Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 05:08
General
-
Target
JaffaCakes118_cc6002b9e1d216e1799f214460ea2c57d6b3c31a4ef0517c3699594f872cda9f.exe
-
Size
1.3MB
-
MD5
f1a7f2a2bbc55fbddb7808e7b683a2e1
-
SHA1
50a4902ea8ddcd6e8e321d1b8f65e81e3a4d66a1
-
SHA256
cc6002b9e1d216e1799f214460ea2c57d6b3c31a4ef0517c3699594f872cda9f
-
SHA512
5858008b3b3b291e0a972f715d670802afdfec1e96724a8fbb394fa2fa9941279c20a0611d9893d81a10c55ce628a58adf20795ad53c2d70c71ae4a8a828a44d
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 18 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 8 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cc6002b9e1d216e1799f214460ea2c57d6b3c31a4ef0517c3699594f872cda9f.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cc6002b9e1d216e1799f214460ea2c57d6b3c31a4ef0517c3699594f872cda9f.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Web\Wallpaper\Characters\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Office\Office14\3082\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Google\Chrome\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BDCDGXc9ch.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\oxTQ808hvM.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\r7gOBUt9HL.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UucX7bnqC8.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\p8yPRkR6MR.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\be8zRZs4e0.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\hC9SSnetfo.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\5DPJyftqFq.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Pi2dGiCBJ7.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Google\Chrome\explorer.exe"C:\Program Files\Google\Chrome\explorer.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\qqpXlQnQd1.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Portable Devices\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 5 /tr "'C:\Windows\Web\Wallpaper\Characters\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Windows\Web\Wallpaper\Characters\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 6 /tr "'C:\Windows\Web\Wallpaper\Characters\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Microsoft Office\Office14\3082\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Office\Office14\3082\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Microsoft Office\Office14\3082\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\providercommon\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\providercommon\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\providercommon\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5221fdca1dae935a60f3f0dc84026c80c
SHA1a5f70afd64503cfe97411f2edf1ef32ebe28af7a
SHA256efb10868ecac1e1d155c4dd358e921191434af35a7332d9bd8b25de688c931ce
SHA512062c181fb0b862c0c1be0d2da11333f06d93f5c4036ef12982898dae93fb937dd229a33c2347517c01057f4bdc329724b06f6c0c66e6a7db81a2871af8ee696a
-
Filesize
342B
MD58be7f84bcea5c8cae4e49959de078846
SHA1b3bfda0928a795d3f53ffacee3481582a82cc376
SHA256dc7b2b2b06fb30b44247989e94b6ec900a8c4c03b3f6c9820cfda9993cfd4dd4
SHA512df6d4394627e08d86118ecf68398b898d9d47faf4478300a597c05bfa6d44adaa027653f3bd61a10eeef36225af55ed943b8850d13707cad1ad8d400814f4233
-
Filesize
342B
MD598171bcdbf9fd4543973586fbd5319cf
SHA19226623682ae2c3d28606747f263ce709db9e6b8
SHA256d26c9266a802b72c6ce903cbbb09363c089ddfe054069a75a33f5c5413ff9ecc
SHA5128fa6210316d3d3364a5bd75a4408d64e59eb04017e8484845e9b5ee47a482846471cdda3822480434b2a87ac345cb9e6d2e9d4d055fb049c97fa065b6ddca96c
-
Filesize
342B
MD582fcd865134e60d72cb45d0f302481ed
SHA1506f97e83c7c041ffdc4d7843f9ab9996dd49de3
SHA256e33b70369359c18625a3b8274fc154cd27a6e3c8c4f416a1481e1614f487cf66
SHA512f27024db545660461d39dd875ad1d8f1f672a72f8230982ed28e9fe4032680abc31bc5eace06de0f79ef290f564ff5043e1b6f13b08e0e41ecfa2cec9027455b
-
Filesize
342B
MD5f52f65ae78cdb450a5793d0f405a368a
SHA1c1f7a5644bfb862109de288c58fa3610e4fd5b64
SHA2565a90f843ea43e0b1853d6f5563a7a138867a93ea9a2feba014637bd8d32e9187
SHA51221b48870c09c7eea35520ccc769efa95e201c9598ea402e9e9ce7166ec7a228ec68a680fe064d997e4bd6bcdf5e1f1c8956ed17e9ba07db951d759caaec9621f
-
Filesize
342B
MD54e6e4a2cae6d30e560da2a8646f4d6dc
SHA1c0296e338b4c0b002861605869a74520cf0ba107
SHA25671cc521f8ba6eed7641c2f160ee8b83803931696f3bfdae46eaeaec3a6332e6f
SHA512c1c17c5fd6e199a7f40c99d89b99922601ff76da325e0bb4a2e08df10ac8cbbd0ac6ae3f289b89063b89f02d077ee07667c848a14857dc84e4c004a1daf380ed
-
Filesize
342B
MD5257182d85fff08373f5a38b95f02fef4
SHA1db038df674728ee678b5e6376707345ff2d02290
SHA256983e065c2e3463cd20423468156cc7109428831819c28d6aed2fc30cc9ea3116
SHA5126039af7222be4a6fafa480be2125f06ecd91e77ef8cc317075342022541585b6f5134a726c83bd5e0b702b1a18d0c7d05a68ede05f0f1a07b6ff2c920185a5ec
-
Filesize
342B
MD564e9cc893cd496f80f86d2c3eaeafff6
SHA1e9071722636d1e4cb72da823b5f736cc359afbbe
SHA2562173598d3ae6d91bac2a9495842b8a4e022468ebc3226fc53d4a43533663ce28
SHA5125850235b8367094ab35efa0ad8da3cbdfcce285535275b8f8caf39a2e9f774721fee36189479318cba72c614bd1375e6a12ffb79c86b71c216e9ee8180328e7a
-
Filesize
342B
MD5c5151a2fbcfcc250e0aacc1834029a75
SHA15c4c354313c1f17888efd4eae2819f6f2ecee1ad
SHA256504d1d1692e071412fad60eb96bb660e39c9ddf50f9e5c2562dfc308ca544d3e
SHA5129b4331fb512412dcef528f855285e3b3e5311b1f09eb6935d68f08a1a6b2fc5cf69f380b57f0fe9401cc27c0ea769712c0b1af03950606370180bf71cae7b731
-
Filesize
208B
MD5163eee1c50de2bd3d7fac33bf3770882
SHA1339b351efb49cb7a1cf95445f4a20a56ab9d959c
SHA256d3e28f91c0d4b402fa3e4d06de9b772826fbcf445d5acb30f39e5d644fec9e9c
SHA5128de7fabd2284c90271523053a4f712511c0f5e76455b90f03d29ff3dad565f41c2ce7b61c23abdb6d44571b942a9928cc7b2a8bb8b2d276a728118ffb0666f6a
-
Filesize
208B
MD501cda608a46867487f88aab1d3cd5128
SHA138cbdcf5d1d13ff1de723f82394e26808d8b5398
SHA256a1f7792fdc48cd36d19a8617cddc3d038b2ab0cb125c8b9436b5d7e2436a6e69
SHA5120f9b5885cf3fc5ecf2b43407ea88c708b53a73f33b14df486e55435ee9a007d7545abead2c33bee4cbfbd0801872011d4906fe29e7d334c7910756a24dcf99c2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
208B
MD51ffe29f3e5cabca09715250f08d4643a
SHA1c0ea3d5df0d7784a33d0ebcb29ec6e1d75b98b8c
SHA256df9a5baab05370ecc08ffd9917634e7c1ba56f2edf959e521b0a9a6198118d34
SHA512a8bb9d26ce72cfea9cd4e7f908f8538e508ef856abec5788bf8b81a5aa9103e86ba2312f5efda5b41f3086f4724eb217f893612d9e87400de7a25c047c83575b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
208B
MD5ada17e6862dd7cf36fee1c4bc6e5a443
SHA14abb50ce725da787de8d7733d1e832991b3fc3d0
SHA256769f27e1cc17cfc21be87753100cbde8056980218eee0fce0af55cb25dfeac0b
SHA51276ca117adc4659b81d13411ea45110d57e2a6e63d324c8f9087e029467807ea64d8243a656d6ee503c0af34ceee9baf231217ad7bbab14e8b24960e5bd60c638
-
Filesize
208B
MD5961e7efc5d11e02dc711a63685f92298
SHA1f10bd282750e27b74190d77d109d6ab509578686
SHA256c6d0082dadd8084b94adb310eb9ca7b58ecceb02ed9ea7b85e6501df8a45e584
SHA5126e8a9f729e22e0230d5ab100ee86a88109609578830bfa438c836e6dff5382b13db95df174939cba9cd98f0912ebba7c47b1245e604cfcc02b924f78a25d5a1e
-
Filesize
208B
MD5af1bc54cd5765ec80c3ef792586f970c
SHA13de4f7517a6c869769491c4dd9820eca439f847b
SHA256b50d836bb4f8bfd9ab5997cf0b840f5f91760b4d07fe4634d3172dc6380ade52
SHA512a1d86eb61ab7fcdfc9f87896ddb882467cad9f44cca1817d5f9f88d95280e87ade2827a4c64ecc135039579fca98bae95e12347d3ad386bf73742c393e8c0f6d
-
Filesize
208B
MD54f1c0f36436d7cc2c88bc4d9c60a91f9
SHA1df98cd5835eed3a678cd4f18c26d2501b36c5322
SHA256f68558ff7ff5b65f6bb42e3ced16a16d5c2c26418313a2e2129c3afc2a72f7c1
SHA5125aa81c115d05422b8b74f60a71a32d6aabb6f23d6c269ff464458738ce7ce8b05049fa9d1c12160568e9125941825eaa33cac610738929ad0db0ce21ddb0702c
-
Filesize
208B
MD5abda9f0dc5393928ca27fc7da51dd006
SHA1d90c5eeced19698c5de525686612296c4c7ff4f1
SHA256f6f4df50e39b06c6492015e90ecef2535f72f591ed40c69b61a6b80b3485b384
SHA5126c9e28e62ccc95272000278a2f8be16256a3f497cdcd088fba0f1c775a2e51106b588ef51a55b6f89a3cceb3edaf293e9b538a0b24c1d5db2ce40f51a50934b6
-
Filesize
208B
MD5fc0533cfc15ae628c7dd1337c683b4cf
SHA1d8eaad2a6662029f33f6db9621f2f8377fb491a1
SHA256608c18c71228ce6a2c35eb3f45514ad6a3f8ee88d209ffb602eb9ae06ba6b547
SHA512e57a8652da708edb3baf7fae721f269a13b2ddd44a473057db482ec18430a305777c984b80ec7650cfd834e5de1d08dd598bbf31780ff23a8dad0ce18a88f592
-
Filesize
208B
MD5350114f06a3919224bac206fb557f937
SHA194baf2f4a80fda832125a361148635f3139d9732
SHA256457b65ffcb8b27b34373943e99a895254acc8b03ca7a8b7fd42aa148577aacd0
SHA51261c1b1e473a2c8981754d6d55182281391e2f2aa7719de75c2a790f4a76414bf57e9a2fb135185d807cc066ee2496add8804ca025bb3c197048810ce4a4fbc84
-
Filesize
7KB
MD5959cf554af2cd671037ab6dda81034ff
SHA143b7da1cb28a23fef6c3b825a8842563854cb4f9
SHA2565348ef09cb067bb252595ab8409266c3f2b2a6ba2bff1c700f89a3d7b4d5fc7a
SHA512b4f86553fec0591b7f3c1a9ebfaba484bf6cb94ef52b3356e49ec3e22cded8dbea497e2263977245ac6242cb5209bfdc0045821164a648bf6eb3211086fd497d
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB