Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22/12/2024, 06:09
General
-
Target
JaffaCakes118_63ae89a2204de718da8c8afa83b9bdab7d4c59efdf1358d330b204f8f8e014b6.exe
-
Size
1.3MB
-
MD5
b0091d27b6685128add187a930cf2834
-
SHA1
f44238fb6f00372a6f9fe897c8541ea92acd803b
-
SHA256
63ae89a2204de718da8c8afa83b9bdab7d4c59efdf1358d330b204f8f8e014b6
-
SHA512
fb6cfbd0dda2b66b6244e392ec2b771f8e402dacf39a6c6e0ce194f9b903ba6c68d52de7377cba796d3528be705894cd36d803f3a9b33f62ce9e599defd63b56
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 18 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 8 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63ae89a2204de718da8c8afa83b9bdab7d4c59efdf1358d330b204f8f8e014b6.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63ae89a2204de718da8c8afa83b9bdab7d4c59efdf1358d330b204f8f8e014b6.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Documents\My Videos\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Favorites\Links\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Documents\My Music\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IuDiLqiv5E.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\LJFSTrJGl7.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\2nzN5fEAZT.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\jcgs2c8gjx.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"12⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\jcgs2c8gjx.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\h84nNTq0oJ.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"16⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\t02VZVTLs6.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\PdOA4wYep3.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"20⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Favorites\Links\mLNjZdSaEd.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Users\Admin\Favorites\Links\conhost.exe"C:\Users\Admin\Favorites\Links\conhost.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Documents\My Videos\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Users\Public\Documents\My Videos\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Documents\My Videos\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 12 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 11 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\Favorites\Links\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Users\Admin\Favorites\Links\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\Users\Admin\Favorites\Links\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Users\Admin\Documents\My Music\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Users\Admin\Documents\My Music\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\Documents\My Music\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD536e7e024e999fbb56215aaaf6a431086
SHA1dcf60aa2567411096b1e9c8cb17ebb1140faba6f
SHA25687d659abef569eb8b1912f7545c6b1ba2d358dbbd519bf569cd9d65198805747
SHA512a97f910bf1ce953a9a4e125d3b661a8d137c87cbe10cfae67eb5635dced75dd3e9a94f6eb7f91d4457aa03633b1028245af4366c6f9e91a7a61122c3a1bf9609
-
Filesize
342B
MD5d4afc35b28e3768dd38fc789e6710735
SHA1602d184095a4c7aeece7d56654e484cf56865ffe
SHA256a9bb976f1e34df36ee80c6732b8b1f1578c78971dd06b1b8c6cb7a7a14736422
SHA512c9f920fef7a448cb04e56f839f2986f069d92abf864a155acaa39a8e4445851ecdae8f35927e06a1adeee1bbcbdf51ee1881e79b06f3aac663b428876a377e7e
-
Filesize
342B
MD578452c36f2a5cee12dd375ade2c48188
SHA1a3e920787d6d5c21d22d31704ffc0a8d92ef297d
SHA256d69b4c68e22804b4236a3ca6379b778fe8b3a4bfab238dfce706805b635142be
SHA512c836a303cecdb513e1befbe3a2ee4849ecb47dfffe62e853aa79a42a6e15516662ff5803004b3c8270528d538825da074cac8b9dba02d30be4595dc5919b0d2e
-
Filesize
342B
MD5b2e7a336783c46508d253b2887e056af
SHA189167d3fdcdfc2bda7348a66a708f96cc03a88b6
SHA256f64d401c0a86494bca79241729fb28ed7a0d18e3001a7d9be20344d6e15ce312
SHA5129810d04616a49d50d8e879d8e2edd92f4dfc47b5b66d08edee3e4d0c7d0dd1aeedb31a72e505995532a08f810b117df247204cb6e1ce335a6848ec4f0a61a1bc
-
Filesize
342B
MD5ea042cec3ed8c334f13010619ddc300a
SHA1e79ddad3fb3f5dad30a7e5026cffac1577d35613
SHA2568d44319496eb91cbdc458db82e3628dcf534a13b17aa54c0db1755d3e706795f
SHA512d4049972988ffe42d3ddc63606f955350f1e2087ba7c3cb9178b6e3d9d8600b594c8336a1103695fc79b07fdc13bbdc97b375b0f7b4a7fb595895e98d28600ec
-
Filesize
342B
MD51023749abd0c5cef3cbc1ab6842e579d
SHA16c605bd60c8ad5018ddf066fe97e3d51d7f5bd84
SHA2566532160f2b1ba3e4cf087901e1dae98f5936e0d082bb6ab444bbfc05ba669a33
SHA512dbb5e42d21ae074bb722b01919312ad3b91150f39fbbfecad9897441755ec09af3441657410d16e2a6d5f418db1b822e94b7c91ea758b9869327c5a00fe70bec
-
Filesize
342B
MD55e9238f9b2ce8a86c96d3e08c0e96b3a
SHA15673d9c7a9e08df66e08ebef0649030db6b8b549
SHA256597c0aa23ab4d29297cca2de74f6d7b0fc71c7e1869fde2c39f258f812b33bcd
SHA51239ae00d8daece7d069c7529a9529e59aab19ea5d5d982c1ffe275afb2cf513d725a7ca5758b5ccfad39d1282141f00db561eeb9f806ad057c9b61452812167b7
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
207B
MD521a47469189e929aedfbe9e27619ed58
SHA1f825b2af1ee2ae6eb7bc81a94f570555e758eb62
SHA2561316ad37e2e4e7db1b6830bc247cd1b54789f50bbab08f8daad9ca7aa8bc26a6
SHA51269e03eb7cea005fabd114816098894e508772909e8583c22d7e9839ef0b6e96eecd371459de25d011e8b99b2f3b7ca95a1607adec1b15c84f51e227f205c3d5b
-
Filesize
7KB
MD56558e7059fc7b848041270d478a233af
SHA162ba2279f1c5260b91e6e734f2a07d1771f33e24
SHA256eb1b59535fdd6327253662f665e9a1fae9eb4987b9981288fc54868edf3c22ed
SHA512e8184c8ce7ec017b67ec077713227e1b44a34ef4b9a1388ab132d276ce93c81783e717a35672fa08d6b541213d6d5aefd42d962dedc4a42c69fad41358663541
-
Filesize
203B
MD5fef1cdb235c1749a79b3b3ffa6707b82
SHA1d0ecceb9068f37802787926fcc01d36a3c5b8124
SHA256683eb953941287f3d7320618ab95a4e604a71a815681fc313364cbedcedcb8fa
SHA512cf797f672942192392928a467da9176cdb89229768d9daae9dd3c733fed5f777683e168ece1ad18e974076a66822fcb2ec15da7ac23496734ad720666538eedc
-
Filesize
203B
MD5546742ea00bbc5a80810e5f540e167a5
SHA124ccf5eb17ffd986f7c57c6cf8d79124be1adef7
SHA256c9541ba7eada401810ef6a8396968eec8b91e3f03b4530cb9e5b08e37288b44d
SHA512ee92c9f3f6e19ddabc950669f2f70ace40730f2b0d0d6641c3b6e611a2a472c65bfd6e67031f2f479a070224907eea1e16a58233e98cc758eecfe2a859da8dc5
-
Filesize
203B
MD55607f52b3c0e5b6a51e41a2d5c59a3ff
SHA156160a4de9bf58537422ab512a7e89648908a1a5
SHA256ed38c09b0ebf73a47c5d1935dc0a7c41495fe03563a89ad1fd039ed387035025
SHA512f3e83ecde7b29357e94c9cda9ec979ec039d8b7059b5ce105fb43b4a34490f60724cf608af0d55ba45bdc8ad7abcdc0363971b05f8d23b7e17747e21d7ee3ba7
-
Filesize
203B
MD56db5529d70d344293871668d5b7633ac
SHA1bbbe6498d6781e1d018d3d75e5114910309ac3d8
SHA2565c73d7ff78518a9c6cb5b8db641ecbfa0e090eb407a09531da9d25cf044b310c
SHA5127c3c073f113ebd784ed82fad4760fa2194b3877aae13d8bcdec3f068480069c8d0c6495a53cbd94215f18cc92502c1c6626d3cf79cc73e74078e482e3368adc2
-
Filesize
203B
MD598fffc476c3885d809e08f6681f54811
SHA1c47d2b0c561268e7c38b3582634fa4d1b6c1ffef
SHA256f2226336d925ddf597ec2cde842189cfcf80de9ffed74610c8eeb8cb876099a9
SHA5123ece52dd1a39e542d81ace4218e5c1a45e4e7b9ea963c17a6c9c826051d25b29694619f450823b380b994c82226e52039f8de2f8d72893cab821af225ec78d03
-
Filesize
203B
MD5e215ab177a1658ac01ef0420671ef8a4
SHA1abc040a09c759865da966c63aa8c9a7fc9ba78cf
SHA2569da0d2c71b653b400ca78cc5bf13e256f9eb4a63dd4c5062286cb5a871ce79a8
SHA512a8d403953b1b9ea53be655d2de6095a122dde08fb2e93ecefd9e7ef77de80506d3c2dd675ca90548411c16a7548adb3dd266ba9453d26689a8d2db7fcd82392d
-
Filesize
203B
MD54b03ed9e3d22635a76ff495299731226
SHA1449f5f4dcd17c5c8e1b6fdb388836a8d2fc07f1a
SHA256eea85042f7b76ffa1b1293abe1da5d685ef97005fb5d8272225065cb5dce49fb
SHA51229683f98bb6bb4abe5958ed0fdd9015a52010420f5f38d89e6395460ce72dd3ea040edc737df23fd586be6b91168900596f2292308bb406fd5d48045043ef1aa
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB