Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 07:53
General
-
Target
JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe
-
Size
1.3MB
-
MD5
36582a4979101409c174ce13fa15d9e1
-
SHA1
97f68e30fb7233c1690d3c74b26d6c16d9b55030
-
SHA256
9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed
-
SHA512
ba7f0b884de35302340027f27873f2666dbc06512cce61c5551c6505bbc9121fa450e0e653a2aafd51f0649833f5a3eeb0a7043cd3d3a08e6eec3030d7fa78a5
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 16 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 14 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 15 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\taskhostw.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\sysmon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\zTR87A5U1o.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nl4g9d70ax.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3jGxsc69Nm.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\AWL6wsGpK7.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3jGxsc69Nm.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Z4XVup0LT1.bat"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BYj1kG62r9.bat"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4Tm0GxqeGU.bat"19⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\e2wUPJtRJp.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\YzNOjOTGFC.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\R5wNYqVH5b.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\P9uKrkSNlp.bat"27⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:228⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Z4XVup0LT1.bat"29⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:230⤵
-
-
C:\Program Files\Windows Portable Devices\explorer.exe"C:\Program Files\Windows Portable Devices\explorer.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CSN9cxKiet.bat"31⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:232⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 14 /tr "'C:\providercommon\taskhostw.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 14 /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sysmons" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sysmon" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sysmons" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\sysmon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Portable Devices\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD56d42b6da621e8df5674e26b799c8e2aa
SHA1ab3ce1327ea1eeedb987ec823d5e0cb146bafa48
SHA2565ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c
SHA51253faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29
-
Filesize
219B
MD5a80e214f78257ebe52a7155064f88979
SHA16c8b2d777867c8d1e598393c8e84d930a0384cb7
SHA2562a0600604409ece2dc00037efdc966272a0587141c1536ddc580f6ce1243425c
SHA5122384dfb857e4da9575f3bcf2ef1ceff34be7fac0e41bca98c4d44f4a54008e28d68abff5d61715d80d8cce01a8b730e1f81e790ef74473302cc56df4fbc430a5
-
Filesize
219B
MD5301a10193d575287db2d65a2e25aba97
SHA117624ec8dd47f789b007e6249db5a6dfdee41561
SHA25645c4cbf09e565ef5ddd59846d242f7c4453c269648fe73f3c53926a1098f13f7
SHA51207a718b7eb2e914604d7095a67be925ae3d926b3a0975d8e165cf10ad5ad5e4731b18e2a46784b20feb74ae6426e0f551cffc1f318901c08efbea5ecfad715f0
-
Filesize
219B
MD55705f7ee986bee0f2038297e7741da57
SHA1608ea7021eb88fbc908410fdffb069137ea6fbd8
SHA2563449ca0c0bc817b5219739b937a9f6cb07c57f27fd26e902b0b59fdd84e16530
SHA512de946b41dfa782a2de20bae5c72689786bc37ccb6f997131bde57553a324743d7b3bbeea0c5f8f2dafe5943dc87bb7e5de856001c5bd168d59f05ef1f9cce2d3
-
Filesize
219B
MD59b69a8f7c3bd4ec96a68746ff29ceb71
SHA1ab48579461a6e6d2d1644714db6625da582563a2
SHA2568d583495ee74cc3c0fd5b7435e8388dba604c28c373aef2892b05bff724e4900
SHA512b802dcd806e692680fac03d5ff6011ea3058ed13d1a2116ec031fc1870fd5b935f3e37d8a9136128d034f116a66125a84ce06d5cf44444a98254edb973288d84
-
Filesize
219B
MD56ebfa62efab4c2c1c7740a3773771f5e
SHA116ee3df55caf2b4a8c9850fc3b139063bdb75409
SHA2562a3ac1ad71857d9eb2ee881742e6ef38541529f9426b13a89b4d5fe7ac5e15ba
SHA5121eb5d8ab7e6e45f807f757735b186c3d91d7d5efa84a7bbcf02fc9c81da9023ae64d139da8d782b2541c7df37c99e2979eb39c95d2d742dcfc0bcea241c86895
-
Filesize
219B
MD5f9ea9e960338c0d4ca17072b16a959bc
SHA1b62e31e3ac4d60e2be38f7b0fcdce5bb6117aef0
SHA256d6edd16d3012c63ca631ebe4b789dabe0c95fb264565ba548090ed6e58dd61cd
SHA5127404284121d4e736b4c382440cb190dc2fa5f48deb1b22e0e5572b5015e8d607496369c992d285547280b54dd957813f6fff6010dd57dbbe2da490891e4091b4
-
Filesize
219B
MD565deb386b1971600848a0033fbd99c45
SHA1e90e802f47834a04edad77bb2cc90681f2d809e3
SHA256b72871154ac08667edbab9c68669476055c3267e06283861058b5f65458b4772
SHA512d86a188a2eb660b2c46d17073b6cc5b12f1b0ab01705179df19399a9a1d2b60d72269f9e66a9f5b4dcbc79dcfd80151822ce0321690f1fdda7135dc49b2f0b08
-
Filesize
219B
MD54ca4ad5def02a178b9e90efcb48c5814
SHA19b1e352cdbbd75faf0ef159eb2489f8532c03f2f
SHA256991970e8b3e5fa4c6f28dcc597daebc667235e7575e443f4a76d4449fcedd408
SHA512206be67004009a5f4c24e3a2c30ae1e63d925fcbded44c95fc500f797675544cb03e7aa06050ab34f2e87862fca255a13a06c7d9a191da1cff12bc509da57a61
-
Filesize
219B
MD5718de8fcdd9520d54bbff753597d546d
SHA1c1eb4e1fdf13560641e77543598dd598f2f60619
SHA25607994d8a808feb9cbcbe4ce40fd39efd865f0b7a3543cde504d1d0970c8319b2
SHA512f35576b9f4b56b7a286335d82a93cc77b9e57ba3136e5b837def3c04eae9358bb968ebd31a7b408ed185976d305d4086af252b1ed5aa15cebd1146e9ffb88011
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
219B
MD528f92c64912305cd40af71caa5d67530
SHA1d745d16934c2a42df6110bff7c68e5bcbd48ec0d
SHA25609ba72c0bddeae41621abf9915d9ddf4ed03b147fbffa91904e3d55aa9f27c67
SHA512bdaea0ca2021ca9a9a46af88526c4198c17549635d3da644e8d2c86eb57b0b77a2a2382496acc003c55b383a3936231dfa79da3bee1dbafee03df270e685572a
-
Filesize
219B
MD5e28e173b226d3851bd334fb81df99329
SHA164af33982b4d0e07d79b7ed717c6cbf2cab2501d
SHA256d69b7747c63559607080aca1ec99362316462332709374d5d3f7712e1bc629ec
SHA5121c3943225348929d06ea0cd26b04dd28a4d911da05c7a683c0532f6656c27ae3edf6cd7fb9d38ffc4544995d568f8fb8ea9e85828d53dc70ae9621cdf8753951
-
Filesize
219B
MD52153f1ebe0413f923c87e3f5d008bae3
SHA1a2e32f59345d8e820112efb979a8d4255eee78ed
SHA2564f6ca44c991bcdd71076758c391e91d2295c43b0f2ff246b2e3c08802bdbc36b
SHA5120a4592ce4912415dc595d1bb0d9e09913a5661be2e1db334dc7c7cb209f2453b5a27021c2622d41e2857d86d7478cad5c0790207ebdf9462026408c47e36a759
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
136KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB