files directory 18 IoCs
Processes:
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.execmd.exeattrib.exedescription ioc process File opened for modification C:\Program Files\Microsoft Games\pr.exe 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File created C:\Program Files\Server\vp8decoder.dll cmd.exe File created C:\Program Files\Server\vp8encoder.dll cmd.exe File opened for modification C:\Program Files\Server\vp8decoder.dll attrib.exe File created C:\Program Files\Microsoft Games\1.bat 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File created C:\Program Files\Microsoft Games\pr.exe 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File opened for modification C:\Program Files\Server\rutserv.exe cmd.exe File opened for modification C:\Program Files\Server\vp8decoder.dll cmd.exe File opened for modification C:\Program Files\Server\vp8encoder.dll attrib.exe File created C:\Program Files\Microsoft Games\__tmp_rar_sfx_access_check_240587781 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File created C:\Program Files\Server\rfusclient.exe cmd.exe File opened for modification C:\Program Files\Server\rfusclient.exe cmd.exe File created C:\Program Files\Server\rutserv.exe cmd.exe File opened for modification C:\Program Files\Server\vp8encoder.dll cmd.exe File opened for modification C:\Program Files\Server\rfusclient.exe attrib.exe File opened for modification C:\Program Files\Microsoft Games 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File opened for modification C:\Program Files\Microsoft Games\1.bat 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe File opened for modification C:\Program Files\Server\rutserv.exe attrib.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Delays execution with timeout.exe 3 IoCs
Processes:
timeout.exetimeout.exetimeout.exepid process 3516 timeout.exe 5072 timeout.exe 4400 timeout.exe -
Kills process with taskkill 2 IoCs
Processes:
taskkill.exetaskkill.exepid process 4520 taskkill.exe 3988 taskkill.exe -
Modifies registry class 1 IoCs
Processes:
pr.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000_Classes\Local Settings pr.exe -
Runs .reg file with regedit 1 IoCs
Processes:
regedit.exepid process 4356 regedit.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
rutserv.exerutserv.exerutserv.exerutserv.exerfusclient.exepid process 4192 rutserv.exe 4192 rutserv.exe 4192 rutserv.exe 4192 rutserv.exe 4192 rutserv.exe 4192 rutserv.exe 1128 rutserv.exe 1128 rutserv.exe 1272 rutserv.exe 1272 rutserv.exe 2548 rutserv.exe 2548 rutserv.exe 2548 rutserv.exe 2548 rutserv.exe 2548 rutserv.exe 2548 rutserv.exe 4756 rfusclient.exe 4756 rfusclient.exe -
Suspicious behavior: SetClipboardViewer 2 IoCs
Processes:
rfusclient.exerfusclient.exepid process 4756 rfusclient.exe 4560 rfusclient.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
taskkill.exetaskkill.exerutserv.exerutserv.exerutserv.exedescription pid process Token: SeDebugPrivilege 3988 taskkill.exe Token: SeDebugPrivilege 4520 taskkill.exe Token: SeDebugPrivilege 4192 rutserv.exe Token: SeDebugPrivilege 1272 rutserv.exe Token: SeTakeOwnershipPrivilege 2548 rutserv.exe Token: SeTcbPrivilege 2548 rutserv.exe Token: SeTcbPrivilege 2548 rutserv.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
rutserv.exerutserv.exerutserv.exerutserv.exepid process 4192 rutserv.exe 1128 rutserv.exe 1272 rutserv.exe 2548 rutserv.exe -
Suspicious use of WriteProcessMemory 54 IoCs
Processes:
9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.execmd.exepr.exeWScript.execmd.exerutserv.exerfusclient.exedescription pid process target process PID 3412 wrote to memory of 3356 3412 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe cmd.exe PID 3412 wrote to memory of 3356 3412 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe cmd.exe PID 3412 wrote to memory of 3356 3412 9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe cmd.exe PID 3356 wrote to memory of 4636 3356 cmd.exe pr.exe PID 3356 wrote to memory of 4636 3356 cmd.exe pr.exe PID 3356 wrote to memory of 4636 3356 cmd.exe pr.exe PID 4636 wrote to memory of 1420 4636 pr.exe WScript.exe PID 4636 wrote to memory of 1420 4636 pr.exe WScript.exe PID 4636 wrote to memory of 1420 4636 pr.exe WScript.exe PID 1420 wrote to memory of 3448 1420 WScript.exe cmd.exe PID 1420 wrote to memory of 3448 1420 WScript.exe cmd.exe PID 1420 wrote to memory of 3448 1420 WScript.exe cmd.exe PID 3448 wrote to memory of 3988 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 3988 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 3988 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 4520 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 4520 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 4520 3448 cmd.exe taskkill.exe PID 3448 wrote to memory of 3644 3448 cmd.exe reg.exe PID 3448 wrote to memory of 3644 3448 cmd.exe reg.exe PID 3448 wrote to memory of 3644 3448 cmd.exe reg.exe PID 3448 wrote to memory of 4356 3448 cmd.exe regedit.exe PID 3448 wrote to memory of 4356 3448 cmd.exe regedit.exe PID 3448 wrote to memory of 4356 3448 cmd.exe regedit.exe PID 3448 wrote to memory of 3516 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 3516 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 3516 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 5072 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 5072 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 5072 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 1404 3448 cmd.exe attrib.exe PID 3448 wrote to memory of 1404 3448 cmd.exe attrib.exe PID 3448 wrote to memory of 1404 3448 cmd.exe attrib.exe PID 3448 wrote to memory of 4192 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 4192 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 4192 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1128 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1128 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1128 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1272 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1272 3448 cmd.exe rutserv.exe PID 3448 wrote to memory of 1272 3448 cmd.exe rutserv.exe PID 2548 wrote to memory of 3672 2548 rutserv.exe rfusclient.exe PID 2548 wrote to memory of 3672 2548 rutserv.exe rfusclient.exe PID 2548 wrote to memory of 3672 2548 rutserv.exe rfusclient.exe PID 2548 wrote to memory of 4756 2548 rutserv.exe rfusclient.exe PID 2548 wrote to memory of 4756 2548 rutserv.exe rfusclient.exe PID 2548 wrote to memory of 4756 2548 rutserv.exe rfusclient.exe PID 3448 wrote to memory of 4400 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 4400 3448 cmd.exe timeout.exe PID 3448 wrote to memory of 4400 3448 cmd.exe timeout.exe PID 4756 wrote to memory of 4560 4756 rfusclient.exe rfusclient.exe PID 4756 wrote to memory of 4560 4756 rfusclient.exe rfusclient.exe PID 4756 wrote to memory of 4560 4756 rfusclient.exe rfusclient.exe -
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe"C:\Users\Admin\AppData\Local\Temp\9d3bd35fb7ff01941e927cf476ff39cef2dd8ce608fa307a3484c1c522f5f379.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3412 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files\Microsoft Games\1.bat" "2⤵
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Program Files\Microsoft Games\pr.exepr stx.exe -p123 -dC:\Program Files\Microsoft Games3⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4636 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program\install.vbs"4⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program\install.bat" "5⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3448 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rutserv.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3988
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im rfusclient.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4520
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKLM\SYSTEM\Remote Manipulator System" /f6⤵PID:3644
-
-
C:\Windows\SysWOW64\regedit.exeregedit /s "regedit.reg"6⤵
- Runs .reg file with regedit
PID:4356
-
-
C:\Windows\SysWOW64\timeout.exetimeout 16⤵
- Delays execution with timeout.exe
PID:3516
-
-
C:\Windows\SysWOW64\timeout.exetimeout 26⤵
- Delays execution with timeout.exe
PID:5072
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Program Files\Server\*.*"6⤵
- Drops file in Program Files directory
- Views/modifies file attributes
PID:1404
-
-
C:\Program Files\Server\rutserv.exerutserv.exe /silentinstall6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4192
-
-
C:\Program Files\Server\rutserv.exerutserv.exe /firewall6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1128
-
-
C:\Program Files\Server\rutserv.exerutserv.exe /start6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1272
-
-
C:\Windows\SysWOW64\timeout.exetimeout 36⤵
- Delays execution with timeout.exe
PID:4400
-
-
-
-
-
-
C:\Program Files\Server\rutserv.exe"C:\Program Files\Server\rutserv.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Program Files\Server\rfusclient.exe"C:\Program Files\Server\rfusclient.exe" /tray2⤵
- Executes dropped EXE
PID:3672
-
-
C:\Program Files\Server\rfusclient.exe"C:\Program Files\Server\rfusclient.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: SetClipboardViewer
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Program Files\Server\rfusclient.exe"C:\Program Files\Server\rfusclient.exe" /tray3⤵
- Executes dropped EXE
- Suspicious behavior: SetClipboardViewer
PID:4560
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51B
MD5a13092696a05b6b80083e042102f8e27
SHA1e47d31664f0ae6263ea3ca439c8dfcfebecb167d
SHA256d2ba7625bce55b56654bed236a8d8fcb8a1c028bea4a2b7b6e93b3fbd002631b
SHA512540a15faa82081e0c68345f86fc30e39bb99ed550eeb34aba3b0b556e90093c257a735e34b26c7cb48193e4c1bc1f0e4ede857508b0d90600cf6cf4d67c6b62b
-
Filesize
3.9MB
MD5a7106656ff2c7f40df421e52ff887e01
SHA1735932c2ce630e8fd65ed8eb475bcaa24b70d979
SHA2567216b1f398d9a277db705515ad260d766b9c5719f726987080cf8454fa4e6315
SHA512a9f56fd5f7550465e1059c28dace97101e6af9235b236cf3de85770ab214159cb6e6f2b6e0e2f1c5eb92555a3dd5a0e3e31521bcf98e4b21bc1f0903207287b0
-
Filesize
3.9MB
MD5a7106656ff2c7f40df421e52ff887e01
SHA1735932c2ce630e8fd65ed8eb475bcaa24b70d979
SHA2567216b1f398d9a277db705515ad260d766b9c5719f726987080cf8454fa4e6315
SHA512a9f56fd5f7550465e1059c28dace97101e6af9235b236cf3de85770ab214159cb6e6f2b6e0e2f1c5eb92555a3dd5a0e3e31521bcf98e4b21bc1f0903207287b0
-
Filesize
1.5MB
MD58b9cd29aa7c2ea3cfaa1080ada962d5a
SHA17cf5e9e0efe0fde132a4a0ae1034f4c6442bdcd0
SHA25615f5556a83e752812f9d9a33e8f3a027a24d435cfc336fd2316f74257ea8721a
SHA51229c7105ff149ffc5edfa502d2a13c508375ada8c08b9bfece1ef77cf0faa8351a5649b6b694701f65f972dbcfa3c24865941dc9bd83895a3bdd9e1fe8e9427ae
-
Filesize
1.5MB
MD58b9cd29aa7c2ea3cfaa1080ada962d5a
SHA17cf5e9e0efe0fde132a4a0ae1034f4c6442bdcd0
SHA25615f5556a83e752812f9d9a33e8f3a027a24d435cfc336fd2316f74257ea8721a
SHA51229c7105ff149ffc5edfa502d2a13c508375ada8c08b9bfece1ef77cf0faa8351a5649b6b694701f65f972dbcfa3c24865941dc9bd83895a3bdd9e1fe8e9427ae
-
Filesize
1.5MB
MD58b9cd29aa7c2ea3cfaa1080ada962d5a
SHA17cf5e9e0efe0fde132a4a0ae1034f4c6442bdcd0
SHA25615f5556a83e752812f9d9a33e8f3a027a24d435cfc336fd2316f74257ea8721a
SHA51229c7105ff149ffc5edfa502d2a13c508375ada8c08b9bfece1ef77cf0faa8351a5649b6b694701f65f972dbcfa3c24865941dc9bd83895a3bdd9e1fe8e9427ae
-
Filesize
1.5MB
MD58b9cd29aa7c2ea3cfaa1080ada962d5a
SHA17cf5e9e0efe0fde132a4a0ae1034f4c6442bdcd0
SHA25615f5556a83e752812f9d9a33e8f3a027a24d435cfc336fd2316f74257ea8721a
SHA51229c7105ff149ffc5edfa502d2a13c508375ada8c08b9bfece1ef77cf0faa8351a5649b6b694701f65f972dbcfa3c24865941dc9bd83895a3bdd9e1fe8e9427ae
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
378KB
MD5d43fa82fab5337ce20ad14650085c5d9
SHA1678aa092075ff65b6815ffc2d8fdc23af8425981
SHA256c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b
SHA512103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d
-
Filesize
1.6MB
MD5dab4646806dfca6d0e0b4d80fa9209d6
SHA18244dfe22ec2090eee89dad103e6b2002059d16a
SHA256cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587
SHA512aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7
-
Filesize
624B
MD54c20504c645f84bce230745131dc1919
SHA18c18cede047b4e810090e55187dc776548821d82
SHA2567cd4f05d659e3ceeb104907a47ea875fc5bf0a32aad02f5a4f38b1b725b688c6
SHA51258286ef8df7249d3fc6d76c3e163ff3e709b10c31de893da16787b9a685f66475e876af40972c530bf8e2671fdcb66f3f92083cec128694df8906b0b92bb3eb7
-
Filesize
86B
MD553b4089b17b50772970facafacef3941
SHA18f69320a1a627488d8d7adc5daef8ee7d0a70ff9
SHA2563211edb49cce04b4611d91ac235966d542678e4434ca1c2b236975c990b0935c
SHA512e0da4f4f4d7a29c62746942488f73e09b9f484be781366f94e7f981ee431a4c013dc4b479ff1525831922ec162e0fdc235dd919ab96fdc4fdd3de55b5ad6d531
-
Filesize
11KB
MD56751ac3d0065b80ca2b9629974cc5850
SHA133306bdf0a65933634bd3a1652bb846de83f6688
SHA256834c8ee696b6a27095481d0212d9dffd2cf292132a088882f9af4454af4001b9
SHA512af160339c2c8d177456909d800eed1c16b5b1a94a02ebd2a69f5c24eaa77576f8a79d647d54c25e6a74190e78cf03e14832a33536ea7461326d3c740b202bf2f
-
Filesize
1.5MB
MD58b9cd29aa7c2ea3cfaa1080ada962d5a
SHA17cf5e9e0efe0fde132a4a0ae1034f4c6442bdcd0
SHA25615f5556a83e752812f9d9a33e8f3a027a24d435cfc336fd2316f74257ea8721a
SHA51229c7105ff149ffc5edfa502d2a13c508375ada8c08b9bfece1ef77cf0faa8351a5649b6b694701f65f972dbcfa3c24865941dc9bd83895a3bdd9e1fe8e9427ae
-
Filesize
1.7MB
MD53d378bcfec79805a04de89d6a2d917b4
SHA1e47758259358246a8989c6e79a433a91830deb79
SHA2567b687c8ce7f8aaa9ab8b955914c0ecd6542be9c34de3f2a3b2c6cbba6ed7b1f2
SHA5124d20c4332bc7d9b6b16885d1fbf5cd019e46eb4acd7fe2e02db7c727e1e9ebc98a37fdccf8da22331ba04d33febd21a31782a7c3cc03b94ba57d43531a0d93dd
-
Filesize
378KB
MD5d43fa82fab5337ce20ad14650085c5d9
SHA1678aa092075ff65b6815ffc2d8fdc23af8425981
SHA256c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b
SHA512103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d
-
Filesize
1.6MB
MD5dab4646806dfca6d0e0b4d80fa9209d6
SHA18244dfe22ec2090eee89dad103e6b2002059d16a
SHA256cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587
SHA512aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7