Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 04:05
General
-
Target
JaffaCakes118_c6568c127019ac3aaa77ffa07d900d778bc5501ebad9e06647f71bf7f35d58f9.exe
-
Size
1.3MB
-
MD5
0082087a3ff2f556c23be068d172cdb7
-
SHA1
d88b1d662cc2f2289e10d3c5379932d4b936c39b
-
SHA256
c6568c127019ac3aaa77ffa07d900d778bc5501ebad9e06647f71bf7f35d58f9
-
SHA512
bc70f22aeaf5713c0d333a9150a709c57dc30c5964682a3891846cc1ecfc425307392af726bae85ad4d3f5292e6fe72bda01607a94a5f53833a9ef08353634f4
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 18 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 17 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 16 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c6568c127019ac3aaa77ffa07d900d778bc5501ebad9e06647f71bf7f35d58f9.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c6568c127019ac3aaa77ffa07d900d778bc5501ebad9e06647f71bf7f35d58f9.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\OEM\ContentStore\SppExtComObj.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\it-IT\TextInputHost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows NT\TableTextService\en-US\fontdrvhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Resources\TextInputHost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\taskhostw.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ShKRXViR4c.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\7Xe7C8pmPD.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\HGlJwS3LgK.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\K3fI8Bd254.bat"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ELjGFNzRMY.bat"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\a1rZrAbBst.bat"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\V9nTU0UPEK.bat"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2U51WDObLZ.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\AKY6NrPTox.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DGa94wSM8j.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TDlQnvRVvY.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UyITBGB0nG.bat"27⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:228⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uVUt9EuWwA.bat"29⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:230⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\P6ENo64DAh.bat"31⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:232⤵
-
-
C:\Windows\it-IT\TextInputHost.exe"C:\Windows\it-IT\TextInputHost.exe"32⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\asjVMp8zxr.bat"33⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:234⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 6 /tr "'C:\Windows\Help\OEM\ContentStore\SppExtComObj.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SppExtComObj" /sc ONLOGON /tr "'C:\Windows\Help\OEM\ContentStore\SppExtComObj.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 9 /tr "'C:\Windows\Help\OEM\ContentStore\SppExtComObj.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 12 /tr "'C:\Windows\it-IT\TextInputHost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Windows\it-IT\TextInputHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 13 /tr "'C:\Windows\it-IT\TextInputHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Default User\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 7 /tr "'C:\Windows\Resources\TextInputHost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Windows\Resources\TextInputHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 6 /tr "'C:\Windows\Resources\TextInputHost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 11 /tr "'C:\providercommon\taskhostw.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 10 /tr "'C:\providercommon\taskhostw.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD52e907f77659a6601fcc408274894da2e
SHA19f5b72abef1cd7145bf37547cdb1b9254b4efe9d
SHA256385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233
SHA51234fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721
-
Filesize
944B
MD562623d22bd9e037191765d5083ce16a3
SHA14a07da6872672f715a4780513d95ed8ddeefd259
SHA25695d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010
SHA5129a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992
-
Filesize
944B
MD577d622bb1a5b250869a3238b9bc1402b
SHA1d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9
-
Filesize
199B
MD5fba7cddff93dd4b9577a525fce6ff611
SHA1622d9faf192b5d7f75f8a96236053b2f7cac5517
SHA256bf91a95c757e28d1ae76db2c1659c8b4e21194f359bc64ea01bad166289b608c
SHA5127d8b5561c9aeee22e500a1fe30d0d3529ad219e56c596610d7866e4e1eedbec7de0d44afb713a50ba22b0bb7a51daa085b054ac29aed836d96d5c93c7602de5a
-
Filesize
199B
MD59e8b67b75c261c83c6597bbba7a84932
SHA1fe885574b8f4b732fe7f6442fc7d25082ba2e600
SHA2560c77d0518ba4eeae52c4aab901dea53818976d3909519572bf4e6f6f2833b5dd
SHA5124814cdbdfa8b63997828f509061dbd44afaad7d4912a59d0545c5e520ffa17fe177e25dba52829d5a880621b55bfe54b682a031e3fc921d4c6f1e3613f7f7427
-
Filesize
199B
MD5b219b97e1b5f9c448b08b923cc2dadb3
SHA13cb0866265829ad57822de5b923edcaf20add59d
SHA2569e7a2c1e51a28146576ba70185bf08b1cef73b225af3751abd4940d555e4bf8f
SHA512a9d918e126e8f96c8e48c760f6ad3682f57892e00697060bf8f06b9463fa200d6b721f69de96b03cf0a1af94b43d61f84dd3902e406f1094833cf4b1b59166d8
-
Filesize
199B
MD5b5b8ea2dfa5f491c643e18e145e90ada
SHA1e1b264a9c4c05466a381879b0d07dae65b80a6cd
SHA256666825b62afe4d8eee7fbce1ab62a21772637026e0f4e3c9e98e6bb18f1ac1e6
SHA512bcd5653e13997befff8140cbcb2ae6a097d5c4221af69733e48a021d1bfb4279cc3852314fac011f8c88ba2803145301803e0a4005f580b8b2b4529dc4246c7c
-
Filesize
199B
MD53a2a772295055c974ac4ef16ac62c4f1
SHA1915f78f3baebd4a54c0a89d3c224de7ec1a1d78a
SHA256b7518f4b1b2923ac8a7667badb0e6302c30f2761a590c72f078634c396247e4d
SHA5122995689839a0b1753dae04ae4e69010473638297df549df89b137e1e276e980d56009583430592e448809f275381572382745efa7a4ee5647877e5f6f275c6a2
-
Filesize
199B
MD5d8eb03549a7f2436a274f60ed8a8eafb
SHA19373fd4b5fabf68363bc74cea5436b924fe3b341
SHA256bcd1cc4489802a04f423fd83e3c4ad2406639a15357138792c3448fd24249b87
SHA512778f2a4f4f1a3f0bbd42ab41d84544fa0e2cb0813cb091d89a5e9571fa379344b046306d616defad6f67aab98317cd1c9ffe5639e9635e203b785f89fee7a9df
-
Filesize
199B
MD58da0ea47761b419d23befc8b6ce3fdb7
SHA1d70e502eca2fb5b19375690343c06fe53d140457
SHA25684654b3f34dfec4a07c423497c064f8757af4491f589052ecf64999e8c78a231
SHA5122179fbc8f47dc119e35906bce6b19f862d0674a57171f4c676b9c9c7ca48b8ca3559bb22c1b4da9d4b5cd3aed651644c02158245b923b9622738a59798c900c8
-
Filesize
199B
MD567e55d9e961a3d6aeedb9281b5227d61
SHA1bb5148d9df33d122b582b834a190e0f85a8304d2
SHA2561f91b6680413aa109aed83e3165a11856693a84f23e6bfb206adb06b52c599aa
SHA5127bc30919e24b926aa157f6006a679842f6bef1a1dd9fe7e14119a7c27bc711d7eea3a51abe792768e9da966bd16f99fedc1201be7d1ad6c3fe349af74d0344b4
-
Filesize
199B
MD5dbb3cadc5dee4dc1b62d7f2455fab9e7
SHA100caf1b94faca5d5899e4214ef33de2906bf8907
SHA2561c644ce6020c72f1d261d08a81b45b560ffb8348f326499d9c9fec7497fcb5c7
SHA5125b0ca1f4a4eeb0f75752ffe978de0afd3e38e31dbcb83afce77b9af36cf82d192c1946b4d9278d71466c7e709df4e9a4ddb761727fe0406fa71bbe9e1e9f9c99
-
Filesize
199B
MD56a8d35d6326cfd02e2ce9f116eaff420
SHA1e375faefc4934735b1ec22e7f420a8911c80ce36
SHA25612a2e1d5dccad9418adeeca1e77e878a704a8a25e710a4712339cba1072b5eb5
SHA5122b4d44522848ff09bf347941a33c5f1063a1ca729af48acd9362f0f23dec8bb97172da096a5419f510d9eb35d95befd4a7d85ab6578dd88ca459f1ec7c7d6324
-
Filesize
199B
MD51ebf8f5ba7afed2ce465d7d48b8c6100
SHA14720c0b7a819ed4487d8a7ce482065e119f8436f
SHA2569d8099fadc920ca1a3e452978933ab0d9ce1ae26b368ebd267ca3c7d20d5fe9f
SHA51253446e73e294a75c9c6721633e322bd076fdca76af7d7e665a912107d510e85a4e05e07646b853fd9773cabbede93ce21d116bcc61890b27cacb63cf6b5d5ae6
-
Filesize
199B
MD5e4c3d379d48f9452e1c13c7d3879ca67
SHA158088a2474a3a40a6eb3371b1fb5af3c87c3bbab
SHA256498572ef2ed4f4641b9cc2e03d14525579df656b68c4b3b14ab81b2a84a6dd98
SHA512f2c74142c7671e23d9d29049a43dd6650efc72798182dda036a758b79b1e8feeab4f23c1704531dd7fd989c96c97af5c83c378401db9baee362bace7b7cc07b8
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
199B
MD5a52177ce9e81f3d0edbd3d31f916b639
SHA16bdb12ab43d646f4266a50641ee5ad2e4a4e3d09
SHA256132f00fff6d59d2f360f3acfac8a79184f9209b10dfce41d0103c8b15e4caa77
SHA51269ea07df1203b922c4b08184463f95f268f8dc0215b776783b558119cb6b2e6edb959ec83304447ac6cd10fcd9587c70cc830ec3393bc974bf89831d7b11c1c5
-
Filesize
199B
MD5cace2ab9cf39f5a27a4e93f7a3475b9f
SHA10e7987ad8e385340457bb18f39a395794e789453
SHA2565a7d7ca23518ea9c7f256ca5ac733f06a369f8a0481a253206abaffe4c594f4f
SHA5127faee15c41e41b49804f1d36331adbc4866128e0730157f0c3e4eb6eb5fe7aaaeeeb96363191d27f77e5203973fb15aacff472d896f0604821d90e336eb5ac0e
-
Filesize
199B
MD50ea0b031c5552dfa021c7325c07635cd
SHA1e910fb74b6da6ab90d9e2a3074f96904a88546cb
SHA25671e2409c962387f10a84cd438fa3bfefb3e9a2db6ed4f0885c6d91afea42358b
SHA512148007ad64d593a70a8351ba7c34a768aa4f84cf95433bcfb0e5108fd66f54e8b3adb4defc95ba741da890069855303039ce9a89636c7c7fe6ebc1e1ba301f2c
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
1.4MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
136KB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
1.0MB