Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 09:32
General
-
Target
JaffaCakes118_a06ee1723dc0aa2b257b726285b2c22b5da68324e61de922c0c6227641f3f8f5.exe
-
Size
1.3MB
-
MD5
4ad809c14e6fe0754261e40918631bdd
-
SHA1
6906920b61fe65bace9f610eeefcf4121d257325
-
SHA256
a06ee1723dc0aa2b257b726285b2c22b5da68324e61de922c0c6227641f3f8f5
-
SHA512
3e907d35bb970b00a21bbcab2a9ab3987151078131434a0dfc86d3e6b33036411069bb31414492afafc66346aff632039a21e8f0c9bae62af6d4146e07c61ba6
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 15 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 8 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 15 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a06ee1723dc0aa2b257b726285b2c22b5da68324e61de922c0c6227641f3f8f5.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a06ee1723dc0aa2b257b726285b2c22b5da68324e61de922c0c6227641f3f8f5.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Microsoft\Media Player\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\f6a14ac2-8725-11ef-a9ab-dab21757c799\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Music\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Application Data\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VlbjwdcMOl.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\lHo4kC1bcD.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\NfeiSKMyn5.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\1F0LTC0kP2.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2pbp0wsTa1.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2zdeBu3xOP.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\YzNOjOTGFC.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Kq4mDwN7mD.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0LMDaVm4bI.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cYhs0sn2L6.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OZJpL0Zeaq.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\Recovery\f6a14ac2-8725-11ef-a9ab-dab21757c799\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Recovery\f6a14ac2-8725-11ef-a9ab-dab21757c799\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Recovery\f6a14ac2-8725-11ef-a9ab-dab21757c799\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Music\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Users\Public\Music\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Music\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5753f1cb3452dab8c28da78c410e41507
SHA124f3e17d998c767e7132c57403d072649d534c40
SHA2569bd616fb219b45c582e73f1335c147cb50aaeea73e06a1df44b67ba53e8672ba
SHA5124e506bb5777150d9cda4b49e7a7cb093d9e4482be31f2d1084ed4fc8896b4ff449043eaf3e11a597461efc0445aee9a3bfbb50f3ce66c734c6b14606632aea90
-
Filesize
342B
MD5b2fe498c7f0957915f8db97b9b568a2e
SHA122e4f9686c8027b810fb27a03c76f6f6196b30ea
SHA256571ef4dd50691524ea62b0e837c212b28edffe6e090893e53a9e02e2a516814e
SHA512917dc872101825683b82dc51aa24efcfc754f9ef0ce48c62c95f47f1a6e1cd830c81e3c9ddce6aa413e3a8b73849f7f8d4cb43cb9435dd7d1d15df7963c2fb6a
-
Filesize
342B
MD55b8f06cdc5f94240351861a7677b1f39
SHA1c45e3e0f136de1adf67b31c30556b3272b6ff3b7
SHA25611070ff65893a1905589310bc1224d22a516fe6e8579484ddeaeb4ecb9a26780
SHA512bc09bf11c36c2cc6e2b466a0bcfcaa0ad33deb836760866a66c9e44354274dbba78516dd47fb39ab7244d0f33f79ad051f4fa64728b4e7ecbabb7707e5309fa5
-
Filesize
342B
MD52b599666b1f17ecb91c6ae8172f338b9
SHA15a7147b2c37d1893ea82283fde0c79506e194748
SHA256a90ac491d4410030945609277563be4c7b79442e5e373505c02ceba4b1207e65
SHA51293632d44e90261c20f17d95f20513b6cfb678b692e6dd20f7332c61eb42d3b217da2ecb1b40de1eea8799c33faa0fac14fbbbb35c989b142abf740d75c47453f
-
Filesize
342B
MD5dae0a46ab440b04ae4f40c49701b5c69
SHA12cdf27c62fb538ed2455222e2b18f763f2fbe0b9
SHA256baf07b971aee64655d384b78eb73acdaa9ac73781a373617017b87f432e2f2db
SHA512e4dedf4cf1f182abd1610e090553f1e0e71382d05fccb231a8335e06fe57e1a0f5754d152799fd06a3baf97df49776578dd79512cd98ba3065c8c40e0ebb4925
-
Filesize
342B
MD5521a690e2c9cd907af488007d0b906c5
SHA11aadb30e1cbe6d7e80cd40d42a727a6859009870
SHA25629def134a57a0f6f24fedf2b9fe32aedc59a03f1ead8e78e17a60599b4acdb97
SHA5121822cc40d7341d160c57510cb5c299e79811a9f6ae21c120a343173cf0f22212792ae732a5f519a7c97af39fa5bec11e21c291cd5510ce6a8daf9002aacb6135
-
Filesize
342B
MD5b9ff678c92159c8d365a526227d53c0a
SHA1be1273711c628da5e8f7e18b5d1fd6dd37cc1eef
SHA25646f0ed9e3d275693ee29114c25db41463a5b1a17a9667027bcb1786ade253ee0
SHA51227427ef52b71bd782660140b51fed1b0f792a75ad5c04bfaf672dd3f59c28459e08a4de82dfdf75180821215526befde9e69d611ce9930084bbc7afc848e27ea
-
Filesize
342B
MD5019a6b8c067a8b947474c242592ef251
SHA1d77107a9be851db5793249a62aade17eba84c113
SHA256cefe34043a9fc723f51287a00697bcfa530e4385b029393ed7ca3169e083070c
SHA512bd060077999586cd6bfb67a7844d72b5867cd9260145cf9f25d1c82537f6edcd0d881b3fbe5afd6d7bbdb9d926df028164426710e5d594e0cb0b4b07e0244619
-
Filesize
342B
MD50cf43ce93d91d8072d6fdea9ddf86f65
SHA198142cc77d5ed84ff6e598636501fd47ab9ddb6c
SHA256caa9af78a96479243283d799a5f5e3146eeb0c7f68b548ca82563a6e2eb4a7a3
SHA51213241609ce82dcb5c5b2f129214612dff70132ec1e78868e383a1d276a6e2af652d2e0505c5ce835986cb74da8bd2ea1c16516d2bb0860eb89e28e5317d72b7d
-
Filesize
342B
MD547acb01ec44e37357e725a0bf0f2b6e9
SHA1bd6954d2efc627a6b3707ae2e88bc64a201209a5
SHA2565a3058a6a74f9e761ada8c9ba49f8860c88aea6082f267d3da89efab1f86df76
SHA51228a76bcc8a327bde758a102c97f3ff18b32adb48aec80b6ba63803740cf11e60f34e330ca9e05d99eb822070f4611f9d0ae44d1e493a187bfece577d79ff022b
-
Filesize
212B
MD59670e4e73a00ace5710b15611cbc722d
SHA141023c3b609137070d9832fee035a68bffcd6fed
SHA2560c11055014f847d562ed70b97fb751ece1619982a94288e274de617f3e7d76c1
SHA5127d3e18ace45003d9c4c63658f65a98b68c1b9851de0569b1dde610c7551ca6934e79fd4a2f344eeea2bc1ffd7a939ca41621660deb381c2390fc7f17a62c1e0b
-
Filesize
212B
MD529f43936cc99370a4af708d3a3359df1
SHA141d819f2eeac519711586d26a0ac8fe3c0838f3b
SHA256c15bb0da7ce63735d1be008e7d54bdcdd218372b3a3c7923a471039c8bb95703
SHA512420c0fd00bf7478178e7abf21b4d7e5f76d3a4acbc6b8ee88c467e70972dcd7bc1c9555deaa96b3605aa8082a2edd8ad9133b0da5f2e2b265b89bd10203f0f8d
-
Filesize
212B
MD5335000d8a5ea088d4386b20dbf0fa980
SHA1565b4e237deb146af0859d327296de374933690b
SHA256d5f3c9e05eb3207b8c70be8c2f1a3ad8bcd5cab7cc1d72682cdf460a2a32e250
SHA512880dd2ac48d12e40680cc6af6f1bdc52c6ec3c6ceca369142c88ed0301a175bd0c5050004fdccab536f38ca9db9fe832d2162c540c773d404c13b225bb6bb7a0
-
Filesize
212B
MD590a908e285da8dd380cf6c8aeed911c8
SHA13939259b6afa7305e7e2d56413f451d9c617a3ef
SHA256be3e7e2d307a9fe6739db179e43d1da0060637d5915280e00686066c5df34f31
SHA51208eed9d75761763930192ee68f96b9d047f75f81a00329baacf1f6e6d21ca445ff7ede0943505323066d6a78ea95e125f311301df923b8631ecc9d431ce8e4c6
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
212B
MD566180ae7febd8b900b9f19c7bb68b3ca
SHA15f3f221082572402590da74a2b877ceb15f13f59
SHA2561676a4d42b064d05e3dc414c2d1757302e850c472681943b7c679b730939b9ff
SHA512c55691a6dba4a73955891a4fce97da1ba0b37aaec45ac70cdbb854c51bdfbddaf7760644237db376b13f0297791d918e229976ed452b50f6cceee98065ad067b
-
Filesize
212B
MD5b6869b595d3a828e676983261e7a0787
SHA1c81451b40a71eafd0aa7bfd9fefcc266df70e3eb
SHA2569d6d561cb2e282ceb84ca0301d8803cf47dda1862643ffa815cff4392d0a6f75
SHA5122489ea78277725e79b7a18b40de48260f71dd772fc7ca29fc720e0b588c964e66e74241a386d562708f68380183b21ca8f1efcfd94867ff5b99093da0444dd62
-
Filesize
212B
MD5fe9d10db04c57bb5a2d2b55db96d0b17
SHA1432c2c358dad072b01dc4992a1873a6091e7d872
SHA2562c4f64f8f4d98413ee3769e2a88da778a3e6b33541f2f571d5c2ff4ae5bd0e09
SHA51248873e922412496c273976714d922877a04f6274fc1f83bfd1774c53924f1792466050b00448b781761dff7c6fac6b7f5fe79850387f569cf657afa44289bd9e
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
212B
MD55fcc01f95d4f1aa57c2e68e24ab935f2
SHA1dcada44fa35c5ff11cb630e1b1721524f29fa21f
SHA256518ebcf3ec43ad6825b1fefb0656340e888b531d419864555700fafeb280b9c8
SHA512a4c1e561c409727a446833eb0fc6321f9ac4c87c978b4290d09dec4f507f530dab53f0986571b9c9a8eaa0b95cde28816f8be9db5f0a26e328babfe6aabc14ce
-
Filesize
212B
MD547b1bdc0b953a35d1ebf3e18d8fd5ed2
SHA1721ae8cc16aa5a2a90f3817a07d7509535c39778
SHA2563c9cf686b422e01fb49de4489c0c52eb07050274577d4c1ef62ea9fd3a3f3049
SHA512b7a5df7862108be9873d92c019d81e8ff9e604fa1b8e0f04f346efc5d7bef5c4fd8aeb365904c62942751d1424785b8b1dbbd6289e60ae0eef8d0d6605158deb
-
Filesize
212B
MD5b12ee0ebf024623ca77af6bf693091f4
SHA11057a7c19576e2f8d5f2815f0731427427eaf599
SHA256e4ae9d6545079939aba3be3d22fd8d43babf9df0a16d156171eac20636921634
SHA512bfa82ae85daaa770b1d6b5bdb835d1699efa81cb3efddbc563341e248f21a62ab1ae963008569ac43bf8f136f869d5caba39765f6c1ea4ff7d383b7871340985
-
Filesize
212B
MD5560a2995412cae160c9810367534a81b
SHA17bcdac98e12979fb3675766fedcd6a8207618f7e
SHA256e43aac1edafd93afb642c91658acdfd9114f8894b231e31b5bac30701a24ff24
SHA51204c073ca8a495cf5d9cec8ff34b64da229c2a7e4d10e189a8debd2a244aa34541cd2df45185bc925ee3d9bab3fb67cacf810bed6b5c224a146508da184d6b690
-
Filesize
7KB
MD55a62d4665933e826a884de03a783806a
SHA10cbd14270e8da7b9cbff9463fc100d6c3047ddfb
SHA256102445268241ec925d7ad9b87f623665fb30462d6e4bcec2ff003b4835a81aef
SHA51258f6e609b22069101ecd32be58a4bb5b946b71c476334bbab273bb446ecd6ca2d9634892585011d6608c513f07a3f5dada760a478ceb1585a1a7f4ac99d2bcd6
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB