Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 08:20
General
-
Target
JaffaCakes118_7b9f9d9e2b1e407bd28bc5a6683fe782fe411556c80867bdc6fd209eef95f8fc.exe
-
Size
1.3MB
-
MD5
b1efc1ac1c8160292014eec949cf0ec0
-
SHA1
7547952fd24404ebb2ac7773b1e3de97f106b8aa
-
SHA256
7b9f9d9e2b1e407bd28bc5a6683fe782fe411556c80867bdc6fd209eef95f8fc
-
SHA512
75e8f4a8bdc469d541497287eeff42c305063d91ffa15b9109a055eb820def971e3bf97b388b594f18b5c06c1bc6a55fc26a402a61bc3c8443c2e209b1a216e6
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 18 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 7 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b9f9d9e2b1e407bd28bc5a6683fe782fe411556c80867bdc6fd209eef95f8fc.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7b9f9d9e2b1e407bd28bc5a6683fe782fe411556c80867bdc6fd209eef95f8fc.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\debug\WIA\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\VideoLAN\VLC\skins\fonts\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\XhdmdigGiX.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\z9xTb8lNHs.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4Q74CISUeM.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\I1IMKnnpZ2.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\12JaEZR6zX.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2Oj9OucH8K.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0x9T38u1li.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\16sHyqWYU0.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\yJyIm7wr5G.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\iRE9Vp3kbL.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 10 /tr "'C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Windows\debug\WIA\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\debug\WIA\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 14 /tr "'C:\Windows\debug\WIA\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 12 /tr "'C:\providercommon\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\providercommon\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 11 /tr "'C:\providercommon\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\Recovery\1f5748e2-69f6-11ef-b486-62cb582c238c\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\TableTextService\es-ES\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Program Files\VideoLAN\VLC\skins\fonts\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files\VideoLAN\VLC\skins\fonts\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files\VideoLAN\VLC\skins\fonts\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD59a834fc09f3cb35285180098f86b536d
SHA1d14149162d0f206c424d0e78e88c64109c107a04
SHA2563f50593ae8a22c3b74e5349c4c4f1f72c3458c3c2e3c3ec2a0c318a1faed817a
SHA5121ce9a65e6f14bbeea2b62ff607cb6ed4a6919e1b0fd240fd5e4af724ff528bd6ee47060840dfbc6df38ecd5e989cbe880045b188b87b05cc67ac95161326a7ee
-
Filesize
342B
MD552680ad3b079e9bbec3cda42e4b416b8
SHA108eb099791c7c70cd484b15c652876065f55f356
SHA256734fee5797f77e53e22e28f5d1fdd00623d0fbb06c5ff1b3eeeeab4f34aa02e3
SHA51249dd430b8647458d842e8c9d7a33e18be09ddee0b696c10934d414a70ca3e9c76047e85258acf4812c2ed7dcaf5a45357e85dee5a9146785a5ac536c8f8a484a
-
Filesize
342B
MD56da8205fc97f51696429b95704472f9c
SHA11eba5389c21fcddaf4e672fb45fbc697fee52fd7
SHA256edb75dcb67fd8cffb07a8a645bcffe25cb49e2990e22c9ff80057797088e0771
SHA5120e4f41dd92b7ed2779fd86ee63e9f8036810ba5fe53a0d2abeb5617113cfc886810ff5402c320a75dad1aedbd0bf67986edc08b94bde538d4137d28816526930
-
Filesize
342B
MD52c04ede6dea8f792caff1749cd9ad897
SHA1dfdd3eb9374da7e726ff2895f5511b4fb6e6578f
SHA25622ca0cf530bb288292b8d39288331c264ee50dcdfb53cd40f45b0388aea90b03
SHA5124f8cf64450f4b64c9d57326510b68ced86f4f1c5c5d41c8f9a344fb39394507abbd3d3024518aa6b32e7e3d37d1c7e3bf22162e0753e6e4e7244bc90e9979da0
-
Filesize
342B
MD5ad9cca953f1e7f0a01306da720a0845d
SHA11d63057622d1cec5a0002f92d1d404b0159c30b1
SHA256e92b30fecf5b599be4dd2e38a308eff17446680a01170ddebb6230e7c60d6a5d
SHA51202c54e3867989c3506011b557002973833e6e1a5e8114c72964885094ee6d6984c2e0309678f0127f5af039d8aa3afd5d91779ab5cbf2e0ae43587281a515ca5
-
Filesize
342B
MD531f92741b031b0360cdd556271064374
SHA16464824a3e326077db20034163220806fdecdbd1
SHA256647155449d57b8f06100fe775e615a329fa6adbd9282bae494cb5ee61604f6b2
SHA51281382ea93b131c14d293da98bc7d7fc0dbc9a8c4e8d2ae8110b16d77630609e75fafe52ef9b22ac2846366e0cd4c0682b90f5fe716996122407243f0f7db6162
-
Filesize
342B
MD5a55a22345bc54086ddb6341ede302745
SHA14269d26e6f8427a3bca7e287707c88759006ff70
SHA256f76937374e505163dace0c966d5e89f034bf43105053679d48001dffe83d8788
SHA512ea6c0f8f1ddec1d57b4d5235effc7e1865f1f82a78c5dd42b9b5ebb389420338538fdfc9f5c40d3560e118e458ef865c7f449eea2d1ccdf74263a5a43dc59a01
-
Filesize
342B
MD546b57ae5d273b0f80e61d7962d19e93a
SHA1f6b3196199cb4d45b5efd286e318bc3fb51a2abc
SHA256ceebc5b059368f7e15f919b6b1c4e716ea992e91a48183fdbcc4e7df19a28226
SHA512bcb166a7a0d554df91b4ef4d964771b3869a27dd8eca98d0ae1a3b37d1b9990c9dac4c21a54987d318b7e140f3d7a833cfa6885ede913ec5dabfbc2325b8b3a5
-
Filesize
342B
MD547610b32a6d9fafe3000f44b6feb126d
SHA1724feef499d81e8ff05f288ccedab7649fb11c7f
SHA256e136a3add3172469ad86abf0e561c5c603edc1f6872bcbfc4646b3a31639c840
SHA512e4d17bc5539414cc5134403933d332a3b7d227accc105b3d14069f13ec548102fd19ca9400a4b3181d76b4e52d242d69d83d03457520b09e43c439f19fe1ab23
-
Filesize
342B
MD5f04414a975561bb5f96d0aec52280974
SHA1c60746c95bce1365f924d77e8419d99918840591
SHA256870232e19a5c6702b2c229622959f31a491e8c6ac1575d4d2b8d1f5b0c78f113
SHA512bc4e8d85d9aca1eba708f73f98280c50c5f2b43b323162e9407501ff3125a140c7159e276ece7e3b2c5bd9d0b2c4cf22c19ad57acbc3bcf91d7a7a8008e34faa
-
Filesize
224B
MD51f551b7b865bd9817a56c56caeeb4a79
SHA1c8fd707bc5f3128281b4d055b11459fb8c5097e1
SHA256713fe13ef193597b1f3f015be53ab2d492487e1a43d063ec66fe0222b05ca67f
SHA512841e8c37005864a955ebfb0e6fed2aa1b06caa316f2f07896128c6f089befcc20cbc301e73313e5db3eab4dbf6e1d87951ab6665a4220a602bef4de31fc16254
-
Filesize
224B
MD52ae1573291e1a6a97fa3cc7016e7d5f1
SHA17fe9f1c286af7222f9ab2c652d04532ac0ee4230
SHA256917bd337bbb7f05837de919811054f322d8f5f232cd1c8310459ef65113834cf
SHA5127464f9e53cdf699c4f80cff2b2ed97dc1d0a321a9b15ab056246c7afc847d59b7cd451ec3aae51950935cf97461b867f948db6a2a9cd08be6cafd81b10063e25
-
Filesize
224B
MD58539ad42dc5a04840b2de74462b0b744
SHA17ebfe4ade5bcbaed91cd941897cf83576d32cf42
SHA256afcc0e121ce924c373260094cac22d4bcb1d1c50a0ecd9b01245b641d4b0cff9
SHA512d9319555ba5564e77c3d3ba56f93a4378d4f37dd2102c901c45dbd5c8d040e11cf6ebb1413623eae344b01d36026f3d66108148954a910754acdefe744b39b3a
-
Filesize
224B
MD5c87dd9a5d0cc3a3efb1ef3b7830ef4d0
SHA10580d54a3cdbb02f0e758179be73dcf7d904c18f
SHA256c28d54224def5bfbf7f202229b13ae63c5e72e2c0f9053cac2866b81e2f7c862
SHA51215272c696d1be2ef84a906daa8001689d86aca85bad85114ecb9651438f64bd863aa13092b69f7f1c1b34989dfaf6616f80fca58d3ac7358ea54e269af116913
-
Filesize
224B
MD5477341c9b951aba7c9a1b6ec111c993e
SHA1e052c12a1ad4508f5ca9fe13eb575f09f2ac0c2b
SHA25620d1d657e38fab0636fa692f91ef445db174c604c038f2f33d86c8f481cd1899
SHA512a145a7cce2a5a3ee0c5dd24b21d01b483b9db1a187805157abe1206db18f8600919bf4d1371ea80a44fd8f5de994c59fe30d22cf23c4f542d025c665437e0e7a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
224B
MD58bf130aa5ba0dff7472a017567f37da2
SHA1be72f0a183ea534bc64ec76f666183aa3557d7e0
SHA25653221ef6af6f1b67265f1ed5db9711efbc6dda734e44dcfc04c8c8e2b6350481
SHA51289b1b1858d5a3f90fbbc3f17a22719954af0eb5e5a5a17d5edfefa34a2246423042606dcf2412c74b9822c419e3f2f70143370835a941c2c51c7b486064752f5
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
224B
MD53cf3110e01bb9217679109f445a2d3bc
SHA14e2f07c587415484ce96f74b888d2a0aba389280
SHA256d55a1512a4f423a613ea92d3fe01f1ceb85efda80f8dc733142efd6e00ee5eac
SHA5122b4a9bc1a6d03974a06dbbb55d1d838150b4153dbaee02093408a0e7c6e081b26665d841094b7e60e22e00834ed77243db1fa7f3104715b4c5e0e55a93f5168b
-
Filesize
224B
MD577921b8f1b6e11e162e32771ae0caad4
SHA14cddf90210383de593e32a1e76d9ab7a7f3b056b
SHA2565d42a298c7d541d743c3ded5513b8c93a143e1c4093b2f1ec770d69245fcd3f6
SHA512c977ee9f6fbc07ed9f7b8cf05a863da7eb76d5d0622ab2a675402461188a9e359b831e4fff5d92325f746d6c497fea9b84e433cabf261bffbe0989b080f75044
-
Filesize
224B
MD53976d9d478791ce5443eaa2923967921
SHA1d10c3b2455735e2128d4b7e054366702032c0638
SHA2566c162d99c9c389544af4df99b2dae5e4a464003d04a15e5a320083194eef5fb7
SHA512f35d792c92f7bb6fedd50d5962cc2acefe43fb05c00080b08240da5ab703f0576e608cd43a82e63576b17a140cb1424712edc86c22597fe24bed56c2fd20c8ef
-
Filesize
224B
MD5d8b903aa0628398d200485c991f1a513
SHA1960b45060aa4ef1a7b73a3a252f30f52605ebf83
SHA2564a697233a433c77c2805025d39feb8c9db7d951f57193be23bc09f517eaefff5
SHA5126c301c7c9970bc3a35660f9b710f2956b700cb820f67330cc0d4bb6755834d8d06d27e01a103440f183b3e51abacff6c8f4851f3d394374913bdebeb67e7df20
-
Filesize
7KB
MD56ce58a3cc27e3078d41b93960bccb2c8
SHA1073796b1ab314143f72fb53889d596741d657a12
SHA2564b27d0fd00c2a52b472b99a23a30efa71f822e6fdfb536c56410e13a0a9f5380
SHA5121e9ebd0e348719c7ca5b5ee80374ea03df9e923a5f80289648e7a2cff18c1b768320c3bceb49f38fdb1d2e5afc526fc4ffd3a4755c2d96033aa0ec957a6dd62b
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
48KB