Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-12-2024 06:43
Behavioral task
behavioral1
Sample
example_win32_dx11.exe
Resource
win7-20240729-en
General
-
Target
example_win32_dx11.exe
-
Size
3.1MB
-
MD5
a7d75b048989da5d22a1f7cca58edb51
-
SHA1
413d22b60ae540b3b11863e2107980b0403faf50
-
SHA256
884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
-
SHA512
4a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351
-
SSDEEP
49152:TvCI22SsaNYfdPBldt698dBcjHe0RJ6qbR3LoGdHTHHB72eh2NT:TvP22SsaNYfdPBldt6+dBcjHe0RJ6E
Malware Config
Extracted
quasar
1.4.1
Nigga
yzs-42879.portmap.host:42879
57d72303-b5e9-46aa-8cc4-9690809c1a9e
-
encryption_key
F1EBDB1862062F9265C0B5AC4D02C76D026534D0
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
Steam
Signatures
-
Quasar family
-
Quasar payload 2 IoCs
resource yara_rule behavioral2/memory/220-1-0x0000000000B70000-0x0000000000E94000-memory.dmp family_quasar behavioral2/files/0x000b000000023b81-4.dat family_quasar -
Checks computer location settings 2 TTPs 15 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation svchost.exe -
Executes dropped EXE 15 IoCs
pid Process 4820 svchost.exe 4260 svchost.exe 3556 svchost.exe 2620 svchost.exe 3384 svchost.exe 1104 svchost.exe 4884 svchost.exe 1864 svchost.exe 1204 svchost.exe 4836 svchost.exe 3856 svchost.exe 3140 svchost.exe 448 svchost.exe 4460 svchost.exe 4728 svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 15 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2540 PING.EXE 4464 PING.EXE 904 PING.EXE 4884 PING.EXE 3376 PING.EXE 1724 PING.EXE 4832 PING.EXE 2800 PING.EXE 3208 PING.EXE 1296 PING.EXE 1544 PING.EXE 1216 PING.EXE 5064 PING.EXE 3968 PING.EXE 4088 PING.EXE -
Runs ping.exe 1 TTPs 15 IoCs
pid Process 4832 PING.EXE 2800 PING.EXE 3208 PING.EXE 1296 PING.EXE 3376 PING.EXE 1724 PING.EXE 904 PING.EXE 1216 PING.EXE 4088 PING.EXE 2540 PING.EXE 4884 PING.EXE 5064 PING.EXE 4464 PING.EXE 1544 PING.EXE 3968 PING.EXE -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 220 example_win32_dx11.exe Token: SeDebugPrivilege 4820 svchost.exe Token: SeDebugPrivilege 4260 svchost.exe Token: SeDebugPrivilege 3556 svchost.exe Token: SeDebugPrivilege 2620 svchost.exe Token: SeDebugPrivilege 3384 svchost.exe Token: SeDebugPrivilege 1104 svchost.exe Token: SeDebugPrivilege 4884 svchost.exe Token: SeDebugPrivilege 1864 svchost.exe Token: SeDebugPrivilege 1204 svchost.exe Token: SeDebugPrivilege 4836 svchost.exe Token: SeDebugPrivilege 3856 svchost.exe Token: SeDebugPrivilege 3140 svchost.exe Token: SeDebugPrivilege 448 svchost.exe Token: SeDebugPrivilege 4460 svchost.exe Token: SeDebugPrivilege 4728 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 220 wrote to memory of 4820 220 example_win32_dx11.exe 83 PID 220 wrote to memory of 4820 220 example_win32_dx11.exe 83 PID 4820 wrote to memory of 1916 4820 svchost.exe 84 PID 4820 wrote to memory of 1916 4820 svchost.exe 84 PID 1916 wrote to memory of 2468 1916 cmd.exe 86 PID 1916 wrote to memory of 2468 1916 cmd.exe 86 PID 1916 wrote to memory of 2540 1916 cmd.exe 87 PID 1916 wrote to memory of 2540 1916 cmd.exe 87 PID 1916 wrote to memory of 4260 1916 cmd.exe 88 PID 1916 wrote to memory of 4260 1916 cmd.exe 88 PID 4260 wrote to memory of 3968 4260 svchost.exe 90 PID 4260 wrote to memory of 3968 4260 svchost.exe 90 PID 3968 wrote to memory of 3464 3968 cmd.exe 92 PID 3968 wrote to memory of 3464 3968 cmd.exe 92 PID 3968 wrote to memory of 4884 3968 cmd.exe 93 PID 3968 wrote to memory of 4884 3968 cmd.exe 93 PID 3968 wrote to memory of 3556 3968 cmd.exe 97 PID 3968 wrote to memory of 3556 3968 cmd.exe 97 PID 3556 wrote to memory of 2648 3556 svchost.exe 102 PID 3556 wrote to memory of 2648 3556 svchost.exe 102 PID 2648 wrote to memory of 4356 2648 cmd.exe 104 PID 2648 wrote to memory of 4356 2648 cmd.exe 104 PID 2648 wrote to memory of 1296 2648 cmd.exe 105 PID 2648 wrote to memory of 1296 2648 cmd.exe 105 PID 2648 wrote to memory of 2620 2648 cmd.exe 115 PID 2648 wrote to memory of 2620 2648 cmd.exe 115 PID 2620 wrote to memory of 4380 2620 svchost.exe 117 PID 2620 wrote to memory of 4380 2620 svchost.exe 117 PID 4380 wrote to memory of 2984 4380 cmd.exe 119 PID 4380 wrote to memory of 2984 4380 cmd.exe 119 PID 4380 wrote to memory of 4464 4380 cmd.exe 120 PID 4380 wrote to memory of 4464 4380 cmd.exe 120 PID 4380 wrote to memory of 3384 4380 cmd.exe 123 PID 4380 wrote to memory of 3384 4380 cmd.exe 123 PID 3384 wrote to memory of 3916 3384 svchost.exe 125 PID 3384 wrote to memory of 3916 3384 svchost.exe 125 PID 3916 wrote to memory of 1908 3916 cmd.exe 127 PID 3916 wrote to memory of 1908 3916 cmd.exe 127 PID 3916 wrote to memory of 3376 3916 cmd.exe 128 PID 3916 wrote to memory of 3376 3916 cmd.exe 128 PID 3916 wrote to memory of 1104 3916 cmd.exe 130 PID 3916 wrote to memory of 1104 3916 cmd.exe 130 PID 1104 wrote to memory of 3464 1104 svchost.exe 132 PID 1104 wrote to memory of 3464 1104 svchost.exe 132 PID 3464 wrote to memory of 5076 3464 cmd.exe 134 PID 3464 wrote to memory of 5076 3464 cmd.exe 134 PID 3464 wrote to memory of 1724 3464 cmd.exe 135 PID 3464 wrote to memory of 1724 3464 cmd.exe 135 PID 3464 wrote to memory of 4884 3464 cmd.exe 137 PID 3464 wrote to memory of 4884 3464 cmd.exe 137 PID 4884 wrote to memory of 4224 4884 svchost.exe 139 PID 4884 wrote to memory of 4224 4884 svchost.exe 139 PID 4224 wrote to memory of 3024 4224 cmd.exe 141 PID 4224 wrote to memory of 3024 4224 cmd.exe 141 PID 4224 wrote to memory of 5064 4224 cmd.exe 142 PID 4224 wrote to memory of 5064 4224 cmd.exe 142 PID 4224 wrote to memory of 1864 4224 cmd.exe 144 PID 4224 wrote to memory of 1864 4224 cmd.exe 144 PID 1864 wrote to memory of 2104 1864 svchost.exe 146 PID 1864 wrote to memory of 2104 1864 svchost.exe 146 PID 2104 wrote to memory of 5108 2104 cmd.exe 148 PID 2104 wrote to memory of 5108 2104 cmd.exe 148 PID 2104 wrote to memory of 904 2104 cmd.exe 149 PID 2104 wrote to memory of 904 2104 cmd.exe 149
Processes
-
C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"C:\Users\Admin\AppData\Local\Temp\example_win32_dx11.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4820 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YGBaGkbPUfKH.bat" "3⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:2468
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2540
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4260 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKoGUzxVvjXW.bat" "5⤵
- Suspicious use of WriteProcessMemory
PID:3968 -
C:\Windows\system32\chcp.comchcp 650016⤵PID:3464
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4884
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3556 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUnRAIaRXzzJ.bat" "7⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\system32\chcp.comchcp 650018⤵PID:4356
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1296
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YjXCr1lTee6s.bat" "9⤵
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\system32\chcp.comchcp 6500110⤵PID:2984
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4464
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3384 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AHGJa3UBsVlg.bat" "11⤵
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Windows\system32\chcp.comchcp 6500112⤵PID:1908
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3376
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoXZI7U4vTp2.bat" "13⤵
- Suspicious use of WriteProcessMemory
PID:3464 -
C:\Windows\system32\chcp.comchcp 6500114⤵PID:5076
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1724
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\z0QPzQC6QjVS.bat" "15⤵
- Suspicious use of WriteProcessMemory
PID:4224 -
C:\Windows\system32\chcp.comchcp 6500116⤵PID:3024
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:5064
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Gje4tiqgFK19.bat" "17⤵
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Windows\system32\chcp.comchcp 6500118⤵PID:5108
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:904
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1204 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6Cv55zoUJ4x2.bat" "19⤵PID:1428
-
C:\Windows\system32\chcp.comchcp 6500120⤵PID:3372
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1544
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4836 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SrOwbJZBRaJ8.bat" "21⤵PID:3840
-
C:\Windows\system32\chcp.comchcp 6500122⤵PID:3720
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:1216
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3856 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iyOh8MKEh8ZO.bat" "23⤵PID:3104
-
C:\Windows\system32\chcp.comchcp 6500124⤵PID:2432
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4832
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3140 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4c3mY5HUyo76.bat" "25⤵PID:1412
-
C:\Windows\system32\chcp.comchcp 6500126⤵PID:3380
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3968
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:448 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aA1HXpchhFns.bat" "27⤵PID:4948
-
C:\Windows\system32\chcp.comchcp 6500128⤵PID:3060
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost28⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2800
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4460 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCA6D1BZn1nK.bat" "29⤵PID:1512
-
C:\Windows\system32\chcp.comchcp 6500130⤵PID:2144
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost30⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:4088
-
-
C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"C:\Users\Admin\AppData\Roaming\Steam\svchost.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4728 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OHFxlBghWa8a.bat" "31⤵PID:3020
-
C:\Windows\system32\chcp.comchcp 6500132⤵PID:4924
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost32⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3208
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD58f0271a63446aef01cf2bfc7b7c7976b
SHA1b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7
SHA256da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c
SHA51278a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5
-
Filesize
207B
MD5dc0c5ca00024e7ae61eccd9acfe8a9a6
SHA1d1365f257c3fe689f5539bd5945936781d3bdef5
SHA2561b65ea2cb977cfe7f577680c9554bcdd4a91af298047a96aff15474bc5931024
SHA512f2ace6eaf1ce3fdee041d0efa3fad560a8fa616b266627f9e75821f52adedde648d1adeff9fea9ca21e19259988dbe9af3b51e04bcf6ac0254a093165ca9ca91
-
Filesize
207B
MD5a9be59572917271010775a95436a7bd6
SHA1cc317ff0ec77a425279606a3d95401b3497ad916
SHA2565e69cd8d146d293c7802d38f78ec2399568c9d011a9892a66a9b52e147f931e7
SHA5126a04fb376a51033dfd5a6a2b97f63d5f1d8a00c438f9f89987f6aa48ba5d5c354286393bcb39c6f1ce6e180a52fe4c16001399fca7745361e436bf55ea95e3e8
-
Filesize
207B
MD5960f3341b73019866913fe40b4fa003f
SHA1e2df048e5f0a00d2a3283e75cdcb52166e44cd23
SHA256d505a87b3cc784448e6b763a185d051aaf0159f6f4fef622367cdb6cd98dee57
SHA512b41029a688374dca7e94fcc26b590b9c46906ad2da5b293a2ee24c6d5fef920d3f3d489f56f19c1c5fcf2add2175c4ae00c7191dc8bd1aa12da03e646a6601b0
-
Filesize
207B
MD5ac6871dcf066823d9439b1f7e6947478
SHA16ef85aa4d8aa664fbf8b137ee61898a356ac4ebf
SHA256db4304d19abea9bb7095b539c235bc1e0ed91ad4e189c1401f598eea6948ec86
SHA512e180b33b4399efaa79807012dbb155e779a43c4dfabd64fc36effb2e0c32ac0bec3e3beef61935f00d685c0f3348a45623e9d7b15a316e75bc55ae61123a4838
-
Filesize
207B
MD54956499ab73580476bc6f4e96633d2c4
SHA158808549fb13962c133e946edad0f7d69cc0eb33
SHA256ff0be309b362799a796a1ad9015b646aeeb1436eec480e1f1e57f453448be876
SHA512317e6278e836e4c576a6d0b7fa65d7e081a1abca14e3e5870d129083db1b7fd5303f6e038aecf4b7bab99196ee3055771c81d4226cd0d89f2818ac0e26a1400a
-
Filesize
207B
MD55e6b5dded7c5e6ff313793f396f813e1
SHA115d864d8dc3f4266e31035228d0c0be1614b4e35
SHA256d4bd35df7fa25b44bb5613ca685cb6c579fb47abe3c32f6c6bf8e589540ad20d
SHA512aaa2b125a01574b14942ed97a2136a2875543fe01498ae70c195acea4faab25d9cbc6e431de1381447a4178a50712d07cf4da0726ca15b56de2d16cec319b8d2
-
Filesize
207B
MD5000f7298ed266f82778347063559ea25
SHA1afabfe2cce3471af062288cc0851f30b60895f75
SHA2568827e9e20d4a5356c55b0a9e204644f26d5a6a9f33fd7684814c2eaf64ad684f
SHA5128d012cc1ab8dfd35bc07ea3b0709f26aa1b308a8ae75220bdf6df193b2c5485ec8c550ad2502e3e6985b52d161b568ca41f08e006930e634a7f58c3155c8c9b3
-
Filesize
207B
MD531d21c87f0d644dd95143622fe37a800
SHA1a15d0645551502cdc6b0e653e40f1210fa372efd
SHA256c1411f3a098a111254092759197a0fff4da30285cb75be08ca8111bd1cd1d0c3
SHA51272fa1640e0d43c893dd3015d0a97c95fe4f4b4f9f0e5ca6ba47b3886bac9415933fda9f903c38ae1dc39106f07709fc9ca533dad9a0c92301d212f1c9e27f9e9
-
Filesize
207B
MD523edf399bdccf3aa0489c2f4726ca8db
SHA1a83c3a5e05e94edd77341eaec1f03a6ba9fc2abf
SHA25640d0f3698be723564f087bee49557a0c8e4fb85c0e56b1d28be9e98cae5e35ac
SHA5123684fb060a406aeb3254330c2fecf26577ee15687f4a0ab36c1a429a37193d698b29bccf978e8e113a0e410f4754fbcd343a783a9cbaa0c13e064d490690e988
-
Filesize
207B
MD58c5893fc9a40b60a5d87c1d60dc9821f
SHA1c680270464ba99726e8a7444995c135fe90f64fb
SHA2569f3df781793cd66f979b4c966ec617bfd4dd2138c17f35221da737ed26995c3c
SHA512b4b68b6241fb6e0262dbbb9e05748e77a1fda324c0b9bceb1905b29b7850c0d772511895d3eb87a02d7380f12293f0d151aa16a59d98f8908c907c3d368e48f3
-
Filesize
207B
MD565e680cd4c59677bbfbffc8fe25e436d
SHA12243bc2da5c0e5c0d51f223717214fa512d62220
SHA2564cd4ed96dbff75e7196b2ae94ccf7f77187ba9e93bd341aced8f2619d1f96412
SHA5124e8e80abd9a874f23f2fdd36b7b304ebd61f5250a19e820f2feefb21e5c8de64b36619293ec2b2c6b1175a1f36a96e044ea35c39f2636c5223a7aa9f5397b572
-
Filesize
207B
MD55e0b87d4cf72d30a1c373e3133b1e2f4
SHA1510399db0e25ab0b91f83a17b692b26785d19787
SHA2565e2bb31bc89f7364d6deb56c6ef87fd58fda37a2d976fe6417579b7f4efad55d
SHA51248e738872d20b12a234f2c8cb8cab64a36ca92c9696dd120dbcf57aca0897ba622b4cb97a7aa902046adb930bfd4b1ff65864439f8a095779cbf7ace8920e9f4
-
Filesize
207B
MD500d07f0ea2e0caafbec295b13f34eb48
SHA105140c97f209e9c869d9a9a3d0db718339752e7d
SHA256bacbb3fdcd988efc04ff362c7c12f0c76982496d3dbb82e9bb2ba3ef56eb6f5c
SHA51212c8a03cb95e7ff16d2fb46fde3f4fbcfc58ea9b90ce4c785ebbf92c00605559fad06f0eea94a6159d2baf05fb574645ab2d112f602809faee021879bd900960
-
Filesize
207B
MD5cf4bd58ac12916d3ad41e85db1c9c397
SHA1d8c411ecf5241eae2f62d2a2e34e2d82c5ca792f
SHA256daa458601123764ec284698f4bec5ccd5f0ace8e7fc4dde06d11ff1a514fb5fb
SHA5123fad7495526d7fc7d088e24b6e57204fd2de4d923293f9fdad9740bb85e3e7b20048113e02fc76973fe6dcc6788b7d61ac97d12548daf58e0204c9ab9432d44f
-
Filesize
207B
MD5d6d6acefff3b048d90b14c257bdc3794
SHA11614cf46364206b6fc613df0fb427a9c2d72b8a4
SHA2566666f9aee6d90e1765e1be1591dc6cb5bbc0b5e28e6db2924e9e2e8ae97a4202
SHA512f76ecc2c4a2700f9ae30db9b1b12654548ffe936c0f544505baafbf560e80f386b3c2cf72c2cd1cdc27e0bcefeaeb3170cb5ff6c1a7bd271f20a22257c265a68
-
Filesize
3.1MB
MD5a7d75b048989da5d22a1f7cca58edb51
SHA1413d22b60ae540b3b11863e2107980b0403faf50
SHA256884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7
SHA5124a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351