Analysis
-
max time kernel
142s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16-12-2024 06:40
Behavioral task
behavioral1
Sample
example_win32_dx11.exe
Resource
win7-20240903-en
General
-
Target
example_win32_dx11.exe
-
Size
3.1MB
-
MD5
a7d75b048989da5d22a1f7cca58edb51
-
SHA1
413d22b60ae540b3b11863e2107980b0403faf50
-
SHA256
884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
-
SHA512
4a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351
-
SSDEEP
49152:TvCI22SsaNYfdPBldt698dBcjHe0RJ6qbR3LoGdHTHHB72eh2NT:TvP22SsaNYfdPBldt6+dBcjHe0RJ6E
Malware Config
Extracted
quasar
1.4.1
Nigga
yzs-42879.portmap.host:42879
57d72303-b5e9-46aa-8cc4-9690809c1a9e
-
encryption_key
F1EBDB1862062F9265C0B5AC4D02C76D026534D0
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
Steam
Signatures
-
Quasar family
-
Quasar payload 10 IoCs
resource yara_rule behavioral1/memory/2688-1-0x0000000000A90000-0x0000000000DB4000-memory.dmp family_quasar behavioral1/files/0x000800000001937b-5.dat family_quasar behavioral1/memory/2948-7-0x0000000001330000-0x0000000001654000-memory.dmp family_quasar behavioral1/memory/2896-33-0x0000000001340000-0x0000000001664000-memory.dmp family_quasar behavioral1/memory/2020-44-0x0000000000160000-0x0000000000484000-memory.dmp family_quasar behavioral1/memory/2168-56-0x00000000011F0000-0x0000000001514000-memory.dmp family_quasar behavioral1/memory/268-78-0x00000000012E0000-0x0000000001604000-memory.dmp family_quasar behavioral1/memory/680-108-0x00000000000E0000-0x0000000000404000-memory.dmp family_quasar behavioral1/memory/1392-119-0x0000000001030000-0x0000000001354000-memory.dmp family_quasar behavioral1/memory/2004-130-0x0000000000150000-0x0000000000474000-memory.dmp family_quasar -
Executes dropped EXE 15 IoCs
pid Process 2948 svchost.exe 2348 svchost.exe 2896 svchost.exe 2020 svchost.exe 2168 svchost.exe 2064 svchost.exe 268 svchost.exe 1736 svchost.exe 2680 svchost.exe 680 svchost.exe 1392 svchost.exe 2004 svchost.exe 2204 svchost.exe 1732 svchost.exe 1668 svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 3000 PING.EXE 1944 PING.EXE 316 PING.EXE 2060 PING.EXE 2256 PING.EXE 2332 PING.EXE 2804 PING.EXE 3032 PING.EXE 1696 PING.EXE 1660 PING.EXE 2728 PING.EXE 1348 PING.EXE 2536 PING.EXE 2096 PING.EXE 2552 PING.EXE -
Runs ping.exe 1 TTPs 15 IoCs
pid Process 316 PING.EXE 2804 PING.EXE 1944 PING.EXE 2256 PING.EXE 1660 PING.EXE 2552 PING.EXE 2060 PING.EXE 3032 PING.EXE 2728 PING.EXE 1348 PING.EXE 2332 PING.EXE 3000 PING.EXE 2536 PING.EXE 1696 PING.EXE 2096 PING.EXE -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 2688 example_win32_dx11.exe Token: SeDebugPrivilege 2948 svchost.exe Token: SeDebugPrivilege 2348 svchost.exe Token: SeDebugPrivilege 2896 svchost.exe Token: SeDebugPrivilege 2020 svchost.exe Token: SeDebugPrivilege 2168 svchost.exe Token: SeDebugPrivilege 2064 svchost.exe Token: SeDebugPrivilege 268 svchost.exe Token: SeDebugPrivilege 1736 svchost.exe Token: SeDebugPrivilege 2680 svchost.exe Token: SeDebugPrivilege 680 svchost.exe Token: SeDebugPrivilege 1392 svchost.exe Token: SeDebugPrivilege 2004 svchost.exe Token: SeDebugPrivilege 2204 svchost.exe Token: SeDebugPrivilege 1732 svchost.exe Token: SeDebugPrivilege 1668 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2948 2688 example_win32_dx11.exe 30 PID 2688 wrote to memory of 2948 2688 example_win32_dx11.exe 30 PID 2688 wrote to memory of 2948 2688 example_win32_dx11.exe 30 PID 2948 wrote to memory of 2824 2948 svchost.exe 31 PID 2948 wrote to memory of 2824 2948 svchost.exe 31 PID 2948 wrote to memory of 2824 2948 svchost.exe 31 PID 2824 wrote to memory of 2740 2824 cmd.exe 33 PID 2824 wrote to memory of 2740 2824 cmd.exe 33 PID 2824 wrote to memory of 2740 2824 cmd.exe 33 PID 2824 wrote to memory of 2552 2824 cmd.exe 34 PID 2824 wrote to memory of 2552 2824 cmd.exe 34 PID 2824 wrote to memory of 2552 2824 cmd.exe 34 PID 2824 wrote to memory of 2348 2824 cmd.exe 35 PID 2824 wrote to memory of 2348 2824 cmd.exe 35 PID 2824 wrote to memory of 2348 2824 cmd.exe 35 PID 2348 wrote to memory of 2336 2348 svchost.exe 36 PID 2348 wrote to memory of 2336 2348 svchost.exe 36 PID 2348 wrote to memory of 2336 2348 svchost.exe 36 PID 2336 wrote to memory of 2944 2336 cmd.exe 38 PID 2336 wrote to memory of 2944 2336 cmd.exe 38 PID 2336 wrote to memory of 2944 2336 cmd.exe 38 PID 2336 wrote to memory of 2728 2336 cmd.exe 39 PID 2336 wrote to memory of 2728 2336 cmd.exe 39 PID 2336 wrote to memory of 2728 2336 cmd.exe 39 PID 2336 wrote to memory of 2896 2336 cmd.exe 40 PID 2336 wrote to memory of 2896 2336 cmd.exe 40 PID 2336 wrote to memory of 2896 2336 cmd.exe 40 PID 2896 wrote to memory of 484 2896 svchost.exe 41 PID 2896 wrote to memory of 484 2896 svchost.exe 41 PID 2896 wrote to memory of 484 2896 svchost.exe 41 PID 484 wrote to memory of 1860 484 cmd.exe 43 PID 484 wrote to memory of 1860 484 cmd.exe 43 PID 484 wrote to memory of 1860 484 cmd.exe 43 PID 484 wrote to memory of 2332 484 cmd.exe 44 PID 484 wrote to memory of 2332 484 cmd.exe 44 PID 484 wrote to memory of 2332 484 cmd.exe 44 PID 484 wrote to memory of 2020 484 cmd.exe 45 PID 484 wrote to memory of 2020 484 cmd.exe 45 PID 484 wrote to memory of 2020 484 cmd.exe 45 PID 2020 wrote to memory of 1712 2020 svchost.exe 46 PID 2020 wrote to memory of 1712 2020 svchost.exe 46 PID 2020 wrote to memory of 1712 2020 svchost.exe 46 PID 1712 wrote to memory of 2360 1712 cmd.exe 48 PID 1712 wrote to memory of 2360 1712 cmd.exe 48 PID 1712 wrote to memory of 2360 1712 cmd.exe 48 PID 1712 wrote to memory of 316 1712 cmd.exe 49 PID 1712 wrote to memory of 316 1712 cmd.exe 49 PID 1712 wrote to memory of 316 1712 cmd.exe 49 PID 1712 wrote to memory of 2168 1712 cmd.exe 50 PID 1712 wrote to memory of 2168 1712 cmd.exe 50 PID 1712 wrote to memory of 2168 1712 cmd.exe 50 PID 2168 wrote to memory of 2928 2168 svchost.exe 51 PID 2168 wrote to memory of 2928 2168 svchost.exe 51 PID 2168 wrote to memory of 2928 2168 svchost.exe 51 PID 2928 wrote to memory of 2436 2928 cmd.exe 53 PID 2928 wrote to memory of 2436 2928 cmd.exe 53 PID 2928 wrote to memory of 2436 2928 cmd.exe 53 PID 2928 wrote to memory of 3000 2928 cmd.exe 54 PID 2928 wrote to memory of 3000 2928 cmd.exe 54 PID 2928 wrote to memory of 3000 2928 cmd.exe 54 PID 2928 wrote to memory of 2064 2928 cmd.exe 55 PID 2928 wrote to memory of 2064 2928 cmd.exe 55 PID 2928 wrote to memory of 2064 2928 cmd.exe 55 PID 2064 wrote to memory of 824 2064 svchost.exe 56
Processes
-
C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\K4fSYrAGz6ra.bat" "3⤵
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:2740
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2552
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\2RniUcBNln9A.bat" "5⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Windows\system32\chcp.comchcp 650016⤵PID:2944
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2728
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\2khyROTYqhmm.bat" "7⤵
- Suspicious use of WriteProcessMemory
PID:484 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:1860
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2332
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"8⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\23ti9bfM5Q48.bat" "9⤵
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Windows\system32\chcp.comchcp 6500110⤵PID:2360
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:316
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\p1CTHMfmKsqV.bat" "11⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\system32\chcp.comchcp 6500112⤵PID:2436
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3000
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"12⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\CCpmiygADAMh.bat" "13⤵PID:824
-
C:\Windows\system32\chcp.comchcp 6500114⤵PID:2864
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1348
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:268 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\EJWGHSYoouTV.bat" "15⤵PID:2488
-
C:\Windows\system32\chcp.comchcp 6500116⤵PID:1728
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2060
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"16⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1736 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\kp23UYHshyfm.bat" "17⤵PID:1724
-
C:\Windows\system32\chcp.comchcp 6500118⤵PID:2780
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2804
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"18⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2680 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\etWUpCgKTQv6.bat" "19⤵PID:2932
-
C:\Windows\system32\chcp.comchcp 6500120⤵PID:2612
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3032
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"20⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:680 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\lbBcitdkF4wQ.bat" "21⤵PID:2148
-
C:\Windows\system32\chcp.comchcp 6500122⤵PID:2960
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1944
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"22⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1392 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\28RGT7yyZRYH.bat" "23⤵PID:1072
-
C:\Windows\system32\chcp.comchcp 6500124⤵PID:2352
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2536
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2004 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\x5uqtssML5cI.bat" "25⤵PID:1856
-
C:\Windows\system32\chcp.comchcp 6500126⤵PID:2364
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1696
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"26⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2204 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\E7b6al2sbSHh.bat" "27⤵PID:280
-
C:\Windows\system32\chcp.comchcp 6500128⤵PID:3000
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost28⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2096
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"28⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1732 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\kv9ADGFoqENC.bat" "29⤵PID:1956
-
C:\Windows\system32\chcp.comchcp 6500130⤵PID:1516
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost30⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2256
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"30⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1668 -
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\tQQZMcbAkqZG.bat" "31⤵PID:1684
-
C:\Windows\system32\chcp.comchcp 6500132⤵PID:1636
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost32⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1660
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
207B
MD595707f70a066dfd3e3453766b58b6a9d
SHA1e4ea55662d2d430bd0f44e2eb1d2e3e694ed8d69
SHA256fcbcfaeeb99a4dd0d6746ffd0c5bb534d9df1b3a7abf860f38b55a34bd0d5a5a
SHA5126ff60f506e515c69f0ec4792a194eaeb677642965090d5ccb2fe8f0b17ca2ef658d9b68407507895cfd14c586bb9f2b15bba7076fd164e0306f5797dfc1e2e53
-
Filesize
207B
MD5e643108c64652fb2c1633f09ac1e753f
SHA185e6f06a10ff7d3d0d2136833f93db119ef00e61
SHA256d8b26fe5b62e698ea255bc9f3b969dfc225fe5bbfeffc67179ed82975872bf5c
SHA5122a18ba6bd6f0f701cf4436d558c7d14d889db08580b459cf787c1ade11b048d2161150e61cb633adca47851539a228bee1c64a817edd41c4b41f2b137d2b2a8a
-
Filesize
207B
MD516fa5d36f39869b3a2a102eb90be1a4b
SHA1df05121e0a0d89eb35ad8956d4252b99584ed469
SHA256dd326418f9e77e73ef3c0c2020bdb5f0def636601953cff6a826f43afe892cb2
SHA5126874ee1de3ab64274a1ff342e4b689cd12285eabd1e5c7345be6c785a2a19aef6d06fb6bc93c365fbec9b2626a98573b4b5adb440d878bf2dde8d7ec1903bfea
-
Filesize
207B
MD5fe760f7111b57ea011d41249f02f9745
SHA1008808d5a22f2e680e18c04b95d2ad68650b8f1d
SHA256dff810dd6d38460a48ae092905bbe26767786a7c1b4d77a28bbc93cd58f3c61c
SHA51233e7a3a872589b62cd5381b071262a00e9330bb69b1bcb6a6d3e05377aec89b262e0eab82234dc735fbbb3d7b9e55a28e09f1708d1997acf0b759283e1df1ebd
-
Filesize
207B
MD563510735ca8c1f9ff36c8b758e0f6ed4
SHA1dc3b3f3520f6e24cc5bd14d523ba619d150aa71c
SHA2569addb8a95ec6d704c91c3dff373715ee27f8fc607a13565275ec4842fcc0f91b
SHA5120fa3a1518101a979d2d7ce881f43b2653064db15f8bc34b0300dd4b67d7265ae30ae575e8020205c3196f8af58686b5fcfe23e5fe94156a9df4f21fdbd291d13
-
Filesize
207B
MD5dc02ac617a8a42105c09a3e08ef73e41
SHA1795fdbaabcbac905ed4d1013d8f8c5806be6ee69
SHA2562cca7ef9336ea905ece1c0e8e27b95d5afc864c954e0b7b42b22072c8fada157
SHA5122968999f6cd7907670948e90c0fa702551a6dce69e1b58028259db5531e06fa920f192e0fd63b2363bb2ddd3472b353eb41c75eee3ab05836d977c8fb4aa56df
-
Filesize
207B
MD54fac96099e94a441880a6accc05e35cb
SHA16fd3334dc949862570951900348f3afafde69fda
SHA2564d135189a6d7ce3b372cc1b2c36f697349fcf0f4805606dad7c8236ae4bc67dc
SHA51288de02c84da630aca63976236d15730f709d125e94e55dff978d370109c170c69aa0b15f27524fd8970c8fb3386e6ab07729d700aa4284ec443460c720c5e9e6
-
Filesize
207B
MD59ab73f4838c75990874a01ba7921a533
SHA105023a70fe5bae3a0d5017474d51fdc9029b058d
SHA256c43ef1297b01c3b7884de7c0633427af1ace1ae4c318aea5386848f826df2921
SHA512ee102c6fd90caa0295588008144ba5caefe9c15574bee79792a812f49553ea57c3eaf6154cebeb2a9f8350e189b3ffe19f848275b2dc68719febb23c4129a77c
-
Filesize
207B
MD535b036632ca27dd2f3b7de915c488747
SHA106d3d1d9acd3f88da49cfeb27f5fa6bbd95553dd
SHA256f3c99955aa7e624ce2677c4460d4fabc0bd1d516000da2fc9c7c4788819b2c9a
SHA512743c918cbde5a18b9f7af45c9e443a42a33e28f68e029907ec2c56c3422439beb26794b613c427394c54b640f19817f23cf2b7c8eb924ec018de86b60f07fe5d
-
Filesize
207B
MD5a7bc5193a71996e076cf146e635f7e04
SHA1a7a5a5cd718d47076052762ba770479e57b1e4ec
SHA256dd470a019c94aa589d6ee749a26065f8e144380879066e2b18ecbcf1ab797491
SHA512862464a884890f383ea72df1d454875fffe3171114d67a42220dc93feefdef2b4aa8aeaecbe7535280a5aa90a28d33d524e1d9ac29c61e6bd4475a561a3045a9
-
Filesize
207B
MD5c7cfa81c72803774862ccbdeaa2af105
SHA10eb1b6f4d0c96e87860149bfab0d30479cc3fc72
SHA2566cc0adefd77999d467be595738e09356264aa4907f99b1e488c7132f93148f32
SHA512734caa9c763ec5661b536aa74358702688ba9ae9a9132e909217c3b9c8292a1a4bc29bd37051659fa89bdf320d654e9a05f23829af4e82846f9b2f0043dce63a
-
Filesize
207B
MD56210a58593f737a7eab1fbb1d449bead
SHA1c0d25cd3314bf02146937456f7c4aa0d1a5c1318
SHA25679595c2803075d4e9d24ef1982eddbdc80f7fb6599bf2089852ee1cd6f679307
SHA5124c4608aaa8b63da4a27d0e75053cec1d41396f0f44ec14820f99eab247615087fabff2702e63d4445e9b668c5773bc1bdcfe6451097a889f705d176547feed6d
-
Filesize
207B
MD53bd9443e5d6089fb1bb8561b313bc38e
SHA1045947b3875f33010a0bd35fd37636cb7bd0f241
SHA25695b9e132dea571562ed6b7b5659ff356c194316e858b8cfdc02ed3fa59820049
SHA5122dc6e93c8bf30bee248e6e2aa0e8d049cd887d68676f42cea5186a4d890dc59650c091509708a295f4fdb7118fa36eb56381f35673985c3125e14b0804268a3f
-
Filesize
207B
MD5948d55e7b5ff640c3bc1fdba1ac27f2a
SHA1d166eb6c5f1fe6a9c6e1e3086b54a0b0f5c7b28a
SHA2561b62fb1736db17bc422fac6642061f386d44cbadd6cd060855520a7155fa37a8
SHA512cfe47b58d75a1a7af9d9749d571824f91dbdd4a0dc1ebc3e113747052ca8952b8c54ff9c4d66bfd4317b4e2ddfc3e5a67b9c4668b17d0921712755f6cd01a4eb
-
Filesize
207B
MD52b505ecbb8b07a7a934eb82544c20790
SHA1724d124ecfde5c2111bb95ca714f3f6214cbdfd6
SHA256c29c3b3bb1c79b0dc81e84f8f2a81103d3dea35909d7edb142aa9db6142f6bfd
SHA5129a4d07ddcfef0bd8141bd1f55e7662695b63309f5bae26603f7b5ee52d6b470085ec3161580ca9b645eeb8cfae39701bc87b0e736ae5d48998c33328bcf25abb
-
Filesize
3.1MB
MD5a7d75b048989da5d22a1f7cca58edb51
SHA1413d22b60ae540b3b11863e2107980b0403faf50
SHA256884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
SHA5124a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351