Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 08:46
General
-
Target
JaffaCakes118_39bfac67e360cc1865c2253e39e40956357e8c932acc3677952816748be8cef0.exe
-
Size
1.3MB
-
MD5
8ffa5470289cd1bc91c354cfa7c5d444
-
SHA1
be1f97c326e6d933a41b43cd936347d52a905ef8
-
SHA256
39bfac67e360cc1865c2253e39e40956357e8c932acc3677952816748be8cef0
-
SHA512
dcd9c052713708ff77f2b050722c279eb49e9e9db3e0dee27e5ae9f6ee993ef07fb5fdc51a1c8e90ca9514b89cad0f66f25fd307e652ff5b832c4957a37753de
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 18 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 12 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39bfac67e360cc1865c2253e39e40956357e8c932acc3677952816748be8cef0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39bfac67e360cc1865c2253e39e40956357e8c932acc3677952816748be8cef0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\ServiceProfiles\NetworkService\Videos\WmiPrvSE.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\de-DE\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Downloaded Program Files\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OxVZsORhRP.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\FBiR4PpyYA.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\yJyIm7wr5G.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Zcl4dB2r8y.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nAABNdhKLs.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\D5faDLbbQ0.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\vXy3H03RZr.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QUR8LTwG0H.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\23CLvB8Ots.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\THL7XCWxQ1.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\Windows\ServiceProfiles\NetworkService\Videos\WmiPrvSE.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\ServiceProfiles\NetworkService\Videos\WmiPrvSE.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Windows\ServiceProfiles\NetworkService\Videos\WmiPrvSE.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 11 /tr "'C:\providercommon\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\providercommon\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\providercommon\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 8 /tr "'C:\Windows\de-DE\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Windows\de-DE\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 10 /tr "'C:\Windows\de-DE\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Windows\Downloaded Program Files\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\Downloaded Program Files\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 13 /tr "'C:\Windows\Downloaded Program Files\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5c8d8a081b9d4a917d14646ee1c2ae677
SHA12ad7c176b1fa5c16af779c9d1dca4944124fa1dc
SHA256241fe6897d8284fa13f098db7f3a0a02689bfd305223cac22fea008382c13f4d
SHA5129f14d8a8c865851fbde7af87429ee9504075734198d10b2e290442611163dd6c6bdc1e61d03bd67b3c77006570aebfe6634aaf18c533f3ddcfaeb591984cb0a5
-
Filesize
342B
MD50d56fc5c068c6bc3a464729a28dbde41
SHA1bd0455899d33c4d2540ed2594d5869d3da388a01
SHA2566eaa8b6ccf42e7d68301c05c1264fc8814453aec44f99761fb3081bb65c8f151
SHA512d1241937ed90215894df74ef122918327957fd7c7661988bcdc12c678c76f8eb43b783eba5c6d743c30027b8434ca776a7041ebd628ce3c2fa725b3b13ba87d9
-
Filesize
342B
MD53ac1d360deb0701c75cdc825083bb999
SHA1bd6f52f47fab577dbd6e85c0b1d281b6a90887b2
SHA256eca156d07480db610ceb3ff43b349e48e70f4700c7591cbd892950f9f6263e82
SHA51293aea94c492d3f7290ec552129148a9943053dd375dc37f232ca1c7d769536d92ddea97ecf57b8690ab113cde3dc600c8c7450eb7f43c1a89c88db0010a43562
-
Filesize
342B
MD50807e205706910d5a06832f5d37d8244
SHA1faf882bbf0addf322090cc9c2d015718230b6816
SHA256cfbe0ac73d0e1f61a7dc88aa046d1a08aacbbbdbcf2e4892e774610a90685d25
SHA5127e7181f3cbb194ace5635fe116af145b70d806375d6203bdda74592f66fe090fcc9b73ed4bb8a7a8013e261e6214451f6833a8be2f4a0baa472ae62fe0730aa9
-
Filesize
342B
MD5e830016112039f9acea3dbfc68d698d9
SHA1f1147e3dfb058318579b4d0664f7b50548bc7861
SHA256209a08daea41a480869b7ababe11e54188a375d7d492df424ddeead23317e71b
SHA512a13eaec9c916bf9558b2728dba6a3f548b84d699ac6cd64de40f09bf41f2b36d1898fcfbf71a7261b77950f3b18b12650d6c92370517f342df309de6f3ddb993
-
Filesize
342B
MD53078d440901734ef414832d8a48f4649
SHA107097c68e5f7a8f6c1d34f6f7af7a64e0e445294
SHA2568856fe5c5f917d64d8746cb59679499c3fa161663d07683912250f8a3c493c8a
SHA51254f082ebd3bef907ca53284ed353d1a9f0cfaf0e1f091dfd9de818af00d0a832ee420926f60baef1b5a0c747c4582b999a18746220a65110862e2f7a8d19e77d
-
Filesize
342B
MD525b8fcc1e11fb435362f65efd2cfde7a
SHA1f8feb1e31b8abb06934011a3cc9678b6bcb9fbd8
SHA2562c790a0b016e5a9a4954b72488a493b639d70d2ef58b0bf16b5b002be76bd712
SHA5126bee48f717f1ea12f1b5fa2174685197e6ef84b96965798464fbfca66e7ebd031fd49079ccc0cfedacee9a0694d29b23cc05758d08408950c07c985e5ca8a091
-
Filesize
342B
MD51cb54c1b9df380baaa712c1d33728e99
SHA1936e5d824bbe059a454bb834b9157ffa859ff095
SHA2564725fd93201ff62a31fec3aa6f3e57dac2ca68e9e40719403ac937fd50ffc718
SHA512f588aa39bc38fa2f3f01b72492345e1e30427fa3952be9d7807be2f9c26b1f99a33f89f6088668920e69a7d701315f97ccf2cf30e1aa646d3325de1f34971698
-
Filesize
342B
MD5ac890b14a5049db66886204a7b78de36
SHA1662f92ad66f73220ae547bfe4de53aada2fafbf4
SHA25648c02ca53379e213c17c70d66ac8ae64b007cb7fed85bb4b90eb354e63f9d825
SHA51212929c986a97740b389a3afd623b4f23a27f676060ab6696fb51f31ae08cb00e4c1abdf6acd25e61ed673be28440d2696242b4d96e3d8e515cd47295b3651e55
-
Filesize
239B
MD56b20e399e560d0a42a68a3fd873babfa
SHA196c1eda33f1f7e069543ba835ad4e2b37a3abd4b
SHA2562b772afc0847663067dc343241f6bcae4bda073c849a8a2c65610c1364c39f2f
SHA51287529b150551f538467044ae341bedba5486d63442b12f9daf6ed455f07447fb774cced2dd6dc666bdeccb5c8337e89a682419889ff48bd60a1c3af8c9a29ed9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
239B
MD533c6c476b7d128a82ad9ffc67ab2184b
SHA1a4ff96c55411dcd1fff08336f5eee60940a23141
SHA256552e918f45a0248134e0b9e81ba10071b0e57df4ada08c8ee504a0a72a0c5e23
SHA5126c4f9b8901bf8c046c94a61046a54542821b98b08bef83730b7ddf423da54f5681d73799a451c3b5c09536edff171eddfeb58b9cf18f5ea321121f984039a3d2
-
Filesize
239B
MD5b3404006771e3a5174454871915c3e30
SHA1233b28584de530757c6713720ce2d90ba7167c44
SHA256e1d3d6fd90cd11ef6b79894e3ea5114f48b1db8fa4b169a6bef7f4c41258b697
SHA51240ece4078e52a8bdca01fdcc4b6aa3ed4b027973af303da7331e5e77ca111e63003aefbd5c1013e72b7e1c190951c16928d4ec4dcfdb312c8bf4ece9a681005b
-
Filesize
239B
MD5086aca402ce6efb6236d470b9f6f046b
SHA175c8ea27a686837fe6e9cbd9b2e3dc1ed1f05c91
SHA2569baf049de4159058e1a1ec04028a6774b55f9e3e0c4d027b8f9dbcc6cb46e7cd
SHA51285e0a17abefa466684440b5873a67e79d750211b82af2b9de8c808b5108ca88e1490b446f5061cc9ae3580d73e4d8ed63ca6096605798f4c56e7b0a177e660cc
-
Filesize
239B
MD553a679ac5e82d94435ffdddf229e4f4b
SHA143e30f8a77d79ffba62cc05e25f32fc6d61606f3
SHA256e06670a846dd5f9bf818dfd93c57b5e3602e908c899f261ec478ae869933b210
SHA512249efb78bc9d0fe3540a5478d9880e9621381c41b56a2041160cd8f09ec5b07f5a1304495de05bd0b58359d1e66617c37c8ef8b5652ae1aaace2daa3f8ee212c
-
Filesize
239B
MD53422358d5f8d4e683852dd39d7d3fbf6
SHA10ee150153e499e0d0f2f7dbb2c11031e78a0729f
SHA2560f4708e6c74702d918cc1cfaf63f731911b88f618349d57362df708b51d7a562
SHA512827e622df5a78d48c97c9d0a04f55b21f84e3fad16787e6be653ede49dbb5354efba62fa2565fc18ca2268e1457d5d06341b9eca49ccc982149c439d79fc95bc
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
239B
MD5c16195825251f5254a5294bd7bd402a9
SHA185907aa78b341305c3bab97c8096c906cf648b05
SHA256d32a6e39a54bfacbd727f176cd7e720233584db31c174d108e1988b7efbd988b
SHA5125b394afd399f0aaace793662ba8413f1c91c28e152b638d3165b2ba07ca77c9f89327e67b916f54543f26d8c29c1bb83c46b043c376f4279ad4229b965fa199f
-
Filesize
239B
MD5a6731de6064e8d04b6585d5ad418d786
SHA1fecea171869b7951ee746fada7ae9354c0b97bb5
SHA256be80e8ab6372b32913e02e6acee897001ef1ea7bd116a8bf4f61e406a3fedb1e
SHA512ad8bc0eb49ea6d16965643db1f63ab8438bbf23571250bd2c996b33382555aa7db37c5d69a8510e7e8d59de10ffd45827752f82f9ee19c8dd00e3fb6439517fc
-
Filesize
239B
MD54cf9f9c5648053e49b2810fb3688c1f7
SHA18cfc8aa064e24b76f62106fa6f327d6367eb92ce
SHA25611c906e331b4592f7b8f7e7bac7ccbf76d4c1661740c79dbe8ee5fc09d98ae7f
SHA512e332ab2f821f9083f900e86246d817710266d1cb2721e5b15ad930024b831311659b17c011238172ef1f5798fdf43c35132157a3b495cc5ac88c158123d71361
-
Filesize
239B
MD586ad416108461a2ee85f8ee2f2ed48e5
SHA154121a88610e8b172ebdca9d9754fc0cde7a1935
SHA2569139fadb6f56b318fc5455c040bb36796412eff96575187baeb7e98e77764408
SHA512bd9d3a5ee33d4845cad13af8300ad08edc84232be670a0d36d0839e3834a6aa78c607007154d8c8de004af42b4d728d74216e959717d89cca214ceee68b15d5b
-
Filesize
7KB
MD592bc323c308d265110a23d943193fd7d
SHA138d74178c108739db8fe8f9a09a857e49ab16fd6
SHA2567f8421bcf51f46773cbf61a4381a19268fee38ecc98eaf598f485c9d93326188
SHA51252d68e346608a4e87d3956419dadf5716124a7ef590c18f5bfcceb35201754ae18547b41fe066c65dd761f68ec50b34a17c048557086cfaf499f384dcdc6f619
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB