Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2024 01:43
Static task
static1
Behavioral task
behavioral1
Sample
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe
Resource
win10v2004-20240709-en
General
-
Target
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe
-
Size
348KB
-
MD5
bea49eab907af8ad2cbea9bfb807aae2
-
SHA1
8efec66e57e052d6392c5cbb7667d1b49e88116e
-
SHA256
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707
-
SHA512
59486e18be6b85f5275c19f963d124f4f74c265b5b6dfa78c52f9243e444f40a7747a741ccb59bf1863ffb497321324c803fc967380900a6a2e0219eb99f387c
-
SSDEEP
3072:oh2eRgJtqxVRGKf8OGiLOnXChCrmqSOLMKTJGlRayuEpZTPckmRmVfL:URRgJtqpGO8OUnrpbMKT0lXZT3p
Malware Config
Extracted
vidar
https://steamcommunity.com/profiles/76561199747278259
https://t.me/armad2a
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36
Signatures
-
Detect Vidar Stealer 9 IoCs
Processes:
resource yara_rule behavioral2/memory/3932-2-0x0000000002640000-0x000000000266F000-memory.dmp family_vidar_v7 behavioral2/memory/3932-3-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/3932-5-0x0000000000400000-0x0000000002470000-memory.dmp family_vidar_v7 behavioral2/memory/3932-40-0x0000000000400000-0x0000000002470000-memory.dmp family_vidar_v7 behavioral2/memory/3932-61-0x0000000000400000-0x0000000002470000-memory.dmp family_vidar_v7 behavioral2/memory/3932-63-0x0000000002640000-0x000000000266F000-memory.dmp family_vidar_v7 behavioral2/memory/3932-71-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/3932-75-0x0000000000400000-0x0000000002470000-memory.dmp family_vidar_v7 behavioral2/memory/3932-84-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
BGHJJDGHCB.exedescription pid process target process PID 620 created 612 620 BGHJJDGHCB.exe winlogon.exe -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe -
Executes dropped EXE 4 IoCs
Processes:
BGHJJDGHCB.exeBGHJJDGHCB.exes36kioozlxqo6krv99rmb4x.exemain.exepid process 620 BGHJJDGHCB.exe 1716 BGHJJDGHCB.exe 2136 s36kioozlxqo6krv99rmb4x.exe 2408 main.exe -
Loads dropped DLL 12 IoCs
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exemain.exepid process 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe 2408 main.exe -
Modifies file permissions 1 TTPs 2 IoCs
Processes:
icacls.exeicacls.exepid process 3976 icacls.exe 4132 icacls.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 209 ip-api.com -
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
Processes:
sc.exesc.exesc.exesc.exepid process 948 sc.exe 2844 sc.exe 2028 sc.exe 3924 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3888 3932 WerFault.exe 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.execmd.exetimeout.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe -
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 4220 timeout.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exeBGHJJDGHCB.exepid process 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe 620 BGHJJDGHCB.exe 620 BGHJJDGHCB.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
BGHJJDGHCB.exeicacls.exeicacls.exedescription pid process Token: SeDebugPrivilege 620 BGHJJDGHCB.exe Token: SeRestorePrivilege 3976 icacls.exe Token: SeSecurityPrivilege 4132 icacls.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.execmd.exes36kioozlxqo6krv99rmb4x.exedescription pid process target process PID 3932 wrote to memory of 620 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe BGHJJDGHCB.exe PID 3932 wrote to memory of 620 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe BGHJJDGHCB.exe PID 3932 wrote to memory of 412 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe cmd.exe PID 3932 wrote to memory of 412 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe cmd.exe PID 3932 wrote to memory of 412 3932 9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe cmd.exe PID 412 wrote to memory of 4220 412 cmd.exe timeout.exe PID 412 wrote to memory of 4220 412 cmd.exe timeout.exe PID 412 wrote to memory of 4220 412 cmd.exe timeout.exe PID 2136 wrote to memory of 948 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 948 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 2844 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 2844 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 2028 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 2028 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 3924 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 3924 2136 s36kioozlxqo6krv99rmb4x.exe sc.exe PID 2136 wrote to memory of 3976 2136 s36kioozlxqo6krv99rmb4x.exe icacls.exe PID 2136 wrote to memory of 3976 2136 s36kioozlxqo6krv99rmb4x.exe icacls.exe PID 2136 wrote to memory of 4132 2136 s36kioozlxqo6krv99rmb4x.exe icacls.exe PID 2136 wrote to memory of 4132 2136 s36kioozlxqo6krv99rmb4x.exe icacls.exe -
cURL User-Agent 1 IoCs
Uses User-Agent string associated with cURL utility.
Processes:
description flow ioc HTTP User-Agent header 210 curl/8.4.0
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:612
-
C:\ProgramData\BGHJJDGHCB.exeC:\ProgramData\BGHJJDGHCB.exe2⤵
- Executes dropped EXE
PID:1716 -
C:\Users\Admin\AppData\Local\Temp\s36kioozlxqo6krv99rmb4x.exeC:\Users\Admin\AppData\Local\Temp\s36kioozlxqo6krv99rmb4x.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\SYSTEM32\sc.exesc.exe stop RDP-Controller4⤵
- Launches sc.exe
PID:948 -
C:\Windows\SYSTEM32\sc.exesc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore4⤵
- Launches sc.exe
PID:2844 -
C:\Windows\SYSTEM32\sc.exesc.exe failure RDP-Controller reset= 1 actions= restart/100004⤵
- Launches sc.exe
PID:2028 -
C:\Windows\SYSTEM32\sc.exesc.exe start RDP-Controller4⤵
- Launches sc.exe
PID:3924 -
C:\Windows\SYSTEM32\icacls.exeicacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-184⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:3976 -
C:\Windows\SYSTEM32\icacls.exeicacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl4⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:4132
-
C:\Users\Admin\AppData\Local\Temp\9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe"C:\Users\Admin\AppData\Local\Temp\9b645f570116d3e10faa316981e4fcde6fe55417feced3385cfbb815c7df8707.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3932 -
C:\ProgramData\BGHJJDGHCB.exe"C:\ProgramData\BGHJJDGHCB.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:620 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBKECFCFBGC" & exit2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:412 -
C:\Windows\SysWOW64\timeout.exetimeout /t 103⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:4220 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 33602⤵
- Program crash
PID:3888
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3932 -ip 39321⤵PID:4036
-
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeC:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2408
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11.5MB
MD5190e4ed7759276e78d16398673996b2b
SHA1ce5bb936ab809356d5b0bc29b6be2e0d07d3dc0a
SHA256d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad
SHA51299cf79aba0afc528341c3ef474ba4ab71e50faf497536e74f8d985c39e85d5e145fb86262bac3e95e4c7752c3c0294751d4a988c2f4fbe5bcfcd3c6d19ef9c70
-
Filesize
593KB
MD5c8fd9be83bc728cc04beffafc2907fe9
SHA195ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040
-
Filesize
2.0MB
MD51cc453cdf74f31e4d913ff9c10acdde2
SHA16e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571
-
Filesize
10.1MB
MD51455f96a3552bffcbd01fb90a2a4447b
SHA1a0beb097fb0f3fd1a83ef3d01bff8706a40b32c1
SHA256ce82112e8b4476b65b09fccd1cff9f2f088fe4837c9129de3d82caee138e6d7c
SHA512d2d8f7667cc44f136f34c30a8759c38aee3ffbbdafd1eb6329bf725f3c5cfcd1a0b2f64f9c12feee88680719cb4e3498bfc3d96927ef1f14ca6b4f1c79b52290
-
Filesize
456B
MD540ab00517f4227f2c3c334f1d16b65b4
SHA1f8d57af017e2209b4fb24122647fd7f71b67c87c
SHA2564baf4b78d05a28af7dee7dbbce2b4edf6053d9239c1756c932be9f2feee4ef85
SHA51275d74306f043b864295f09a60c19a43494c226664733c99318989ce5c22cb9395bb407fb5c8c0268ad9184a79813304ed5fc943a6b53db54f5f225cda31650e3
-
Filesize
214B
MD591d86e531fece0d34ad78d947fc7331c
SHA152c9a7c16634637e9db31a6ce63850dfb170b44d
SHA256a885c71096995389df3015b194b9ad10ae24c4328f4322932d6455398b2fc653
SHA5121ee4ed0f8045670dbee2c5c4f8100c362b84c1ccc1a2e7f4fd1e97ec057055f1a8dc75a0ce349cc01dbffa2b18e7c7c2288845641358ca3a609b0e6fbd9f49b5
-
Filesize
102KB
MD57d37ab1e97bbc8593665ff365d8c96b7
SHA1b42a6717f91a4c538a4979ab1f0a9cc58485061d
SHA2561da31243257b0ebc79ba57ca98e6a3a1996cc4e2641e96098561cdcb1fa3ee46
SHA51260b3683fa7bca42932e02aed4615e67264f31d6f85bebcd3ea7187b9f7a9f79270341496432c07f7e9b10a3172af22d636206fa5b89514a693405ec9d61f678d
-
Filesize
90KB
MD5fb3bdb27d9c479148f3545ed99e65980
SHA1a5860563de81d8b74a1c842647e8f4ac7655842a
SHA2562b5dc45e89700d4b991added1aa097641d60932b7bbe2c12fc8536b9d46f15a6
SHA512a26d4b169c4061fc7a2a5fefaeb4aae0e9a28211fa28f42b929eaac3721dcbdd17a17ed6e77a79c17d93355cf85e4c46118e42d4f527adf054ab1cc79c8b4d74
-
Filesize
8KB
MD51256da672b8f39a275fe17e6c716f822
SHA1b156c2186056cc5bfca84549dd53f796936b2f6d
SHA25644dc1f938213e09a6ef6a64a9f14804530ae53f41e71813efaf651d9516e246e
SHA512956d431c83ed0dd59d6f1f3101dcbcad0c6bc1e06031141aaa236f7115a6cdaf95ccea09e42cf1047d2205e8b37f87ea17bebaabfb9c85b96d6fa12de1c7f403
-
Filesize
64KB
MD5166c6727028bd4f428e411ed225117c6
SHA1d08cb3e69ea6cf633349f990229e87cba4bcd72a
SHA25663a0993b931dad9dccf08ea48a0d8e8ba94652eda5bc84f787e640cdd0fc800a
SHA51290edf532080c61e9fee3b8c884e8894b8a52955410489bbcba3a53ab7a2e291ec2d382a2cb1f5b304762207cbc1971f4a440281a5653257e7223ce171b3646a0
-
Filesize
720B
MD5996cbecf2d2fbb3fb7b91c899722aa53
SHA116a5d1b5b2895c25f559a7a3ddce9939938fe774
SHA256a3b31d62f385d5824d4445d3a2e37629b2367234d13635ea2760ff9a3ade4242
SHA51296338277aab6c1b0009e3e48b8692c7583b8c75fa1aafd99c2ee73f878c6b7938f0abe568a06c852f3199c3e8baf64d4182bd8227516cc14cb32c86b1f216e99
-
Filesize
8.7MB
MD5fe7ed803a7f672faee4587732b2c6e0f
SHA1df209d1b055044abf4c0a6d4de3ebfcd8d7784e1
SHA256154c3dca584bb1f78c7ae7688d70998f2b62bed8884267e3fcf150bfefe2c9d8
SHA51206e185f1689e7b5dfef6625d99ff14dfcff6c2203e9be323fed3b6a9684c5179964969546d42f4639db878903981bb15e0a8f62a1c5b2b0a47fa3496e05fdd3f
-
Filesize
87KB
MD5cfcbc15615ffc698507d32c0a7d21134
SHA1f6dacce59f78ca4ee6622c4a340923282ec3adde
SHA256a653f5dbeb0ddecbc16c70b0b8c9471abb30c66032c2ee951dc36265f899d7d8
SHA5120ae08c2a2d56b976cbd748273a7ab8011f3eb82a22d58ebf44b73602ffa808e9a111a60ae250d441d11196522fd4c1aa6ec79193375effdc0207ffe7bbab61db
-
Filesize
9KB
MD555256f7fddef8d71d83e74074281f863
SHA1ea58a2dc071f5b175714ec109285a3b9a842a2c4
SHA256f7a7068b159db196762f723de936ba1a30b673ea82412af97a835a2882be0a02
SHA5121b36663a8aa80a611e63af539fb0652dfa861d3ba19f5a5c95c21eeec51b2c617edfd62729e9ebd12aecfff9a3934248bf3be75ae83f394a038b9f9311d0c2d9
-
Filesize
103KB
MD5b85fecc5e81d0cfbc3750c06e4a11412
SHA10f57603db18bfe0a5ee50d618184e9ed4fcafd7f
SHA2569fd76374c6e19923f99411d6f9bbf6614c94d81cd47630314c2ae21a94df40a8
SHA51297d553317bb4d276e7f5f3c5808dcb8717319047512def6b96da17d57248ffd5e374833a98f767f14bd8f3059de464f7829d47c65d969be868431faaf6a61c1d
-
Filesize
126KB
MD5fef8651f5f797f30a37d7cd36bea31ac
SHA18e85d22fb5247a69c1298d703d629dd46bc44c74
SHA2564083f67d11e7df827bff6c665b29f39fb197b4ba608d5c39ecff46ea9a0b61f0
SHA5129c69d66690080a341c25eeb9e258fde4dd4e94b80af0085753e758378c1e1790faef48c7384ad5171c63be156c68d0f207ecabf78d8ab5f367e04d5a34828851
-
Filesize
36KB
MD5e3e4492e2c871f65b5cea8f1a14164e2
SHA181d4ad81a92177c2116c5589609a9a08a5ccd0f2
SHA25632ff81be7818fa7140817fa0bc856975ae9fcb324a081d0e0560d7b5b87efb30
SHA51259de035b230c9a4ad6a4ebf4befcd7798ccb38c7eda9863bc651232db22c7a4c2d5358d4d35551c2dd52f974a22eb160baee11f4751b9ca5bf4fb6334ec926c6
-
Filesize
113KB
MD5d44fbd8760e79f5d950db5bc6e86a398
SHA12175264673a9a5b7af024d8e8f28879b1758abc8
SHA256ad38977d88e19c24793c6aee42b6389536b6879faa50e2438350f140247a9df2
SHA5129fd106939bf686d53676669755272cb59b2ccb7909be27b40c7261988264e801cdc94503f3ed70b95cb0980c65153aa0cc66ca764c053846c4626fde86e122e0
-
Filesize
89KB
MD5bf5d5ba471ab0266f991095fdcf74140
SHA142e890322966b7f2f9802c9e22269ed339c2969b
SHA25691db57a2b77ac18b9605b08d7b926f9dc32c7e7d6f4047fba0270a4403c288bb
SHA512b9f0113802c113f9ff5975989cc6cb9735cbe62d881e009fe853938604837996412332679c7eb7022b734401b2580d116566f7ba51ca62f787cf1d617b9ebc96
-
Filesize
10.0MB
MD5b19dd73939f4d3249e87008653bfe5f5
SHA1936a1de5275e0ea2e4bc9be7b724736b135b5be4
SHA2567403bf80da0910e3279fa603ae2d573b06f11d3d72585664965e593dac92a0b6
SHA512103918920927c6e8bac17293ab24e2e543b69fe3455e345faa8a43c0b10f00827f4310552611ec349a1e3b6b02bea8416a5db52fb7a86a55d9e3d4dcf5fbf7f3
-
Filesize
112KB
MD5e6cac6acd18d0bbad9c2384b1dbede84
SHA163004a83ff18cce911bc74d27c1a2b7bea9cf4c3
SHA2569bc6edd286f4dcd83e57b541bc99038f7e902de943a6fd528ba485df1187ffa8
SHA51243c745d49ab82809c24e5ee62e11406b12b695140117eb1012111eea3b73f9b34b5ade21a1db3aa1fead982f266b05646a08a4813cba2ea950c59a73ab069fb3