Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 01:52
General
-
Target
JaffaCakes118_c04ed10afaf04ec1570c87bce65842bac6ac0634c281f04eacec1797b2bbf4de.exe
-
Size
1.3MB
-
MD5
ea608816f5df1ebe40e99899b2efefa4
-
SHA1
4c3ec8c5dd7849d3228889846b124fffa48181af
-
SHA256
c04ed10afaf04ec1570c87bce65842bac6ac0634c281f04eacec1797b2bbf4de
-
SHA512
07b26138347d5ab1b5f7c37dd689d0426e5125541632c9690c507827fe0f5aac5d71195ad82a0fdf6e6330dc2383cd3feea333e8bf0d001080ca39acbb9de1b3
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 11 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c04ed10afaf04ec1570c87bce65842bac6ac0634c281f04eacec1797b2bbf4de.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c04ed10afaf04ec1570c87bce65842bac6ac0634c281f04eacec1797b2bbf4de.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Defender\es-ES\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\E1U41Va1sj.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\i32OxRBhll.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TZCyxGcg3L.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\f70LHM7oRz.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\MsMShxucCb.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xjNnGM38uG.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\lHuJ4aKJis.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\s1KW4B7p45.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\8OW3hmLaVA.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\wzkVYe0vvu.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Defender\es-ES\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\es-ES\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Windows Defender\es-ES\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5f4ce9ca1a34a25dc310bb9d8a42e5021
SHA1aadb608c70e6c8968f0d76715c2591e0f17b4a6d
SHA25629fc805b409418b0f90cd34f2816bb7b4fb01f585e40625615f88f3e63b3a766
SHA512584fa41fdaa8ff2d6d0cbe3019d6148154ea4c707369f3a292fa377618d53d3da393ad0fb10e12eb66496d19c2ba69647ea19a429aae37fa9d5c43246b7118f6
-
Filesize
342B
MD52416c0f24d8e16f3b5057c5ce3608b93
SHA15b82d55d9a34a5f552a1de882697170a1624f52c
SHA25638ed93ccf8cd995b935c10c67c62a762cd8c3806f2efcf8a5422d507cda9916e
SHA5123ddaab5cfa0636d4d5f08b5c5693a289b1fb6db320b8a39dde21750b6df2a3bece48042f242b0ea860813afa3bce1eec8c953f78aaccc25dccbec20cff1a1439
-
Filesize
342B
MD5eb97f9c492ead340e485abeffa9ce2ca
SHA1fccfb33f7cb70fdbd8d6cdb3ddb936a7525e2cda
SHA25677ab6545e92260b22e1c00c1f46afa94d79fdff401c5dc31e330e56bb43347d8
SHA51271bfc735f5e0b042b0e1f6b4e4a45619f21c0bef17003f1ff92b7955e4d07e0ddb6bd8592ce334f289fc184b15467d124acc3fe65c48a0d4b370377d2734426a
-
Filesize
342B
MD5e33a1e5b136632fad529c44f8c407f9b
SHA1c7869fe034b2979efa41200c7c20f8c914a4fe10
SHA2560d361cd5eecf4f741dda94e5c3ee2e737269148591c8ef26e8511a04edb22d97
SHA512827c7c27934014a3bc35e5c91d1207431b3397aa537202d21ecc59b5584146c8964787dd1754b5f24343d91c09052669196b394dd18984c9584db1e7c2c4a429
-
Filesize
342B
MD5454b11205df1115559fa39e0d4984c0b
SHA18705c83d2bbd2008d9787beb48db67a9c054b5dd
SHA25620694ad652fb6ef5620e50ee1696f1cd08c7ab67768ed6e35467661aacf293df
SHA512790e18ebbf3fe09de865766305df7f3bff644d235b2f6da46e9bf8499e8f66d7a1068ee6c4d31cbea8c5a6e4ea4c58bc400442605cd6db62eb5ea21509377f32
-
Filesize
342B
MD51f5f2263d7df41b60e257f78e8f81575
SHA1e3907f2b07cc0430b767be154ed12b5341a304fc
SHA256b9fa006c72981117bde24c65928f32e2f39aa12dce6b6068f0851123cd765512
SHA512af39b37e0ae47afa23d168b7d0599327942412ac959aeb1d45c5565438017e0ca75c0e36b23d432468e0ef51c74b75a45290588a586901744527ad7094df1aa6
-
Filesize
342B
MD5feed325a302c9a085c35c0db5f66f065
SHA11ae387764bf8f08d4006282f40a8cae348f15f4b
SHA2567a21585b4513669241be5ea2b12eba3215329d648dd6bb27c3aadfcead1c7d46
SHA5124285a881893e6e946eaa40ab0a296cd743ad1bbfd5b769840c7246ce721b007283eb7fcc998dd85625762d74ac8344b8881d172f37ef7253570e6857648b0360
-
Filesize
342B
MD5c53b350a32f91f2b87b6621225162890
SHA13b6fc3a0bca0552cadfd4233f14d14bee4287ee7
SHA256d56fc6448c57691fb66fcda85685fd5f20f58c4674f26d197bc0eedef4f184f3
SHA5122164205e8d57bd3857621823dceaf7ee12b7a9bc076f75576a444a2382db580e49f3ee8cf95172ce91d234c73ad09ef3a98b671ba533a9b7e90e747e20e0d44d
-
Filesize
342B
MD589d5c837c605048d5ab9fab637a83597
SHA119a27a82537440911f7e47522cda0eaaeed132cb
SHA2560dad9cf930274223f8892b923f054177571628562f328f69648792fd02d5a2cc
SHA512368c3a086c2a777d69d96641d320c1f5be3e07c8565340e78a9a6fc430b1f9a75cb13bd6353d8004c7807c69be2f0079985bbf71c0d8fbe55cc9c42089f7b6d0
-
Filesize
239B
MD55f8dc64cacf1ab23a783a5133b2590b5
SHA17556bb99ae1ad8e3191bd60aed272b6062505a2e
SHA256e955ead496799801524efa37a02253b31533ab188df36d63a4758a118d46400b
SHA51231b6af9ca8df13980a17f6ed67d3ed35484ad9f7af9a61da92425a2196961e46ce7f0e473c3d69f51ab77816363153f8d37c82bdc81de11bd9d830b4e6a08297
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
239B
MD5529ac3dbf16873dfcd629dd593f987d9
SHA166b4556565fc18a2bf323dccc12c0bf6b0fbb449
SHA256a4d6d3ccbac52d28008ee6ba5f51a95fb6eed108ad5441f4119908390c6a91db
SHA512cdfdc0c345dfa3ed15776239161afd2d6d8cc6f260b1da34999c1e0184c8f44d9b25593a954851b86c273731bc9599cf8dba51cf9c072b95bc4a02da9b6d32a4
-
Filesize
239B
MD5d8afa72824c99c8a22e52fa9c7bb11a1
SHA198e0f5f26fdb996d8b0c8951134a5898a96c0898
SHA256f92f897c3e773105d642e507e38045a41bd1079e366f1f308b58787c1a86c5ff
SHA512876d4cfdaf626e7d318622e2137da7a1b3f872703860ab9a25d07368f2ace306534da5ea14ee9f5d64fb3920cd1a227228f9b3eee5606a842c12bc00c2def801
-
Filesize
239B
MD56673da166a36f7bb7632d8d9d36a74ac
SHA19811d56a34dcc3e8bc716acf88d03193995b1057
SHA2567f73cfb8c5f792c1091fee133941f0b41bb780bb99df382c9edeff4c4493c8af
SHA5122d40ca40b45564dabc86abe446aefec64d2436f50c375e4c70e462987a89e4dbb46edebc91fe4f684584e1ad1379ba20878079a9664cd6f32e281dd23d9e1527
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
239B
MD524b38b155afe889649bb6303091e2711
SHA181ab57a252a11f9c4369d0470989947d93525535
SHA25610dfc3e5eecf3bd2b48ae8618eea6856302881e854dbed564027afa64730a0e5
SHA5126be5addf4e5bd74217b9143581be3ef5a5b10a8f3db06427048b938fe0ccde4db390c3d4aa7f6b73e730a7d55712582f62544c15215b25dca320a5a78f9fbe82
-
Filesize
239B
MD54f2aeb45436d45da6ae5238b1aa9a89e
SHA139b8777f50f6a011cf47777c5c63d0453895631f
SHA2560d42eda87e184997a388ebaeeaab52b0492a5632177f68c5433677198184a097
SHA512e639c3b1e23035006d03fd9fa699f9d4d2fdd67cb6ec75f3d1e25e1a3011606105f6014196e5992946f0289ccb19e16fe7c97b8df87dce558f6fc1893e741b6a
-
Filesize
239B
MD5159a7d16aaee27988c5b79546a3d04e9
SHA108943978d47ba154d51dad6f034207eb581354fe
SHA256d46644cfbc6aba54c811e9efa136594cef10c34d52013e7c59ddb8aabe0c8e1f
SHA512d7c1a6ffcde81430930118504b1c4f6c68a7397230d83c799f207deddb57b68cca02685744559533b8afdd52f99d47b2f8d8f9398e7d3a1a5f2a0f2968562fec
-
Filesize
239B
MD5da270107f2e415e4ca26ffa350c7f61d
SHA147239199ee612b88b793051137ec6f3bd9280ec4
SHA256653804eb6271263b96ecd46c1857336c8dbbf83986c80d734d8fe0b058e4a73f
SHA51206886e870e3f96afc5f9509ac7a1992702c9d638829a33ee0f59284f9cd443f94d025c4e489c2690f5a0dc885ff877e0dc97b8b8393ac9d3bd2caaf0535967bc
-
Filesize
239B
MD522accd6cb4e7cf825618fdf813417307
SHA1cac80346898bdda75537a1aba0a817b6d57ca38b
SHA256b8a5d5a7628fd79f4228fc50481880c5222f595de773a2aab86b0da4794b382e
SHA512f2a25721c5ac04b7a03a12502ef20703c584b321bafd1d46a321a9b4a36a7683f7809d3f9a6fe14f3eb2e93dac2e8744a48a28da810696938f05bc69f3ccd540
-
Filesize
239B
MD51d5352171e4d9828d8f260be976dae4b
SHA17ca8b4d57ef92dfc9472efee3b9d7b362bc2b832
SHA256d7180257cf8f4412750c757c44011935d039495dae43ee64bff9e5efbe6cb5e7
SHA5122182ff24b27a5b02d13f92661813dcf43b3f0ce19b03129c12c6d6ee3661c6abd6bfb04db876a102c9a3a43d3041c0a70f21eaf3023c205099e9908cb23faa6d
-
Filesize
7KB
MD599b6d393f17db2f56c09758a0507f986
SHA17c95a92276aed36b419d00124e02981a581a563e
SHA25662a74a3117ecd100824821daf8a461422b522f2b6a3b235010fe62c7488c64aa
SHA5129636e547f09ca3229a1b3d6ceedc0151b7d534598db6f442f8e168545fcf9f128264976f67aff17a7a75c0b79cb4ec457ef9ed3b678a97a8a9eed4db2053a264
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
1.1MB