Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 18:50
General
-
Target
JaffaCakes118_f1c6ac525be349e111b668fac6fa90458cc3b7db0549b54d87837cd396d1adce.exe
-
Size
1.3MB
-
MD5
fd9aa1eb485121846732067f4cdd0bc5
-
SHA1
a7a4ed018767a96f084fd838311a5d47d45927ee
-
SHA256
f1c6ac525be349e111b668fac6fa90458cc3b7db0549b54d87837cd396d1adce
-
SHA512
48a82c9c7333e305634db26afc5d45127d60e1ba1f8945d3ded614bd947b3ccaabcfec60c57537fd0dfbbd3002eb00fe31f51a7ac3030ea35001cb52b66eeef4
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 21 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 11 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 21 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f1c6ac525be349e111b668fac6fa90458cc3b7db0549b54d87837cd396d1adce.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f1c6ac525be349e111b668fac6fa90458cc3b7db0549b54d87837cd396d1adce.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\inf\wsearchidxpi\wininit.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Microsoft\Assistance\Client\1.0\fr-FR\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\PCHEALTH\ERRORREP\QHEADLES\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Prefetch\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Google\CrashReports\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\J4Xd3ofT6n.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\mMyBvdYgq2.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TK13bru719.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ZmgdUlucqh.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CooinIVsng.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\mWzz7cjAeP.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\paq62miIo8.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fELEOgu8eF.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Urxb3wPgb0.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QqrgVo7Q94.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Windows\inf\wsearchidxpi\wininit.exe"C:\Windows\inf\wsearchidxpi\wininit.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\eXOrkcF5G0.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Windows\inf\wsearchidxpi\wininit.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Windows\inf\wsearchidxpi\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\Windows\inf\wsearchidxpi\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Microsoft\Assistance\Client\1.0\fr-FR\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft\Assistance\Client\1.0\fr-FR\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Microsoft\Assistance\Client\1.0\fr-FR\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 8 /tr "'C:\Windows\PCHEALTH\ERRORREP\QHEADLES\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\PCHEALTH\ERRORREP\QHEADLES\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 10 /tr "'C:\Windows\PCHEALTH\ERRORREP\QHEADLES\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Office\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 12 /tr "'C:\Program Files\Microsoft Office\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 12 /tr "'C:\Windows\Prefetch\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Windows\Prefetch\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Windows\Prefetch\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Google\CrashReports\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\CrashReports\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Google\CrashReports\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD529f12b49fd0a8c6e3916b7edbe19f4f4
SHA17d6a82c32a3ab0b1b20cc6c21ab3eb35d51d7c0d
SHA256f9b5fa95dfda0000bc5460b0043aafba88c49b5047d092c4a1154f9e52260d73
SHA512e854dad0477bf0e71c6a40e54bde4d5af961a8d586cb0cfdb9536921492eb935502b1076069435b5b882ea2d72fcaa378b61346d909b9697e04c7ea32c185e51
-
Filesize
342B
MD544d3a1b24ec267e73dad02a7e31d0a14
SHA1ca37888e46b91a88bf0a3e20f1b70a2aaa13fc75
SHA256afb2003ec8c22564ec7ef44488393ad24aff70d24431b77c86bc9bf09bc8ff12
SHA512f4306d8044e6e52476e0c95edec537208bee18df8df5b60d155415ca811b329d08ff534455bcf137eb9fba3ae957856a41d0c6bcddb3fb929ec50d6ca456c576
-
Filesize
342B
MD589dcb3ffc02f86870b98b7ff8f191e2f
SHA10cfaf223ac2606e1618d4a4d4c455a4417f082ad
SHA256e3239ddd150f2676b1819b33b185ff81e86bdfe0358331cc5ab5c6d354cf5904
SHA512fc9336c5439886152cdf616e031b0ddaf9ce4310b119342d4fcdd0af30b4a0b7aa2f79004933d7acd2d60a0975931e1b82a9a700437bbac66b45a6b90189edcb
-
Filesize
342B
MD5743f0250042ca412f7e12e1275661abb
SHA17bfc807aae77d3bbb8eb4cd97a4c9daa7ac398be
SHA256b7dd59818af4d9bfb14fdaef96c29f99d31322ee93cd6582ed468b66c965cc6e
SHA512c5a51c2370fdd484cf0cffecbe29e13a63a75ba3283485dc5379e62b6c1a37368681100d0710320b030713dc91e4b0b66b119037ad85bf38f4ed6ead2b9c9628
-
Filesize
342B
MD54122a26008f4a3771d968e7aca3b960e
SHA1083476a686dbc55a69f39c5bcfb89714471f6587
SHA25690583945bddc72010a0f2f11aff0b90ba85ce6e15d38f6647e2655d9c6652535
SHA512f8f48047c21606afbf4d29ae75b29d4f17029edeab4de5403d764e8dbaf1273d27ebb24e8533bd2154cc030bed16861cabf268b925f33673efc296c0ac4cb1ce
-
Filesize
342B
MD52d9502ab27db4560b7ac90b972c7107c
SHA1a16aa3ea5416176f3da9773aa041db78a4507633
SHA2562aa7a34958d4c738a527d1ec87299a095991e6e703a8ac8d064bd8248d1da081
SHA512cd6ce9ddde2fd33eb7e2a2926b0407986c9b82b0313d74825a420241d5dcf5ebe69bc3c0b396d1afde67b8c473a6be791acab634b007e3b464b80988ac0127b7
-
Filesize
342B
MD51b9a93b91c8739baefaa5b0a4bdaf454
SHA187edf62f9ccc939f6c877484ee61994f614ac05f
SHA256c1da6b2291b9ec25cd6b88f71acc308b2d5a45293ffb54250f0b3f37791076c4
SHA512a8aef4c525135ce23da6338aa779f45522e3ebee5715485d51b790d90cd357713f745f27bd207441d6fe71a7bd0742679d99763d58c8e402942ed6dabc8515ed
-
Filesize
342B
MD59928b36ad318ffeeff8d34b526cc226a
SHA161acc235cc892f012223029d90ccc7416f603f99
SHA2563b063ee72e6b9b527715408b932e25566cd5257967a41db42d9bd46dfdbdd5f4
SHA512e20f980a31d553755dfc7c89483a330eb4d8dc5cd4ddfd1d6509d556760f13ab80b45133145dde847f205d87203ce9eb1d151f50b0d6d0e2b1c8dcb3da6efca0
-
Filesize
342B
MD57c3f176336cf079bcbbdda5f6fbf497c
SHA1324acc2a98fd3eff09be90b9b4c90cd716f1b626
SHA256e1a08d21a35fb619f4e5a65555894bbb772b2c4d7428ea29f646964d7b4e7274
SHA5126b7e31765824f9ffb14bee1956edc7be8fd8b272f7f66ae17507bb33b15758ba716a5d4de5b66c0a02400dc8fa897c98f72568975cbed37db59497108f896d8c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
204B
MD54cf7faec918c44c1693ddcabf88372ef
SHA17aeff8270a436266dc3107f15d3427413215d9b6
SHA25687fce5b9cd67e8641ffb468b4015ef6696320748c681e6466e0ed1967c63e917
SHA512d5c474c6c1e374b895e959850a2eaa03f72867b0b3ffd3ee33d23e059b034468ccdf4580af31928fd4a4d6e0fd1e91a1fb6aa3e9442d8425c6b4da6ba9596851
-
Filesize
204B
MD56c13039597d94a033336d08d21ccc639
SHA18214356b2f5dec643b460d510d7b79d6e2b58222
SHA25645d517ad00ea56dcab2cb3d598bb0f5dea69e4d4fd7196dc62938a63bcde2770
SHA51289cb086eb96bf916d46663b6e4299a0a3b8053df0adcdf901a4b6b043affc61ebb3d0a85e8f828d17ff239e4b27840fe45ac1031b91906b492981f919d0eebfd
-
Filesize
204B
MD5a3f8e8d8a0f6cc32b9b65671b3935206
SHA1a14f100a39632dbf83097b4f7e14b3bdf89cc095
SHA2565c939e593e99b0ed2c6f6954dac1e09a9eb31cc1b2b9f99f20b958987538f5de
SHA5127218767c6498518349f03fb516d2ba2acde189b5e51f340ff9da816a07aaba424da614223c1fa8cd4d1f11ebc4ef9af7f57e8920f5a549253d9f8f61767558d1
-
Filesize
204B
MD50fe5e4550d47cbbadcfe13d65554465e
SHA1500e61ced360a05ef0923dc6395428b150424aee
SHA2560a16672bae3caac1d18b1ff4e06ed789db1c0f8e720e4b17842685948cd065b9
SHA512fa7c0d5d85dcab0fe1455d3cbf2f88b450b867fac8c46fea968103b951f626babe0f1652bb34badbded7f19569a3c78cab1fcdc7a030c0382dc1ec128adc2136
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
204B
MD5bb179319a9a90860c666e386eca3ee32
SHA139f987af4e9e94fa611d8d90f49b2ab7dc8af283
SHA25620fb4a8eb29ca3838442d69b6bb4644bae41c48fabf145910a44726cc1d3960f
SHA5122c320414f29bc6df1d82e7bfa4fba045fcde8526b0f7234f06bcc2f77a0da84eb2c772197766654f997efdcdffc4fca9eb04e7098b681006ce8f72fd44084bf1
-
Filesize
204B
MD5b6b4e9cc70c905dec7c92e2174cd8248
SHA1a7d651f4f4a40bc5b43118899d8b312e269c0aa3
SHA256e179b25a2e1323de8beeefe1ff04e6e15205c37c52236aaaf84d9860af908ef8
SHA512aee395add2b42ee3dd0f1f0a21653624765311dbf1783b207ee9e16b1ba2072f2583c3716501ce48234968a80226a69474a1d4cbfd2e0aaa6826c19f6c303722
-
Filesize
204B
MD5f914cdad17dec1ba90cb12bdb84f33b2
SHA1f1400902c36efd98b0cd462c6de1f105ceb34bfa
SHA2566fff931706329f3a267385adda45102c987ec71f39019563f21032579b5d2e3c
SHA5127a26c830bf59d24e1bab63c81b2723235d3560cb247dd00f955c7a109276b8da4014fec82cd387cf602fe3e68df4ebcceebf69aa5920dc48f40071f1a668999f
-
Filesize
204B
MD574331f7293371319e18c3b77ad5d3f45
SHA1f943ab4205698d22dfe6e739aed6e737ae04fcb1
SHA2562e7cae9e22a196dd15acf7aacea1a15b7c0d45a756ea071578ba2ffdc167aaba
SHA512a5bc33d392e7e999d68620afb376a2ae1eb72acac072d2ab54dac34a6c5b8907ea998060e40a89f41510c986124f2518a2e24abe5226f0f4eb0b95a70640e192
-
Filesize
204B
MD5b654cb03f87571eef8389b6cfd9cce81
SHA11d4b73667383ba395c3a9036f96421e3f4678266
SHA256a71c1522dc100a208805667fd339aa488a7b1e9c6b0c66df0e417a32acac7261
SHA5127492697f0741043e474cbeb6f562c5269ca63aedc713ad1f9fad78b816bb24653185939ba0e9a717a384637a60868b03a6c818c3348afa455db022776f16a853
-
Filesize
204B
MD5c0e9a2e0e78c7df8c546b4d1f335e70a
SHA11f7adabf1573bb811b02309fe7530ec4ecea95d6
SHA256a242b61bdd9e883e3880b80cbaa186badb1f8e1283f169ae1d060f0c8a250a5d
SHA512ee363b254f8b4ff82299ed3394577e177772213227a3cce9cbd547ad55b6a6bde068b77f54abd28c411ec4ae5aff3aaa614e6a54535608f82489ce7948afc8f7
-
Filesize
204B
MD509c5259970cca930aad499adb565d2f2
SHA1f05c8b9f884ca58e37eecbc72d16eb9915c3e34b
SHA2568eba49ea7b1614d2508cb7d6a9a1784bba04aca8463834e231dea5586c91ea14
SHA51278680e2da3f99106511529fa639467221f9a1999ecb68f62a096e2114d38defebf60a66e006282a5043cdd6266f047687bb4218b4fd1ed9f12f0294462795644
-
Filesize
7KB
MD506daffc7d9f81bea64c6a3be4e0880cc
SHA1e3aa3f0eca523b3aa7a7bd3db138c14109a90b62
SHA25657d86b914482641094764bd80a0a7b9846dfa3ff5513c551115bdcdbf3e02e53
SHA512923ef40f4965184a1c5967501d0377e45ff212b2db9633d17654ecec3f7e07b4dc3bbc596bef5f48421ac98d65446341ac20640a00a8ad6b4a415a72d1b112aa
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB