Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 20:22
General
-
Target
JaffaCakes118_d49d621c16644c9a21f3c101b3b2d019608177c4829a88e92f4a03b5dea222fe.exe
-
Size
1.3MB
-
MD5
03264ef857ae3afc99ea6c40dc8cf831
-
SHA1
aaa3840e219f3602393067ceabf7fb25a3b5efd3
-
SHA256
d49d621c16644c9a21f3c101b3b2d019608177c4829a88e92f4a03b5dea222fe
-
SHA512
8097d996f37802793e643caf310472a58ad2aaf5128ed4253b23683b1be3825fa2acfac6770b046b21cd6d6e4e3b3672c4150d3579e71459fd2ef6e9379426de
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 12 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 8 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 12 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d49d621c16644c9a21f3c101b3b2d019608177c4829a88e92f4a03b5dea222fe.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d49d621c16644c9a21f3c101b3b2d019608177c4829a88e92f4a03b5dea222fe.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows NT\TableTextService\it-IT\WMIADAP.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4C5OnvVXGa.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ay5NT8uJA6.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\E3sOpJujjE.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\kUc4JDtx8N.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TBzEQtkdDl.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\t3iRsZx2b7.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\W0gPze1DKI.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\L8pPJcA7Kt.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\YNa8GmLI5m.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\U04fYIssV3.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\it-IT\WMIADAP.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows NT\TableTextService\it-IT\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\it-IT\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Downloads\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Public\Downloads\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Users\Public\Downloads\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD59647485a779df03ffd25dbf2b1610c61
SHA100a6519a82a9e11bdfa90894c8f2470cdb644e14
SHA25625a04719beecc7cd9bf113c5fec0da081535edc6dfd35195281f1191301b153b
SHA51202ab6f1d2e876df57d596c18756418fb6141b06ef3bb362b2d11f43de98454bda4f90276782c17296352f704c145903d840fdb155f89ee74727ae953babdb545
-
Filesize
342B
MD5fe636eba620a7b4c886867d0a809b384
SHA1f7636274ada700775b96275c03b1c618814a4b77
SHA2568af66e2f5b6092782641608182c93e4a763df7244ab331075b29a930e54f2503
SHA512db0adb1925ec68a5efe687e92b57c2f3d1891569cd90ce6169a15cc0b0c46dfe21dda5d743f2e690044fa75beea32fcd36f91ed518c0d3fac93450b66a46448e
-
Filesize
342B
MD532d96b2595c94791794b3d2317ced836
SHA1ff517871b218358c3c9d0ec8ed5dc694dd641dc9
SHA2567db56a8a0be3a37063120528e4390657ae710a1f5f587084883454f74daee9ce
SHA512a51ab9c0006e54881a0d7e2a9e45c499836b99f32476b21c9eff927eef63a93c0f85fc98ebf42c7e8761903490e582df12aa3b799f3b7058707b54d2bc5aeddc
-
Filesize
342B
MD51eae1b2f5966dfb413bc374512359622
SHA1c4058399f99071181d116e3da768fa9359e7e7f8
SHA256c760d2be0e1a4246746d86eb2ad92e52c00830d92d058b430d1e9dc81b80a05e
SHA512333dacc8f349a49bcfd9a30c8975a5d85c96c5c61aeca3ed1ff2dc92a45b865fdfdaab1559482c7b661755a5c1fb1a82b5f22f755085a318f8f3581befcc488a
-
Filesize
342B
MD5b6eef218499ef7fe7fc065a4404a7098
SHA17b22dcc5b56ecc2cd16d2d4fc9c21fc31890c586
SHA256fab2f54dd13edaadaad934dda832d0460d8d56d1d2fbeb1c1ffc29032e2c13d0
SHA5123fb9a835190001d5f95705f180788f64f4568f60a79f02102c2cb8d5c32f0e6230a05081d26eee5a6e37c3045ddb840b0d13078c384251b0a13a6234772529a8
-
Filesize
342B
MD578e6b914e4f51762a32be010e9b3af97
SHA166c20ccaf8253dd0071e77bdddc67adf2b6998ea
SHA256fc5d3dfba562e86ebebea2a73b5a0ea00b8959b63aae3d87a3c2a66ffe0bcd59
SHA512978eaf133e7da98b1d3f4360bb3afc1b61cedcfd56fe102fdf30adb4bf81604021430560c5dceb5010feb98d9d3deabf375f596ea0fad242d6e30a7738f6bb73
-
Filesize
342B
MD5f066b0be7ef396b5e22203e92b3b6e3d
SHA155bf7eb634d28d4ea5d40ea348a93fbef0673483
SHA256704d7f28064f379bef537c69616610a4054fbaf24cd6936c559b3ace07f179a1
SHA512534f3974581f44618539cd0b4b67f90b3319b98190764f4f3a4790ff27e2c42c2b1f4d2ec27d381419d2075e8f5e850d70f53f9340e9efc95f04ef813fbdcf16
-
Filesize
342B
MD5e4a0a99f3046418a242807fb11e81cb5
SHA124f19c0615ca3390b48924964b4edf761e1e427b
SHA256171ccf5b2b8a0b5164801a233259bb26218457344d5c5fee15f5972e81c29f07
SHA512d7d587f756ac9c98492b3c1e4ec79a03858b24455eb1f6399aeed1710a3997b8575d7f3b104aff11e532b4e6ec1789980f56cb8c4dfdd6e3e6e27c84b7068b11
-
Filesize
225B
MD522a62f6106cd9068635cb63b503e9cf3
SHA145da87a957c84a0dbbc928a0d35ea687caccbd04
SHA2561783351a687d0be1c4b445edbb3ecc4421b4c91b2bbcaf46ddee2a831fd40349
SHA51270418696e83208b4fb89acfde80283bd39f8135bdd81a16cfa4a13ccfb6ad9ba222251a1470e90d026b3686a79383ac8ac70786ba12ca3ca5b80960aa198e3de
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
225B
MD503026ad1cd04efb728ab6a21001ae381
SHA12533995b810c45f758babc6bea505309f851a50b
SHA256330ffd4fa400980db564c6dfe953e4e3852d6c61da91eeea64cd8346cc6f1d0d
SHA512f38b1fa33a04cf540fe8fb6e06d4c50661ac5e7380b9825c4fe704dd45b4da0cff2380686ce139c9855e799db4cae1b0b8c1d3cd60fabc0697855a788766964c
-
Filesize
225B
MD55e23fc4ef4b8f9593b8782b4b0fc3928
SHA177a80787b85f62a5ec9e1357ba8f4f7ea754c07f
SHA256f3a3ff6d0c28323c9604c1033ce6c1135a00cbb2745083f88d06af17be5da313
SHA512c64590a107f15223b9695fff815374c362e22e3116a62f9e8589e286166f03c417f92d66307b2d50c2350554b84ccb30c0b890dcc8beea651a74f85f0d3f337c
-
Filesize
225B
MD5fb7c872e13d3d2ad5c9d99b578abf8fb
SHA1a3f58a471dbca4f41c2d05057f5d570e924053fe
SHA256e53835fee6880c9561b4a0dcd7527a719ef77cd432c71f079151ebaa3951dc9b
SHA512bdf08f6a5f62d5a30d09c354bdd1e7efbe665da491ea41972b194be28ddb9fc5dbad8a8009b488ad65365eb88f6c031b1070c70cb0691fbb2a947380ab7368e5
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
225B
MD5c3f4629492ce7b60f3c19a3ecaa1bc73
SHA108ff536c9084e5be966376b0806530e3d0b50b1b
SHA256783eb15df50ce4c8ad059bac7a829887cfda6b14c10d3f144afecfca1cd60527
SHA512729bc872919da4f4e0e9c16ebd71fc9b0eb44940eb560ced4b02e979199189f89c0ff7f422a7f0527d798a50a1684f4c55350591586a57cb74fdfd75bc3ac901
-
Filesize
225B
MD53211b6af202f51c41b08f4ba27f880fd
SHA18ff7f1fd8c26858cc33714fd0d1a5224be6f4bf3
SHA256ef6b91321c644164ac13202687a1d2e79ca1fb8e693f1b9145577c0ca89094c2
SHA512889c55775709daef120b41cb595f54f77f5a5da82eda6ee5a4b1d495f2392fe49ab64606711917f5de759f8a28bc6e2ef97760d24b7b7477eaad57122a0ade7d
-
Filesize
225B
MD55c694696109d99f9609592d445708d28
SHA17853fde750d83f1930d81f64ac41e397deac915e
SHA25669b71c4b146dc39a6d3fa46e5002da9936b32834e3eb8b1a948645503047125e
SHA5120fa30f7d63615cce267e08dd32cdc9d585ab4c3999593cf2ba7edf2a59df819ad14700e0ea2105d0bc19b5c4f40ff90a6e14a81154cc08976f0c4e49abb2dc68
-
Filesize
225B
MD5addeb1a502c021603682e99f8ffce674
SHA14fb7a9f1a2e0543956527460c4c64f840d50430c
SHA256ce725336f76b0ce904d5e0a08b90720f6d6e9318f9073d55e2d1ae5e3ed663bf
SHA512a3c7cb0ed0b2fd26da0c63f424fa1db791206d66ad62aefd9c0c885aa26c14d07cf9bcd99d719ff80dc29e8b22ea009259250a70cd2f640e63b8ffcbc5026c00
-
Filesize
225B
MD59c042fbdfa6a39c9328c3f1c1ad11c0a
SHA1a0d116335826a33028f3f40095d878d53cf4d652
SHA25689d25ea8de84b03db6d1761b8b1e8dbc36ddeb4005839a64365133e1197d11bf
SHA5120faed17e94162779b37c1b700871a239167735b80751b422b32b5fcf8f7c9ec8bc621a021b150cbf71b43dfaf288e385f36a196f6db383a7079476c21dd88bc6
-
Filesize
225B
MD56901b3e24811bb89c669bd44b3d2bcf4
SHA168030608caca672851874f4afcde5bf71312f3cb
SHA256624e82dc3ee0d2a4e1a678da8fb8be0ae4af87f0185a1504aebbb545e02d7254
SHA512a544d5699cbb41cdfd1522537e64a456e912f3a7c6ba76dcf2a54556f8b145972036abda64c242a3f1e2c4ea6afb767e024681a89d0893d96a6f965207d816c3
-
Filesize
7KB
MD5e1f8fc414220b5a0feb360ab74d5d983
SHA1451f404f7e4706e78408abcc8a3945e00fa98397
SHA2560b2f5a242af0557562cb077af67423d603a1f8d88870fadfb2f82fcb7717f920
SHA5126ff68f7f9f3fc36a4ce0c8f0e4685a6326a89ebcc8d56964e4fcf77a34119a1c6030c8fd0af43d9fe41306547e56b24c1f4ac4d4769af6977449f7605eb135d3
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB