Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-12-2024 23:54
General
-
Target
JaffaCakes118_ac18149854a481152c579b13bdebaee9c1641a17d0b3d6df4eda97cef36f7f5a.exe
-
Size
1.3MB
-
MD5
2a8495ac26e08f6781488c83a2e2387b
-
SHA1
0fb2069d27860a6e026e60526facddadb930c538
-
SHA256
ac18149854a481152c579b13bdebaee9c1641a17d0b3d6df4eda97cef36f7f5a
-
SHA512
632022be28d88160b3665f6233e1b814d0a78bd45d7cc0a72d4ac46b2bce9e35c3e18bceeb8c87486db4f07ba647e04c9ae1397ff59b6e3251cb213c2ea23cb2
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 8 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ac18149854a481152c579b13bdebaee9c1641a17d0b3d6df4eda97cef36f7f5a.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ac18149854a481152c579b13bdebaee9c1641a17d0b3d6df4eda97cef36f7f5a.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Mozilla Maintenance Service\logs\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BVSPqyBVRU.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6uGRILFBWR.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\XBBOHPKclM.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\gTQuRhIyam.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\H34YhpUhHp.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Mw1PlbJmoj.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\blOcFVMglb.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\syYKg8QxNI.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\djCrJd6RmA.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IrNnSCw4rJ.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows NT\TableTextService\it-IT\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\providercommon\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\providercommon\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\providercommon\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5e64c587a6b47f893932ca3bbc01f0ea4
SHA14313ef2a7a76f0edd16b9815c5965ca5eda6b0b3
SHA256071093cae95f6920b2a75a43ebbe0d32f10c2377aa50269308d72bd446a09448
SHA512b9cc2666aa0097ece09ff5241ee40bc316e81bb53aa61961977973cb60fe9ec7f23bfc31707a17b4511a8bfde8502135b55a421aac92991b739dfca87667c4cc
-
Filesize
342B
MD56d2158f15ca9f2615920469e68968a1a
SHA17cc28740c494b079c7a6e31a05db9d20f0e7db1b
SHA256e685ef7405afc0b6f3e7f8263173f1b75aef2b69f58e81a75ec9c07eedd2caad
SHA512fa22a3f797a2431813c6ce3ccbfcf44aee6122a3836bf30d879da9ee86eea0f7d3409d1c3aad43d5d30dd1cc5937e9df0a6e40471a6e92c856c9f46b01333b94
-
Filesize
342B
MD58f3a349bc63ac89fb70acb5d16528258
SHA1c42c5481f49e60ea966a54029ff6d9b16fc10ffe
SHA256b2da22f46c306eb0693d2764ad35d3baa29c88cc887770e51311f6cef510bc8e
SHA5123cb456d68fa52c1d79cb2c0d184230146d746fe6075c4007e94bec14fbb6ad3417534a9cdf99c7f5e9732e2af0db0a894e984e84ac0b970d96a97b9faa37e371
-
Filesize
342B
MD5919e369e19fe406da146b01b19a892e4
SHA1c2602f45ef0dc0a506edfb1b3b1e47f17396c783
SHA256530b385debdc670d3b39ffd1c545411b18d72617034909d2677d57fff983131c
SHA5126229bf9ad75a6bae0671faddbbf72dfc6cc105071ab447c47b9958c106be1e582fcd967cdd2bddeae48f14e9b912a7d7060a246416c069fba439fa0fcc9b6d4a
-
Filesize
342B
MD506d758a6c6e15b1605ab2876529c3ca9
SHA1a04ac5dd476f2040b8f2464d8ed978ffc3858ee3
SHA2567cbd73d2b08c81f4ca6ab53f4ce8ef6b5e29f243b94f4369ad437bedd13863e2
SHA512c6d3158b1d8fa363217f8f7a95da74ab4754388a8b2067e2021ccfd5c9feb430db6f5ada40b3fcac3bd2f2f359ff5e3a545e9815f004e0988048822951a36cef
-
Filesize
342B
MD58fc144687c827be052d4ac374202a49d
SHA17416b359944fbd963ab19ee5fe161d4e9357fbfb
SHA2564c1de7a3efe1c47b6ec11bb1e5d787e3b060c6b6d064327d59dc3c4ad9e093d6
SHA5129175cd24e9ad30fb9662a36cfe0fb75d7ef8edd3951a4308bf2673510e736acda353ac95c6def84c6f948bc4af9f654c4d1e5f9bade97c1719ab2037a7f49a95
-
Filesize
342B
MD591422683bdea6c0bc73cec7cce81b68a
SHA116e3eaaffe875fb462b9e51330ea962d512d0d1b
SHA25690a6f80b81842b6b1439ef9b42f14307eff090c893b913aab58d5bc9081279cf
SHA512bb5ad5f40f8687152ea109d4eee92280a5629cab4d5b72a442e3f0dece30125ea10e01db7bff595597b372be53230f328579466267842b6e403d8261feae130c
-
Filesize
342B
MD576bbd51e822d5536df362ea64883c3d3
SHA19d7b89b78532f2b90fe38e9ce5118db30e9c4f0a
SHA256ac10ab48ff9dd094432cfb24c255d899235cdfa738a51025294d729d85cb8920
SHA51249694d9d5de7f0317256ae18066544e314400b0a743447ddd49e30eb0fb7e6202bfe63bd56f3de9fd659ce7526e8e087006264e96ff968f0d290910edfb23f86
-
Filesize
227B
MD51527ae1a2d7b87b6cc25bbea0b04e564
SHA19227283319160f2ab266ba769bcab4ee3cf61bce
SHA2564ab7d769ec69942fea5daa9f65a2f35c6a6b2cdc9101366819a072b0a25690b9
SHA512612d67ebbb018fda4eb0a1cdbba7b984166116cf9b26a5d321e49d0e5ca2bd39c59f9d646f682eac483a8cfb371f2cab40f93f74d6db34ed8b1d1e4af2be881e
-
Filesize
227B
MD5996f0a1a738888181fd992cb9d19e001
SHA13b850d2ac7fe9788fabd7f590462b0f9b84402e7
SHA2564c649b63ae1817eb4fbc5569b11fcb8ab4241ac3a334a09299bd04be38cc46ee
SHA512f12ae30151b16e22e9d4fffae49e18edd675537d325a94ad3d3ba779a4931ceb03093cfe18812cc9c44e3b23a665a7815f7c973e83ae0af582e220a2b8501af1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
227B
MD52c363af953f1418b661b031a41f9f419
SHA1c78b3ed39cf0899fe9267000ff86452a24164823
SHA2566af6d83d4be02a04f2dd7b76da9608217500b170ecd32611e9eb3565fa3143c3
SHA512cdc7bcd1ab8fe71395c9c3788a67c0f4910a37a361b280a67377af151de4f4fd17a7d18f8547278744195b05268e8c054d0c158326d3ef334357a10af5b6107f
-
Filesize
227B
MD5e48e1bf62db7fd847c47bf430420e3bc
SHA10675723d21c6cdbecdb81969f3ed3384c98db50b
SHA25609155c513bf2f2aeca31de2a306e860a135302ae73ee74e48a75dd5e8d0081d5
SHA5123e31cde25583bae0e43b5bb81b9d079098168a0cc43cd06b21e8c4ca82c577c5922ec3b00ecec8c14aa3a1fcdad39cf93bd217eb2a69fc82ab4f39a605b56b0d
-
Filesize
227B
MD54267de56edde0868de6d19ed38273684
SHA14a313668224c01ce699ddcfe93616f9105714fe2
SHA25692f0536375701b31c73c8c497b9ad8dee3c23d54d47c1050f04920e056efb345
SHA51249f2cdab2f0f000f65088c3fe933a0b5794a09347a4ae8d1bcd3ea94d13c1860ad13c6bcead087c5e68528078e424308204338eaaaca56d37cf1a1758bee9f9b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
227B
MD58e83c15c1c6ff9c62af30d2dfea3a562
SHA14a75a5db7336ccd81d809b5d50c6c4fca45f5126
SHA2569fe0a235f95c05c7b8e35e12a4a5851a8b625e3606f2d6688118bba1f7f3fc7a
SHA512a69ad0238acb6e0591a9e2a4bd248b83a268d42236e4fbb1df42b8d461c74056d4a4d2ff6164beac63f728182a9add18fb4c20629971972d24057bc907676fe4
-
Filesize
227B
MD5185f56c8e4f22285317562a4b45499b3
SHA1c2f6ffa85a4ad17014366eab0ec08d3cf1876d9f
SHA256df576f112896033f8c6922002421d275c153cb215c56aa8270aa3e9c8a3f6ad9
SHA5123c5c2c372f7d08cecca8a982ee8d42523054c86aed520718504f9f618f99c8b8185aa9e8eec3e0eefc2b45b7f70b2d1c016aada62b79004705cffc26600841ec
-
Filesize
227B
MD5ceb2339de0b7a023cd2e530c064df990
SHA1ee2b59f8a38057f5478fc59c9ef8258c2cc5eafc
SHA256d0c33a6c2494ef63d487c36036707267f4892420a4cf60df0921863f722f0b18
SHA51266c00250e3045aeab5af859a183241962439d0a51c929c1824a054459a45ef80911ef3f64e6db511f1228b787e4205830d9e088013af02a600572dc3669b1ea5
-
Filesize
227B
MD5e86f1e152e14d1697929214b4b134f70
SHA19a6e7f4f839e86bf53360c4144e30ac59012306f
SHA25673383ce472781f54d30561ffc05b9c747c60d19ddbab61d276e45c2902572d56
SHA512faf0fcc91266970e437eb9ab3765b012e20fdc8c9392e2c472c452c8066d10fb6132ae518a0ab907f125fe16fce536d5fc5bcb2a0d7364450e2f5b8a3cb47556
-
Filesize
227B
MD548bbc79a526ae4ad193ecf27ae49afa1
SHA17d6e1e6f434ac96a7441c7933ab646b00d262d50
SHA2568fd17a61d306e5534825d9eb17d2c7852e47968cf683efd4b39dc5827f3b3384
SHA512fece376a371bb3287659ca23c3aed913f3ce5492f039508d8fb9384baecfc5a5fa0a8fdf30755a7451a8cfaff4ed0b5752aa894e6ea2be8135e2419eef26dc63
-
Filesize
7KB
MD5c9d1853fcffb1abe89d38affc141fe27
SHA12953616b822ccb45a1f1fb8efd816595806bcdc5
SHA256a0c331e0da0b4be93d8d93d9a6da11a7a42f0a4cb1051b6e4ccfa021d682dcf1
SHA5128c4de05a25f161d56012fcbc600e945f06ded61b0ac244617e9516e2bf96cc44fad9d9919077c2e9d3fc3c3c57f38b2adda07551699300314210d37fba6c818b
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB