Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 04:55
General
-
Target
JaffaCakes118_4fabd1c1f39aa9d4a4cb2d1bd2489222d87315c09b7455c41fb1a07f81c325e1.exe
-
Size
1.3MB
-
MD5
43aec1d7df9aa817e3ba7d25d21e83fa
-
SHA1
f6887adfa7cb7e69683ee60f87657c73c93052bc
-
SHA256
4fabd1c1f39aa9d4a4cb2d1bd2489222d87315c09b7455c41fb1a07f81c325e1
-
SHA512
dfa3de0999f8f8b5deba810a7e663646d7cdea6b80fc1bacff43fa0900c1c5c024f31c0c258ffb9166e77e5b6037a6a6f25971e5a15fade19df219311d2cd121
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 16 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 15 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4fabd1c1f39aa9d4a4cb2d1bd2489222d87315c09b7455c41fb1a07f81c325e1.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4fabd1c1f39aa9d4a4cb2d1bd2489222d87315c09b7455c41fb1a07f81c325e1.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Desktop\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\9gp1Tbj3ij.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\V3SaMhi525.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fjnbjzFmbP.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\K3fI8Bd254.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cwtcXGf4Cf.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\rjauxUKpXQ.bat"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\asjVMp8zxr.bat"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\kbrh69MYEy.bat"19⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\V9nTU0UPEK.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\MzhLoGhvPq.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3Lxx1rvPQX.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\X5pWA5YIY7.bat"27⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:228⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xc1v93Hoh1.bat"29⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:230⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\P6ENo64DAh.bat"31⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:232⤵
-
-
C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe"32⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\Users\Public\Desktop\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\Public\Desktop\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Desktop\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 8 /tr "'C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 6 /tr "'C:\Windows\Performance\WinSAT\DataStore\StartMenuExperienceHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5a43e653ffb5ab07940f4bdd9cc8fade4
SHA1af43d04e3427f111b22dc891c5c7ee8a10ac4123
SHA256c4c53abb13e99475aebfbe9fec7a8fead81c14c80d9dcc2b81375304f3a683fe
SHA51262a97e95e1f19a8d4302847110dae44f469877eed6aa8ea22345c6eb25ee220e7d310fa0b7ec5df42356815421c0af7c46a0f1fee8933cc446641800eda6cd1b
-
Filesize
944B
MD577d622bb1a5b250869a3238b9bc1402b
SHA1d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9
-
Filesize
192B
MD56905557bf820f964f9fa88fdff048fb4
SHA1699bed196b5f3da7ccc4e6170becb9033978b995
SHA256fe55eaea1bcabac3e2475a8bf3ce0f2b34b51582456bd058edeb1360918e0c26
SHA5125ae51b249360b7aff5777232da69d3811b65bef39316ee25ebd16a0510aada9a3d6ea8999516f0dd05bf7e8b2dc7ce72b1406633cae1fc49c448913c2336b7f0
-
Filesize
232B
MD5528a404a984047d07e0b8ecbcf99935c
SHA16fc24cf459d0d7f628b007ed90ea75a85d42f9d0
SHA2563c9244d6f7cbcc2cd26402d2571e5e9a3bc08abdadb5fb33b3205c57ed8d1d3a
SHA5129385c642330dde7f8d2be44a719f2cbc25d4058dd1d6b70fb29350034cebf8228ed16d454eda2d020d5bed16301a61c174b079f15d61d392afd88ae7b7775dea
-
Filesize
232B
MD58f1a3bd70049e3e04171142a15762857
SHA1b804acb20fae493b821dfbd0136a4e928e9c7735
SHA25623daa91931c71e55759d543dd0515119cbed39f2a391a1e860fee66ec64080a2
SHA512c970ebe8b6cb9cb9deffcc82bfb1e8b919d8bb9e923ce42d53852b90b15ab630f736280825dbda4e6116169bfe1fd3b245926ae963b16881d971df7a4fcad273
-
Filesize
232B
MD5afb398001282688587adf8fdd9bed89a
SHA16ca9ae6b27881bba332f4a69315055df18c72936
SHA25620dbd12397a8d8844e1c15fc7f19380c92b3162bbc8639a4bd2c523948cea0e6
SHA5124fab1278f3e42913e458b098b1ae42cc2b882f2c09427392282a6027bd00bffca22a1d2bc6195037b263d9fb0cbd1b43d78764688a0d8b68572cc128b89f2d9b
-
Filesize
232B
MD580b43d1a0a30c2130ac145ab1d7b1903
SHA1dfbd8da27837e56def0c06240e18193ffca3e8b5
SHA25635fc5ebd34a5dee0a642193246a3623395c5d0601a7afac0057fde6d9bafb5ff
SHA512283ff70938fc79536bd32f3f4e1d2a0104bba253ba8a7dd4debfdd4945ea59da27d24a867b2403bcfaf4f2aec40a3ecd9a526043f63444154af3d358391d6780
-
Filesize
232B
MD55309df2ef0f10f237a5d0e6d9ac83a1f
SHA159e17e75f852e039eb40e32310e17adbf4061fe8
SHA256d50e56d7c7e657c5283b1d1abde221432ce2ffff6902b0f8c9bbb7e991b288c6
SHA512c11915fd0e0db58729a7fb595c787c9b243f8b034b5cecdbda94e11be0c77bbb5b81496ab22b37515a48a2a8911f8cb80a02a7cf9be78694c50bfdf44f5efc37
-
Filesize
232B
MD59ce397dac5f6dd6b58988407b7fd37a3
SHA1b62574ed68c1e510edb291cd0ced47a22e703224
SHA256859c4bb99a63da74ec302fbb0d694297ebbfce74870d5e1db1427276705fd9fe
SHA5123c28aaa6a44e0c08f2d44987e0a8ddad2aa775cf96ab0fc89788947b3a13b06bbfe2c8d2c1898dddbcf540113bee06b8949e44f66350b82e49e6a35288b5934b
-
Filesize
232B
MD5061f745a2d643aad75b989ae6e5ded6f
SHA1bf423499ed5467e2b6ba81a58b5e2e0e33ee562a
SHA256f6faaa147fa159fd7bd794050a7865c8f56635e36522f7ae125f386e492d439f
SHA51252b3f5d6cf9abaa45849b3da1f222e4077ca9e7d168ef2fd482900c402ad19f1cecd0e0255a75bbd9a2723d7efae40e2dd9a9f08b04a169a074ead38f0634414
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
232B
MD546af0fd1919ffd2807fd79d436e3b66f
SHA1e9cb8b2e860f58382c080877adefd7aa100b3188
SHA2565b5c7c719a27cc7205838db3f907673fb91d0a7d2a4a2b3468daacc5827d9a39
SHA512a3ed64b9031ab5c8516937459fb0e0e0ba61eeb3214b5af69af50c6754514bb65f5ed37bf68c201dc2e9f1fbdc539608b9f49ae4cb9dd21460c00e83eb66113d
-
Filesize
232B
MD5f71b391bdcb2859dd17c2668d9d438e9
SHA11f3a527f0fab58e44ef99632239412c293d01530
SHA25607b9184e7dde2b4aba6d668a03dc8fdd85e7ee24cb87e61ba5b85feba949cf07
SHA512da84d540c10ed6a8ddb665706befb001ef35c66020e7357f0bfc46ed7771312d2fabaa38e32e71163a74a7b33cbf34852439c0c1dc9e7998956bdc44838dc68d
-
Filesize
232B
MD5aa352c06c0191b6ed8e3435f702cd71f
SHA16f9d5e7264664de75b76ad0ae9ef2531f1aeba99
SHA256a44349186749268aba10d0911b21055de1dc40ecaa7eb6b61790b7d5245ad197
SHA51259100825fe2133f689364c80d94f759cd96fe2a328632487488900364d3b84e8714894ed885ee3bf39997d6d71131ce324d0cf2cce9783010fddab1c39028055
-
Filesize
232B
MD583eb218894ee9cf64f79f3ba2dc20065
SHA1b436afef10ab6136d377c1879047efaec64b8160
SHA256f057512d6a8bf7c5b597f7cbd7172d28da09a4402ad666bc33d4ec24c2f213b0
SHA5121c1660651387e5b46e2eb091cc4908a9bdb30e8a2ba5b094102479fd1859374cf0623e37800fcf17da05e379393fb3a2ed8b3e11b18389a1a2360b68d963f140
-
Filesize
232B
MD5dd6a5ab013897bfe9092f2c536e220eb
SHA18dfe275e62a40033c8eb7d8ee790054c5be77e09
SHA256eedc6ae5f2061bb41a9a585cbd5388c859c631181d1aa0f66277625c4316827f
SHA512f9864542e36d4bb8b7367eece358624d315b1c9e1fe419154690fd82a3a071ad84fc05c8614f2839ac845fde250b8e971a56eb4a0ba3c310ceefffe9a36982d4
-
Filesize
232B
MD5a4ee3e29a72edfbccc4382a1d5a2e5c9
SHA1ee8b0fe50e91aea139a908109f1f7e0484aeac83
SHA2569d9a43047c90cea55fb3e7894c56a71f883c32486c9b4962dd856f83e65568d7
SHA512a1d194da580abe34a9816b543feb14993109483211883886975147d1c934eecae6c2a060f8bd74102c25d9fee6e981d898fcba80904fae2d5ae3d688fa0a1487
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
1.4MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
136KB