Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10_x64 -
resource
win10-20220223-en -
submitted
24-02-2022 11:14
Static task
static1
Behavioral task
behavioral1
Sample
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe
Resource
win10-20220223-en
General
-
Target
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe
-
Size
267KB
-
MD5
ec3a003082a19fd6a00f84df315d18a2
-
SHA1
e7268a6982c3d17aaf472b331b67fbdbc4000dec
-
SHA256
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143
-
SHA512
d3e804add5ebf3efdbf4794cbc1cc53bfc0485298771a1f43d7d683870f82561be3387d83436cf308e260bd600ce475998add0d094d63ab46f3dd75ad16f74aa
Malware Config
Signatures
-
PlugX Rat Payload 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3592-125-0x0000000000590000-0x00000000005B7000-memory.dmp PlugX behavioral2/memory/3628-126-0x0000000000660000-0x0000000000687000-memory.dmp PlugX behavioral2/memory/2540-128-0x0000000002BD0000-0x0000000002BF5000-memory.dmp PlugX behavioral2/memory/3820-132-0x0000000002DD0000-0x0000000002DF5000-memory.dmp PlugX -
Executes dropped EXE 2 IoCs
Processes:
Mc.exeMc.exepid process 3628 Mc.exe 3592 Mc.exe -
Deletes itself 1 IoCs
Processes:
svchost.exepid process 2540 svchost.exe -
Loads dropped DLL 2 IoCs
Processes:
Mc.exeMc.exepid process 3628 Mc.exe 3592 Mc.exe -
Drops file in System32 directory 7 IoCs
Processes:
svchost.exeWerFault.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE svchost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies svchost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 svchost.exe File opened for modification C:\Windows\System32\ntkrnlmp.pdb WerFault.exe File opened for modification C:\Windows\System32\ndis.pdb WerFault.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat svchost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 svchost.exe -
Drops file in Windows directory 40 IoCs
Processes:
WerFault.exedescription ioc process File created C:\Windows\INF\lsi_sss.PNF WerFault.exe File created C:\Windows\INF\pcmcia.PNF WerFault.exe File created C:\Windows\INF\ws3cap.PNF WerFault.exe File created C:\Windows\INF\sdbus.PNF WerFault.exe File created C:\Windows\INF\tsusbhub.PNF WerFault.exe File created C:\Windows\INF\3ware.PNF WerFault.exe File created C:\Windows\INF\amdsata.PNF WerFault.exe File created C:\Windows\INF\stexstor.PNF WerFault.exe File created C:\Windows\INF\wnetvsc.PNF WerFault.exe File created C:\Windows\INF\sisraid2.PNF WerFault.exe File created C:\Windows\INF\nvraid.PNF WerFault.exe File created C:\Windows\INF\netsstpa.PNF WerFault.exe File created C:\Windows\INF\megasas.PNF WerFault.exe File created C:\Windows\INF\mvumis.PNF WerFault.exe File created C:\Windows\INF\lsi_sas2i.PNF WerFault.exe File created C:\Windows\INF\lsi_sas3i.PNF WerFault.exe File created C:\Windows\INF\megasas2i.PNF WerFault.exe File created C:\Windows\INF\sisraid4.PNF WerFault.exe File created C:\Windows\INF\netrasa.PNF WerFault.exe File created C:\Windows\INF\bthspp.PNF WerFault.exe File created C:\Windows\INF\percsas3i.PNF WerFault.exe File created C:\Windows\INF\wvmbushid.PNF WerFault.exe File created C:\Windows\INF\hpsamd.PNF WerFault.exe File created C:\Windows\INF\termkbd.PNF WerFault.exe File created C:\Windows\INF\lsi_sas.PNF WerFault.exe File created C:\Windows\INF\megasr.PNF WerFault.exe File created C:\Windows\INF\hidbthle.PNF WerFault.exe File created C:\Windows\INF\wstorvsc.PNF WerFault.exe File created C:\Windows\LiveKernelReports\NDIS\NDIS-20220224-1115.dmp WerFault.exe File created C:\Windows\INF\wdmvsc.PNF WerFault.exe File created C:\Windows\INF\vhdmp.PNF WerFault.exe File created C:\Windows\INF\vsmraid.PNF WerFault.exe File created C:\Windows\INF\whyperkbd.PNF WerFault.exe File created C:\Windows\INF\ipmidrv.PNF WerFault.exe File created C:\Windows\INF\wsynth3dvsc.PNF WerFault.exe File created C:\Windows\INF\netvwifibus.PNF WerFault.exe File created C:\Windows\INF\adp80xx.PNF WerFault.exe File created C:\Windows\INF\cht4sx64.PNF WerFault.exe File created C:\Windows\INF\amdsbs.PNF WerFault.exe File created C:\Windows\INF\percsas2i.PNF WerFault.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 18 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
WerFault.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 WerFault.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 WerFault.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 WerFault.exe -
Modifies data under HKEY_USERS 42 IoCs
Processes:
WerFault.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing WerFault.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates WerFault.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot WerFault.exe -
Modifies registry class 2 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\MACHINE\Software\CLASSES\XXXX svchost.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\XXXX\CLSID = 46003300410031003200460036003000460041003000300036003900420030000000 svchost.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
svchost.exemsiexec.exepid process 2540 svchost.exe 2540 svchost.exe 2540 svchost.exe 2540 svchost.exe 2540 svchost.exe 2540 svchost.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 2540 svchost.exe 2540 svchost.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 2540 svchost.exe 2540 svchost.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 2540 svchost.exe 2540 svchost.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 2540 svchost.exe 2540 svchost.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe 3820 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
svchost.exemsiexec.exepid process 2540 svchost.exe 3820 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
Mc.exeMc.exesvchost.exemsiexec.exedescription pid process Token: SeDebugPrivilege 3628 Mc.exe Token: SeTcbPrivilege 3628 Mc.exe Token: SeDebugPrivilege 3592 Mc.exe Token: SeTcbPrivilege 3592 Mc.exe Token: SeDebugPrivilege 2540 svchost.exe Token: SeTcbPrivilege 2540 svchost.exe Token: SeDebugPrivilege 3820 msiexec.exe Token: SeTcbPrivilege 3820 msiexec.exe -
Suspicious use of WriteProcessMemory 19 IoCs
Processes:
8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exeMc.exesvchost.exedescription pid process target process PID 1576 wrote to memory of 3628 1576 8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe Mc.exe PID 1576 wrote to memory of 3628 1576 8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe Mc.exe PID 1576 wrote to memory of 3628 1576 8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe Mc.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 3592 wrote to memory of 2540 3592 Mc.exe svchost.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe PID 2540 wrote to memory of 3820 2540 svchost.exe msiexec.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe"C:\Users\Admin\AppData\Local\Temp\8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Mc.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Mc.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3628
-
-
C:\ProgramData\MC\Mc.exeC:\ProgramData\MC\Mc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe2⤵
- Deletes itself
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\SysWOW64\msiexec.exeC:\Windows\SysWOW64\msiexec.exe3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3820
-
-
-
C:\Windows\system32\WerFault.exe"C:\Windows\system32\WerFault.exe" -k -lc NDIS NDIS-20220224-1115.dmp1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2948
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
884d46c01c762ad6ddd2759fd921bf71
SHA1d201b130232e0ea411daa23c1ba2892fe6468712
SHA2563124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe
SHA5120acb3fe1050c1c07880ed2161956c4bee7c1e813a5fb518059b9bb88ed0bff50c108ad7b3708b6568413df4bdcc6f4d26dcd8759625a5ab77c4b26c1ba4f8813
-
MD5
884d46c01c762ad6ddd2759fd921bf71
SHA1d201b130232e0ea411daa23c1ba2892fe6468712
SHA2563124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe
SHA5120acb3fe1050c1c07880ed2161956c4bee7c1e813a5fb518059b9bb88ed0bff50c108ad7b3708b6568413df4bdcc6f4d26dcd8759625a5ab77c4b26c1ba4f8813
-
MD5
ffa5f4b6b580d53bc311d6e5bace3110
SHA1d599ca575b995d8de971aed8a64762225bde386d
SHA2569857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
SHA51220ac2b2508e931d545e952d29afa5ee8ce6600934e56ff8aee169ee2e1cb7c0d7eb1396c947edb45c31a434bd17ceada0cdfd5ea0c11ce7cc7298cbac4c9ca90
-
MD5
e8f20ec41ae7091198579a1b731f6da2
SHA1ac524110bcf5148db5f0d0b7f0ff42f3470209b4
SHA25627b9495c45248c3702d355323d8e70731f87c4889abebc6967265c83527e40e7
SHA5127686e53076993926ed7f012d5cde0848d6b5119ef1a5f6760e382f72c2ff3205a5d2fc6846778ee4e560bd01c8b2eedb46ab5efed8152aa588891dfa8b761bd8
-
MD5
884d46c01c762ad6ddd2759fd921bf71
SHA1d201b130232e0ea411daa23c1ba2892fe6468712
SHA2563124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe
SHA5120acb3fe1050c1c07880ed2161956c4bee7c1e813a5fb518059b9bb88ed0bff50c108ad7b3708b6568413df4bdcc6f4d26dcd8759625a5ab77c4b26c1ba4f8813
-
MD5
884d46c01c762ad6ddd2759fd921bf71
SHA1d201b130232e0ea411daa23c1ba2892fe6468712
SHA2563124fcb79da0bdf9d0d1995e37b06f7929d83c1c4b60e38c104743be71170efe
SHA5120acb3fe1050c1c07880ed2161956c4bee7c1e813a5fb518059b9bb88ed0bff50c108ad7b3708b6568413df4bdcc6f4d26dcd8759625a5ab77c4b26c1ba4f8813
-
MD5
ffa5f4b6b580d53bc311d6e5bace3110
SHA1d599ca575b995d8de971aed8a64762225bde386d
SHA2569857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
SHA51220ac2b2508e931d545e952d29afa5ee8ce6600934e56ff8aee169ee2e1cb7c0d7eb1396c947edb45c31a434bd17ceada0cdfd5ea0c11ce7cc7298cbac4c9ca90
-
MD5
e8f20ec41ae7091198579a1b731f6da2
SHA1ac524110bcf5148db5f0d0b7f0ff42f3470209b4
SHA25627b9495c45248c3702d355323d8e70731f87c4889abebc6967265c83527e40e7
SHA5127686e53076993926ed7f012d5cde0848d6b5119ef1a5f6760e382f72c2ff3205a5d2fc6846778ee4e560bd01c8b2eedb46ab5efed8152aa588891dfa8b761bd8
-
MD5
ffa5f4b6b580d53bc311d6e5bace3110
SHA1d599ca575b995d8de971aed8a64762225bde386d
SHA2569857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
SHA51220ac2b2508e931d545e952d29afa5ee8ce6600934e56ff8aee169ee2e1cb7c0d7eb1396c947edb45c31a434bd17ceada0cdfd5ea0c11ce7cc7298cbac4c9ca90
-
MD5
ffa5f4b6b580d53bc311d6e5bace3110
SHA1d599ca575b995d8de971aed8a64762225bde386d
SHA2569857e40be1fb5b9b6db93dc03f96f6b3ff0ffab85af7944dddcac0e37775ab02
SHA51220ac2b2508e931d545e952d29afa5ee8ce6600934e56ff8aee169ee2e1cb7c0d7eb1396c947edb45c31a434bd17ceada0cdfd5ea0c11ce7cc7298cbac4c9ca90