Analysis
-
max time kernel
147s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
04-12-2023 09:00
Behavioral task
behavioral1
Sample
Roblox-UWP-Executor-main/Execution.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Roblox-UWP-Executor-main/Execution.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
Roblox-UWP-Executor-main/XYZ.dll
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
Roblox-UWP-Executor-main/XYZ.dll
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
Roblox-UWP-Executor-main/XYZ.exe
Resource
win7-20231129-en
General
-
Target
Roblox-UWP-Executor-main/XYZ.exe
-
Size
3.1MB
-
MD5
6798986718c9d923ae747ff1bed1a16f
-
SHA1
dbf6ebb0b412286ec6007409f15d20c90038528b
-
SHA256
aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
-
SHA512
07f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
SSDEEP
49152:yvdt62XlaSFNWPjljiFa2RoUYI8lCtBeiLoG/pTHHB72eh2NT:yvf62XlaSFNWPjljiFXRoUYIuCF
Malware Config
Extracted
quasar
1.4.1
Office04
smirkdns.ddns.net:4782
45259779-0dcb-4afe-a014-ae49cf73286e
-
encryption_key
38F8A837013773F52CA41CD4456A32A9B17A9557
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
AustiBlox
-
subdirectory
SubDir
Signatures
-
Quasar payload 11 IoCs
resource yara_rule behavioral5/memory/1764-0-0x0000000000130000-0x0000000000454000-memory.dmp family_quasar behavioral5/files/0x000b000000015c3d-7.dat family_quasar behavioral5/memory/1996-8-0x0000000000D00000-0x0000000001024000-memory.dmp family_quasar behavioral5/files/0x000b000000015c3d-6.dat family_quasar behavioral5/files/0x000b000000015c3d-22.dat family_quasar behavioral5/memory/1744-23-0x0000000000D40000-0x0000000001064000-memory.dmp family_quasar behavioral5/files/0x000b000000015c3d-37.dat family_quasar behavioral5/files/0x000b000000015c3d-50.dat family_quasar behavioral5/files/0x000b000000015c3d-64.dat family_quasar behavioral5/files/0x000b000000015c3d-77.dat family_quasar behavioral5/files/0x000b000000015c3d-89.dat family_quasar -
Executes dropped EXE 7 IoCs
pid Process 1996 Client.exe 1744 Client.exe 2468 Client.exe 2184 Client.exe 1768 Client.exe 2236 Client.exe 732 Client.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs ping.exe 1 TTPs 7 IoCs
pid Process 2900 PING.EXE 1724 PING.EXE 1580 PING.EXE 1616 PING.EXE 608 PING.EXE 2640 PING.EXE 2120 PING.EXE -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 1764 XYZ.exe Token: SeDebugPrivilege 1996 Client.exe Token: SeDebugPrivilege 1744 Client.exe Token: SeDebugPrivilege 2468 Client.exe Token: SeDebugPrivilege 2184 Client.exe Token: SeDebugPrivilege 1768 Client.exe Token: SeDebugPrivilege 2236 Client.exe Token: SeDebugPrivilege 732 Client.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
pid Process 1996 Client.exe 1744 Client.exe 2468 Client.exe 2184 Client.exe 1768 Client.exe 2236 Client.exe 732 Client.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 1996 Client.exe 1744 Client.exe 2468 Client.exe 2184 Client.exe 1768 Client.exe 2236 Client.exe 732 Client.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 1996 Client.exe 1744 Client.exe 2468 Client.exe 2184 Client.exe 1768 Client.exe 2236 Client.exe 732 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1764 wrote to memory of 1996 1764 XYZ.exe 28 PID 1764 wrote to memory of 1996 1764 XYZ.exe 28 PID 1764 wrote to memory of 1996 1764 XYZ.exe 28 PID 1996 wrote to memory of 2684 1996 Client.exe 29 PID 1996 wrote to memory of 2684 1996 Client.exe 29 PID 1996 wrote to memory of 2684 1996 Client.exe 29 PID 2684 wrote to memory of 2576 2684 cmd.exe 32 PID 2684 wrote to memory of 2576 2684 cmd.exe 32 PID 2684 wrote to memory of 2576 2684 cmd.exe 32 PID 2684 wrote to memory of 2640 2684 cmd.exe 31 PID 2684 wrote to memory of 2640 2684 cmd.exe 31 PID 2684 wrote to memory of 2640 2684 cmd.exe 31 PID 2684 wrote to memory of 1744 2684 cmd.exe 33 PID 2684 wrote to memory of 1744 2684 cmd.exe 33 PID 2684 wrote to memory of 1744 2684 cmd.exe 33 PID 1744 wrote to memory of 2524 1744 Client.exe 34 PID 1744 wrote to memory of 2524 1744 Client.exe 34 PID 1744 wrote to memory of 2524 1744 Client.exe 34 PID 2524 wrote to memory of 2936 2524 cmd.exe 36 PID 2524 wrote to memory of 2936 2524 cmd.exe 36 PID 2524 wrote to memory of 2936 2524 cmd.exe 36 PID 2524 wrote to memory of 2120 2524 cmd.exe 37 PID 2524 wrote to memory of 2120 2524 cmd.exe 37 PID 2524 wrote to memory of 2120 2524 cmd.exe 37 PID 2524 wrote to memory of 2468 2524 cmd.exe 38 PID 2524 wrote to memory of 2468 2524 cmd.exe 38 PID 2524 wrote to memory of 2468 2524 cmd.exe 38 PID 2468 wrote to memory of 920 2468 Client.exe 41 PID 2468 wrote to memory of 920 2468 Client.exe 41 PID 2468 wrote to memory of 920 2468 Client.exe 41 PID 920 wrote to memory of 2912 920 cmd.exe 43 PID 920 wrote to memory of 2912 920 cmd.exe 43 PID 920 wrote to memory of 2912 920 cmd.exe 43 PID 920 wrote to memory of 2900 920 cmd.exe 44 PID 920 wrote to memory of 2900 920 cmd.exe 44 PID 920 wrote to memory of 2900 920 cmd.exe 44 PID 920 wrote to memory of 2184 920 cmd.exe 45 PID 920 wrote to memory of 2184 920 cmd.exe 45 PID 920 wrote to memory of 2184 920 cmd.exe 45 PID 2184 wrote to memory of 2960 2184 Client.exe 46 PID 2184 wrote to memory of 2960 2184 Client.exe 46 PID 2184 wrote to memory of 2960 2184 Client.exe 46 PID 2960 wrote to memory of 1716 2960 cmd.exe 48 PID 2960 wrote to memory of 1716 2960 cmd.exe 48 PID 2960 wrote to memory of 1716 2960 cmd.exe 48 PID 2960 wrote to memory of 1724 2960 cmd.exe 49 PID 2960 wrote to memory of 1724 2960 cmd.exe 49 PID 2960 wrote to memory of 1724 2960 cmd.exe 49 PID 2960 wrote to memory of 1768 2960 cmd.exe 50 PID 2960 wrote to memory of 1768 2960 cmd.exe 50 PID 2960 wrote to memory of 1768 2960 cmd.exe 50 PID 1768 wrote to memory of 2436 1768 Client.exe 51 PID 1768 wrote to memory of 2436 1768 Client.exe 51 PID 1768 wrote to memory of 2436 1768 Client.exe 51 PID 2436 wrote to memory of 780 2436 cmd.exe 53 PID 2436 wrote to memory of 780 2436 cmd.exe 53 PID 2436 wrote to memory of 780 2436 cmd.exe 53 PID 2436 wrote to memory of 1580 2436 cmd.exe 54 PID 2436 wrote to memory of 1580 2436 cmd.exe 54 PID 2436 wrote to memory of 1580 2436 cmd.exe 54 PID 2436 wrote to memory of 2236 2436 cmd.exe 55 PID 2436 wrote to memory of 2236 2436 cmd.exe 55 PID 2436 wrote to memory of 2236 2436 cmd.exe 55 PID 2236 wrote to memory of 656 2236 Client.exe 56
Processes
-
C:\Users\Admin\AppData\Local\Temp\Roblox-UWP-Executor-main\XYZ.exe"C:\Users\Admin\AppData\Local\Temp\Roblox-UWP-Executor-main\XYZ.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\RSAoVxMgZLOy.bat" "3⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- Runs ping.exe
PID:2640
-
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:2576
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\3Kjaw31GnX6K.bat" "5⤵
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Windows\system32\chcp.comchcp 650016⤵PID:2936
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- Runs ping.exe
PID:2120
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\hikiA94lON3j.bat" "7⤵
- Suspicious use of WriteProcessMemory
PID:920 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:2912
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- Runs ping.exe
PID:2900
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"8⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\sngyeydey1je.bat" "9⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\system32\chcp.comchcp 6500110⤵PID:1716
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- Runs ping.exe
PID:1724
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\yK5RFjpXTs8H.bat" "11⤵
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Windows\system32\chcp.comchcp 6500112⤵PID:780
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- Runs ping.exe
PID:1580
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"12⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8vBqg7QGZtF4.bat" "13⤵PID:656
-
C:\Windows\system32\chcp.comchcp 6500114⤵PID:1820
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- Runs ping.exe
PID:1616
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:732 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\ezULDGz348vO.bat" "15⤵PID:2188
-
C:\Windows\system32\chcp.comchcp 6500116⤵PID:3068
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- Runs ping.exe
PID:608
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
207B
MD51871a8320768851e9186fc98004489dd
SHA13a6ca8603755cab4fb589ae0609c835be19b31b1
SHA25661d7d79eebdae12beb3b7c5be2eec1502ba30bfcab8b44a4bc6a570959bade1f
SHA5127c8844ca47f20c66f9fdfd12fe1a58ded3e939d07d43dd896e9235a1f247acd312d35709a6bc3eef4c46b39b3910100aaa700a0694ebd7d36e5911e6fa84f0bc
-
Filesize
207B
MD51871a8320768851e9186fc98004489dd
SHA13a6ca8603755cab4fb589ae0609c835be19b31b1
SHA25661d7d79eebdae12beb3b7c5be2eec1502ba30bfcab8b44a4bc6a570959bade1f
SHA5127c8844ca47f20c66f9fdfd12fe1a58ded3e939d07d43dd896e9235a1f247acd312d35709a6bc3eef4c46b39b3910100aaa700a0694ebd7d36e5911e6fa84f0bc
-
Filesize
207B
MD58434437cc32b1f56d394b60aa0c47cce
SHA197232301991b661bd04fa038e95e2395e69cc4de
SHA2563f0b53016128e1d9562b16e68d13785898cace386fdbee5252b8543f22683fd1
SHA512b0c864d02149f84329bafeb58780fc0d39e434e8baec93fc60148c6b8bb70994749988d6721b37e58c804d25a2707bd64a6eb91a3e0a4ebfaadf64c23c0a6127
-
Filesize
207B
MD58434437cc32b1f56d394b60aa0c47cce
SHA197232301991b661bd04fa038e95e2395e69cc4de
SHA2563f0b53016128e1d9562b16e68d13785898cace386fdbee5252b8543f22683fd1
SHA512b0c864d02149f84329bafeb58780fc0d39e434e8baec93fc60148c6b8bb70994749988d6721b37e58c804d25a2707bd64a6eb91a3e0a4ebfaadf64c23c0a6127
-
Filesize
207B
MD5f052318f3a6401964a784adb20b07d4c
SHA14e539e06c17aeac580b98555640bf103227f3d69
SHA256b081af4b84a5bb6960bcd75d6e89ba58f3325a7d8b4cd907f31cd5148efb4cd6
SHA5121782175c7bb217e1e9d7fc19bac803286e557f68e61e02eeee77f7b83c3497470d94b99c4bcd464c1c7d521a5bdc2fabd3a7d573b7311f0625909469ac0e9cc5
-
Filesize
207B
MD5f052318f3a6401964a784adb20b07d4c
SHA14e539e06c17aeac580b98555640bf103227f3d69
SHA256b081af4b84a5bb6960bcd75d6e89ba58f3325a7d8b4cd907f31cd5148efb4cd6
SHA5121782175c7bb217e1e9d7fc19bac803286e557f68e61e02eeee77f7b83c3497470d94b99c4bcd464c1c7d521a5bdc2fabd3a7d573b7311f0625909469ac0e9cc5
-
Filesize
207B
MD5ab4a5d4514ee91bc77f4a4f4da01c75a
SHA1622e8dcaddf7aafee6e27283301d706625004f36
SHA25624afe8e97776feee77d8e99cdd17e526cb85a6bac2cdb1d982897d8b8804f8e9
SHA51203921ece9d6bc7614e62b10d1567b67fd272c4cfb707aa1467df918b59db366e11c4112b85ec4ad04c98aa09e9f5eab01d4d1521c9c0904d64eb599d071f5a7c
-
Filesize
207B
MD5ab4a5d4514ee91bc77f4a4f4da01c75a
SHA1622e8dcaddf7aafee6e27283301d706625004f36
SHA25624afe8e97776feee77d8e99cdd17e526cb85a6bac2cdb1d982897d8b8804f8e9
SHA51203921ece9d6bc7614e62b10d1567b67fd272c4cfb707aa1467df918b59db366e11c4112b85ec4ad04c98aa09e9f5eab01d4d1521c9c0904d64eb599d071f5a7c
-
Filesize
207B
MD5f2ffde0bf1b48118b2359bcc6ae06d57
SHA17798bbdc58b2442680ca35189d621d7e3acd7e68
SHA2567c587adb90c9aea10cbfeb14093054439fe2f4515416f3e60266c78d717c2cf8
SHA5122f8550adf712faf0ff126d6acd51f7f1f6c9a10f3f405f8139af5270bc4a26fb86ffa7056db033ba05493b82e7ce1e405ad18e2c40bf69063464c99eb6c9a501
-
Filesize
207B
MD5f2ffde0bf1b48118b2359bcc6ae06d57
SHA17798bbdc58b2442680ca35189d621d7e3acd7e68
SHA2567c587adb90c9aea10cbfeb14093054439fe2f4515416f3e60266c78d717c2cf8
SHA5122f8550adf712faf0ff126d6acd51f7f1f6c9a10f3f405f8139af5270bc4a26fb86ffa7056db033ba05493b82e7ce1e405ad18e2c40bf69063464c99eb6c9a501
-
Filesize
207B
MD5f9ef5154c5a662fef5e198e8e6e67fc4
SHA15c46023401b067dc222212feb5403d4d11e0d77b
SHA256162be2717b979ffd02a590156b5118697b69fd0b703c6148f596f5c39b189869
SHA5120f7c82b3dc6eb8070fa21a41eca3f647103237385a75757432107ed8cff828985cf48671eb85233d39f71ae8b8d729016ad5e1c483f0e972cc18d87e0f7e1f3f
-
Filesize
207B
MD5f9ef5154c5a662fef5e198e8e6e67fc4
SHA15c46023401b067dc222212feb5403d4d11e0d77b
SHA256162be2717b979ffd02a590156b5118697b69fd0b703c6148f596f5c39b189869
SHA5120f7c82b3dc6eb8070fa21a41eca3f647103237385a75757432107ed8cff828985cf48671eb85233d39f71ae8b8d729016ad5e1c483f0e972cc18d87e0f7e1f3f
-
Filesize
207B
MD521fd7ddf5c05234a989191434e7abef9
SHA1d9b7afdf6ed18e9619c1f19e2e6ff522354866dd
SHA25633901698c1fc9e7447dfbe279b4829f761699ee8de301ebd705506bfe5747454
SHA512576f3495e2e77461ea1838937f9996dba0f8ec50eb9f5cd1420f2d67864771788ac1a3b9855c7a8ca476842f2473550db95b2d9e6102eee1c504c000aa34a30f
-
Filesize
207B
MD521fd7ddf5c05234a989191434e7abef9
SHA1d9b7afdf6ed18e9619c1f19e2e6ff522354866dd
SHA25633901698c1fc9e7447dfbe279b4829f761699ee8de301ebd705506bfe5747454
SHA512576f3495e2e77461ea1838937f9996dba0f8ec50eb9f5cd1420f2d67864771788ac1a3b9855c7a8ca476842f2473550db95b2d9e6102eee1c504c000aa34a30f
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7
-
Filesize
3.1MB
MD56798986718c9d923ae747ff1bed1a16f
SHA1dbf6ebb0b412286ec6007409f15d20c90038528b
SHA256aa820cb29814aa7a79e6016c8d5a3b1a0bcf13fdea5b9625c7939095f37848d9
SHA51207f0b0de77bc63492033e7fa5891286fe52597913d353b48fc97d6ed99116a729a2154ce0e32a11679c212b058daa0c8b299cff9a7c7506ee9d47fbf4eabedf7