Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
22-12-2024 07:57
General
-
Target
JaffaCakes118_f619b07d1ce21c013348c29f821c09002b4df750a0baccbe2cb56e12a4c9d79c.exe
-
Size
1.3MB
-
MD5
4432848bd90135ee5ce57a5811dd241b
-
SHA1
2f400fa80dc4e09a17826dfeb7a2da44010cb028
-
SHA256
f619b07d1ce21c013348c29f821c09002b4df750a0baccbe2cb56e12a4c9d79c
-
SHA512
ecb933341aabfe43db1c7605f211a0871e38322917a0c62fc637b5bfbcc2ed48f2a84f71f2268d384b1ce3d17723d5364659a0011234205df9ff4533a1969a87
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 7 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f619b07d1ce21c013348c29f821c09002b4df750a0baccbe2cb56e12a4c9d79c.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f619b07d1ce21c013348c29f821c09002b4df750a0baccbe2cb56e12a4c9d79c.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\DigitalLocker\en-US\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office\Office14\1033\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Google\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Branding\ShellBrd\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2HSHvWBDJL.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\kQw8FYVnXF.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\A1nTHBcTHH.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\srJhtCwLGi.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\yyRUJOSyqo.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\8Usvo58uhQ.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0x9T38u1li.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\muCkezbCVz.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\HEz7ZQMTyX.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CPbxFudqw6.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 10 /tr "'C:\Windows\DigitalLocker\en-US\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Windows\DigitalLocker\en-US\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 11 /tr "'C:\Windows\DigitalLocker\en-US\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office\Office14\1033\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office\Office14\1033\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 10 /tr "'C:\Program Files\Microsoft Office\Office14\1033\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Google\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 7 /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 6 /tr "'C:\Recovery\3a99bb82-4e15-11ef-8354-cae67966b5f6\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Windows\TAPI\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Windows\TAPI\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Windows\TAPI\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD525983cf96f4e11234563604175d66410
SHA1a4bedd7fdb395e04a3db0685d909bc8b69bf511c
SHA2561beb8c88bc3b667c0655efb256b0693ecea4220fe5e8a84c5d310639655177d6
SHA5124d213ff83b0d3d4680bc8628f2d20c6baea0ea17f918254ac236ab4ab5d4f33e8988bb49808a8206c276050f0561241bf70b5cd4fae96ebc2e3c1da9bee47acb
-
Filesize
342B
MD569b8c4491704d1121a055b65b199bb9a
SHA168117003cb21d757df0bff5321e344c9bab91e1b
SHA25688721337aa8871d859b8a79dd8ed9c349d3da65004c8e8a2b27ea0c57493373c
SHA512a67aa3c0e62d6941a825622983bd8df608546bcfbcd493bb4afbb400ed9b39dd051e550c9d9a3494e80d7688c6b08507e32341a42c7f6fcdd0ea005cbeeb042e
-
Filesize
342B
MD58e77e71847d4415e2c743e8ca2393ab1
SHA13ad682ea70358b75f6c1d92eecdd5252f424401f
SHA2568e6cba705b4f10ceb29d24ab9eb273738132eda3bc4db5a455187b94017a0dbf
SHA512c9d1ccd00c611d7ba91bbc67fe4cf0b2ce6638ef9f97bbec9e755e53a176fc9435e8d25c81008b55f35ddc1a73be506342b408a9070f9f02c3db8844e7e414dd
-
Filesize
342B
MD5986a09a90954ae243c257110eb6dfee8
SHA1d1bd1709e3c9691d0ef213524d3263bad7ca5c43
SHA256cda24cd30b49c43558830de6ce0b82ea7181299b1eeb9f30b2e1c7dc12439afb
SHA5123be94d4e18e1832aa41cf4ece7291fcaeda645d1e04d1781b0de6d03bcae6dce12743c4906f4eaed23512c0bffabf125cccb08996f21b67cfc1706f8608af127
-
Filesize
342B
MD5564bc377e100716ba89be1fc42398156
SHA153f2c01388d8239271c68446aa714913d9d71b8e
SHA256bb58355e185e92d6b8b5acb93349ffc7f473ce0ae64eb2c24e39e66c25b47e0b
SHA5128a2b279ea3b667ec7a2bbcb00819ca3221d41e46fc76ce410431625f8c19418865e6bec0ece8742dbcf911eaf3b141c55487642730c980b5d640c557c63429d3
-
Filesize
342B
MD545d8bb74a1350a179aa68bff9d1e22ac
SHA1feac7fd5d5fc535e507411167c1d804e4f95d487
SHA2567e0fb548bc1f7db691f33005f8063553efe2e95f02418bd5708c1784e90e21d6
SHA51293fae17a031b73d5656e7d5f81f9f849c952bb8de84058924fd4ce96228c102ecd96c50d077aa4392609811e448930d1623f855a836a42cb0714e6c2c713370a
-
Filesize
342B
MD596559de3a2c3f35aa1d784bf091af9ff
SHA142b6fed62f294d71820eb330c457bc3111f6663e
SHA2567e18070dd4b4d33ede820bdaf07e081d9cd5a1d0fed54929b506d16c4a86d1c2
SHA5121eb4e278154438134ae7ded1931ea4431e4fdc452f9d4d2c51eddace961c2306c32e479765124668bc8012fcc83850333d896119e4883f88dad8de5cb128435a
-
Filesize
342B
MD562a1a7ff4ded6d472c567677947c1021
SHA1ec65f30b27b09e44a11e33edf844f4e051719af6
SHA2565a013b21d6b58b586ebb35153a22d4ffadc693778d5f4abb72db86f5d84edd5b
SHA51229d5bb9bd10e7e33d5e58fefa79724a7b0f90c4da5f9cbc23e83132f7098ebe64a9e5c90a3846c79e684320f16db330c8fe39a05f17287bb0f20f3b774567b82
-
Filesize
224B
MD56b19ced9e1f1d897eb6a7c68411ded4f
SHA1a22de5d01ce010506c4fd5649ae3e8cbea029432
SHA2566433265d459fcf63aaf39acfb6d70154cb3a5481b8ecce100b6fa01676ca15cb
SHA512fd6bfeeabaf0230663b776d133c8a31ca0d1d5d01a132fa93b451c90420e1360678a2dde6ee59f9363f374e9ab87207ca2d0218acdd2536987cf5b4a5b727b1f
-
Filesize
224B
MD5f92aa973d2c055aba48d1ccf69781a91
SHA10b8ad561c44c7d674b175541e932d53a2d864a7a
SHA256dc51d933d94dddadf6ed8caab96296c96c26a17cd48575ba59ca5bf83e600d0f
SHA512c213051e09987cb3062b5cd28536386c22b559d373fae55b2e191e6dd435c9e8badc1389982523c21f5e6c6979dbbb71bc98b19d8a1ef26cab3294f96c497f94
-
Filesize
224B
MD51a733b4b0a668bd2deb70546d119d75c
SHA1da121589a3fec66306ad5b4834a5b12159d86934
SHA2565a57ae75a31dbe31b2f28e956bf27de6cfd1ab8b2d9c92e42c50f2e53a05ff30
SHA51296cdf9b83e006df33418d3a897d579d2ce2dd695fcda1691e8e1cf1f4eb11f653075b70e93806dd64f5e20dda16756a033e2cbd01c8197db2ad92613db442ccc
-
Filesize
224B
MD5bde0900bb0376da42cf8298b8b1c3b6b
SHA147729b10843de6b999bfdfbdc4ad1be8d0f83e40
SHA25611d6fe4be88afc113ef2dfd5cdcf6a4807fb397ac7388a58a1f3e5c81f0b83b5
SHA5122a443daed133d81f404415f618e3311f9ba4a8cef8ba2df15b492e7530613534c15c0c3342481ff9f8e8bc3647f583901ff07dc2012f8a68b875b4d2e3b3c87b
-
Filesize
224B
MD5cc9291b4f7f3240d3068a788ae7e3c31
SHA1dc7575090b9806e4649d5ef3bc85739a05fb298c
SHA2567930776bf60b3c804678fe2279d8f5b1cb9201da4fdc03e1abacd55f63023ea4
SHA512d3903bee1f5787f71d1576d56c4ed10225d3eeeff6fac6dc3470a7fe375a93ed1f34917a18dbc655f3a432a2d811c62e937538f561a48fd2ea8991c5450ac914
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
224B
MD5fb240df96b4833cb7335236df7634e9b
SHA1b26f71331a85f099824124a1583b78849f715108
SHA25636de5fb0fa31e6c9c6c3327a175799caa5fc209412dd05fdafa5dcaa08f3b7c1
SHA5123e345b19a498312b23708a3132535fa4774871d43333b997d4bf4b971b48baabae18757be750b4029b1c3db6adb54d1f30a97fef7b68ce299904231141af491a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
224B
MD5c0442b6ce6651dfb5e1a1f3f2bc3f151
SHA1a6c77323ea8d03c7e0b69c6788213f48c0669919
SHA256cc0a41a2591ef129dd4e6b27f50cfc4aa4325da085864647f50e06b61a9dbc17
SHA5125ebb27d7cbb750630f1251a833e519da2d757a5cc969d23f58d23a25f5c02a3688a06e8c771bfb87db589dfcd254a16eb02063aa3d4e3333b8550979c5441f93
-
Filesize
224B
MD5132e9158548565110bc825a7994210a1
SHA10dc6e8ec494c66e736b1da202486570122ae4311
SHA256276407143292cee81bfbda05ebfe51c84e67563be2cc715e31d038dc6fd1d0fc
SHA51274ecac4e3d9d84378a32537601b267bf4c2648b7e3d7c91099acb2b0fb7c7e42c00ce9f6736d9a90b1a57a81662c8e3c9d249909e7371f7b8e6c9ba1f68b58bb
-
Filesize
224B
MD5fb36ab07f64a09d4f8f918a5b40ef8c7
SHA18566b2e1f6e9d481d73fe7bc3e90b4a6fdc0b1a1
SHA2569659ca3e3477738d371dd9af41f4b2ca5002495ed5c4de4fe13e36288f77db77
SHA51265944551b9a2789e7b9904929cf818455e9482e474dc36ea5849787eeada4851f5b55ae7d60cb5b5ba799794827534d7b1cad9de2d0736bce3a20691526d60f8
-
Filesize
224B
MD5335d5602c5921749f84f55e752dba887
SHA14d89dd1bfd817427f20a756c4ac7263cc2b5df38
SHA256405341a29192fccc8f45d6708d41dbdbb6058dfe5e4f10c660c527e9830276c3
SHA51245e6876469346bcda01838ea6a8b966340a827e0e78ab14f966e47b2ac2a14e89d81b4edeecc7f905d0fb8e1c5d06d7475e06148ebe7841c44f340bb6ab279ca
-
Filesize
7KB
MD50dc9a34297eba6cbb317f5bf44756bf7
SHA16052d2d86e0d71bf28efecffc8a79de1258fcae4
SHA256adb6f5dddd51db88503f661f73b43e1738a5abd5665978825502ecd9c77f3357
SHA512b8fae686a655fa0d6922e3f96c16df7e4f592ff1901ad7c2ba52d99b069b3592ef46b184b199608f80ba68b98c576e47354a13a9f0b4b5ad74932ded9775eb2b
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB