Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 01:34
General
-
Target
JaffaCakes118_5d363497c6056b5b71355359ad9cc781b59ffcf23147252aa8b6cb49a607d209.exe
-
Size
1.3MB
-
MD5
4d613b65b3f4a7daafe6efb6172a1de7
-
SHA1
7d592053b446b3597b8663abbe4705bfa6c398aa
-
SHA256
5d363497c6056b5b71355359ad9cc781b59ffcf23147252aa8b6cb49a607d209
-
SHA512
20c40ed08f08517b34fb83312067c3bf678138ef55b414d479728a010cc2c6a1baf0205c45c58976900df418a5e4f1a1f0a7cf506f2352619f90619026524a8f
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 6 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 17 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 16 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5d363497c6056b5b71355359ad9cc781b59ffcf23147252aa8b6cb49a607d209.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5d363497c6056b5b71355359ad9cc781b59ffcf23147252aa8b6cb49a607d209.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\ShellExperiences\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Searches\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ntUKyFh497.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\WYuyh03jyF.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QVLs15dYuc.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\kKaF7FiTK0.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LdHmevWlG3.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GvLkm7sAXX.bat"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\WPmuDeaX4D.bat"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Asmf6CRzTu.bat"19⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\FjqlTNZm6T.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0x9T38u1li.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cLz7lFEPwa.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\lBSBdtFHPx.bat"27⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:228⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0x9T38u1li.bat"29⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:230⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\dXV640YnNf.bat"31⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:232⤵
-
-
C:\Users\Admin\Searches\lsass.exe"C:\Users\Admin\Searches\lsass.exe"32⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\60iZj2KDpL.bat"33⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:234⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 7 /tr "'C:\Windows\ShellExperiences\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\ShellExperiences\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 6 /tr "'C:\Windows\ShellExperiences\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\Searches\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Admin\Searches\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\Users\Admin\Searches\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD56d42b6da621e8df5674e26b799c8e2aa
SHA1ab3ce1327ea1eeedb987ec823d5e0cb146bafa48
SHA2565ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c
SHA51253faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29
-
Filesize
944B
MD562623d22bd9e037191765d5083ce16a3
SHA14a07da6872672f715a4780513d95ed8ddeefd259
SHA25695d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010
SHA5129a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992
-
Filesize
198B
MD559f5ca0943e463db845b6632a745cd07
SHA1abc7f84dd060be2e0ec5e47de94a407886431c29
SHA25693632f39c28889c85f6b97444f3f2d71c9bdcbceda4d7141ca792c2a405a866d
SHA512443be4043ee31545198f5c8a6cde5f5965ee06c2e1206acd0dcfc3b14430e5d77a7fda65b353318c212f257a707f9125695297d1a2eae1b5c278c777e6e9a597
-
Filesize
198B
MD5373b710224e442041eeb3f022a25ba59
SHA14195c29505c84cd5f8805e814ff040c93f6964ea
SHA2562ff238e188c5ced74a6f6c570be06ae465c5cf298ea09ce22872d7b5a75ee189
SHA512cec4c4674fbdbdbf045625850fd68cdb209506bd593b5d62a8d16ae07eee6132687b2773fd2abd37269c28271539912c03810b1e376a6e5dda0f62bf68cd88e7
-
Filesize
198B
MD54651d159a1cf939e212ebe6a7174c670
SHA15248e501bf3f6abde26ba06e4891b2a9fccc4de6
SHA2569e14e3aad7c7c8d88cddddc4e0c2e3e00adab59eee09df42e26b119b6046130e
SHA5127656fd305fd5f3c10783d2a1885acb30c18bd6710c10e8af903748659f53879bbbe87cd9f015e0e18fade4c2b937c5cd855ea554f5d5cda18d9fc9934fda0d1d
-
Filesize
198B
MD5bfead62956f0af7d31326a76f96741b8
SHA1e320c8e90732f1848d3d099095a7e07965f02495
SHA2561eb5d49a617879c6aa768de86cd928d814256bf61c11198f659825d8ba222438
SHA512a24d4102d536c8ac42cb0b6253ad3a240b0d9acafdebe14e71c37baf8cecdc882ec45eff4ce7cce26014337eae3136e26f4558e88693dfe7b06b5f97c445821f
-
Filesize
198B
MD565c81eb69dced33f88daea2ae2a41ace
SHA1ffd36dedd405aff979c7e59a088a11c66919e01a
SHA2560c7ed00d3e8f518a0bad57d42d6cc10d539daf28d21da9e38962ff68f8c6773f
SHA512f918b33b13814fde5748d2300bebd6aacf764af440bfc0339548276516da85b5604a7b823d2e71cb72baf1eec7461bbe16fd9314199ee0d956a5460e539e93ac
-
Filesize
198B
MD5f3a3f9f2d0337ed9d7a03c4ed9e3b55f
SHA181fda84370fdad4d7e67c852dfe49f2de1cca9ef
SHA256a30e3f44f4bc2fd5727acbd54ad001c0ff28e876a9f45357283afbbb7335a938
SHA512d9530b7e8f8f4e017c952cab9edb381d17fe8ccfa0eb391fee0f29627dfb8dc778ce3a8f7868670b217beef74b0f544b28de18023921d944f2b5775f37afe043
-
Filesize
198B
MD5169145ace4efd8d34c5f48e6b06e1eab
SHA14f7c779ef912e272a186471eae711767b4af2d20
SHA25629b6933a93c8b467770633e6f3b56262dff56278bcbe73f0243e34967e9adfe1
SHA512fae8913532d291581e80b1bee482d4855bb1e44ec5a023b2d003c3641c837cd8e32945a3a2c995dad337f78aeafa701fac4c82ffb3ece52c9e92c183baee3632
-
Filesize
198B
MD525e8d5f4d667afd70e3566b84f5450c8
SHA1224507cd5d0d39c3697bfccde3fd556979bc6bac
SHA2565a2579fb5cfc4f6b2b4d3970ca9b0dd5c73b281856ba451ef787e69e0c0c220b
SHA512e09ccae476a2bf20caa11f17bd61c2d3abb8f90b26ffe78d56f287c3b1b9235d94e54d490ee9ea3086dedbceb926e337f4cb25220c30eb24f5399a7699a6bfee
-
Filesize
198B
MD5f7f4cfb3d4f5f7eecdec3ae07d5d63fa
SHA115fb8a660f6221fa081c94798163d0561696f914
SHA25678f17c88e859673b4ecc8e7de2e4f55e5794b22306480bc69d0714b6db943cc9
SHA5128168e4af59ba9d25c336355ce2326f20eb6ffb815ee5237badd224ab0d261113420f19afc711ee230a653ef4587b590993f8aa46a969ed6e51364524dffed58d
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
198B
MD50249757840f1ad571c2cbd106563e925
SHA1051d693d9a4c66a6f89aa77aeb4a499de4e9be50
SHA2568bb426bd0eaf1eb9881285d8d1415a36d7519e7a404ccfb5e4ad6a3e9041b578
SHA512944b692e87074f3fa9331b6b5242531f54d06def2031625ac156fec96a326f0816d9891308449619f099e945b54602b0d0d4739ad333688f544b4bdc930bf112
-
Filesize
198B
MD500314f08264986e1b07ae6c74b69871e
SHA1bf51bb1a50b9e65dca207ddce47a14c5b8c85106
SHA2565df3d8404c553b5c15bcadb74071a9d39e47d1448cc0335bf207fd8e56ac37df
SHA512bd5b6930108e04114fe7dc39fbd79f7edfadcb3f6cf5ccc2772269b2c444eae065528e440f733046e8e844209a1581d4c096982ebc43294cda5ba404c608e53c
-
Filesize
198B
MD5c29e5d44868d7fcbc53d0b7430760972
SHA1ebd142704eeeae5132e375468900c9b4a87ae5d9
SHA25689dc3eae7d56125a1dd3d087cf73485a9f17efdb22b0cb9aa38ec19cee208e17
SHA512c05e1d672bd8dac0d75ef26866751db6a74a80f51f3a5aeb54e63494184ba5d2cab3de82fa75c9d178433799ddec616204a2b9edf30bfcdb2fbe2a3d068e00ce
-
Filesize
198B
MD5956aa543690eeda6d806150a55c30553
SHA13bf3bb470d5d5b273fc74e59a2700f5d16361ed8
SHA2563783c2412b574d2abce4005183a0061a061496ae3e9803a13db4e2dd8f9c491f
SHA51299a6d5c81e530f3bea355a1172671f50b6e635bb08111f170999dc4f5143cf028f4dc64a33726639652c7a1381ec4d0247e005f1e67714be27bfd241dc3e20dc
-
Filesize
198B
MD5d0837eeb5c37903f45bce25906175285
SHA16f6c64a8a1a9eb2f61d07762277f5d387f17d6b7
SHA256cc938181b613784fbb912f0a3098b69e64a83ceb471eb46d551a841396c10a20
SHA512e569c50031d745fc929d7b2711a14e841f36566ebc61564226aa34ff5045514906f2788d3ae665de1801c3d575740348ed29df0bc799b5ce563470be29357970
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
136KB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
8KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB