Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 02:37
General
-
Target
JaffaCakes118_f63f3ffe9dcfedd4874955823c60edf24494424282b9eafe8d8dabe3a9269539.exe
-
Size
1.3MB
-
MD5
1331ea2b612a52b4f9e6a431d3b2d277
-
SHA1
a2670dbb3de341d74792239d8beed44f68b3ec38
-
SHA256
f63f3ffe9dcfedd4874955823c60edf24494424282b9eafe8d8dabe3a9269539
-
SHA512
cf3704b6f0e1cca80ad9f5ced26920f7600b5d1b73d6ce88830632cb505b4ee9246cd10c407e17fd3a28160f2ea43727e28b1ab6ff68271e3f7b989de5d4227b
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 7 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f63f3ffe9dcfedd4874955823c60edf24494424282b9eafe8d8dabe3a9269539.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f63f3ffe9dcfedd4874955823c60edf24494424282b9eafe8d8dabe3a9269539.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\addins\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Mozilla Maintenance Service\logs\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Sidebar\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tKs0sP0wZK.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VeFqpJq3BV.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KwQfKFARzT.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nl4g9d70ax.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\7Xe7C8pmPD.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6n1oUPmZQq.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\i32OxRBhll.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\w2PRcJO5W1.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Windows\addins\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Windows\addins\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 12 /tr "'C:\Windows\addins\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 9 /tr "'C:\providercommon\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\providercommon\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 6 /tr "'C:\providercommon\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\logs\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Sidebar\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Sidebar\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Sidebar\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD51fc94fe9a3dee6cfbd654dd20cb813eb
SHA10143587d57e9a006907e07bca3c2a29029c03d72
SHA256dc4ab83db600e2b8ffc02b539beb6aa806850c9d37c39aa43b9d602e9166ee4d
SHA5125cdd53d0062e11f88a6712d74cabfbac9b03f179c9c99255c0118e296d49bf0af866dd56b0d54550c4b6395bd395c1dfeed6c6380b8dfef2ecd6e538de2faf1c
-
Filesize
342B
MD59c81183fc65a9ba2024644f7040a9f82
SHA18dbadcaa971d70b660894658c276714f427dbc4c
SHA25690672684c0f92a46effdbf4e739e65cc4dcb70f4466eba6e424cf87fef5cdb19
SHA512e906032792bc653b646b2bbb073421b4a838b7910c07b6d189e85310ef0dbdaecacb87d39f17dd89da5d6ee11284bb0f6c040599544687697d4929d7e05a78f6
-
Filesize
342B
MD594f5ec55b67da2340e410470c7f42f98
SHA1db335c48e8cc7c640f35b34ecd7040fbbf5c5a58
SHA256364af210b85b4b7a550035d75c01fe37bd153dc620a40fc2750b9a4f0c490591
SHA512627795790f00bb648cc769838277a51439a7d5d04487ac2d082eb289acdd36aa3eec988a155e97ff81a6cfcf93377b70fb299dcd7df7574812641ae26865f20b
-
Filesize
342B
MD53376ec1cac5b0be76073347b34f02f69
SHA1a22e5ef39445490cbe5e64e94c1b9207eacd4a54
SHA256ff0e115010334618cc771bacf4cbd56e7541a9e6249a3cff46acb6596fc343fd
SHA512b123e902a6e6d9ffafb52da978e9d4413bd5da9a4a8b0768dbd2f52c2e89824b7b29aed92089ec61b7bf6d71ff13ec98b49fb292b4df0cae54781af62f80adf5
-
Filesize
342B
MD5ac2dcb4e7ab11c2f19fe7b01f5a27908
SHA1c72935960b88ccc7397391ed0a6764ac3890bd2f
SHA256893dd06f86beab2961f2068ee023eb0cd4571f5e88b163457d9a479eb49d6843
SHA512a9c9fecbd61733a192eb02ca1ca3a4a77cd13ab7e97e15cfe104f9c6e590151939cb917ade008c9ae6eb412dc93fe7db568fb4f0e9e18d51a0a85dbd93e82353
-
Filesize
342B
MD59a0ab75bdebb76f8c42979d199f233c9
SHA162102197bea5c942046ff26cd7ecfa1ca27ea31c
SHA25619cfca8f2eb5f1a12909f2d2eac26f75bf73534f1901654f1cd4a9090713aa57
SHA51249c111da7a3fa3be8606d361621e3bd652471a8acd961e57469a5626bea8077da9f14712bdc542bc3f80c1a6ee64564da734fb52e185e46eb28cd75423df938a
-
Filesize
232B
MD5dbd4fe80ed177eb480191b0d20c4539f
SHA1c72f33cae081263c1120d410c0e854032c730a36
SHA2560c237ddc93c2db3ddb1e8ee8d79198733dd4a16eadeae56c746153853b73deab
SHA512d7b66638afccca744132064409f2248ccc3eab3f490cdbc0baa245927ef530d2c513cb25630d95a9923717524050a88760dddbbf89b66394e38fee41da2bb0d8
-
Filesize
232B
MD5bca9c3ea7301a1f680b5ceaf81f47184
SHA11e2bef8732dce6a6b2307d2a9a8fe805aab862ff
SHA25678a7bfb72ba9de75129d09a7011727c216c9c4ab51beef6f929a4258a6cfb0d4
SHA512679758cbbafa575b5dc92cb4cdb93b1c07d7a5f7bc8592200d115fc70ebd0f004dd0b212035c94c07d729ae69c54955c32531c14b74821bed467e5d3ff624059
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
232B
MD5971074f8f3571a25c8aefbe8834a7b0e
SHA13f7ea1157bc70434ea4a21ac151eb921b25a11e7
SHA2561f30553f78911d390ff2814a4024a5703df6c79aeefa9f7c0b02e2b8b1784d6b
SHA5122d829381abc85970d8246a45540864c51e7f08c6cb260dde99bf7b73a6ca6e01999f9417ee8c99162c6e70f163f51c2e9a168cb62bf573a60dcc992c39cf0985
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
232B
MD571d34988310ebaf1da58dd5faf682096
SHA19fde23c5527ff5f596617087e55b3a51448c8896
SHA25637acb45b81ebb9318234cf1617b6430d0c1ad8ebe4651ef9ab7aec6a16d97bf8
SHA512d378402d094fc493408ef5df8ff799c82751c0e667d8c0c208f58154ef1723a1b9efda3677ce19daf706bb3ac2cca2eff4e3e52d3343ae54033a01bba5439d7f
-
Filesize
232B
MD5a8e766fe4441f2d87976d4d40c6202e4
SHA1291c66d0f65e3dc6c2d53db8543846d3fe589943
SHA256ce80e4cda2aa90eedfe53d5340f9ce89aecd75ec3b27e58b630f092c816e486e
SHA51208eb7d7eadb8eb4c5c16d2a1618f190c6fda4ec50f0d113d652c84c9d3fe64634b4aaaf05c39fa73b0a29bfa0fb46188f4e87e1b3deb799b1dc138b1f895584b
-
Filesize
232B
MD54cf91390d0217d8b43a4b624390779dc
SHA1d8c7ba8f63a93c2d77b5f95c5783ce9c42e41581
SHA256395cd371b5b0333a0995320c63647c7b89cf87b025adbd130b865f94c7a37c5c
SHA5124e0f95a38006833e26b37d9f9add5b7d537174be8156c735b3fe256a54b3f1d7e4f4edfbfc20c4ae3904a2c8768896c83ddbdf59dbc4273090691498765fc1df
-
Filesize
232B
MD5069ae2b24ae40536c73fc4d2ef8d4f53
SHA172b6c83710e0fb4b6c209f1fe2c287fad7814daa
SHA256ea157399ece13df7bd60192d6f2372f2bfbff1fc8be920938244ee24f3ad01ee
SHA512bba6f07818b45723d2363a9019d78af43aaa4a1f850181795f420ddc7e3cb3e82ff9df65dbff590a2b727283ec684a45466da172954b190b5247caba7fd55a37
-
Filesize
232B
MD56d3cdfd0ab9afe8574702ecbfe0500ec
SHA1576d567fad9b791f4166ab11ef4a85374ec6aa0f
SHA25611a60743e6a8f9fd1ba56c7bd3ed841dc3fbc23d432b64844d7e135efb306781
SHA51252430e28dc514b777d221ac795180ca61cdd4fa300bb9a58e8ab4a524c63bcf81fd60848a05e6ed3103a6a4f8f66db83d8028393cc08c000d2b0253d08fc408f
-
Filesize
7KB
MD5fa6d30e80d2b022086e3785eb94e0d8d
SHA146bdd3b30cc396260685fc3ac397b12e6dd0913f
SHA25695fa22bb8a4d684250eed3706bffc53b445f151414a6c010315b61e2a888f9e0
SHA512770bbf2ca92f4c6c2258d5aabbf7c8190cce576d15515f932552085ef8621f9dabf1f9ed3c9b66a4e5861b7874c3f420fd89cf428ff8039d5a49d63a855fb44e
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB