Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 07:56
General
-
Target
JaffaCakes118_fc19b16875cb5f43b3dd23c0a87985b5df834ced4dcfa6b88248b6f74bd3771a.exe
-
Size
1.3MB
-
MD5
982d9aeaabac897bd6f90c1a82c83315
-
SHA1
eee4e6e55ee9bef301db9483d2a74d1daf368464
-
SHA256
fc19b16875cb5f43b3dd23c0a87985b5df834ced4dcfa6b88248b6f74bd3771a
-
SHA512
19c5fe4a8d95647c62a65b457faf39b93b214bfc8b03ae930c613c13725fa7f4fb4e061607eb4bc2eff7b23c3ed99f7d71144ca14b83b31a28226b1bb8a7eda4
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 21 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
-
Drops file in Program Files directory 9 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 21 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc19b16875cb5f43b3dd23c0a87985b5df834ced4dcfa6b88248b6f74bd3771a.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc19b16875cb5f43b3dd23c0a87985b5df834ced4dcfa6b88248b6f74bd3771a.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Journal\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Google\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Panther\setup.exe\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Reference Assemblies\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tAV1Y7tqnp.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Wm5t4PlH1R.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fcYyv3mAUp.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4rzlnKig63.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\HHf3c4kdaf.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\T7KIMELUbd.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\zHC6P4FzNT.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EVfp7xrD4G.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\iOYCRAfa0D.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Reference Assemblies\explorer.exe"C:\Program Files (x86)\Reference Assemblies\explorer.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Journal\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files\Windows Journal\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Journal\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Program Files\Uninstall Information\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 11 /tr "'C:\Program Files\Uninstall Information\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\providercommon\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\providercommon\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 11 /tr "'C:\providercommon\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 6 /tr "'C:\Program Files\Google\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files\Google\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 12 /tr "'C:\Program Files\Google\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 6 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 9 /tr "'C:\Windows\Panther\setup.exe\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\Panther\setup.exe\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Windows\Panther\setup.exe\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Reference Assemblies\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files (x86)\Reference Assemblies\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Reference Assemblies\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5716b19f1ff44bd76c174298e66b7c05f
SHA12adf9c4f2e28cfb40fb0615946c5d7bdb7337bec
SHA2566c0fdeb85a804bba4a635dd15f77ca8581ce199870477fd58feea34419fe74fb
SHA512399d4990c4644e130d4a81000944cf2cd63c8701829c2d174b2037be0a93187bb9fb585c897df53b0a792c524692aa7064887de013a4af8c6aae136d98ce682f
-
Filesize
342B
MD5b3e39bda962032e9c306c0182e51277a
SHA154ac50119f07c6ca9790031f4d98261ac11a3828
SHA2560cb7f7c4ea65c0c540bd8e9d7ff7a6afc236cfc1c4e09b64c2c5f2fcd52d8af8
SHA51223b3add5b8ff484b37f899f7bdf4c618da02900a2f68358b00879c83b01596d9514c9fb78219acdc15d7c200ee3e07c7fd3701725c331ff725ada31ecd3692e8
-
Filesize
342B
MD59d61c58ffb76fa9a67c16d540b4d8e33
SHA14b6d03886c3fed06ee7804c0485d56afa6f4b5cc
SHA256882a162c89f2c596da8d72442f7f0e688e1c5ff566f690a9bd5bf0c58a521a20
SHA512b37831225b1b6aa8ce3a569e8fb6c09718e0aa8ba9ac41c80655840880f96ec727a0be06638664dc30a836a47c77e6e492795cdb08e0e1dbfce8c18675f2063f
-
Filesize
342B
MD59b8cffec1e14c8e9299859f1b3056ad5
SHA1128134938cba316c70494a1c15d03c9e1abea2e1
SHA256d9ef7f1f1f51ebc642a3b2bb062f2cda2627860cb48ac8d58272b65f961e514e
SHA5126567951c557307b688614e3fc94acffa6975b0c342a8ff46b8eadce8c4aaf07dd95e8049312759a5cd69ff8126517188422a9b69b0e14f9f53ee5440b4233043
-
Filesize
342B
MD5366ebdda0e6cc7b96b9c9e3e68726cd8
SHA1c85e87249c7ec82df4e00a4e14ca80229c886a17
SHA256318aef1840d4c1a062b2c08e6df0b73b10632c35936be448223762d93817fce4
SHA5124411f915ba51d2e9546ebb2fd3283f4a78cc789f1ac6e669d8649bc02e3ac56bc8a6ca7b83f8721ac91583a47038e598859c8386c2d44bdd9956069ac582d4e0
-
Filesize
342B
MD530cbba87a2f8225374744c094c9599fb
SHA10dc356eac6ae74cfd8a5c20a7c4eb2f645d718fc
SHA256c21c92cf79bfada3837c4e4dc5da90d1662e8e518bce9380f17ecd9f4da2ca49
SHA512a2dd2a5eca0904a8ffabe4a7e613dc483c738646fc290b6dcf43ac395c25e6b5c41483253a7c6651e301b68c4bc64dd9dc7747512915b13525fa5cef7f6b4695
-
Filesize
342B
MD5d82436d7d08fa969f0cfa3060cac4658
SHA16c8edc1590e7c2e93cc60f82904683f1f1f30797
SHA256ecf141b1cc7276bb8c7f9581187b1b88d11e8962f6b13871b61848924bd8ad17
SHA51282adbde925996c2e04ede6c2f3f862228d59b5a7b151303ae20bbfa53a683fbd7691a65a2328cb00289c2dba7f67a6d3d0daffa3f6c5bb40b5619e663ac82801
-
Filesize
221B
MD57fa4a11f607116fb5bee94d3bdc23980
SHA1f6bd5a86c2022e4c70fe6eaacdce492f8eefa9ac
SHA256e94777c650f32dd96f03030dc2d1a1adb36a7bcc00f238859f7dc10a09c1d35d
SHA512b278a33cc8d978146609d46a6ff9370ded37c8b62ac0b3f966fd737efb803b6636ca9f483c977ae23c716992f2446cec2b611ea6f4cad4b4af5ea032244d9f4b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
221B
MD529a77a2d97a0c6e2048f3d4d92e1e8c4
SHA17cbf590f2903cb7171c79a8ee867cd0e9a78cb9e
SHA2566d852fe6e929daea11dfa4bad9dafa3d4700e67de7c2b085943060ad1917c370
SHA51242bec11e757b41c8a7beb269cddf564ed1e012b3988876d221568e842921d3968c4759c0afbd72cc38e06a6e0f5f9f2c68aa9cb6249d562d5a955fb0380e482c
-
Filesize
221B
MD58a219aaf58a37f8512c52fb4897d2e6b
SHA14ad35231b3b237c82c581681930b947e5ebea10d
SHA25658c00101990ea74e0b78c6c80c55bd70f55b24451d2b203a5a89618650c3caaf
SHA5121c9698bf56a28a44af8f6f6d976c53d020b16ca39107ace64df346c05455a9ee0b72583a4d4365a5533e51969b0e8ce1c0f1493d67a4f7468171d6af0ab6cbe4
-
Filesize
221B
MD5ad7c5796767f9d7c5db647cf3bf865e3
SHA1a79030162e3061ee38d7eb880a2376712eacc265
SHA25667d6a6fc2c58ed8938b877580b6ccab13abe979189086200ab00c6e7fc074ab4
SHA51270753363a587ea7b3c24073ccd60472645de1b2eb7cee68c7902e1075e9bcc00015f4763cb678e9ef1a7f04e274c38ae7b158fb8e1ab028697dbfa7630986756
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
221B
MD55d1d291461478fd435917e246a462864
SHA16476796471fc45f6c14d56ffb9ce460283748e5e
SHA256dd329959a42353d87b6dfb6f861a32acc714a858a1f2d50ea3ef795e1338e67e
SHA5122b7da84e6c83a6a332b690502241ae1e7e660f5ed13f8c6d7f5993a1b93744d8527f2434bae803385ea0b9397beeef84b74a137c8a746055b2802d34a8ccf3cf
-
Filesize
221B
MD53057cc6d12fbed1576b325c6e5b32d5a
SHA161bc3bb842d2ef16923f9928fe1850e99bf1b6c6
SHA25670b8fbc9fe8e5fa8795da8d29c033e8e8b522df745c329827799a76fb4e6db6a
SHA512306c7bfe627ed2f87fae61d66c49b37658a0b9f74b1a2020e2ace482009221f2edc88dbb6615576df6747020545cd9754c5df9ea84da674f79d137b96239e190
-
Filesize
221B
MD545dc2bdc2087e2bf36a0be855d5e5ac8
SHA19baaaf85ffeb16d602ba4f7a5f6c111b4845dd27
SHA256ae0dbee78d383fd9e1842d7eca55722cf4dbe79c37baee6cb4f4b6707f22f5e7
SHA5125a18bfee2e6d14817228e4c250f53943b203ae1899382a634ea6b8e9ce4cf2cefd1f2678272b4d87a6f44c4145316e6ebd5a92e4ee590544f4dd2a46075088f6
-
Filesize
221B
MD5a1107fe234535b0adfee6b6a31a4b7e0
SHA19d214d7d8a30c482761a92039d68871f71da53a8
SHA2561aed581df16f33b2b60699f742687808e164e354acf445ad3a0c74aeb4cc28cb
SHA5120821d585154b9b35040549a50676ab5ffe100fd5801a7a3ae80efc502fa973804e4820128581c50da217c41e842da0f82a4598e5f5e64bac775e694c6a343c50
-
Filesize
221B
MD51db222a25685083bde8227bf32ca7c51
SHA1b8ded353eb9640d914aef964c798bc40cd0e945c
SHA256cc03203a67da3a6722d833acace48c51af13f6019d0a5b0b3fb1b2589e0844ef
SHA512e78d160bdf0966f40b01226223ff5231429a31d72aff2e08d4a2ecc67a45b0f0723346b4fcbed1411b5e428eead1e8e95dd08ad7c3cc4b6042e35c74aa203da0
-
Filesize
7KB
MD5232ed257088f3f74e8b3811fcd9e1676
SHA13c039ebd480de797bda6e5b46ce4a42a6e28ba1f
SHA256edfec21ec388fcbf7ecd7d351b85ecb525f79400f18dc1cb48d2459713fba8e4
SHA51275b5b2e23c69912a94440bea28b6ccb4d32516236dede1a542a0f218cd012a3be8745ae280cdee95d9d18cdb0a006e8ec4560ac75b15605adb4a3bfab29de530
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB