Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-12-2024 23:13
General
-
Target
JaffaCakes118_f2ea5a525122fdac49b5babdafd3a5592425928f23811dea460ec22bd110d82e.exe
-
Size
1.3MB
-
MD5
3051aea794d44d4d938272d6ef59d719
-
SHA1
49db6bd2823762431351212c8c8df1b2ae7a549d
-
SHA256
f2ea5a525122fdac49b5babdafd3a5592425928f23811dea460ec22bd110d82e
-
SHA512
3d4ab8c540898d9fc3297c7193f3880a6c7f0afc6426c7ddb9ccbed6ce400a9506dc535e9e489617cf40723d8f1bfd7e810c62d6e750e024495e2a54eed54c51
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 21 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 8 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 21 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f2ea5a525122fdac49b5babdafd3a5592425928f23811dea460ec22bd110d82e.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f2ea5a525122fdac49b5babdafd3a5592425928f23811dea460ec22bd110d82e.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\AppPatch\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Photo Viewer\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\es-ES\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Mail\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\x1DfgQ9qXa.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uruRJY5g5x.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fZs2sOO0th.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uZApDsIgYI.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Mv8e4zbUuN.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DhSpfyjZaR.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QY0o5k1hVk.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cqXkQwtlzQ.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IrGY9odMle.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LW19r029AS.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Windows\AppPatch\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Windows\AppPatch\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 9 /tr "'C:\Windows\AppPatch\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Photo Viewer\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Windows Photo Viewer\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Photo Viewer\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 7 /tr "'C:\Windows\es-ES\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Windows\es-ES\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 12 /tr "'C:\Windows\es-ES\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Mail\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 14 /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 12 /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5920f7854e776e23f781ccf787c9a4c4a
SHA1355797aca8b677369c1cff3a243304179edd7e9e
SHA25634087935676061f017fb2a2ef5dc1186931f147fc56838e497a5f00eeeda8e44
SHA5124432c3a8453d35408a23c2fc5cd377477b69bfa829d52854f759053a43861a6ad8f429c210ac2acd567f2782eaee190eeb0f85e9e0a33ca3de2de6c61a7d5393
-
Filesize
342B
MD5c339dab28978b3c27c74c88751120083
SHA1399f84dd30a8b4fa6cd579ee04ad6bdd6cac6382
SHA256ec6539019dfd207aa9ac751c1861c106a7d7195c934884001b20e3deaff7d5b4
SHA51225534144d2bda0fd7f5a939268da437e3b256fdac18d9b522cac9fab9e67b48f6451a5f0501878d429147fb6affb7a31c2030188732fdc7953254dd93b7b3bbc
-
Filesize
342B
MD54f8764175caaa3df35ce3170dc2b1fa9
SHA1eb99cb3bb35a3feb8aad261dbc5272c22d4396c2
SHA256e1cdfd2b2c23086a408c7bc89ceba053f88072687347450b3baef4f26c3c0b23
SHA512646b2a8c9a9d650ff035367b8908fd66e42cfc5ff7b0e994f97355b00bb9a704bf1a7d5309bf5947886d32e79bfe775886064cfe435d65db5761e65ce8d78fa8
-
Filesize
342B
MD54f0fa97c7c08963fe4df2fb695b88f93
SHA15e1b01de8fad6b906becfab59179600f49e7f55e
SHA25612f58b27d554692ad44f071dda5fee16311908e2ece5e2b5629ac333406e8a06
SHA512d254b4bf2b639db04aafa949d0037e5cb4b1d3f7d78da0af802fe2979afc72e6b84679f2690d22cee706169b89e2deba7c30e4aa4c7470d9afa08a9cd14ed060
-
Filesize
342B
MD51b955b77830c58f6eb63aac381d8124a
SHA15b791df9197987c6e2949ac6ab7caf846a5550b2
SHA256781eb7683c1a1f55bd519f83d9779792c6c1a6d4ce2e99fb35414470906b3424
SHA512cea47372f8905c8a19ca912c3fda25a3c1d19c77eb0c8a540c9cde6aaffb69ebe1ea8c6c9de59f2b0a20a90306897f1bd18fa9edf3c47d3e3f427eec5f83e5e3
-
Filesize
342B
MD59fdeaa31579004cbd8d424463a86efdf
SHA1c2b652645aae968dd24840b677ddbd7b87603b2c
SHA2563e5e6994e8d447d41f18558c5771815f54feff5994fb03a6943b70507c1babc3
SHA5123b7ed516956da0b9d1dccd8952aedd4a21bdba873c67d0a1df872a3c5a6cb3d1d57ca241c19548052b0e81c4362661aeeffc7fc7312bceb9d4ebcd86755b6c73
-
Filesize
342B
MD51608847e54c7b08bb4ea029337d024be
SHA1c03c9c9a57e2987d71f013570bd9d51aea381727
SHA25623d6f28ce3b924d65aadbd2a3de6b668c84e5fb60fdacda54db592c9edc3fd00
SHA51279aea1bc0775d92e92f4a16c14342bc19869047673f4aac153bda51a3e7a97521cebe77888ea9cfc7d10f0a082790eac181313b3584920f9bbe4ed9a4e1a07f4
-
Filesize
342B
MD56243e443e8fd40931775de55193f4260
SHA131ab87373458483ec59410159e584bd8f5a9727b
SHA256384d565da37a71578672a9f213cbd3cd586209876b838e25cb995439d921e8be
SHA512e05748f2552e6bd7b9e27a0b69277dbf82492ac158f39e9a659fdebe9f775c61fe881f33318adc2979dae9f4b8a75d95db2e0bbb9bbffe105077d069e0267093
-
Filesize
342B
MD54e554df9bad7f3b7d37d0b82f3276b8e
SHA11630a94de3c3106ac647537da40aaf4f31115808
SHA256dfea0a04cf340e3036a527881fb040e053199d735dac08a9d09658c6f4bf5f59
SHA5126a3b755423101f17037da10f89e40ea892849776642550280b351ffdbd6179746cde4a21d2909868f98166cadc9173627c5679e6ec2c53d5b145dcc98e7fcc1d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
224B
MD53eaf7b47c5b922d4552b6108e7be3d85
SHA17af27242540662afff8d64329d2bd3241bec5184
SHA256168e3f7f66340b7cbfd1d9529d3d890a599a82d5eccbc7fe2c116409523dcb28
SHA5126e6d2731470d152d8814f75c4ca9eeb85445bac22c29b94bfe09c91740c8dc9ede54854b082d36292b34110904bcd6e9548982601fcb84414bf8c60237a1e1ea
-
Filesize
224B
MD5e607ce6f7a157a23fc71ce2ed69508b0
SHA1b254a0dcc9bf18d022336a38ff5fa4643db81329
SHA256f794c6833e27ffeefadd86d1cf47e4cac0addf57be59d2fd613356ca4bd3eb21
SHA5123f426c8a6eaca8017d74d77046019af34b93dc85a495e5445963e00c7dffc5c9daa8126813ddc20db9ce61cb328607c554faa76f92a6ffacda2fe0745eab0212
-
Filesize
224B
MD53434fb6929a9aed0e57831071ead6376
SHA1645662f2d8d337ee1e62e59f8a088be7e1cbf9a2
SHA25624fcbba9a86cd44a5f46cba53e188507624d6be6e9ddb1ed9195f12f4151a9b0
SHA51251fc78d6fe6b49d083856acee7e1d4a6fc0cb15f75ccdfea526e6fa56bc6e6e3141540643a72556ccb20b2bd12987381be1be62b30f104d1037585fec731f380
-
Filesize
224B
MD5b3926f67b5bfdcdffe19fdb742383b22
SHA1351e442410fcc736f6c52536608b5ee08a94a3dd
SHA2562d3a66ebd50dbfe7703a06a63967df5314d954843b6758395982516105b08294
SHA512a3e925a9230c7f8404c66cf0a4feacde87a40a0ebad8213df3fd1f7028b35b640f6ce16da7087e1f7dc01ba926b3a1bdc1ec1110f0901a91fd0f95a625507baf
-
Filesize
224B
MD5db5c458cba6480fa226fc93106ecfa34
SHA12ad82389961d60c4a9d2d6a175f4cf760603e1e2
SHA2560acc9687db19b74d4500b767811502b76e73d6b65b302591b3090d16e4e8acd6
SHA5122802ae4a52627d9a5cc125868e40f70fefe48b8164715791a9f24e8e5655f67ebd2c56e1f81bacedd9954f7589ed2ddf67c2ec0ea46b2789325b8754df8bd75a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
224B
MD52107ce55e486a467de59b174afe7ce1c
SHA18b4e78acdeb52e439c8a746968625d09a6619940
SHA2564dcce932e2998165ace0868a132ee978f1432fce67a7831a6a49b065ffd480a1
SHA5120e9dc360b236b3e90e140a4702229bda1d7d0c5729f2a4acc3d3403a8f37787fc4656de524118109f2b07b50b3953748c057f9c875bf85d89d3ca6a987911264
-
Filesize
224B
MD50f6a7791477256af7099814927d10226
SHA1f35aa3a63b89319721ea3f590cf9b6f988c245ad
SHA256c3e95dfae41fbe8744a5cfec0425e67c1d95f25151979ca286615edfe24e8f6f
SHA51287d9881ff056d92968102820222447865a50b5d7f42e4e2b4c932c10a390f7bae337f8ab6a79db0081e6da2ab0d1b16088406e3081e1bcfd4613adaaad7ec1c0
-
Filesize
224B
MD5920207f9eef5307ac0ded40a5607b726
SHA12c08dd7feff173939b1e81615aec7a5ab450eb69
SHA256729f40d1489ed95b209996cc9f6c0e8385c36217a03b5f8eb998fae9c104ddcb
SHA5129d1cac1c261c93606fce530fd35790a1c6d9de01db948389c507bf61a74cb3e4e6fbf10fa77787ac13c82cb7873f6a4f6ccfca03b3c30500a55c42c8d50cc776
-
Filesize
224B
MD5afe8566bb74e213a0db9cc2b73d7b4d2
SHA1d6f07e9ba34044be8682e2d56edfda10fdb548f9
SHA25645d8ee2e5c148aefa45858796f4c822e3a3c3f4383d8633d8da6dc6b58fbb2e8
SHA512b96eb9ea85ccb4d630698439127c6cb220403ef486901ba9943b16ef6aa6483ecb4896f1855ecfde035a6c2282e685ad1e2d19b2c69bce079026460b9a0a7628
-
Filesize
224B
MD5639bf1ae7b409fe58caf095a90393775
SHA141c1ba5a885f314d34dd05fcbf45773ed2de0a19
SHA2564ae3a444f630c65ffd141f1ce530fb028e0e9d485898aed4a18965b515d28128
SHA5128ff0c4713f5b0fc70512dba84a00644c2268653414a3cea6d108c971356c5d64a93846da5da5c8c1e60906c09826a67bf28a40e1319c788b486f71c044484822
-
Filesize
7KB
MD53eda20a58d20d1ff917bfb9f6c9fbfcc
SHA15daa96968c36caeb1a9c773a3bef0479e94c289f
SHA256fce822eef5e076638e78d9e8c72c6382b0f674636d58bc7f8a2ff29e0871f940
SHA512ebe50843d9788aad581fde870b7147d673276197ed4fe20f8fcba1b5a7a5e2dfe38cf602c05a0d96b3920eb7a316d90522436b09557d518b1a7f9fa4fb484073
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB