Analysis
-
max time kernel
115s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 16:54
General
-
Target
RyukMalware.exe
-
Size
384KB
-
MD5
5ac0f050f93f86e69026faea1fbb4450
-
SHA1
9709774fde9ec740ad6fed8ed79903296ca9d571
-
SHA256
23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2
-
SHA512
b554487c4e26a85ec5179cdcc1d25b5bc494e8821a8899fbbf868c3cf41f70cc72db107613b3f6655d3ab70f4db94cce2589066bb354b1ed955098d3911b844d
Malware Config
Extracted
C:\RyukReadMe.txt
ryuk
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Signatures
-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE 1 IoCs
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 18 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 2 IoCs
-
Interacts with shadow copies 2 TTPs 14 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 47 IoCs
Processes
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3400 -s 32802⤵
- Program crash
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3296 -s 10402⤵
- Program crash
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
- Modifies extensions of user files
- Drops startup file
- Drops file in Program Files directory
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Modifies extensions of user files
- Drops startup file
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\users\Public\window.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\vssadmin.exevssadmin Delete Shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB3⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded3⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
-
C:\Windows\system32\vssadmin.exevssadmin Delete Shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
-
C:\Users\Admin\AppData\Local\Temp\RyukMalware.exe"C:\Users\Admin\AppData\Local\Temp\RyukMalware.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\users\Public\fATSe.exe"C:\users\Public\fATSe.exe" C:\Users\Admin\AppData\Local\Temp\RyukMalware.exe2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\users\Public\fATSe.exe" /f3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exeREG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\users\Public\fATSe.exe" /f4⤵
- Adds Run key to start application
-
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 3296 -ip 32961⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 520 -p 3400 -ip 34001⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\explorer.exeexplorer.exe /LOADSAVEDWINDOWS2⤵
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
8KB
MD531bfbd3a859648d49b5a222996702062
SHA1debf26abb603966197d2a3e6667a9efd31fd5533
SHA25625f8f49354585dc2bfdc6cbf4cdcf3355fa00bfa975a444f1dc0cc5286efd48a
SHA512c19979a0f0c1a2732d4807831bffae6fbce99cb18baddb0cb07d3148b936afb08804e065861dc284c2334e8b91b55c7514093597d46815560e91fc88ae0a1bd2
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
105KB
MD5e46651a05bd5cac66a76510ac69ab242
SHA11d03b0f96748a762a1d35054c9eb8124423481cf
SHA2564e9acfb467b014e1755308212d987800248475039bebbcb113ca66c20ff1a83a
SHA512e85b1c4c6b4dc4bff4be01b5806af719b01141ed4ee09889726e3efda92798bd3c604fa499325cb14e07975d9e19036d51245d7f84087ec10ac8123db2ea9406
-
Filesize
201KB
MD5718f62bfd80dbb05bac87cfb26e0d67b
SHA181345f2881d73f215c0972fdf25523dc28e55da6
SHA256ab56a0104c5f9bdf0784896c36364ec707e473cda93c863ffd67d70f3eee31e8
SHA51216f0c8b205cf10ff2b730bf30af22fabe575995b12c57e69c642b500dd3fd93008b5765f67e77f3e2fc7a992881b128f727eafec98e87d1119f47011acfe3703
-
Filesize
182KB
MD5f0b308aa041592d895b4c429070eef07
SHA18152d66d4ddf7eb2e69a33cbb9277454a1f1fb1a
SHA25694e281549317b958f6e4400d2e8f7cc74aec708341535097285cef0ad48c7a07
SHA512a4323de2c2bea17bb9c6a31494e8255af8aeaba68361e8808afd7b7c36ad4822163cee9e488ad1d8ba297a1fc5bc85f238d9e3a3fd4bcf09353fb0fdaa518728
-
Filesize
47KB
MD51dd557889c10e45c082b3c7bd0a1faf5
SHA120922a54ca9601a293c4c0e37418798adb5e2af9
SHA256c1a26e381e29a3835c0ab5a1c65555118d9dac90938da5ae6a75fe1aaa767871
SHA512a593a7d116274e79f454609393a8cd5298d81bfec627599a98e6ac7323e23766fa7cd78d07ebb5b96ef2b258be74e54eeb94b4711d3fc584997cb3718b52e1a9
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
5KB
MD58ca9b28c67374c14edcd53ec6dd19991
SHA1aa1610e4b4ab95153270b4edde7ad674fb22070b
SHA2569d1f7cf448eb4f2baf5a96bdf6db227745fe5c68e1034906fc603ba8b2a86414
SHA5126baa716cfeb2c925c797c2581613c4c8f146b2d3b0c28ff23c036c3dfe56dd6317362b639344efdf362d6841710d7e93ab6b57499b54c415b4641929bec066ef
-
Filesize
7KB
MD5c666492c6dd4549fa30be04c2f63aaaf
SHA17e04d0d1be953fd7a08338a3fd908bd17a53eebe
SHA256785b212d2025229936e22d832078129c7847ad0efca7ee9e0433bfcca7bab341
SHA512dfebde475c4a93bfdc648cb2f15229d3c859715bfd699d1884aebb2f6da4195c12cf49361700a841f92963ebf8c0483ba53bba1aa9a6de85b384b4275bd42c9b
-
Filesize
12KB
MD5da80a3a7bcecad1c08dd74f8ec10a9a3
SHA17645ad53019acb5b1cefbdcf31d50968fb24a38a
SHA256d23f08087962efec78814297306cd970f888bf66a83beaa2c01165c5e604cd92
SHA5126833b93c4dbe19e302802a6ee751c4b7fe9b73d6ff87f61dcdcdcdc7ae862465750323a6476cbf5989b28f53060961644dbbfe19332cadfc38c088245c39be31
-
Filesize
5KB
MD5d1ee6b94407e642a33c525f336c87850
SHA15c4dcd50b37fdad308180425ed9b2c1347feefaa
SHA25674092841bd35f86d88a19a7ba6d4f76eeeb06f752245f91717f393d6f89d416a
SHA512cdefadbd20d293c4f19cfaf9c4df95f91d6e9dd6dadf9faea70912d6a2fcb0ad5f2d3913169daa219687cce8dda356ab8f9f1a0e29b5bfab3edc4ee6fb6a7533
-
Filesize
9KB
MD52e44073d80aeabe3f1b6aa06111e6894
SHA1f7b60f743d9b2c4a12461d15fd0fa2f1dea0fcce
SHA2562a4ba0fcc165d1e9940171fa7fbf5cdb897de89f64989efdeec2886b819e756c
SHA512487f3724d7f38476d0feb9c163374fec045d4e3d4891357fc6200bdde18d2f4d05f67dd90f09add02e8b04c42648d09fe159281cf5685437b1c9c9d5bf7000a4
-
Filesize
11KB
MD51ec9216aec6dd8f56baf57fed6ad43e6
SHA1b6f496b2fd2932779573c123a95bc28d6df121f4
SHA2565fb0017482a0ba8aa8a3dbaa6db6e4ca73cbe16848e8721593bce9dabfd0dc54
SHA512de68063b17d9c0b538af0a0fe6d51acf048c28ee5f3ecd2966f8230c10e18f0d0b38ee72f035ead66b14845d2874da49fa919c7b4e874624d3e2b94bc9d15c63
-
Filesize
12KB
MD5c313dbfe015d7a3fd2b43626855b1128
SHA167f1400e01a19199f8880ec1dc4017d0a116b117
SHA256cbb874d3640a9fc8b368319b842c0d9ff6b55e1048cd6201b1ed69f0d479c15e
SHA5120607ee3bca1d4318f54073a46c48b9b3fc798e54cdccc86cd8c839e26092a73771950f6ff36f7b4719655e52709379dca2b7c461f433cd6279a863e35a27e26f
-
Filesize
13KB
MD58366e0fdb5353c4a7f9f95c69a289cd6
SHA1031a02e7703d53924689776031f95885f13506c3
SHA25676f0200f43b15a0e41976ab7c7e22cb0ef447cc0092a95c3e103cab3ed795b0a
SHA512664503c74c943aa7dff7f1df989948ce3dd3adff85d4c2f3cccab54c3985431901e47250700f5fba48adac65318899d7451a26885501a1057d692dd932c8a80f
-
Filesize
14KB
MD509db1f36e525e58ee1201ddf39ff0883
SHA18243614478664c744de0e31b545d072b65eb7d91
SHA2560d832ab2103f892a6cbc6de14ef0b0555c8f7ae9dbc11b416f65dd0c373c3df9
SHA512fd8a8dca6d7a658fe049ae681ad0ad03384b156fa60725e4b306d6a9d42d75141b72400bec967ed267496d7e87c67e01e6c91e372b2e2cfbd830ae5d97069836
-
Filesize
5KB
MD562f0e8b7cbe5b7c66b248499f7baa2f6
SHA17c3db4ad68552a07a1047f7fdbf1cbfba0f05b7a
SHA256438b3b4a9ade0ed4e48888d8ef9860c5ba6b2f59cbf8c5629e13a1e4ff835b04
SHA512e82cfc0536cd39db195953b9ea2314e367600c7a9c8978aa51f0da4c7d7a04d0a25503cc68294626ec3f3f3c4a7d4f932f9b59bd94b3750744d8c31619f7593a
-
Filesize
9KB
MD5130651b5fcd3723a12efeb17aca02bc8
SHA13a81c5e907351dc65b18c5bb64275a57e46aad80
SHA25653c8e477c4eb2a01356fd161e8b6b5c867d25a4a114cbca092f6cddad469ccdc
SHA512ed619cbc8af1f22becd13d7e0154b251c83dfc21faa665d515fec23a33ac0eac24978c5334ee7f125f52529870897b077b3cc20a7a1c2bfaf6a7bba7173f0ba0
-
Filesize
10KB
MD591efd450a201b6f2edae30794c7d799b
SHA1e110c89dc15bc434bc7aaf07e5043d79721f0183
SHA256b3b89768bb1c9e7d5278aec10b544463fd94198a048494f31ee604e787463851
SHA5128affed7b9c653b10736d650fcf0688b2dbff8f61d134d761d6037e7be76fb093bbd75c178f6d18b39712bbe529aa062b6e0090c1cdf18aeb2b22936af72a17cf
-
Filesize
9KB
MD57e56ea085e9d1ba808ffed35fd66df30
SHA18060bd59985dcad70c3e2366eba5663f6768dded
SHA256f28cd3b4ac28e6065031ff10b8286accb1f253cd8a3e48a92038858af4a058b8
SHA5128612f158026299a8e032ecc20bf7115b9d0850eb706d87c3b94321933fb48f4d61285d3dbd6827982eb8ed29526d673b92eb1e5103e14f80cb0499509e125f0b
-
Filesize
5KB
MD5b3575d44a61e5ab9c3a4052469983396
SHA16a09c3b466b548f6a0d073ea472dbc747546e61f
SHA256198ffcd586cc91cfc39ba97c0857cce0ceebce39815be759d275b8cb038b2166
SHA5125d116e3603375a75f47a68aa0fa8222b119f0e88d61c1b1080d8e96c50ac861da423c12e9774c9230144ff9619f21ddcfb44526d5874ffe9b4422cf540de76e4
-
Filesize
8KB
MD51ee203e172a11e53e212c2fdd4135a2f
SHA1b5a56aa67709d471dec5165f6050258d9899d51b
SHA25626382a78e58e36c1764c9c0ba5b4ba437c6679f061cd7bbf0e662c3a58a8f278
SHA5129e6e080d5335f557e861d9de00bad5b5c212b7d60dbdd4f23fc443e5c043d37e654344beeb7484afd62bbd729bb515b713fea11c7cf4dae027ba0ffbd4fdbe75
-
Filesize
9KB
MD5e8eb117b418727859f08497d64befcb1
SHA1a40974817d4ca146e72b6940d6f6f651c2b67264
SHA256610ecf16df1d3a3e0e8af6f9a5307761ab008a3b3b14be0ad4289c21528c6f2c
SHA5125166dbfc914ab6c4ac53d0f08cc8bc64425fdee63a35cf48a8e7eb63af89aac70e32b0347fdc3d028c0d86a23cb73c4fee596a6bd9f3cd07f14e50142f20840c
-
Filesize
16KB
MD5c493ae7e64eede49454dc88b66f4721c
SHA11abb9abb56aa5d47b30ea60377f4490e27ccc523
SHA256e97991f3018f5bc2701a250fb8080c9fca163ffa5a28484c11c7ef5206952dc9
SHA512e804803ab238aac8db409c5940219bfe5ef0f4bafaf8d5cf7860442f9e581d4237997ea2751311ec89d71057d31e17922631b6465fb5e02dbe8ebac4d4f84231
-
Filesize
7KB
MD54b32b9316cad1a97233fd8f5b61cf64f
SHA192c92901391e156f06062a191f7fdcfd9ec67d2c
SHA256a443e97c6ba5ae601b709fab06291a3432570f1602a41aa1b9f2e1ee7df3956a
SHA5123c88190cf13705f35782b44462a304b747850f0d91f0c77421715b832372bdd7b8dbb7f7074af000a9accf15fe1aac1df7d9238eb003fed708887a7c4d26bf93
-
Filesize
5KB
MD586ed0f7f4e966ca8dcbc8dc7a03a268f
SHA163dca5d604cad5e96bf50e9e25c0ed0a432af6d6
SHA2563b259b6e596229fbf9d3fb4a98fe65f617a91f2fa12e6de904f8cac1f721868a
SHA51238aa4a915d706f6f2d19c7b9d398f0805b9277ad4913ec642eb7ef4b70f0f2d867613b0c9ad25aecd1ffbb78887d9ef1335783ca364d725432ed68003a9b2a48
-
Filesize
9KB
MD5298a3063ffbf86cf058abefa6fab37cb
SHA1578b0d3d0ac59f02cda81e6c090c15f409c7f122
SHA25682f3c8485fb2bb87f2854bfaeeb45e20bc3ec0d85e5b5fba2594ffeed364f348
SHA5122b51b11a4320f70f2921c70b2094897edfa382d74eb7d152bf09bef2f2f936fb824b2c0f34d0b7e2bbcdca09e70e1e43d1c190643c8fa77af2b3d68eed476a87
-
Filesize
7KB
MD59a7f6d06df27da2140bdf77e1b58eb76
SHA148f560910c07d9ee54d7c7b5d1e608d569742050
SHA256ffece93aef2962855e45d331635eac7e04ba2586d285825864b0d44db903b39b
SHA5120e3436adfbac103eead62f119b8dcfaa474880b00a5b715518b45a421099f4d2189848ae1cdbc8c1f191e58f776670f49a0c5baee630a0338790673a08d90be0
-
Filesize
8KB
MD5aee2c4faf9b9d1d2f20b666c89b01d7f
SHA18d958aaecc92858d4999231920dd06e17d139f84
SHA256b02ed177469c7e39303198ca4becd2916748463c796b38bb21595e91b0c5c551
SHA512b98d226261b83cdab1977f6b415f21ddee7617958bad16a061cc4a43a8fc23f9bf2df41304cc0499dc4ab50bae62729be55f5f868652001a83ee5238768b5b6a
-
Filesize
7KB
MD510a767f6d384151f8e1161448a747100
SHA1746a83ef5391dc0addef9fe5cc19f93b7ba92e5b
SHA256020837ae7e4d18c40a82b72d6a6796d8c5a1ff6c05b914ff1af3d64afe3c543c
SHA51256c35c42aad22bd1a9f29f0b72ddc28d51f22b6c666c6c1b8ca01eb7c7fb86096309b433286f215f0faeaa5421f263137e7d8b6eb2b1c613f89e2699e9be4912
-
Filesize
10KB
MD52c2251c3530cc7597d877ad7cef91dbe
SHA1bd48af371f57b5e6d45fb78d85b013abf4254c87
SHA256728331f8be348f21b001406c9c7aea9f75f75c2d23b1e0382fdf332eef63ea07
SHA512d6149420a5d3581d13200ccc4142f7ec4fcafcaa00fcc4b8984c981822fd6b9637e78462af13ce9ae48b2d9b02bc8403cca8b14835b3dd8bc504617a58877218
-
Filesize
8KB
MD5eab1c56903133b76afe5fc67ae14c7f6
SHA17aa54d0cebd914cee24b0c8137521d6cf53ed805
SHA2562a041e42047ab9f15c01b6d1ca68866b6bbb2a3db19ff70a0b454ca6479f3d65
SHA5129beaf81a4709c41ace4e6506319e852c5ad8dc63a158cd3f3669cc29725a812d8652f09cd3eed67f009b9f94a3009c5ec12f5db1e8ddef0adefbe508031a3bd4
-
Filesize
9KB
MD5febd68685687478d96ff0b90cc5ecec6
SHA1ba48860e20b208295a806aa1c44e21d9530bf691
SHA2562b2fd18b22a3428a200546f2ab7e01cbdc8b33cdc2ce090a7bd990a16192c6dc
SHA51229e499e45f7c1e21b7b3bd5261bc5de2e1968baca529d944888033ffad99ac6150e1e1bd80d70c689650ec815ed7903dcf7e4cbf4e302f79e34b9d29d406a74e
-
Filesize
7KB
MD542d30e413d984ffa15e6ef936f25ddb1
SHA164597f0dca48b82bfcfc2e61066e1eded4532b3c
SHA256f50a95329b77143bf39e789866608183a9c1e5e75b5b65e21ec9b531e5cc1110
SHA5121e749823808519c94a49075b84c31631b59af3cf4ab5ca6c61fc0ebce1d778dc000f7d7abaf6177dc75daa692fc6bcd2dec1e75eead9f4b662a805d693c79c3c
-
Filesize
6KB
MD5b67ef92b65f32076d6d7a6b3b5d40c2d
SHA159fba55cd0b8e8198b3ac0a551a4669f3532aceb
SHA2565e5a6b8ca0ba2ff715cce3da569590089894014c9089c851da2cb6228d8ffe1f
SHA51229ae4afab11bca8f84552eeafeca0d841051e7533e5073993e08f464b92fea6263f9d1f95568160371dc437b05a069fc68983890bfb4e1238bc2c978e4d6f8f4
-
Filesize
8KB
MD5f8f125dcb106887087233cf1e9faed68
SHA12e9c66ea8ddd112e817e063473f078b9af57ef78
SHA25653f1a7fb3afd345706bd4cb79de7067331ecf71e416324729f6149e582660c26
SHA512919051f880272b9b4c9cd8541bbb79d74e3e32b254ab693a3da0f7bf816f0b3039c3a6edba855f187be03e7b1a538d53a7c91179c331dfa2070f66bd7259a7e0
-
Filesize
9KB
MD50f0c9266cb5c9f4a5cdd2e0bec01aa22
SHA1d4f1840b5f8c5f354b7d6debc901787952ac5810
SHA256293e63b8492a521c6eaa581f942c2e27d70cddb6bf990e709767156fe465ff4f
SHA51272d28eb1e88677e6efe3b11985e5f8b1154fa4b36c3ac0ccf12265644c6b6c619b3f655462c82b7e4353b9a0053f146d5d7f6efda86582f84ff400b34eb5c80d
-
Filesize
18KB
MD51e925acaa499d39ba665053bf689126c
SHA1f419bda2aa27cbc05f9e1eca862be9d155971a9b
SHA2561d37ccd2df96a8773ea13bde94c36708b8dcee412b98f625a4208964776724ea
SHA512e82c6b5c0867aac0738908804ba854d31b7d768f15c693277aec9979da3b0426e32ae7362466a58e31ffd374812beef9e66d7460c15f463367f518b5f9bcc40b
-
Filesize
9KB
MD5190ab67952008a0213ed5ed2bb05e48d
SHA13d8caca476b48eca82e529bbcbf29f79e8487e51
SHA256e194a31de0efc1a8975d0607bb84e25bc4b512bbdcff44daa6bc4d8de5be8a27
SHA51261f30131c07cb767f8a15b0f1b4e842cd071c1318d8b82052c95060570cd3e2c9949fd493be7c8983a26edea350a264bdaafb564e56ce7c078d937287c2a299d
-
Filesize
18KB
MD531e79c2a96adc90b18287af40c726ae5
SHA19b90b1e6b2e85ab4ed568167eaa3d8fe3477110d
SHA2568f079930cd8e9ca1ba99649d84065bde3528faae513acdbff177e1e05195c645
SHA51235a45fd2faa6d4d3ab89d4e1d29a5c1d52d141c77eef7e8b2903c5fc30ebdc1a7051c783996597adaebe29ef5a6a549841414c5540fbef6b69c550c727099dd5
-
Filesize
8KB
MD5325dc780a857d48550ba80d204c2e786
SHA1e2216d708f8246d88d0642ef547b142ca3335566
SHA25652501b9c1f7fd2e2997f6ad0f1050151cfde48bff63a440b98ff0b9a614786ba
SHA5126b36ad71db982f3f35a3a7d7f04a22e5925f314122d254fb0202500c937cbaf17616cd836d2e20407bed9014c8701c4671044f92459aab643c871d14d7c7d452
-
Filesize
8KB
MD5833ec628cccef9cd0ed91cfc6468cae2
SHA15b049d581d5efa26082130fdd515d5a8a961f9c7
SHA2567c6d9882c6bc56b390272e8b4aee23e240fe054cdb3b69583cb4b5512a6b7974
SHA512322ca561d86ab9d1dd413f7bafa2f7735ddca5dfff71e9e0e84888c52d8768e8e2a239a154c6091508f6d034c6da3f5ba9e2c6157e01b02313c8c3a4b084dabd
-
Filesize
14KB
MD5744a29650092b528501ae38b60fa9211
SHA1919c2ee015d2e5dac5aba1d0bae18ee348277da7
SHA256150e1d825de7fdd60da93b3b757e178e7e3edfed92c8ab79908c1ae1065cde44
SHA512edb2ccdb8398b8b1fb980ca1ac018487f6de30c00e46336e23d85f927f3d1c0f6a5b704cbb00cd0cf041021872fb4c7d2475b4ec7c01bc15cc3835baf440369b
-
Filesize
8KB
MD5d5a6ba3c71e06ed2f3d5e432c6202f91
SHA122b540d5fac290a8b99b35e6776ab001e4116690
SHA256d12891aae64f84046ef1437329156411b5b6395a32921ca577abf1b02a6f07dd
SHA5126a8bcc4ae70230370c1a257e8059da1601825bbdd4f4c06424c15d6e915704025c794e6ca17326777ce835104ab9c549f357b9d99d117b3eddedd69e3a5d5977
-
Filesize
5KB
MD56bfe51d8a06257f35faebbc029c1a120
SHA1ca51cd5e47f7866ca7dcc5e20cfd44862287e65b
SHA256120b499cb37c44491d59131225d4dc25f9f9e5ec2155fe55711295eaecb7960f
SHA5123130a2099f1f17f10b835c26eba27529dca743c6a251c575b83bd6cef12b42540c4c187171b1d4d148366a0cbb6cb8b01fbda9b0805b9a7a044f1ad365854d1e
-
Filesize
8KB
MD538954fc2f9b5a8e8856cc7da6b62eb38
SHA13c46077e085ad162cdacd64c5c1f3fb32733fa9b
SHA256d224f03d2d2437ae77cb2b2df5a143c4b9d3da0beb2d9cd922f6a4b091ee8973
SHA5125cf92c144220b8dbfb097669b032404eff335af2e57796afd3a3dea50160150ea0dce1412a13a94be19edd8d88ba6dcbe85f929f7805599bdcc983dc2022976d
-
Filesize
9KB
MD5bebb216ce4f6d937774578ab0202303a
SHA1466656133243af70bbb4a413e24ffa079bb025a1
SHA2563a5030d051a09583b997146d1632c40037959aa25ea284576b10cd7db0b807ad
SHA512ced812b18aa31380cc3385779f2c80b1caac0ac5c2a09dbbb37454e478a19d32670e4d0c48376409fcd9b38ed4467b2501eab9b768fc32cf4a6adbc24cd635f5
-
Filesize
11KB
MD5c8eb3c991c3e4aa258cf806f4a9dd14e
SHA17dc14497ac06aa934c7f96bb6f1a70f6cc431a2d
SHA256649e4ccb9e781e3d60d515ab5755bd4a5e54d06e6c8f6f364bb2251a6d4dbe0a
SHA512afca9f119efb2814085d60a5ee2c17e1ea03d5e899c35d8e2f1d3876160b49b1cdbfe2e2def746abf2046c4453df51b39e995ca340da7d3c3c27bcdf67a66d93
-
Filesize
18KB
MD53f49eab0db312c462772e61b6c2af74f
SHA1631cd6e6de14aa536a97a0c3478f7583aeff824a
SHA25668f8eea233c969ec2729b9305e0d7c06983904f83a0bb9c2910f164bfaa0abdf
SHA5120df6347b121c584e4fbd6b323be2f54aea9ba0391d9e6472623365bc3fab5fdfa1a79cea556d83a6b3b568cbe033bb56ebc91f10e7365172876a51e2f99dc074
-
Filesize
8KB
MD5328ed2fd710b5f0e90332452cc898bc9
SHA1a3523b740e833f7a98024273b7c13c9bcfca22a9
SHA2564566d9ec74188be5fae1aaff438bd9c31fd6c68289534b834abbf4dbf5c72fae
SHA51271bcdbb4eb8c0ebae6d2c5266a33688b63ce452901f72a44c60de6d19640c22ab3a54a33b4e8216f76a0cccb44756b6ee59131f4351b599fcdb6e31933fa7c37
-
Filesize
8KB
MD53f24bd7cf61a626d6d3d8dbc2f99a5d1
SHA17de82578e87deceb22e35a2e210743a962c94ed8
SHA256975b74aebc9fc5a30883778a98366ebfa2c6df5908c4092c2f8743659bcbc516
SHA51278feafa2d92eb122ca821d525ab8096f01ddf430061c410e00f229d716db7e3cb6bd99dffaf86a7b44ed48a2869be020be5f01db89e1a4056b8eeaea0111bd55
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
642B
MD57260dd1bf2f73c6392bac687e778a4fa
SHA1870b18cd7d251b8614952e0ceb5281e5df215c49
SHA25631cd83d7c2be3e36ed3e500ee86d8ac07162d5e25b9bc9d05ea1f50f1866933d
SHA512b41f0a026b059834c3743d0abb9401fb8b3ad8708ca70577127877c0aa8c63f6e867e740e462f1ce087e7831689feb76aa7fb34ef79880d9de311c1a4e55808f
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
338B
MD5d5ee238845fad024e7e7a38071da6e6a
SHA11e1ff9f335227ebe2278d157184ed657c278ec16
SHA256079e7789bdf0e92a383550bf22af062c3b3363962121e396bb00b93d2c3e6b66
SHA5127933aea5c24e3cec3d18d1a2b04c6cfd87275a43f1a7f9262826617b6ea99c102e59f753099686f326a07c6515ab485ec9c786613ba289769b6289ce874bd7c3
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
170KB
MD531bd0f224e7e74eee2847f43aae23974
SHA192e331e1e8ad30538f38dd7ba31386afafa14a58
SHA2568b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d
SHA512a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249
-
Filesize
804B
MD5cd99cba6153cbc0b14b7a849e4d0180f
SHA1375961866404a705916cbc6cd4915de7d9778923
SHA25674c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2
SHA5120c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda
-
Filesize
978B
MD5e1682c49460ca16c0ecae98c3f60b7d4
SHA1a9cc92fb284c88ad4522cce23ae522da00b60d4d
SHA256fff4861b44947666e2cf77933d9ed24868bfc9ca3926ae77614e65df4e23d329
SHA512e98519fa7d5c9d873b4da81ac8d54879bd280595073739bea0817f51ece0b52ec5e11976e80755646bf98d6e674e9b5feb8c72d6b6726b75023388582863e89c
-
Filesize
170KB
MD531bd0f224e7e74eee2847f43aae23974
SHA192e331e1e8ad30538f38dd7ba31386afafa14a58
SHA2568b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d
SHA512a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249
-
Filesize
1KB
MD5d2aba3e1af80edd77e206cd43cfd3129
SHA13116da65d097708fad63a3b73d1c39bffa94cb01
SHA2568940135a58d28338ce4ea9b9933e6780507c56ab37a2f2e3a1a98c6564548a12
SHA5120059bd4cc02c52a219a0a2e1836bf04c11e2693446648dd4d92a2f38ed060ecd6c0f835e542ff8cfef8903873c01b8de2b38ed6ed2131a131bdd17887c11d0ec
-
Filesize
128KB
-
Filesize
3.6MB
-
Filesize
3.6MB
-
Filesize
3.6MB
-
Filesize
3.6MB
-
Filesize
3.6MB