Analysis
-
max time kernel
146s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 05:18
General
-
Target
JaffaCakes118_fbdbde3ae37ba41e7617c70a4d4de4b71058e3de9aa8344e351b7cff9eba4392.exe
-
Size
1.3MB
-
MD5
d675b99d2735fbb35531e109bbdbe15e
-
SHA1
814557e02d03440b91308e444ec105af13d8cfb8
-
SHA256
fbdbde3ae37ba41e7617c70a4d4de4b71058e3de9aa8344e351b7cff9eba4392
-
SHA512
d36fd054a0a862817e3501d03bfb7278c5e1e5262264edaa075b634633165bc22a92a2c9f8a0e5ee063e35aea3daf59d0435f561248ccbcf97adeab6dd2ceae9
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 6 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 15 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 14 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 13 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fbdbde3ae37ba41e7617c70a4d4de4b71058e3de9aa8344e351b7cff9eba4392.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fbdbde3ae37ba41e7617c70a4d4de4b71058e3de9aa8344e351b7cff9eba4392.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Sidebar\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\M1TWCJOn7d.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\rcE1qBYVKA.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"9⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cqXkQwtlzQ.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\MsMShxucCb.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\1CE969IshF.bat"14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Ys8lvSze9b.bat"16⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"17⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\wLA3izB53h.bat"18⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"19⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\yQKAuQiBIV.bat"20⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"21⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OxVZsORhRP.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"23⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\zHC6P4FzNT.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"25⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GzuRWOxc20.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"27⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sNl5EWIzDs.bat"28⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:229⤵
-
-
C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe"29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Sidebar\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Sidebar\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Photo Viewer\RuntimeBroker.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD56d3e9c29fe44e90aae6ed30ccf799ca8
SHA1c7974ef72264bbdf13a2793ccf1aed11bc565dce
SHA2562360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d
SHA51260c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a
-
Filesize
220B
MD5915753daa008aa07b62c663ccd39200e
SHA1f87d665f6603be8e519ef993f9cff6e3d73e4945
SHA2567fb065cbbeb428ca7c6efb6b844ab1d38e8f8a208ba99ac3a87ff3dc22be25f1
SHA5123f3b5ce61a87f1712e52b9c566e97d43a67d7bda4214233a563c9cabbec83c0fc6a813b918a63f99736eb76f491d4c70753752496b9d8dff56aaa5e38cbc0d91
-
Filesize
220B
MD5be89525df7df9bd9b1fdf0466d429f21
SHA117929023187b633e6d83a2158437fb1e8f04131e
SHA25666e1b817f9bbf3b55bb4e90d04055b3f156aaa677c7adbb021b133c744d4592d
SHA51206c8c1aa9a26df239fbf03d5dc82d0a7170a46efa7eb292dedb052d4a53f399dada6d167ca48b3416a0b72a2d3d33a38684463dae332dac8772ca5e797e1b734
-
Filesize
220B
MD5cd18111bc7f8d69e3c4d452d29d67d5e
SHA1c70efe009ba607512818446401c7425f2a388d3c
SHA256268978961ac3761daadadac60aed862c27bc360b1373767cde41d072f2925e57
SHA512bd1d81d086992a7b2fc3d1039e9b4333c52ad3fa5b02761f4c52857d7a8768b00275095d9854d531ea26ee651b3f950592ebd13e12d17a432351e13fe67c0ff0
-
Filesize
220B
MD5d65366bff2e217741a0b44652daa34b1
SHA1f90565ba5573aa249a85944073779b46ca4d84e6
SHA256b56390b8829e28638d8a37e58511d0e6e3181a7bfb4e64bf207e67adf2f254f5
SHA51274b0596a51d018faf5e21bbb45a1b37e40451b1a0c0c6c14a236179ac5909b95b351a1d4a4d37fedea1bf1fefaf8b4d854b851843adf9a6d0aa579e2e77abed8
-
Filesize
220B
MD5ce9365bc4546c5df7d3f3bc64c4e4ec3
SHA1209d1ca8595602fb2b066a61ece57be62c4675bf
SHA256525afb123d84f17294b850718abfc251f3d04432b609330937d59191b810987f
SHA512feda3ac1d209171cafdee4b02ac6e3b2186cc6b21686f7fcd2553a3e82d59b7e6c9d6a090bace1a9b1250b99fb9dd9f805c8b33b74ff7b1d33f4bbd7fc417048
-
Filesize
220B
MD5dcf95cb4c7411d413ea5f16ff16d6ba8
SHA19d68da2cb7f234898a63ecada1bbe9d74050b141
SHA25636e2cfa1c35d9cefeab3425f7ad291980374101901e7a8521a760239d0978643
SHA512c2bb80ce31a38f233d4b9e776c12d6704dffa3f9f31016cea429a3d34558b1d48fde8ef800ca243595c65467ecc5975f0450c3256f399a5b817023603281232f
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
220B
MD5c21d4b891bd4cd35a6e1e97973e237d1
SHA1a0d640af7fbb3124db93873a635185ea08c20e65
SHA256dcedf53972a9d0174fc54bdc337dade83db16d8aab4cfe244a6d4735975e2381
SHA512d4a506cbbac0d70362553b19f6e1bc0722b44bf68bd1905522296ecb5e822353a6b6aa86ef5c0264b2d2522fc8b823344d7c0b2c83fc018e046b3c66695921a7
-
Filesize
220B
MD5134acebe9e81c1c6856a56c4ee04a841
SHA163bdd97da7fb27f3ac6127cd717291bdc242e020
SHA25673d559b134438fa64fae1722cea24e2efbcb41e321d3195ea3a2db23b25421ef
SHA512b196ed56d769fc7bf5b284fca0468af75838f764665f29839078ee5bef9b148ff766bc8da770e33bf7b78a7d3b3240577c22b2ca5e79b7cf609975885a293cda
-
Filesize
220B
MD5e2f25539acc01308fc1a1da63c75ef85
SHA175231c20bae41537af4eb0fa0e5c3b34630bc859
SHA256de591abac34e41705ab14a731a3a13a0d901f8e0cc7b6d6b1528043c4ceb02c7
SHA5120df5a7263ad85b48db445e3db1540466fd4bac9c2cd3ad1b1a45e2a7b31d96613a7b0ed1916e8aeed5b659a0751add0d5e07dc39ae96556d22b29841db313efb
-
Filesize
220B
MD5a7f1952bdf1317e6cec27b5c11e03544
SHA1472855fd95e744fa0cb7754b2c493a239e2b8848
SHA2560fe72af18eac193df8c9c6e79ae2f2b0476412bf50f00efcfaeda1370fb063b7
SHA512134477bbe0481c68e12b6595bc60f41c3eb773a83fac93c6f90103bdd75e141c6c0e6f4276e8686f2a0a22f7c10c96370b923542580559f6a67a45a613316eab
-
Filesize
220B
MD595d7cc3e7456b12e477e66adbb117255
SHA1e76b9c3f94d204e8b8545127dd7847dbb7d2c8bf
SHA25665e37212cec5da4d9e4607b005899a69421dc8070b8316f022bcde946cbb992a
SHA512278621e6ceb5fa89455dbf8e976ede8b154c9f816a1f6344c4df65a509851ef5b56562570d4366c998d74288d042b267d664f4919dc89db783ce79653af13e48
-
Filesize
220B
MD58edd363960e8afce20cc2a15e98d02c5
SHA1a291eb6348cfad14948bd1e56eb519dcabfb121f
SHA256dc0a02de595370430537b8e0245fe0ad12ccc04a6bde60221b05317a064e9466
SHA5122e9282364892da0454026455b6bb479fd2cd2a1b2fdd5f781264ba1c94ac99b9280d9b4ce70db51c28b54dc5cbdb68c02a52a5cf8644f6994c24a61fa2243c7c
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
8KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
136KB
-
Filesize
72KB
-
Filesize
72KB