Analysis
-
max time kernel
80s -
max time network
80s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-01-2025 01:53
Static task
static1
Behavioral task
behavioral1
Sample
babuk_builder.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
babuk_builder.zip
Resource
win10v2004-20241007-en
General
-
Target
babuk_builder.zip
-
Size
4.8MB
-
MD5
aee27a5ebedadf12beed294f59026162
-
SHA1
fa5153b6011c578ce85c8c6d2a431ee9b8be03ec
-
SHA256
82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550
-
SHA512
74548443d979e4b07904ca6232df1d787fa7481bfb52dfdd0331882cb407ba73c0548ef8544c02ed2cb2d11401ae86c546875db4408127d30b862cb383da921a
-
SSDEEP
98304:a7TUPOmgWEeBcQVltn58PsCYBy7PJUhfTJ2RMOMA8vNFDf8NCE3njOSLQJ0TsYnY:rFgaBcKltnOE7MPJUhLCMhN8NnjBEJYY
Malware Config
Signatures
-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Babuk family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (245) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE 6 IoCs
pid Process 2668 builder.exe 2628 builder.exe 2672 builder.exe 2444 builder.exe 1408 e_win.exe 2920 d_win.exe -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification \??\M:\$RECYCLE.BIN\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini d_win.exe -
Enumerates connected drives 3 TTPs 25 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: e_win.exe File opened (read-only) \??\J: e_win.exe File opened (read-only) \??\X: e_win.exe File opened (read-only) \??\Q: e_win.exe File opened (read-only) \??\Y: e_win.exe File opened (read-only) \??\P: e_win.exe File opened (read-only) \??\A: e_win.exe File opened (read-only) \??\S: e_win.exe File opened (read-only) \??\B: e_win.exe File opened (read-only) \??\F: d_win.exe File opened (read-only) \??\N: e_win.exe File opened (read-only) \??\E: e_win.exe File opened (read-only) \??\T: e_win.exe File opened (read-only) \??\U: e_win.exe File opened (read-only) \??\O: e_win.exe File opened (read-only) \??\G: e_win.exe File opened (read-only) \??\M: d_win.exe File opened (read-only) \??\W: e_win.exe File opened (read-only) \??\R: e_win.exe File opened (read-only) \??\I: e_win.exe File opened (read-only) \??\L: e_win.exe File opened (read-only) \??\Z: e_win.exe File opened (read-only) \??\K: e_win.exe File opened (read-only) \??\V: e_win.exe File opened (read-only) \??\M: e_win.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e_win.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d_win.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language builder.exe -
Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 700 vssadmin.exe 2364 vssadmin.exe -
Modifies registry class 12 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\.out rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\.out\ = "out_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\edit rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\edit\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\open\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\open rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\out_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe -
Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs
pid Process 2672 builder.exe 2444 builder.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1408 e_win.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 768 7zFM.exe 2144 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeRestorePrivilege 768 7zFM.exe Token: 35 768 7zFM.exe Token: SeSecurityPrivilege 768 7zFM.exe Token: SeBackupPrivilege 612 vssvc.exe Token: SeRestorePrivilege 612 vssvc.exe Token: SeAuditPrivilege 612 vssvc.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 768 7zFM.exe 768 7zFM.exe 768 7zFM.exe -
Suspicious use of WriteProcessMemory 29 IoCs
description pid Process procid_target PID 2516 wrote to memory of 2672 2516 cmd.exe 38 PID 2516 wrote to memory of 2672 2516 cmd.exe 38 PID 2516 wrote to memory of 2672 2516 cmd.exe 38 PID 2516 wrote to memory of 2672 2516 cmd.exe 38 PID 2516 wrote to memory of 2444 2516 cmd.exe 40 PID 2516 wrote to memory of 2444 2516 cmd.exe 40 PID 2516 wrote to memory of 2444 2516 cmd.exe 40 PID 2516 wrote to memory of 2444 2516 cmd.exe 40 PID 2444 wrote to memory of 1676 2444 builder.exe 41 PID 2444 wrote to memory of 1676 2444 builder.exe 41 PID 2444 wrote to memory of 1676 2444 builder.exe 41 PID 2444 wrote to memory of 1676 2444 builder.exe 41 PID 1408 wrote to memory of 2160 1408 e_win.exe 44 PID 1408 wrote to memory of 2160 1408 e_win.exe 44 PID 1408 wrote to memory of 2160 1408 e_win.exe 44 PID 1408 wrote to memory of 2160 1408 e_win.exe 44 PID 2160 wrote to memory of 700 2160 cmd.exe 46 PID 2160 wrote to memory of 700 2160 cmd.exe 46 PID 2160 wrote to memory of 700 2160 cmd.exe 46 PID 1408 wrote to memory of 1816 1408 e_win.exe 49 PID 1408 wrote to memory of 1816 1408 e_win.exe 49 PID 1408 wrote to memory of 1816 1408 e_win.exe 49 PID 1408 wrote to memory of 1816 1408 e_win.exe 49 PID 1816 wrote to memory of 2364 1816 cmd.exe 51 PID 1816 wrote to memory of 2364 1816 cmd.exe 51 PID 1816 wrote to memory of 2364 1816 cmd.exe 51 PID 2144 wrote to memory of 1796 2144 rundll32.exe 57 PID 2144 wrote to memory of 1796 2144 rundll32.exe 57 PID 2144 wrote to memory of 1796 2144 rundll32.exe 57 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\babuk_builder.zip"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:768
-
C:\Users\Admin\Desktop\New folder\builder.exe"C:\Users\Admin\Desktop\New folder\builder.exe"1⤵
- Executes dropped EXE
PID:2668
-
C:\Users\Admin\Desktop\New folder\builder.exe"C:\Users\Admin\Desktop\New folder\builder.exe"1⤵
- Executes dropped EXE
PID:2628
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\Desktop\New folder\builder.exebuilder.exe2⤵
- Executes dropped EXE
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2672
-
-
C:\Users\Admin\Desktop\New folder\builder.exebuilder.exe skibidi2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c pause3⤵
- System Location Discovery: System Language Discovery
PID:1676
-
-
-
C:\Users\Admin\Desktop\New folder\skibidi\e_win.exe"C:\Users\Admin\Desktop\New folder\skibidi\e_win.exe"1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet2⤵
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Windows\system32\vssadmin.exevssadmin.exe delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:700
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet2⤵
- Suspicious use of WriteProcessMemory
PID:1816 -
C:\Windows\system32\vssadmin.exevssadmin.exe delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:2364
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:612
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\How To Restore Your Files.txt1⤵PID:1692
-
C:\Users\Admin\Desktop\New folder\skibidi\d_win.exe"C:\Users\Admin\Desktop\New folder\skibidi\d_win.exe"1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2920
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\New folder\e_nas_arm.out1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\e_nas_arm.out2⤵PID:1796
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD5462e09c307f6d61543e979a4689d1bf8
SHA18f4789741f83ff0f607ce48bf6b3c147d80a8ee9
SHA256976276b1cad4d23cbfc8c70d517dff4d4aa598b941b2684bc46f88a4e63214d3
SHA512dc9634161174257b3def290326ecd0864828b664a98603b6df45e0053d1852cf50f8a6921053afbe87542e14ebb1a6347751499731a63faade5889d32888bb91
-
Filesize
174B
MD522f6d2fe4f85b2be085105bab2bbe691
SHA10aca19537c036165a46e458d6c9b09e98f06875b
SHA256606b224b431801d92a87b9afc9e35dad8b1743f46f8dc44d2f0460cf14f8b44b
SHA5120cce9c665702a38a72f2ab6d7932c655c742edfb9a84e07d881907da7381aefdadcf264cb10f93299c7d140f54ec2d0629723eb71e71d25b59d98e3ebead9d5d
-
Filesize
66KB
MD5c462efda48815bc7c5b216a1e81b5df0
SHA12b0923523eb49909b6eaa7293c3b73a39e1da15c
SHA25653717f5be7bf312b6e62130d4b191c66b31cd923808681aaac01d2f7533955f6
SHA512da0153288ef5f8d2305ec2f4547ee603942472f6487cd4acb212bec675a2248e9eecbbf47e8d677ea88eb8f3345daf724b6bf68f1e7be41b77a87e768f196877
-
Filesize
325KB
MD5a2a6577769fe7cdae5a3d43b43fc71b7
SHA15fb3703560bb450ed0caea9a0f6e31c755d4e791
SHA2562eafed90619894f7c61108bc86c658687f9aa912cb9bd450ab400b962aff6a84
SHA512515974309852fe4f25aa48bdec28e2742ea34fa0b18ffe2fd7f02f290f06f2aacd2612f2cc886c8661f1b4ab240e0769177ed2c123c1a49e1235a633510882f5
-
Filesize
370KB
MD54397d0699f2e68b6f4d317b2d457bb49
SHA120f910570c6c902a75767e73286062e36d39e86c
SHA256b6045617a216c8e0ffea55c9d06c0b8f0d566facfce80d480cb2ce37d976da4e
SHA512f4ea0a316c7fcc633d46e8414f6adea7bdcbd918f41e9a8beb14b23d162d74feacc9662771525a27529b5c7d7fafed5e7eeb3d33ab52ae806837e23ffb93516d
-
Filesize
355KB
MD5272e3b5147a128c32e981799645eca63
SHA1ba2c5b92d52836b6077dcf5aaba0419f5a4cff17
SHA2568c472d43aba87d0074b83107e1ec76f0b127f6af0eabd293cf13ecf4740a0d2e
SHA512fae8ff1f17bc35115a087f457f3c2049b7e0dc08fb44d257d91df80a389ffb3d74d6986bd2d5e7a3e4cfeb77ca04fe26df98117edfeef9bff2464c715b9af16e
-
Filesize
251KB
MD540c99084b59b1aab1e0a57a884dcebdb
SHA16f48b939f768334fecf7c1e60d486a1f6e0348f2
SHA256afd0aff093f69537d8f35748acae68539d9023116ade344d2cf4fc8c256cf844
SHA51260d9e089ee62efe8767046df3a58207534386eb1d59a4c4fdc1df2b3bcf2778f1b5edff44a9d69f72e909325605e63ac3ef592c41a2977f80d62397c39375c4f
-
Filesize
340KB
MD513a3e7f0a5d443ef784d6bbcb52a8aa0
SHA19e3328a75ef0dd5e38d25c0c2f94564f99035026
SHA256f444a018e758de11485205c9e874d78a941f45f75ebf062e562f9876344da330
SHA5127a496cedb1de55ccf7d0acf6270ea3d19e8967e8eed7de35e293e70dbf769af0223c5e1ec7eb5bb74e0f8994ff8b9a058ecfeaacb95ce5c47696b2053dd0beef
-
Filesize
222KB
MD5d743a25ea82f3397c00dc0b101bc2bcd
SHA16dd4eb40b582567121a0a6a725d0ef7e0b7705b7
SHA25610af390f0f175ba3385158ba9f006b9c2f82c953dc3155fba95b418309526f07
SHA51232d269022fab7e505ad45c93071d825ce71eb95b69a04a9a141ba762e062cb1f0e7d8eee90f38f2534af9c51c720ebfbcc24665b99bb8bf3a388d0252c8914e4
-
Filesize
399KB
MD55d03aa7deb57e84cbdbc07ed9d18b401
SHA1d3a21b4d7e048d51cf2b07c5491073eb35c60709
SHA25639754816e59d14f46b8dc6881eb170a21bd1a3fa00d63061036e5456727cd3bf
SHA5128d1d85289d8771ae5d485a0669443e76116b59a587920e3dec2f85fd7d2f2c19d69cd49130df528ca71b67ecd11fa28bbfaf116f11dca9dafc3a817be3fa9066
-
Filesize
414KB
MD5f6b98b49350a481dd4df8bbb9e09f102
SHA1bea145228e91633b7bb66a10f8e923c398c3f963
SHA2567e1b7c25ff3d583ffe229518902c9bb83de45ca8ffd4d2debef3d3ba8a9c6ae4
SHA512bec64dee47c1c0612a7ada0f7dc7eee1f9d9854b5651d0280bae80163f21efd2a15ca083f5ec62766310522fde48c6b27e4b2f078cd691e5ebaa7022b33566bc
-
Filesize
444KB
MD5513f31054f1f46eaa3932de711709215
SHA18bdf91796e5272701b46f74d3b4160db82c2fbd3
SHA256f1ca1d9b375cd3ffe31827ce5059ec1d53e782deec4b89b21bd7d442a6a3c5fd
SHA512925c95f9addba5c19dfb57f53bda89d392305523f23b89216cc7f9a54da81cf8ea55d84c68ab0390a74df2986cfcac9d85d89cd666207bb21b0c0805fb8acf33
-
Filesize
296KB
MD571fa6e56c01a4c7e51d709b5f6596228
SHA132a6dfdf6c6b053b6064a8563d715775a8d74fe6
SHA256a1eb3d37788914ebaec6e528ac05fa278cbf962f1de98609361aed966903cec0
SHA5125eeeb9be0ffd56bf180e9d9252b90fda6fe036cfac481a493a94f9f2ca9c7e2bf90c72335c05790b19ee28b900318a138f8f61005eadbedb7500f584a3ee1e0d
-
Filesize
266KB
MD5b9bf4dc7dfe718bd935de9497f952a22
SHA1d3ac9466937980020224db64262ef4daa02a2697
SHA256c4c6c1c2bcd5a2bec5389dfd8a96e6102bc5434db5627f34526e988d01c52ea6
SHA5122565ae459edfc0185c4636b52eb415aeaeadbc205e687ee274189c854c62c6e640cb00a590974b29e8c4a93624457ec4c2b22a05078612ad1f7a7304e2721fb0
-
Filesize
246B
MD5627a5f99f782cb5ff292d564cdc08d41
SHA14ca93dd5ec5463a5800ca16daf9528fd822aac27
SHA256747738e1e1ce8092a1c1f1c0364b933a96d049002021038d67cf9e362622a016
SHA5127f200f306a7da8bf3b693ca0f0f0cbe0a1d406e2d3fe207e75b36e898bb9bb2f4f26398ce4e09058729109313109d46bcedd64756f19090f72db12f10bbb30ee
-
Filesize
246B
MD5e84334ae842941a4fe3829ffa141126a
SHA11a9f05f0cbd285b42e082d876dcec58852fe5190
SHA256880a513873abd8e98683f7d60e33de3df24399126a38b535a6189b264e0b0214
SHA512e8d1a1a925a0dfc91366eca83c4d8fcbf4eec719ada129d74b87eea438f8c4bbc130e09109181d857ee69efdd12603b066dc165d007cea6171fdebf6c73fad0a
-
Filesize
374B
MD5f5cf15f06447359c6892b630fb331e01
SHA1e44e046dacb2ed0508beef3020512ab017516d73
SHA25613d1fcc3aafc70299397f8aece0d2ef3b04d4246cbce801a72d9e6ccc3427a8d
SHA512ad86e9212c364feb963938347617718ecc8f07e4af9282bb90d1506d9dec8f453d8bd7244f98ca6ca3eca00eac9b222fc12c4c2f58d04d20165a532b3142313f
-
Filesize
556B
MD54d3ee43dabf02f618fd8fb3f294c4d24
SHA15cd157724e98486ec8d5732cff0dfd13d127572f
SHA2569bfab2f98843ccafb314acb3af08383ccf0e3ce0c376a4bf8fae2fe7ca31d061
SHA51278166ca209e9fd7d3a2126e036361825b397bd135b26554855ece5e69394de171e2c474c3528c3feb43a9914bcd4a257638ffbdeecf8ce36bf11b999bf15407d
-
Filesize
121KB
MD55dfa998f62612e10d5d28d26948dd50f
SHA105618b47ccf5aba595fba60feb30969b5500abb3
SHA2564fa565cc2ebfe97b996786facdb454e4328a28792e27e80e8b46fe24b44781af
SHA51283a0f6b9b43d88ea704f0d006937e020a2dd7c207bc84937d2ca6d80f808b0b583a555082eb529c902f2194cb872a23d5666302908f3ed0418f061e50c56defa
-
Filesize
53KB
MD564b8e75e76283e034e134c128e9a405a
SHA1cd19c2741261de97e91943148ba8c0863567b461
SHA256930760c00de1b9a4bc2eefcd96173f1e9a906b11a9566c517fcb87a13acaa327
SHA5128e9e0ceafc88504a408ed9a91514675b7e13e3f4ed5f3a2c0208f441c55d783e3708427fc49489bdd9f74804a00a093c6e28c5a012d483b502bee09995f6a84d
-
Filesize
53KB
MD559908583a8ac5f86e58d627f6dcb18c6
SHA10cec6e5a9c3c512830720f5fa9e5ca58da6fddb5
SHA25656feafdbbaaebcd27c76e728dee865917a4ca50fddd5d8db9edc5b346edddc36
SHA512643a4450028667905216d2deb310dad3c79c77e5bd945ebab82f94f7c219e11f57f351c6232930ff595def3c063a8b4a21256f8d6aa047f33006049fdf794ee3
-
Filesize
2.0MB
MD57de2173c75f9778b9c9c20447ad4c1f8
SHA10bea740c49e30d3c8d58976951331068f181c453
SHA2562cd6d4a52dbaf9e79d93492ad73dc229e06d0cee9e3327cc3bef165fae06f918
SHA512666387bea53b85ccb8d6f5925f2c4fa69530836a58834234f6c9c5c0034997dad2270f270bea138796f7bb2010bcf2c4430bbaf10fa8a6f50b52323b84b21e18
-
Filesize
2.0MB
MD5033d26685d74882a0510111c6524dac5
SHA13e1cd529bd4c6b3ac9da31d6848065b3d5e99101
SHA2569a0526caf299808fc11cac45aa9a47018417f7c4408517ca1736325a54fc4342
SHA5126aeb144fd51d5d691dc5049a91cb638c588829a7c8ae3be64f06b6ae67ba07d6e81cd70295cc322343bb978fdabd44b788d4f8e98090f51e600d282238b0b8c4
-
Filesize
1.9MB
MD529efe5693da727cdca8c637d343b07cd
SHA1a5ee4e8a413ea03639721f31de5f42d4b0968039
SHA25651fe57795105eb1e618d35bd99fcc096ee3687455cd4e330396c0d701bc3a6a1
SHA5125f19057919b4018114fcb58e0d848960acbf26d461077a85a935b64e7ec161f45047e6dc6c4664058b36902bc39b297c292eb8af2557dddd5bbdfdc975e6f377
-
Filesize
1.9MB
MD594c95741556b5e401ffb87fba8a77612
SHA1e26d0db33cf03fd899587570767148d8863d2230
SHA2565b6795fabf7b87dd10f9632f77c403d57e5eaea9998589e4450dd9c1684ba280
SHA5128e7cbac3826fbebb94a43581e9c7571d1f420acbdc7dc55e374c58bbda9ce4d4b7a6e61087992e88214a23b3706314d462634dc18d9b0ef60a8896c929963ab9
-
Filesize
68KB
MD5ca8dcb4c02f5b3b09b0bc49452f05bd6
SHA10e0001da7e198da8e3e82252d5414dbcb8bee9d1
SHA256eb22f22fedb24ef3d06d2ba6ac9bc53528f8d1e489fefeac9501b926a0be6097
SHA5129221c98a0ad3179725fd66de3fcfbc0f97af300431d82645ee0b9d8e16a756b7881a91f661a569156bf0d5984e54703d513d753329bffd382327cc7a194ffc48
-
Filesize
68KB
MD5e2a69b8b4bfa469f456da2f98e32cfcd
SHA11696b382798fcd1726b0a33b1e8a34b25b624a28
SHA256dd91f972a40a7bcd78754084fe64beecdd991af9067fef598910bbb911339366
SHA51243484251f57ea27e7b72d1bbd674913137e59463dfde1f3bafb3b0d8bc0a6256c9ad47b1e451dfc55f6e7f3e418e558a2fb353baed07fd7077562fbe8d1fb098
-
Filesize
69KB
MD5ce73b00417464190d7fb9b36af74968a
SHA1885a734c7869b52aa125674cb430199b2645cda0
SHA256dc90560d7198bf824b65ba2cfbe403d84d38113f41a1aa2f37f8d827fd9e0ceb
SHA5127710eb3c601f0b6066606f7a098811efa8e411b12164e7bcb2ab289920156367ee53e6c243937d89ccf17af9c207856fbd2f125982e5242938cd189965a3556d
-
Filesize
69KB
MD57192cde9f485fa315cb8fa802c5a590b
SHA12e3aaef6774eaf1c485bce44d8b3d3777dfa9213
SHA256badd43decc612e88a9369e03757f1d95bf40081499fb041c5cd6cc3b3ea4f1df
SHA5128496141b0d33398ce54be66ae96d2efe18b01271c7067771498f6933a257df31128a90581913126f0537dfec1ac835697219366b64707efea22a5d894c40cdf9
-
Filesize
2.1MB
MD528249fc247a858d9727c860e4a484392
SHA137b2ee4c3f6b9976e2335421a05e4b480c09ff9d
SHA256e8cee8eab4020e1aadd4631ed626ab54d8733f8b14d683ca943cd4e124eeef55
SHA512af4109064b524761fc3b0b5b27ab634e9eda7c8897fe5fb5b2d39dd1b620a402eb97ce5e76d99f9a959c2c6a162a2037c398c2181d2f66d029b46d73ec7f43e4
-
Filesize
2.1MB
MD5774d2d0fe413f857f916a7763007d149
SHA10fd836a0174eaa0e39239dd7c27ae49402596418
SHA256d2be75317ac95104bdc3a9cc7f0ddaebbdbf974b4345d404cc43548a6b6f920b
SHA51274e6eddde200d80ebe5ba5f5d2a9bec198fbb0a1b92bb80ef63ffd5ef6ffcc6f2bc01cd50ea77956d13454af26733f963f50e5662c121857e7c0e18bd64d7ef3
-
Filesize
2.0MB
MD51453c8123be53bf4458b1a8e7e54ddbb
SHA1a1064f1393e4d548c27f1a4b5fb1a5cf9f5267e7
SHA256e505b24de50b14aed35cf40725dc0185cab06fed90269d445ec7a4b36de124b6
SHA5122eeffbcf1b8161f3f61a5654213004212042ca95b87393052a54b0a28416ee82eef113891488cc272581d6c2a557b1283712f8658ad48c219823b204724bc150
-
Filesize
79KB
MD5e5adc80639046a5c69bcfeee458e0833
SHA1d9e3f9edda5df290b5be6fb1d335b750dd7c6758
SHA256ea95f131bd9b49104d9e7ae83335254549ded9d71d557c6e4746740aecca2c85
SHA512c11a24e14ba5fa2b0e2c2b544dd4218ce4c8caae3db7cebd5b0305223f96bde09c9bd237cb8d32768f30118f7be73240971e772f7a89db7c0fba5c6105107e3a
-
Filesize
4B
MD51cb251ec0d568de6a929b520c4aed8d1
SHA1372ea08cab33e71c02c651dbc83a474d32c676ea
SHA256982d9e3eb996f559e633f4d194def3761d909f5a3b647d1a851fead67c32c9d1
SHA512eaf2c12742cb8c161bcbd84b032b9bb98999a23282542672ca01cc6edd268f7dce9987ad6b2bc79305634f89d90b90102bcd59a57e7135b8e3ceb93c0597117b
-
Filesize
53KB
MD50ee46ee4bab2d914ec0feba35041487e
SHA1bad36787649079fd44ac7917a13c7a8b17705795
SHA2562a89600953b89f8f2038b3dc1d4f0369ba77a89f30c416b7fd9794c3b1eb84ff
SHA512d58dd6179d0a57092ce29152e20304170f7d761603cc7bd2c9139a75dfedacc40c1d5f09383c071c2d3b88e917a3180b3894115f9fe0af7876b64484b6092538
-
Filesize
53KB
MD58273d6de5d29605af89b0cca4783b1da
SHA1c7c7f2f67fd6fa1ab1b23f241f6807d71dc59c67
SHA2566d740d1cbdba96ed27b25ce00dc90afcc70cef04b97799094ab8fcb737c66236
SHA51295675398df1598d6893d8ca945b974ad8bf21273fddd0f28e86e4e005b376f2342485aeb18e07d126e3c73ff713e07e66b202e185bb1eb168b04e311309c3634
-
Filesize
2.0MB
MD512c645fa77f92d520a6b39b9d3d81d4b
SHA11c547ff5f1458d4d44a1d2e51fb5659555664466
SHA2560bac81ecfbdcafb3ceb4504c83da8f20412da6d72dbf4b4d544e715dd2de10b7
SHA51216cdb15642c729b1a31983b30f80f17763eb7a3dc3832573d25ceb1bea3b990fcecc22ffe2b9e9c2cfb04f2bfe9ae8b9d648c8dc91c27ee0b2481eee7db79ae3
-
Filesize
2.0MB
MD5a238f2a0450ce8d0deab7b626e2f9820
SHA15f88b1bbe19ebc45e1cad4a82e6e0f0d782a7920
SHA2563d5ff683b1c6e58ec0e59a16d742e313cb99187a851e2c01c56bafaf62939be0
SHA512f478d19eb6dc4bc981309e5d1cf660c9bccdb33835b24b1f61f3dddb3307601d649e8d7ce27005e95e7db8c30e9fac5b79a0ae431d943f661a61daf52f7b8a29
-
Filesize
1.9MB
MD5070c5ebb84755bf1c2cdc0b8ce92dac7
SHA1c34b707663a9bcf5317a727441fc99d3941ee73e
SHA256945e1a6977e4ecf86bf0d1d6a36d95fef35662ff5e8b3543f323d6989ed06a2a
SHA51274d4fc01f67425b76e7d6c09634625f68c319ad54da5ab28bf3e8f152cbe341088b5e92ceff0718923a76fb14ec1c4ca5c42eb0514234537f251c0b2e06df4a8
-
Filesize
1.9MB
MD52f9e548142a8b196baed00f55afe278b
SHA1a7891622b43f11b0e576b10e099a8adac944ccc6
SHA256350a1a67f0f43011fc436adf09e4b2615f0ea83a484e11149acb7f465c998afe
SHA512631482f8c07db9f7a085dae4d3170074611e298811daceabffbf98ea5b2b36efd98612ec320f076a2d8fcd5b684bf39d72e066793dd954346c49f1c808f24cc8
-
Filesize
68KB
MD533eff325078a78d9d09aabc45279e555
SHA1268f36995f86bdbc806b2fb25abec08327e37f1b
SHA256e22305e0a5c75084f291ac9f9112b56e8fe35e0740fce56e5595d622947c3f7c
SHA512cf902bd01109aceae73879ff24502f7677f0b5b96d340699e4701df669ad1ef2161353fd70095e99cd99b7a21b2504da0914be60c420c472ff86abb1c003098e
-
Filesize
69KB
MD58ecede62843c067167572edb391f479d
SHA1e816ae790e9f2147f0b9889b52c2a0153f67a4b7
SHA256a596080b3f4569a9275f1a6a4b6b699602639c3405d3cdca5a8829e4be28b53c
SHA512195f283a07a683f17869cd2430e63988408dc17b50d88bb37e49f2c50d880f6da11b57d6d4b9add2c57fa635900c1c5c812b5c47619b776d7b7199bf7d9bfc31
-
Filesize
69KB
MD50092dc44ee4a562567378f7915db8f93
SHA1bd892df62047c92f31ffb4491994f81e95f3c825
SHA2565f5e331ac954d162acfabf09d4d80379d34d1a151a7422106f6388fd82af9fda
SHA512038ad35a44702fbe29f47d3c9532fd8ff9d2ce101476a399d1598d7b95de890f8a6acb5619e4f96ce4af9f2accd8aae305d5086e74be62317aaf38314374cba9
-
Filesize
2.1MB
MD50dd1adb4be3b4f5bb86d91b6b73601e3
SHA15052cc1fa0fe938dc00ce63d65ef21b59627920d
SHA256e7ef49a0ca522408859fcf0ad7e630b880e7d6c8babc6f76a09fa7fef41b5509
SHA512c555333dc74c02df93596a910242b90f792d4a86b027259007ce18005eb985c81084c51ab65bf028d844d279f898a89449cc5065da7e1d1ae2edfa0d708a3950
-
Filesize
2.1MB
MD5097b4b03a052cce4c3602ac921d9b30c
SHA18d806663a4d274abba9a49e98df49799828928b0
SHA2562d77d50d3c317e1853cbf646ac567ad2d966e5477baf097f8338a89d2de63500
SHA512d0a6710614eeb3a05a2795db2d570e3056b2d5a50cbe9c79727216034918aa43d09469a82e08d82f869f5f5fb033ff2f453784fea261d0d53b922f0d51930fc9
-
Filesize
2.0MB
MD54c895f84f8938afdf64ee5fbaa4017fb
SHA14c6d14761a0c650484c38579397826913a745e44
SHA256d6245277dff8cdf0c9b70b349499e54905669321a62e33554de65b1df5ccd5d4
SHA5124fe1ac4da3e2ff191b57863607c9edf864b5d9b64d95b8be3bda00d8ec3b4d688c1a8f32b67f3dd9044d554959d3b87be78321adb450efcdebe7d52d6a2226f5
-
Filesize
79KB
MD5dd447baba855d4c915743c7eaf4292c5
SHA17337b187fce041a5828ea7789273b5c377f5cce0
SHA256646d87602740377718ec4cecf33daf8ca49fc09a5c74771ca90baf3a73221c42
SHA5120b347995541e75ead1ccf8487bbfb0f079cdf9e66e6b8296d408c082ad8cea486a7f7c42dc64c570bead16389a8e75cb7114800ed80b452df1f56a4368a0459e
-
Filesize
32B
MD51a3da384cf3ba5ef142d50f4b1c29b3d
SHA1f881af832a4f115d4dcb05aa8894f353862ad7ef
SHA2566164a106937ccf247c46fe229e9bcadd80e8e5f6623ae0e1b7453ebea08fa0d4
SHA5128d16a9f8d3abd4a04e76221394ebf6f8fd29019d4a17d0f6d20aec12249a045d2ab8544e1797cc4f97a3a7748bb9d8eccbb81bdfc503305286e9f548a7c28ded
-
Filesize
32B
MD553968c55d4e29775b159c7db8a9f42f4
SHA1a57d0de35f4a015c13e3212032e36f0288261813
SHA256ecd7570228f4c716aef940df442157c93b94bad11223cb5277c82e71cd7f0022
SHA512581105e39f024a3093941a40fe07d413fb1baac4c1ceb029303ce6cc4aab2cbae659a0cf1da8391a268a43a09df4effeefaad6e4ed0b060bf28aa56545e38cdc
-
Filesize
1KB
MD596d173d21d7e84d71abba7778c6c55ca
SHA1564d7447e27b10a07b82cca758b2f7379a3358cb
SHA256cc3fcf7bb8f2711fd83887b52d8a96a29253a3e54abd21637bc1f190aa644e9e
SHA512a00a825740f81cf7f50e322abc227b007c211a3e91bed39a24b8ca8cbd1ec0a59ab8c15979672b64a993d5460648c89d0db9591f50531d3faf3b88ff8792a3c3