Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 10:29
General
-
Target
JaffaCakes118_666afb8cc4ee6496e5744c377bee9c4cbca30f21eb876440098c7bc4da11aa32.exe
-
Size
1.3MB
-
MD5
6c0d043282efdf6d9b62f728609dda3e
-
SHA1
39a28a3e3eab844b85d4a65173bc6951a8ef2195
-
SHA256
666afb8cc4ee6496e5744c377bee9c4cbca30f21eb876440098c7bc4da11aa32
-
SHA512
c4bb14c6f3202763681ebebd65d7805a14576454525010d599194d9a9f72aa14b5a70db22dc974d5c7b5fee739984ad4da160607ca89332e83dd2e8606e3b797
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 15 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 15 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_666afb8cc4ee6496e5744c377bee9c4cbca30f21eb876440098c7bc4da11aa32.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_666afb8cc4ee6496e5744c377bee9c4cbca30f21eb876440098c7bc4da11aa32.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Microsoft\Media Player\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Music\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Application Data\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\q2cXKRfm9B.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\U1yQEvZAPO.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DXR1U0Y5m3.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BHs9KC1JDp.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\qO35UmqwIy.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ANE2RWndQ4.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\JDh6J9oWuS.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\15yWIDpGaf.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TfYr4aOzGb.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uq0hdwOOBc.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\MUFyTxLHSg.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
C:\Users\All Users\Application Data\audiodg.exe"C:\Users\All Users\Application Data\audiodg.exe"27⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\Microsoft\Media Player\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 10 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 9 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Music\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Users\Public\Music\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Music\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\Application Data\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5479baa170a1d8010d7e379d39dae249c
SHA1f0082890d6c355533a5a8ee3eed2a41d962c7c12
SHA2565f86be43306a6be1acbefb3674d083646a3ce13632a13a8a46c19c1f38154178
SHA512834e232945f17a1f91d103173d99a40cd9e4f9edd556f2d185cf3f0030bf31ce761f2d150f3ebefad356ef5c0e8a04a72a9c1001ead30e6049d1e4d5fa900f48
-
Filesize
342B
MD599f1f4880f5b81a9927876e4629bfea2
SHA17f9415a1b9efdfc184ea42f7695e0617572e48fa
SHA256389061f4fe9ee011b3f846c19102d46f8e1ad78409f24d229da09c705f8f16fa
SHA512c51151f201eb0c782925936bc8f4732da056a880e72d9e08c7c225ae353983a4f4d7d1340e03cd909f022541a0895746d8100e09b6de93d2305ff5419d1dd293
-
Filesize
342B
MD5136a048bb9cdbfe32601ae3542cfb4b4
SHA1f9ca71f899bc2c00beb053df0fbf3901d9467b92
SHA2562c2d6b3f996151617946af7cd35b414f31ed6ff4eccc33120db7927211310545
SHA5121c4957f8589e19932f581212fc0a836b061eca2acb4503d19a299732ada949790ccad8b665c0e0e4d4791a94854a7190e015f43b5a50cdfe135d789bf48b9beb
-
Filesize
342B
MD5525ab6a98bc1471413e896b1c3e07284
SHA1bb73544bc2d9d1d1e4a4e8602f70fa74ace87b28
SHA256301b30130f4711a10ade93e392838c5757b1ff348bf0953a1a87db0f4218afdf
SHA512e9cfa67ebadce69f517d8a72e568322632b0e96a067f83d24596a10be7908446eb9ea0bfc45748362fb401d755d48c234d8457a5e727c10774b4ba1efbfe02ed
-
Filesize
342B
MD5d50a92782360f10dc36c19203630c5ce
SHA17a5d97f74bcadebf26276c5d2da009bae95e987b
SHA2567c522d74948eb0cbee17f8c01f1af610cdcfc8a5ac6a62beaf00ecff3197389e
SHA5123d474c870012adca70c7a23e2abbf4841c021645437b479410037afde27df856162830fe90be79db413c577e58fc8f7d8e2f00505d656f6d335ba95f05b4656e
-
Filesize
342B
MD57dadea5340c0bd681f1b79f330feecc4
SHA19996deb314f7b402fa339eb045601432265f89be
SHA2565725fb7d8c3d3370eda1aae5e3292ab55f76cc3f3d47222a4a5b95dd55a15c7f
SHA512ebe2962768c5c7ea3219e727169c16419842618aa90b345c6c2d0fa3211e8c6e8ae35985fcd0fbe8f908abe2bc79e2a778c940f23fb3337bec3433b32a2fd9ae
-
Filesize
342B
MD50fb86661518697fe37c21823432c37ce
SHA16ccadcac1d779c5a745c1563ff8c3fd60081eb36
SHA2562526d758640a248a57b67e3aa64afb25c602c0eeb74f72f5609fcefa8b80b65d
SHA512601ed15833143bdc7b5135e32022aba13b48555a0f717a1fe1132867aa5d5c7171bbf03d75284bd31d872ca084c16587dce03c89feeddb75ae397e0dc432cfdd
-
Filesize
342B
MD5d4bbb296951bd9d30a6126609b3ca2a9
SHA1e253f456e006daddc9c2f5c254f254ec7a60d3dd
SHA256e2213801e87508dfd7eab8e897f00e2e0e93aa706b8d3fd82e036a03b9484b8a
SHA512d76366193cf14dd0153b5cb557b81daa50244a311afd8ae44be395dd14147560e9d3d1ad26dc8aeec723b2c7c81a89547140c6e445cad6b0525887bce28f4c3c
-
Filesize
342B
MD58069011fa7f59c6bc787220772d961d0
SHA1d549b5a2a44cf1e02ae419b1b65bcc89c1d8f166
SHA256966d59046f5e9ffe0738efaa6e51983fe79dbeac8b1c009b24c4e2437d61f07b
SHA51230df43c7a6d7d062fd918c7cc3175d3c7f75ebe15b8f9e907c570a44869b944b539849d610d7b16dfe82b0682fcca80b4f4408941d2135609bd73f4acfc5ee66
-
Filesize
342B
MD5a76aa0ee59f4da1d6a3f9033de087242
SHA1a577c8d9e251d78e82cb0447365b858383fc808a
SHA2564f84d712439fca698f0006c73d8e04c7a83e7673f9a58e4cb3d4da38d1236f48
SHA512c01eb0007d6088d8ec54225ed10d0f079607cae95b6df48cd4698e8bb67e4fffcaeab1661a78e436d5bd3115802ac2cdd6ea6d8c1a6fc6c11f2310cdaf411b22
-
Filesize
212B
MD5ace3a86a8af1532bfbe6dcc0527285aa
SHA129b9546805ebacf39fc7798979916bfa0e780189
SHA256f1255ca7f3e4b357bbd95b746a7d5e17922512d8c1cc55c559a8400fcd9e0304
SHA5122452f738c0c44ac77c56a3723d12239f7b070ff89f372f595b68cafb8a51be079c0b6b91aba66df0f113bd238e94f7d823368b23ff551b80749dd51410f453d7
-
Filesize
212B
MD574cff410b20bdd34afda6651e6b739e3
SHA17ba30630cf323f338eea7ca2f001ca50757f1fa5
SHA2565ba8fc042d9d7e30bab25d5e08f7a014ba2e2e88a2d701711f5f1d7750bd9e7c
SHA512b67698b0297724af0012ccbfa1e1b59565be23e3f200479b35f4931c6ceadcae093521b581d7f3aaa80bf0798259e8bc300244da979c2e7f92a31776a5cd1cc7
-
Filesize
212B
MD5dc0655481349f130193f26c092e39195
SHA1549b8af642c7de00b8d5a9ef8409a120191e4965
SHA256d0b17d0903af7137b0f67a43b610e666fda99f84b84c343240e8daaa95bebe56
SHA51275f9843b6315a9a97beca5a5154378acf2ef214ad2aba2157a20d275d6d03331b2f7aea6ab276268b930da38b3fcdbe07ad0e56f90e41133171be600dadd709e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
212B
MD56b759d4c356214ead159966239efc1c9
SHA1731d6fa276a68f82c49511b42dbb242150467173
SHA2563b8a6005a781150ecd757e38d9a6bf96af59df9910199acb96c42b03225cff9d
SHA512ec29ee50c49260ceb9ecf71a410420458481d082f8604bf5a974aa19e16f7fa96237346fff0faba97fc8d1873509e2c2dc842bdbbbbefa7fe0fd1b0d5c207d32
-
Filesize
212B
MD5fec119e0a9c0b0abf6a62da861169e96
SHA1f5f95f5504c85e78c9ea61ce1910701d71981bbb
SHA2566cd560ee4cb044c3809f67044206148e55aaf45a93609aaa0bde16dd14ccac6d
SHA512f5740de726cc617ca1b9d7b971316947a23d678fbee826292bf3c565e7039ea894b914ad1688041ecd089ac4c781e2d31731e8b374016302fec39c081469b719
-
Filesize
212B
MD53fdaa06164f66979f2b2c10fb4343de2
SHA110be64296ca51bef0fbf4575e5c956e2e5de8326
SHA2561cb323b88fd97b3941e3b43d374eddd3b4c1bac0fb81d63bcd89b47696b74e14
SHA512a87ff8a2593024a2619d65d4472cd4674ff5dfb85538ae08ea39e9499ea5a56d85d1c0b78f9729fc69924d2909dcde786f586db0fb54190a98a8484b18616573
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
212B
MD542ae23b969fd92316242f9c98f888779
SHA1cfdea259a83cfa749121f4750ce6b90db786b46e
SHA256008823822641a3fd11a9ebfebd0daef3380e4f4c2a9a4b4b14077bff4bbf0e31
SHA512eb3741935f3e093e40f11d8ae0be0af0deca4c7a2ea067c9846dadfc9d22dffb2caf5938457f7e47e503d150f88b9e22e3157f3ea347e5b33023132555507e73
-
Filesize
212B
MD50cd33b3107857eb16d29412cf1ccb8ea
SHA10517119a0a54a7147c1642f0bddb53202461bac3
SHA25652323542d9a4f2a9d4700e9655c8dcd20adb4fadb622dd652a49974321d23d9b
SHA5127b9ebfc937ecb0943d3d17e7dceeb2c431521a28421936f6bb23e2a7b0b531551d5dd85d4c378ad5b516dbf1ea81cb0d1193b2e46c719968810b7f8c5e7acdd3
-
Filesize
212B
MD5602114f43cc24c5f407e9a44a22829bf
SHA1c1c95b1aee616f908a5f2d16f21032e29cd3967f
SHA256ac5fdb121a41cafcebe4cc23025bc17941469b97a588117939d492f5f05dcd8c
SHA51215cbade712dff1a788c5e200b0d5bfcef747c627c5e0108a238d2a4cf325169df482bff397ffff255445be03abce9cf8651f5ae6452a7ee8ee39f6b8b04926bf
-
Filesize
212B
MD5fd15d5de2498aa997dfc401cf6e0d601
SHA187fbf667cbc2e079aff662332d8403b5a3fa7a54
SHA25601f6f33629f009a1be91962ffc0fe3d81609667e238ca7bd41af4f29543e8677
SHA51209cbaa1952724710ecf65e97ff1d77e3e606596900e0873c72abc286ccb2b7f31191d99ce1b53fddd0c0ea4dca3535edb42128f31380703486458f1bb3b4d6a7
-
Filesize
212B
MD57ae5e2e208e1a84d673c1a1f16e6f17f
SHA12d8ce8339cef17bff29cf9b744f7484b9babc92b
SHA25601996aa986b01adbdb602072e4d21586bc016446652186f7c8d993559f697c63
SHA5120a218eadea26b0fd995b57d8778e3e697f5da7aea6e9542255bdc26d790deebe0bea800f97aa26cbe6ba6a237824b38d51b7b7bac5f553a9d9338d07c53f2e78
-
Filesize
7KB
MD564fd38fe50c2887737aa20bde576010f
SHA19454254b9ce27ba18d840f91d19ca14184eb0bb1
SHA256ee839108d285730f792749ecc73ec35fbbec92f44aa0f89c1e220895aca8a579
SHA51289cd69e6f4d29b091194558764ac44f7701fa875ebe961b64eb1cb88ab625aa3d64082ab8b4828d405a6afe951dc70b2fe81f455e1834fc861848c28c23572b2
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB