Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 04:32
General
-
Target
JaffaCakes118_8f3858dd23d96aa9f530f615bdf230fa5fee84c56f6659fc2f7f01f71608a2c6.exe
-
Size
1.3MB
-
MD5
0d46ca4f4ff0928de5a5eb6b802c60d6
-
SHA1
b3908c0f08727eb7ad9052912d10c54f8da8575f
-
SHA256
8f3858dd23d96aa9f530f615bdf230fa5fee84c56f6659fc2f7f01f71608a2c6
-
SHA512
d7d6be0feaa9752dbce1c14422c73ac9e7b7ec51f6794e877e3c375aefcd29251b772be7ca4c4e9edb2e15c1baf67483175ae9cc18175ddc10bfcabfa2448912
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 15 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 14 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 14 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8f3858dd23d96aa9f530f615bdf230fa5fee84c56f6659fc2f7f01f71608a2c6.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8f3858dd23d96aa9f530f615bdf230fa5fee84c56f6659fc2f7f01f71608a2c6.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\addins\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PN219sj1of.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nlAvT1Qihc.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\esvfELjyVS.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\yWf31kVUUl.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\auWhjrprfd.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CIMKRyAEqW.bat"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\I1IMKnnpZ2.bat"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6VGBOjzZtA.bat"19⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Urxb3wPgb0.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\jkzlbVqk90.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KxKP0srito.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fdSjcfTSOA.bat"27⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:228⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tebxeZNirC.bat"29⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:230⤵
-
-
C:\providercommon\dllhost.exe"C:\providercommon\dllhost.exe"30⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\Users\Default\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Default\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Users\Default\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\Windows\addins\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\addins\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\Windows\addins\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD56d42b6da621e8df5674e26b799c8e2aa
SHA1ab3ce1327ea1eeedb987ec823d5e0cb146bafa48
SHA2565ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c
SHA51253faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29
-
Filesize
944B
MD5d28a889fd956d5cb3accfbaf1143eb6f
SHA1157ba54b365341f8ff06707d996b3635da8446f7
SHA25621e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA5120b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c
-
Filesize
944B
MD577d622bb1a5b250869a3238b9bc1402b
SHA1d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9
-
Filesize
194B
MD573dce51bf2bcfa97ad47d6fd110202d4
SHA1095b9d43ed1db0bc8bc8555f3c32bbcf74715058
SHA25603ce5557572b3c4d365899e3ff091fab6a0754cac962609ced87145037d659e6
SHA51227e16bb629ef2747b00b213dc233d995634c8c71af7b21e72f3a7c92cac6e5d466a97f1d3cc862de29860f24c556640f9ffb5ac2f56be41397a4fad8701e5c12
-
Filesize
194B
MD593b5b7599ee4aff3617d68dfc4cd9efd
SHA11192d13e098cf21d3136302803f7e17a8cddf725
SHA256c7d32a7cb9bee1375eb192ae2d3d976fc60fc501a357a93594ea2ac13e73681a
SHA51282f1ed816181d1d87541fe042c3eaf0bf16fb2cfdd31552a46c6f7d669f415f48fe8c8174132a0dca218a494245369b6d3ba4c5abcb6e8696e64759b8af30e53
-
Filesize
194B
MD5b8b71293687d26547673e9b91d57a77d
SHA1cae92862d303555ca9e17a818fd0d5d10c236831
SHA256d2984e3b1e07f7875089ea6097a6249ddb6545ea87db3b2e8ca429d38d9bf753
SHA5128dddf2b693fb1eb501d73d239d24c167a1336a0523cb57b3ab244b116870400c688995e176a74504df439aa8a984de1c65013a8793661f5621c5355d05572cde
-
Filesize
194B
MD5113ecf46e75dcee4d04cf2d684a790a5
SHA1edc8686d62a3fbc91f58eb08a09d1fc3e19e57ee
SHA25617c0682e20633a79eab497f98c4b30ec85750bea6d938fb9f4e7e47ff525d72d
SHA5120169f2c6a7842b856aff8692f8c2aeaf08d61327cbd62e9316edd1d37906cbdd07373f5a204d4e6338fefc8af39d11de72b220da3dc2924a5196b9da8ae1b1c9
-
Filesize
194B
MD5735ff344aaee106bed0f57901e74fc20
SHA14d8a4956fdd8b57570648b9a6588f1d71b341616
SHA256e9b56f32cb67d9292fe92de99b055bfbfdd01a8ae1c3223db8b4711771d14d7d
SHA5125afc1e1f7c92793f988d8a3d34365bf04780f1f278a646657592dee6ecc0d463740bfa6b25574be5a05af50a6a92ab3a16d5b751396fb3466db1a8b126d085c2
-
Filesize
194B
MD593f1149dd5a1f3e2d4fdbc7b97674d88
SHA1be02730e585ac8cc68cd814741777818daa45201
SHA25654c0521a93deceebfd55352a2f6dd55de8e23d2723ecbff499e0e1a965623c77
SHA5122f15e7e9e735d6b105db05a2c333561a1858f27cb54d26af806616cd46bff5b69520f0532683bcb01c6b5baa608b23afecd9a5f3de2ceb5f49de271d6dae5b9a
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
194B
MD592957aa3f89112d2a7ba481174af5f6c
SHA1c8842bb4d871d68f396b781beecf11e8e4372c9a
SHA25674c681231311dd5e02f767b917b2fc425099e2846d13a9d0dd728dd542b71881
SHA51263cd3a6c6c0a00a79b67734a0118127d669b17fde985b27001a7ab6c859f386b482fa5623ea3fd05f1d7c01a8ebe25a72b9d0eb7a830a946c68058ebf9692f26
-
Filesize
194B
MD5669b9d3272f2616e37238d751d4c92c5
SHA177a84df993b19dbb294a1a4c904eba26a667b485
SHA2561864b4bc9dfab4f0d965b290affb883951129fe4e879141663cb97e98c640e0a
SHA5122c8dffca80d991b5769cd4396ad8b6630e90c56bd5965a6e62c71b94f93e18634f5ef5ae81c91b3ed4e42f129d2327c1bee4c6a21b8b49dcfd7c5b7aae9e3244
-
Filesize
194B
MD5503c606dc085f5a53db0502fb1126a18
SHA1771d42db49a1e46020b9cebdc6755d08f970ef3f
SHA2560f4b7b09b977430c48b1928c28342a41c30d8facc2372b86a4b8b6bec7b36df2
SHA5126649da3143276b07444dcb7c12fcd9a101c077af7de3e2f0fd986fd7f5a6b1be07af7e182199f3455294bdb017eb9ec990804de3acf1b6aaf1ecd5fd0fa6d4fa
-
Filesize
194B
MD54dc87c30a86e76d5703ec380e011439a
SHA1bd0bacdb0d1c74eb69ec0b88fccf3582a6610342
SHA25612893bb1e12eb3ac859fef3b3c39b1203cf45b3ee1b1bf6171ebac2e2cee2340
SHA512d77f1f8620a283e4c879dc1cfe307b7aabc95f74be781bf1f0f00fe26e728a8bc58226f65fc8f1b8930b766dba84041676e50e052a7d538cf390d5321c93b613
-
Filesize
194B
MD54cca500bad393c6382dd0738b7e30c79
SHA181e16623358994ae8dc3c88bf39e3723c4b79811
SHA2567127546b80a55f11b1f374cac0f597a451cc748c5de9430825c9cc08493a78ff
SHA51232e06951d2393fc21fcb515092e2effb4e7b0cf223d7d2e43871d1784a0334a004fc8f4976dde70202b00ff6dba6ed3bbd1a8b293910b2dacd0c618f4d713364
-
Filesize
194B
MD5d40af8d3f32e421daf9225a7ac2d86f7
SHA1c5bbcc5af5f500da17743b107cf01268a98575e4
SHA2565f9c36405e72f36bc7f0747b2738ede87769d03209915811994e394cc51831dd
SHA512c85904eb0fe3c156bfaaee8cdbe349f59684b849943ba989b2dee4b0b17fa415639c4f6dcd9d186ba502dbee079bc14c55996c03c819a261fad74b7af1540955
-
Filesize
194B
MD5cbc7f1f4dce2ad7939c866f3703a7281
SHA1cbaa84d2f7731013848a474761bc007598c166d5
SHA256281f89ed908f252ec375077353ab93d9a8c3c2e5a905a6f0292e4eed070f5548
SHA5121dece47382a3128eb718031cd93a7e15b157b53bfd3176d0da467464cbf3989c2b7d93c22636c1fd9bea0ab1da172e80b00ccf007e97b7d812c9d791cfeaf132
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
72KB
-
Filesize
136KB
-
Filesize
72KB
-
Filesize
72KB