Analysis
-
max time kernel
85s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
28-09-2024 14:43
General
-
Target
https://github.com/pankoza2-pl/salinewin.exe-Malware
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 54 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/salinewin.exe-Malware1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe57c13cb8,0x7ffe57c13cc8,0x7ffe57c13cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,18424971355201598210,13573799821748813514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:22⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddb7f047-a9de-4191-af8d-15b056d635ef} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2344 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a68fc12-e5bf-4ab2-a908-2304a8e3fb96} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e49d2c0-1360-49b2-913e-9e74d4df5f59} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3460 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30234491-fb2d-4c40-baf0-c5ee45f98f6d} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4840 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e089b397-15ad-4275-9eeb-3e5dde4b9021} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 3 -isForBrowser -prefsHandle 5540 -prefMapHandle 5536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0537858f-92b1-4984-9560-82572cfc52bb} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df7d6328-e54f-4319-a104-f8ccc5c66ca1} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92c1dbfa-4155-4d87-87b4-2ef06a719fe4} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\salinewin\salinewin.exe"C:\Users\Admin\Downloads\salinewin\salinewin.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f3⤵
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D41⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
2KB
MD5115b82222231afbb7b047589572cde7f
SHA1f1e07310aa7c511ee107f81c948ff0fc7f0d31dd
SHA256e8afcfe0069745a18e4c2ab93b0fcefd5afd07a25104a5ecbcfbc238ccfc122a
SHA5123c6936b374ac32edb05f8b507c53116760ecd4653f354d6118f420ee912e9c4d850ddb28997bf91e6cce334d427b3f7fdaf05cd59e9317b335ade148c2c4c8a1
-
Filesize
2KB
MD52ab2813323b9fc053c71112b140a0d8b
SHA1064a2262d8e06aa495d31f12289a88fee00bc223
SHA25698d4c8451370963cfe0b164e99f37ca4094db16c48101fafe6385c5246f3dc4c
SHA512860f0c6d0463f0b9cefd5d51da9e207f970dfa1fe6f9ab21cdb41afa28459fcea75904d90d3eaa35e039a7836565d45b6da7c5d76c329faf35601181de379da5
-
Filesize
579B
MD5be85a012866f82533b134a3e7c03581c
SHA18f361377763dc0f643a3c2746149ca5850c5d8c0
SHA2567c0534066657219aeecf9763515dbb8eeb5b0cc4509d25ed75d5347476f443a0
SHA51238aa3dc3c36a5319162d52fb0bdb7588dfa9fada5247c49ee53d870b7d928ea5be1387e176e8caf3dd6cad9b6975d432eae587c0103f8dffc56f17ef887ae621
-
Filesize
5KB
MD5ce7e4fd9e4589a56bc8dee8c5589e190
SHA10bb40088fe65dcc095e8622e6d0984e1ed7fea25
SHA25624d14df5a7bb58628840a716e999fc0552bb66d87ae480f8855b9d9f81ea0622
SHA5125105a45be7a522636bd645bb43c69c07cab00e242ca2b39f88014f097ee8b19598353e887ad7be71f96aca00023fe5423b3b06b73ebfc272bb058196a9d29384
-
Filesize
6KB
MD564fade7660d6ab9ae081749a0b321cd5
SHA128896ac4657d97c9fb7de4969dd98d4d13605ad7
SHA256b84152b1adad68bc6cee5ee511416405c96537bbb38d3d741ba45e402ee7907b
SHA51245508a41c37de3969aeeebebb6f700bac9475153dbf9f00d32c3611c57b7e91c7cf7c931c4f5d9785564e0c4f70d8773c330392ca4cd147a02189598800cb7f5
-
Filesize
864B
MD5452fc97fdca849844f5dc0e7d1efc283
SHA1073510f03d29f37833611c7ad456fb50d3a65808
SHA256e0d99134b0ecb4b56631645b6ef00c5270d9f956d8c130e1dad5c2623eeb6eae
SHA5125efde451c69fc26473284e3b5155b9c14ec19e7e413f95ec189702043162b6d4fb2581ece5048895bf56d5c1c22fdb4ad1f5b5b353cf8c998b1ed0f63f0ccf94
-
Filesize
1KB
MD5fce062bab811182be00641888dc76cdd
SHA1373f020a5e82ec91d1273827316c46c5e5202ed8
SHA25691975524d748bc2f28a730aeee128e339d528e31c073bc4a195203889398b7ff
SHA512ec3bf2d5a815ea4ec7da02241eeab82512470d35a87fd409d6b76e15917b1a3c124b11930bed4c16f27ff42fe9f1f3e55c698093f7929b475eedcaddc1e40061
-
Filesize
1KB
MD51ad722676bb26437b40807f55d1edd71
SHA1bde0eb8d8564d828df62b29fa9832e26ccfadd46
SHA25616180bfb772a40df78e9cb45ce4792016a31619d5dcd63129cb7f5718ef776a2
SHA512d5a6afe69d91cfbde0423963c0ff41a40a1d3eb78eef2a59498ec54c9295032cf637a94a042df77bff80e5ac7e3b26e9c3b259df86dacffd5085bb42b01e3297
-
Filesize
864B
MD5f9f3fa888f486bc038462e59e5d0b3d9
SHA189ca3eddf43db07a2a88414401d670131a8e0c83
SHA256edd5857a42dc03f74d1f58b401b3216fff1ca944bfce343376f506965a828dce
SHA51252ea59a63710cb527ef2774f3fc1752fb55e171381522056f9464c585d98a273a9ddeb1981148bccbfe0d32141bd3ee2a0442b955aba6aeb3253573dc7266120
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD56bd8f3c453ee7516ba73b03f731979ee
SHA1309c91bdac04db6f99483629502d6daec35a5155
SHA256e34f2277e42e976f72a56d4ee9440916b299afcdd8a284b0345cfd256765c976
SHA512a7f194fb8a2c72ed2d5d04e15a487b3333cbbc310464352cd113ce58cec55ccac0ed51c819cbc07c1a4a6e7b2e63bc20853b40c2a3f91b8f36170c1e6da4ca2b
-
Filesize
11KB
MD5c629b28fa8acc00d743bd746812d3a85
SHA1a886b4dd9fba76899db463260a033a04c0e19865
SHA25650b72889a568e83a14326a196209fd6d264d365f07c5e08400835fb1807ca16b
SHA5126c35655b988fbd2d2ddfdfa9daba814c0c82081d4965759ee29110f8433b688dbe7d541541628190b79275c9c5b30403dcd45f4a92b311c3f1c3b32abdeeacb2
-
Filesize
30KB
MD59fc167e5cd0bb4b0dbacae1ce8d2b158
SHA12d8e0a7492cae248070e2da3e8f6c17509d6429a
SHA256c601eccc79d43a8cbda16b4f76851a9730512b7412fc2948a38845ea37ad5d35
SHA512e8cdead5696a6480901ddc0504458869c4cd9596108af1ba3cbf347d23fe9e3b0b8a9a99d1fa7c7573fdf2c2a7c85f0c098bd69ded2b7807efb76255290cc33b
-
Filesize
6KB
MD5b022ac30c5aa29ef3ff2cd8ac1900bf6
SHA1bbf246580585541035c95f4937b3fa80096b3ed9
SHA256000d0b2dfeec53cec827c7b75357e91b706d8ee6488e678263a6ee8d59774b17
SHA512bf4626faecf78aa58dc73f89e58dc1fb277d578f462ffccdc24ad90875232bd6d125a7bb5ce7d3a82aa20cf3b8222711c6fbbf066197e57d108d0d2c992cb71b
-
Filesize
5KB
MD5e7a783431e603a5100869a5c716b14a3
SHA14220a27bc30f22138ae10c694c9923c9ed2f0861
SHA2563e8ad463238393fae14d4c9bce7976436fbddbb17968908c217eff8c3352ad65
SHA512983d84531aa2fb034ced2a4d2ec5489d084ecddc59135101b3b9d864fde0148db8bbccc6f5707e942823cd07348c32ec5e58cff9d6b6ba86dad50c7557ab6e44
-
Filesize
982B
MD5673fcc4b6ee44a30d2f092bf8d060ff5
SHA1d1827b17945c97cf3a183c892fc556c56b10bd32
SHA2565490a43fd5e955da724bc5c7101084a77f64e2b2cd1b426a5a553d42ecb98b48
SHA5120f7ab8440f49291422a7dbfa90d85594ee7b4f0c36e608d8b6b024db8c521dc8c7dbfdfba612fa944373f5d1c6e5bbdcfc838c4ea2485c0715fbfd3b295300f3
-
Filesize
671B
MD5d42ecffcf5dc2f444f90b12dc504ce52
SHA1989624ff1b3fb720b2be9f4c0eb3c42804cb868d
SHA2562dc2945b1aaab22d4657e24ee53f4c41392a0ea5178f3d0f49f35b353b9fb9dd
SHA5128d46b4e58c9eff85dc29d32aabd5b1a9fb1cbfadc86685d2ff264ab85f0fb256e010740dae89cdd047ca2c09e48f4fe117254532db9daa7b9b01a2915ad91994
-
Filesize
25KB
MD588580d55d8e8c4975b7d2a8d3325fd23
SHA1bda32c27a88c293fdf3ad4b64e0053be90ff06d3
SHA256d6ef74a3b35b7aa76fed06600399c268802fe90f3e44a6bce821174fdf3b4e80
SHA512d0b3923a015c80e4807c9c95de404f2db2245c52fc442ae0a0e221216da28e170455c68e46738c243175d0a7cffce0a728e44b95773d5d08cf76587f35924819
-
Filesize
11KB
MD5005673a42fcbaae77fc327f00a75a3e0
SHA1fd6f816b424cd0dc6462de27bd3198635a894463
SHA2564ff2dc391e90f47bb86d6c9747f413c21d549731dafc42c17e3f447736d86c4f
SHA512b5263855030935c7911321a97c1a0f9aab53b9afaa27624c7fc4cb232188905010d4b2b0b5fd8005a67edbdecce63e2c1673ad8f5b253034dc2ab9cd53e6e601
-
Filesize
10KB
MD52f1c9e8ba7e6e395b00b26a3c9e3028c
SHA1bb2d0b179da78a6f54136682696bfe48a648e372
SHA256e090f69fb442a5b82a446d6a95db0ca2936701f72b6093f5e5a83879eab57828
SHA5128cb277f4995f4b230a45c77f16ec8c9cea70b207ed1c244b186a5fb634ebd1fbfc4669ad036b2d9c44d510c92ed0602d2059e673c07d13f8ea066b91c919840a
-
Filesize
288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
Filesize
203KB
MD519a966f0b86c67659b15364e89f3748b
SHA194075399f5f8c6f73258024bf442c0bf8600d52b
SHA256b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d
SHA51260a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6