Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-12-2024 06:40
Behavioral task
behavioral1
Sample
example_win32_dx11.exe
Resource
win7-20240903-en
General
-
Target
example_win32_dx11.exe
-
Size
3.1MB
-
MD5
a7d75b048989da5d22a1f7cca58edb51
-
SHA1
413d22b60ae540b3b11863e2107980b0403faf50
-
SHA256
884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
-
SHA512
4a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351
-
SSDEEP
49152:TvCI22SsaNYfdPBldt698dBcjHe0RJ6qbR3LoGdHTHHB72eh2NT:TvP22SsaNYfdPBldt6+dBcjHe0RJ6E
Malware Config
Extracted
quasar
1.4.1
Nigga
yzs-42879.portmap.host:42879
57d72303-b5e9-46aa-8cc4-9690809c1a9e
-
encryption_key
F1EBDB1862062F9265C0B5AC4D02C76D026534D0
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
Steam
Signatures
-
Quasar family
-
Quasar payload 2 IoCs
resource yara_rule behavioral2/memory/32-1-0x00000000000D0000-0x00000000003F4000-memory.dmp family_quasar behavioral2/files/0x0007000000023cbd-4.dat family_quasar -
Checks computer location settings 2 TTPs 15 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation svchost.exe -
Executes dropped EXE 15 IoCs
pid Process 3604 svchost.exe 4820 svchost.exe 3080 svchost.exe 4964 svchost.exe 4484 svchost.exe 1120 svchost.exe 5044 svchost.exe 3372 svchost.exe 1192 svchost.exe 2352 svchost.exe 3392 svchost.exe 4812 svchost.exe 1428 svchost.exe 1148 svchost.exe 8 svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4484 PING.EXE 4924 PING.EXE 2116 PING.EXE 1928 PING.EXE 1280 PING.EXE 3288 PING.EXE 2948 PING.EXE 2936 PING.EXE 4768 PING.EXE 1396 PING.EXE 5040 PING.EXE 4200 PING.EXE 2136 PING.EXE 4740 PING.EXE 1808 PING.EXE -
Runs ping.exe 1 TTPs 15 IoCs
pid Process 2936 PING.EXE 4768 PING.EXE 4740 PING.EXE 5040 PING.EXE 2116 PING.EXE 1280 PING.EXE 3288 PING.EXE 4484 PING.EXE 2948 PING.EXE 1808 PING.EXE 4200 PING.EXE 1396 PING.EXE 2136 PING.EXE 4924 PING.EXE 1928 PING.EXE -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 32 example_win32_dx11.exe Token: SeDebugPrivilege 3604 svchost.exe Token: SeDebugPrivilege 4820 svchost.exe Token: SeDebugPrivilege 3080 svchost.exe Token: SeDebugPrivilege 4964 svchost.exe Token: SeDebugPrivilege 4484 svchost.exe Token: SeDebugPrivilege 1120 svchost.exe Token: SeDebugPrivilege 5044 svchost.exe Token: SeDebugPrivilege 3372 svchost.exe Token: SeDebugPrivilege 1192 svchost.exe Token: SeDebugPrivilege 2352 svchost.exe Token: SeDebugPrivilege 3392 svchost.exe Token: SeDebugPrivilege 4812 svchost.exe Token: SeDebugPrivilege 1428 svchost.exe Token: SeDebugPrivilege 1148 svchost.exe Token: SeDebugPrivilege 8 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 32 wrote to memory of 3604 32 example_win32_dx11.exe 84 PID 32 wrote to memory of 3604 32 example_win32_dx11.exe 84 PID 3604 wrote to memory of 4528 3604 svchost.exe 85 PID 3604 wrote to memory of 4528 3604 svchost.exe 85 PID 4528 wrote to memory of 2736 4528 cmd.exe 87 PID 4528 wrote to memory of 2736 4528 cmd.exe 87 PID 4528 wrote to memory of 2936 4528 cmd.exe 88 PID 4528 wrote to memory of 2936 4528 cmd.exe 88 PID 4528 wrote to memory of 4820 4528 cmd.exe 94 PID 4528 wrote to memory of 4820 4528 cmd.exe 94 PID 4820 wrote to memory of 2548 4820 svchost.exe 95 PID 4820 wrote to memory of 2548 4820 svchost.exe 95 PID 2548 wrote to memory of 3256 2548 cmd.exe 97 PID 2548 wrote to memory of 3256 2548 cmd.exe 97 PID 2548 wrote to memory of 4768 2548 cmd.exe 98 PID 2548 wrote to memory of 4768 2548 cmd.exe 98 PID 2548 wrote to memory of 3080 2548 cmd.exe 101 PID 2548 wrote to memory of 3080 2548 cmd.exe 101 PID 3080 wrote to memory of 4628 3080 svchost.exe 102 PID 3080 wrote to memory of 4628 3080 svchost.exe 102 PID 4628 wrote to memory of 1592 4628 cmd.exe 104 PID 4628 wrote to memory of 1592 4628 cmd.exe 104 PID 4628 wrote to memory of 4740 4628 cmd.exe 105 PID 4628 wrote to memory of 4740 4628 cmd.exe 105 PID 4628 wrote to memory of 4964 4628 cmd.exe 107 PID 4628 wrote to memory of 4964 4628 cmd.exe 107 PID 4964 wrote to memory of 4308 4964 svchost.exe 108 PID 4964 wrote to memory of 4308 4964 svchost.exe 108 PID 4308 wrote to memory of 3880 4308 cmd.exe 110 PID 4308 wrote to memory of 3880 4308 cmd.exe 110 PID 4308 wrote to memory of 1280 4308 cmd.exe 111 PID 4308 wrote to memory of 1280 4308 cmd.exe 111 PID 4308 wrote to memory of 4484 4308 cmd.exe 113 PID 4308 wrote to memory of 4484 4308 cmd.exe 113 PID 4484 wrote to memory of 796 4484 svchost.exe 114 PID 4484 wrote to memory of 796 4484 svchost.exe 114 PID 796 wrote to memory of 1684 796 cmd.exe 116 PID 796 wrote to memory of 1684 796 cmd.exe 116 PID 796 wrote to memory of 1808 796 cmd.exe 117 PID 796 wrote to memory of 1808 796 cmd.exe 117 PID 796 wrote to memory of 1120 796 cmd.exe 118 PID 796 wrote to memory of 1120 796 cmd.exe 118 PID 1120 wrote to memory of 3056 1120 svchost.exe 119 PID 1120 wrote to memory of 3056 1120 svchost.exe 119 PID 3056 wrote to memory of 2556 3056 cmd.exe 121 PID 3056 wrote to memory of 2556 3056 cmd.exe 121 PID 3056 wrote to memory of 5040 3056 cmd.exe 122 PID 3056 wrote to memory of 5040 3056 cmd.exe 122 PID 3056 wrote to memory of 5044 3056 cmd.exe 123 PID 3056 wrote to memory of 5044 3056 cmd.exe 123 PID 5044 wrote to memory of 3020 5044 svchost.exe 124 PID 5044 wrote to memory of 3020 5044 svchost.exe 124 PID 3020 wrote to memory of 4152 3020 cmd.exe 126 PID 3020 wrote to memory of 4152 3020 cmd.exe 126 PID 3020 wrote to memory of 3288 3020 cmd.exe 127 PID 3020 wrote to memory of 3288 3020 cmd.exe 127 PID 3020 wrote to memory of 3372 3020 cmd.exe 128 PID 3020 wrote to memory of 3372 3020 cmd.exe 128 PID 3372 wrote to memory of 1900 3372 svchost.exe 129 PID 3372 wrote to memory of 1900 3372 svchost.exe 129 PID 1900 wrote to memory of 2212 1900 cmd.exe 131 PID 1900 wrote to memory of 2212 1900 cmd.exe 131 PID 1900 wrote to memory of 4200 1900 cmd.exe 132 PID 1900 wrote to memory of 4200 1900 cmd.exe 132
Processes
-
C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:32 -
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zPDpFPI2Zqav.bat" "3⤵
- Suspicious use of WriteProcessMemory
PID:4528 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:2736
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2936
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4820 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EhmnWLjwLs8b.bat" "5⤵
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Windows\system32\chcp.comchcp 650016⤵PID:3256
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4768
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3080 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UE6Z5j6ZdFBJ.bat" "7⤵
- Suspicious use of WriteProcessMemory
PID:4628 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:1592
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4740
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RbVsBpIa11Hl.bat" "9⤵
- Suspicious use of WriteProcessMemory
PID:4308 -
C:\Windows\system32\chcp.comchcp 6500110⤵PID:3880
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1280
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4484 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rl6r8fUWT8Bb.bat" "11⤵
- Suspicious use of WriteProcessMemory
PID:796 -
C:\Windows\system32\chcp.comchcp 6500112⤵PID:1684
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1808
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NKxQ4qrb7y3f.bat" "13⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\system32\chcp.comchcp 6500114⤵PID:2556
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:5040
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qZaGxjbFTRUZ.bat" "15⤵
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Windows\system32\chcp.comchcp 6500116⤵PID:4152
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3288
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rfT0tB3jdsC8.bat" "17⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\system32\chcp.comchcp 6500118⤵PID:2212
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4200
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1192 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fva1BKhDGs9m.bat" "19⤵PID:1052
-
C:\Windows\system32\chcp.comchcp 6500120⤵PID:4380
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2116
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2352 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUkLfzEfNTT0.bat" "21⤵PID:3816
-
C:\Windows\system32\chcp.comchcp 6500122⤵PID:4988
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1928
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3392 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HyYhMch0VRAf.bat" "23⤵PID:440
-
C:\Windows\system32\chcp.comchcp 6500124⤵PID:3148
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1396
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4812 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egUbHBoX0eq0.bat" "25⤵PID:4976
-
C:\Windows\system32\chcp.comchcp 6500126⤵PID:3420
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4484
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1428 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYsjw776HTZs.bat" "27⤵PID:540
-
C:\Windows\system32\chcp.comchcp 6500128⤵PID:1704
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost28⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2136
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1148 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUKsmFS0nKfh.bat" "29⤵PID:4152
-
C:\Windows\system32\chcp.comchcp 6500130⤵PID:3384
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost30⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4924
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:8 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YZOjjereelsh.bat" "31⤵PID:1880
-
C:\Windows\system32\chcp.comchcp 6500132⤵PID:4896
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost32⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2948
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD58f0271a63446aef01cf2bfc7b7c7976b
SHA1b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7
SHA256da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c
SHA51278a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5
-
Filesize
207B
MD5034baf89904c3b2ef822efcb0f44acfa
SHA11dbc3d6deaf9404da3b03945d16f546b46a6807b
SHA256e9f5df74eece42f3a15dda1e78e96527ecfe565a1d85d796defdf80c8370b7e9
SHA5125158ffc1fa9a58f76e4bbb15783773ba4006c8ef5c5d641f0b80156eecbd9c3fa04945e3d6e7c71f508853ded5c19ac89afbe7b817ad7dcbb27a892f6b57f0b3
-
Filesize
207B
MD5befab3ee0a833c92149924b2387d7999
SHA19117626c9229577d0506dc6eceada11a4dc361cb
SHA256f912dbe2626a39ecd681c928709792b8ee8dafe38f19f8c0ead7f5727eaf3b12
SHA5127fbaf149ed66a086a2c11edbcbfeba3f8dcce220a8d613b5b07d7f52b0bcc98295fa75aaebf659269e2090e75b7a383985405a4effb35cce798f556178af9c40
-
Filesize
207B
MD540dbcc0c3d9f50c243923b041d739d89
SHA112c119b066e57db5dc8bf88b50d10947a33071fb
SHA25651045f5a0186b487aa1768017ce782f78533c50adc07b96c73590745aaa91ec4
SHA512f8666987a68a78b1035dc475015800c28627ff5e927d20b7c15662592539dd71cdb09c416c71f83fcf91ac8b3077103d7d9d8625b9eade4c84ea9e2282548800
-
Filesize
207B
MD592082bfce19718c478d25ef19e997a98
SHA110883cf14a181a6bce8b867f8a45fef2f4d42023
SHA256fd5c36a378da77e51f730d8092bbf216693947f7bb56e6fc3ac7f0a43ed70e94
SHA51286cbdd2aabb43722058c2ef78f5ee2acfdc8ef7e1d3c00d362c38e73543dc5cf4f29a0faadb8babc7116509b34ef9035d06de6be64b5981311dc91b5d2bd6846
-
Filesize
207B
MD50518731dd9e646ae22e82d93d1ff88a2
SHA166ac81344bfe044ea83e9cc68b8424c489551194
SHA256f5fe1604283891d7ecab5ca07ee54736bc8f38ace73fcd77262c888ee6aa0b21
SHA512aad8e763e2b3bf0d9cc0e1fcf2d0b12f03a15e113ac363b53195f24538f8da2c47578905f9214451ab10c15e5564c95186ae7e2597d46b882f231593ae2c2d19
-
Filesize
207B
MD53ca25f1a3ddc48435cbf5e9d22004b44
SHA1723a0cc8cc1e8a1ec7af460d605f03a312c8bab8
SHA256a711b90ed0caded6f55bf328c4cafaba2cfe54d37057f276a78e229ccf5d745d
SHA5126f55fd4f560d0215d4f83dc5ebfa7680168f050a9735ee392b796d19118c29f70093e05be53f168af591f44433f12a4efa7b5970b4b05a7e5cf5227a635a8d20
-
Filesize
207B
MD588e498a9cf957cd4fff481fe085ca3d1
SHA147f92b16bf6d1d488a7a1ba638110f4ded377bfc
SHA2568609cefefcb3fa6e2134b49832088aef5fb9dfa86a8c21f147924c5cdd8bce4f
SHA51225d2a2b8e91ac05769321c7e0f530c0d70558c0228b6405d9ca6aa04c46fb7337d14a90e6d5e60d79e7a4970c9c64b14e07fd13a5302f671c6079373c57080f1
-
Filesize
207B
MD5126f438f38d50405392a9e7afbfd6728
SHA16c4992bcba2ccb54f20c7639e85d147a80ccea6f
SHA2567cfaa4ed8cac76094d931d5778eab30618d475ea0ef226e22c42735954aff040
SHA512d87851b7ed9c34d9bb42e9b496bc9223697d33afff085b5659381460403113e99b38a755cc9e4365e69b6fa10981d197dbd10ca76d62fedabe0bd6627e3542a0
-
Filesize
207B
MD5be8ba5f3d09e3ca718a4a808c7a4a897
SHA11c7242986309e2a477c993e83930e56bb471f153
SHA2566dd1179b7be5e64e06848666eca07fb6f367d024172ece169571b3394d28b04b
SHA512726d612d43b1e031f90fa799d66010e8e3ebdf106c973b8226535eab638d26f0f63f37db440b7d4bb680934425be06eb7391415a9935d6adab5578d8490de64d
-
Filesize
207B
MD5adba749b5acd8b73cefb6e2573c46ddd
SHA1ec2854fa3281eefa54f6bfa24357de9d94de8494
SHA256fa288433f5954e7491ae33a4c72731c157d5ba7cc143d315e9738c9f4acaf109
SHA5126f46173f02bb7dbe0271d7da9b2946f9592dbfbf46e099f7769fae0032de8db38764e3fc5992e2e5017b5005c1105daf341142118a27cb519ae8073c6ef45863
-
Filesize
207B
MD59b0de004ea9307beff9aa9e71d4bcdbf
SHA11242bdbb97ae830ef475040b7c41e804c2857986
SHA256abf3de25e8d44337fe180331698a8744de1692a99f84ed8ff27fdfa979f94a3c
SHA512db49ab53c6bf4dd03d07da63a35fbb7f6c4366ce1be4b444d1cacc3844fd8d13884cba7412beee27628eb4d3aa2f26b151ce8b945b32db03a51b4db1baf9861e
-
Filesize
207B
MD551f9edef0e7d9c910b167d8bbfc881f5
SHA1ea9db63a6f1e692b3df6e6bf362ab7376b005aaf
SHA2566188023120aeab9d50bcdeb7630f512b363d51dfad3e133cbf96dd8c1c9e65e9
SHA5126ba70f9b4118b835c177be8f00abe1ef89db79f80430e4e945896bbf0633ccc560fe47bbcc448d2bb694cc810b54b537a12f5e351df11cb6361171ae3f94dd93
-
Filesize
207B
MD5fc3d48b874f5f3b498802db8d19a8e84
SHA1c67c5cc8b37b9a751cc539ffd9986a3e752656e3
SHA256920a70f8be755254ec42643326018211d98ecda83e5b32cff5708dd1c008a487
SHA512c5546efd6e8d160d3cad3c65f25f321164e3033e28f47f8b8bed3bb160d9488bc7d791e02ade3a085cab5baf862fa27fde05de044eee5ad461aff46b1f672275
-
Filesize
207B
MD5c355ac9207ab5cfb54cdf2355efe052b
SHA18fa76534819b0ab43c387683679541a21beb0867
SHA2564747e239801b1295bb351938f34921036307005350ee9bba2d379db0c8c84ad8
SHA5121259ef75f4cfefa301b7612f068c1470895fe1cb1d95173a4292b9d0265caad4cbd141835448c31791395c57d07d75e848337d29de71b87c3e519da2d622a46f
-
Filesize
207B
MD543f07b8a212bb6a5814806c5e0f7dac3
SHA1036d2a5f7b4e0425e9e7548b3926878d8135db29
SHA256ecb8c007edb7e627aae2f04e02d31d8d4db1e2add5b9892a90a3aa4cac946114
SHA5126326c201a0c0f9344cac2c139bf36745502b2f5540879679dc5e8ca524b8532cafb3030a52472034b157c6b9aab455b5d9b10cc51e296c7a6ee6aa28f9aa4c02
-
Filesize
3.1MB
MD5a7d75b048989da5d22a1f7cca58edb51
SHA1413d22b60ae540b3b11863e2107980b0403faf50
SHA256884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
SHA5124a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351