Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 05:45
General
-
Target
JaffaCakes118_60c6bcefa715674b9063e76188052d2dbb0c454c546794d33797cb71f26edc12.exe
-
Size
1.3MB
-
MD5
5907034154225b215460965bf7842e2e
-
SHA1
9eed2cd111798f211f01bbf5779c88fbc23de5a4
-
SHA256
60c6bcefa715674b9063e76188052d2dbb0c454c546794d33797cb71f26edc12
-
SHA512
810964e0207d4378fab437ac9f98ee2211d5b72082f990fa55884b931773e0583c9ef4f4475a7443bdf9ac7325f62eb7b4c8dc260a17c7d50ee150e2e0fd6b31
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 11 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60c6bcefa715674b9063e76188052d2dbb0c454c546794d33797cb71f26edc12.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60c6bcefa715674b9063e76188052d2dbb0c454c546794d33797cb71f26edc12.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\LiveKernelReports\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Branding\Basebrd\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Mail\it-IT\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Java\jdk1.7.0_80\bin\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\ServiceProfiles\LocalService\Documents\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UZ6jdsJyxg.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\YUw1O57cI2.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fq9TqI16of.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sWmtPUST1G.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BmKXfVMxAz.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cV1vwDPsky.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CZdmQsnKkU.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Zlmto9DLwM.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KmPq9HzxB6.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Users\Default User\taskhost.exe"C:\Users\Default User\taskhost.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LgxiiauvsB.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Users\Default User\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 13 /tr "'C:\Windows\LiveKernelReports\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 8 /tr "'C:\Windows\LiveKernelReports\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Users\Default User\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 12 /tr "'C:\Windows\Branding\Basebrd\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\Branding\Basebrd\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 10 /tr "'C:\Windows\Branding\Basebrd\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\it-IT\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 5 /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 14 /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 10 /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD56ef02363e3c49e93fddfdf2edaec4852
SHA19d609813619f68b0aadc32bf26effdb9517d093e
SHA256f74e1e07b3eb05b8e57e786611a3f9bc0580d1ee4dc4c4d5beb7588dcafa3b86
SHA51230446f0559824ef123843648b2b497f8c8dca5138ac2bb6e277707f8b7b45f879ef6abf2788f84cbf6b3dd4ac46ecc26f17ce2f3a05600b3a4d4ec3b2833ab56
-
Filesize
342B
MD55b3d0d05eda0c2bdc688e472e3c81429
SHA1e29d65ab3acefefddfb7775d3ec9d4c15bd3d4b2
SHA256c0660c34f07d215dee2c1c1f5f31ab3984970a9c2a131fe3cac2ecb48dd9702b
SHA51203c84bb14d5a6a0550b4a69393b316b4c84e7db92a44ba2a7eb3e15e42fe968a5995b793dfec77aba157d801bc3263a0bdc7dfdfa81a322b9e0839f951597dd7
-
Filesize
342B
MD53d9690010ad7d9296303e2df6b2fb8d2
SHA14c4f97bd2e132e861a0b8f36fee7d55a5e02024b
SHA256c485eef0486ed6e258ef96f0d2f66a5e6c99eb1021a61058e2fd079b1e4fa806
SHA51259fcbe372c0c168aa691293954b8657e8ecb7d01abb443aa73ad2e775a030024242a3cafd5682b99e9506331efe11613790e7e9a82f8277180d1b65bc25c4bbe
-
Filesize
342B
MD5ec1d560c0c7b487be3fff166b5d52f3e
SHA11ad6f0fb5a669da83031e280804a4ffbb89e22f2
SHA2563f90b138890714e153198fa5635113e6a76f26ee27e1426b7b75f4bf88c3f532
SHA5127f5aff16f610187b4af3808083a23f287087e1335b5b3675694d73419360b9b080634b3e5a3447059e9adc40107024c5bc081c0cbc554d365a9e39571941a378
-
Filesize
342B
MD5d240ff0ff93e9a3f71e0860872c5f331
SHA13037adea333d073bdd80c76837b3c7f94ceb04a5
SHA2563dddb4199443e9b0e314cc85c0018863640982f2727a9269d37d607b525acc43
SHA512db361ec4f0d71f55d193d5be6dd38359dd06b4069efd27f6f04c7e97f04d41240ed48bd3a636bd863c338160a113c885c418f0e2517a1fe82c765327a245c2a7
-
Filesize
342B
MD5d1cf901487fd86126ad0fcd40b4bf84c
SHA14fb718a962ce07bc2c8226dc767367aca41cdbce
SHA25658c846001549b529be7fbaecffe54f0455d1eac36ecd8e1133868b91d56668f5
SHA5128e8032f9e25f409a5408aa50f5116eb2e9e015967d19c3deeb0c197d9f1a4f3e2d082353ebcf661818af20957c982986577213fb92ce926b7c60b3fb0ff754a4
-
Filesize
342B
MD548879fec3c6b1be02f03b477582a1c7b
SHA1ba0818bc06447617ff3cf36b366a6b73c0587dca
SHA256c1ec96c91ba10791a2a957826867464a9eaed546700ec86db63b70c6f427a215
SHA512527fb9bbc5596060996c32cb34f7431b9b827a65e8b60f730509f5c96e40c8c11e553934563641f75b8ccda0487c0c39e1f073727671c3405e8e464c7dc14638
-
Filesize
342B
MD57581ab634a9d854a133016d3d966795d
SHA1cdc80d03f58f9ff4344587c7f84c34026a8cc28f
SHA2568d1ad01a0efef1b8a3775e44945d95b819f04714e8da0c786fe7b09da157a22a
SHA512f4f928db60bb0a8fa891845ff8fcc3cf6c8f0d3b1355a7ac4b75e2fa283c7fb0ccfd4ea2ad1b69c623f55fcab61346915f6b4363934189b16ab4d0a2f7c088ce
-
Filesize
342B
MD5de99364437f6b54de58c7286f7ff072a
SHA139a544fb0984907edc8d7200891ecd8ef0dac962
SHA2561fc7147e921ce349337e83d07160d1f9f58210c465bcb5f155538d3e9b95cccd
SHA5120965ee157345eaddc38414ed71d5b0d15c88f7673488cab447057d7962c4637c9eeeb5b97942b53baf7a9d0d50a97233d6b4ef37ace55e95697a134e81446e84
-
Filesize
199B
MD55823a2a650e49d19e2c8230e04320317
SHA17a961ebc501f0f6716c7655664e8950f284733c4
SHA256e88bb61d5e8ab6795d4cf5af973c673947ac7f9c5741788e30a6adc435b3be11
SHA51241fef0f87628a2737e7ab9dfd8a4bc5ab4af74f71f2f4cf90430c6d9c67071ec2182734234583e48e0c7784c84a1c30e3ccd7b241b786e532d9483ee30978789
-
Filesize
199B
MD50ca0c66ae03a8c5532b73466f04ad9b8
SHA1b176869643b4fef50a2534fd7b5f2c38bd1d71e7
SHA256c4ca8d73b7c92a8ecfa8d26963039ae871df36f696881dbbf05d85bcc8b98efb
SHA51281f5622469671605e9d400ae3407b2207c1f7b386490bd926c78150bd32ab78347281ef495a19f66b59bc2d2a080f9a88571c36b06ef993c12860019b93de98a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
199B
MD56c26e061b8d9696a91463b69cee376dd
SHA16094000c29fd8bb2f924a233f2b791fe2d0a0fe7
SHA256cca751a4c969230afec8c7ca102cd94a6f76f1b65e3fbbc166fca5721bbb85ba
SHA51227d6ff32531d63ab8710e4b100412445a77fc4a816e7efd1caf81efffb7624083f99d4926964af3a80b46478c568661f919674714f19ba2bbf82a8bb6954a88e
-
Filesize
199B
MD525e568b45f15f7608a169d679be68603
SHA19cd998d02c2b7b2139d6eb12cabbf5b78fc0d495
SHA25676a2d9723671949142602a609e0d10be68ccaccfe84a46a4ef94f8578f033a43
SHA51222a57c0e946b18d1514f8d6d960733aea1b01acca04024a2c912e6f7087a9503320719f514a840905660ad54507302cfff3be270e92650a6a31b3aeca560a2a5
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
199B
MD57993ee4c1ae0404a16c8e93385395e72
SHA17c83f1b9cbcbcaa60f7ddf670cc7f915dfe69502
SHA25626e59f6052b46faf24a720461dbaea27bbfbf7cf6cf89b151eda2eae511f4378
SHA512e23fb685e7789ba050c2327c1bc924c17dac8c2b196cd03825771a5f16da24c1634a725fb8b687f24ec11fdb44a0b201b4351dabb26d7740f87b56a488f88f26
-
Filesize
199B
MD546ccefedb63e3bfef3660501714f640a
SHA136fe345e97aecd2dbaef5894279d62c897cc56ab
SHA256aa999a5b76f8320ff3726f0c1da239f38de192654ed44fe8efc7aaa08308f012
SHA51241795f2fad65f9d17a96ce7705cb3478d6798e388b8eb0407a15f026d2cd1452238aa192e1dbcbb0c9bf16d974743a204af89cf3e51fb6e463bf0f10693b30e4
-
Filesize
199B
MD5c80e56c9c2122e4f1183c3e4bfd893ce
SHA131b0a4001643c0fa590bff402b02dedf3d429124
SHA256f075a363527d23c2c8c392266bc03cabc4ecf9b7dfb0948b69923274e79fada4
SHA512289fbe7ff5e15bfa1900accb9a5dd466d2657c02a600c6f22cfc05b5c686b928bd90309f0acd3678abf9a8213eea01302afdcc231a99ec7e2433b2607a284273
-
Filesize
199B
MD5a542824b111d6df6f2d610aceb071caf
SHA13f8fb2182c9641e3c8452efec2bb178e8388c771
SHA2563c00afc410e771e6393ef26d63a1fdd4cc5b9e737e19b7a54c52a3421d85acd3
SHA512d66f77c825f30859bff91516fb964d401b087002125d7c603901bc9d1f9839356059e6b4ca027f687ba746e107723cd97bbab32215c1d8d50b5da698e16a8b3b
-
Filesize
199B
MD5c7a0b1237045d826210ae17b06652c2d
SHA19b7198c0960c879740423131747996b0e2c2fa26
SHA256979a19d60a853d49144aad6c021af6082dfd88e17ab7df963b1e6bf18ebd69b9
SHA51241c4c94623b0bba0c625460d6e4b96f2661e78b3e5a2ead3c037a0c18d56984115fd081dacbf23b2de165d3714f7cc1408235d25ac3169db5aa7f2902290fc6a
-
Filesize
199B
MD5d6bb170e774a4fb7960533c3f5045e2a
SHA15dd2bdbf449e65cd313a4d87341941eef21f2006
SHA256cd23707303f51e3c85d41d5d086272b63a560383ec262a58c60c74e59a42410a
SHA5129f6b106c2ed8a9da9aabc61a8dcb851acdadb6c0d4f57165517f31fc5d42cb142a5451c6c647328d9141c5e2b67ea4de3e81980f7851117aa073ec9553288f1e
-
Filesize
7KB
MD5eeccee5f96e79ab10fe21f9dcd90e5d7
SHA1cc4a53adabe789443086d62397e37ede9d777592
SHA256cb12cb76cbb27dbdd7a298e06badf86554c88beefb99acbbf5e2a6c5405f89b9
SHA512c0163113f73774a5c0726e63184ef3c91a1410ebb0c7fe0c93cbd7364b9d431cbaaaa0127ca0b14f0c902296fe871cfcecc950311481a1e07daac2ac2e1da3f3
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB