Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 20:28
General
-
Target
JaffaCakes118_2aaf3fde54fca9cad6ce9d40d970f379c6bb2ec6c9eed1f274b4582eeefa0589.exe
-
Size
1.3MB
-
MD5
62761844c75cd7db2880a05eb4def9ad
-
SHA1
e8de9903950db1afc90d27a2de6444a6f00ecb3d
-
SHA256
2aaf3fde54fca9cad6ce9d40d970f379c6bb2ec6c9eed1f274b4582eeefa0589
-
SHA512
a861d641432bbcfe4ce1b568268743ae1261fe97e2556e0a5c0c51c05787e46cb1a72d1f6cf65f6f624b2a50f70b81b4a0aaeda422f4255380322c5b7b36b7f0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 21 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 21 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2aaf3fde54fca9cad6ce9d40d970f379c6bb2ec6c9eed1f274b4582eeefa0589.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2aaf3fde54fca9cad6ce9d40d970f379c6bb2ec6c9eed1f274b4582eeefa0589.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\PolicyDefinitions\es-ES\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Journal\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\de-DE\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\N0YNXzopOX.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\38GCmEMl12.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cwtcXGf4Cf.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\d8IMWcflW5.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\a4RGbRhdNM.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LnIbptgF5R.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OyPKZ08zKl.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\gWC6ojzqIZ.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\DXR1U0Y5m3.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\q3WH03M43W.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files\Windows Journal\explorer.exe"C:\Program Files\Windows Journal\explorer.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\HGlJwS3LgK.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\All Users\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\providercommon\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\providercommon\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 5 /tr "'C:\providercommon\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 12 /tr "'C:\Windows\PolicyDefinitions\es-ES\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Windows\PolicyDefinitions\es-ES\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Windows\PolicyDefinitions\es-ES\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Journal\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Windows Journal\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Journal\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 11 /tr "'C:\Windows\de-DE\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Windows\de-DE\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 10 /tr "'C:\Windows\de-DE\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5eca8a97ae29777781b902a4ad0cf1ef6
SHA162308fff2d2137f545e434cfc572cae7b4f1e169
SHA25626033be985b46124ab09d27b0b66dfe9aa7480d87575bea06888f33a20077bc3
SHA51299ab6feb2440e0c88ca1292db1efce79b74c24b8f31f1026cb065c86331ecb6f8cbc4bcb6b6a42825768aa66bf6e83a0d87bb90f678914a01a476d4374493ea6
-
Filesize
342B
MD53a1364c284a989a7a294b97b22a9bc03
SHA156651408cdd6f4cfbdc8d2304132e20caa6a0a54
SHA256d3fcdbe85e9510b02be64d4a22a2a7d8338c717174ddbd00da5af39ea47750dd
SHA5121ab158e6b4902247ad25126b6554644484144d3c901f74334b00b3056b59908cf613c52801a48f152eb2c252628f80cef8e92a7ea2401a31e14862f83588737e
-
Filesize
342B
MD5445ad117b68989ec4b36424acae45cb5
SHA1cccad3192771cf2891110bc5f84b4ad93981e320
SHA2562e15d3c573757a8ca3e4eae30e40aa5ce9aed91922e7ef00f20b823cbbceba4a
SHA512aae07c818119ff20c8fcaf4688dd20628ee49be95adb43639d5ace671ebfff22392620f2468d38e283232d4e0841d1ef21ac152df713f4c20163e8921d48f94b
-
Filesize
342B
MD5ac29f6d677dc1f0cf0185bcbd09f1601
SHA1acdb977273ed8c66585dde2ea92eee756c5783cf
SHA2560e29a05632c61f4afbcdb9e15b8b68c254a71386e35bf8b9f1e5b388ee137b38
SHA51292945949a359327942f470234564082beffdba0ea31df68781308de7baa65d240474686aea8b64db14cd49bbba3228c04f3d2d654efecc902bb087779f6ae510
-
Filesize
342B
MD5d45031c68f1c60d58035045550b6c70f
SHA15c944e11ae1090370767a7a455c927f61aa22111
SHA25681a240ef2d49965c8945b04f4266b02ebd992f0926320f0aa0ed1a69139288c2
SHA512b83724231f21457502b6a459329c939fa11db0f953b97295c07114f152ab9e95fa367afda4144e126605abd61798d31c3d2d436c206e063b14eb9004e473a26e
-
Filesize
342B
MD5e1f304cb72f2072fbb3992ae5ec916d2
SHA139b0c149626a6d2b295d52e8b9625cf88f27a053
SHA25655bec0f5465004a3c53b138523f61dd03605f2f1ded8aa3428960cd426783eb6
SHA51224bbe2368a9d228a62aba79e470ec255fd0c4e9e2ee1904fc6beaf3ecbbfbebf2a7ef0efba8242dbc3f4c0505cbee51c005fd3a55111c4aa0b88cba8e6cb5553
-
Filesize
342B
MD54d8193fcb04ea928599243ebadc7d962
SHA111ee35fccdff4fae00e35b31523b0ba4a18a232a
SHA256ac7f4addaf6c43543ef3ff6612e5b5004cd55e78bdb958bc8243b7e959b4d08e
SHA51258703b482693697ded40a0ee2f7e634b045bbd2c20d52b6ea82218b16d6a08494f5ac339101e68dfeda49bbf686ba51f61cbd60fe2fd9f41f5c3eea6582e42c3
-
Filesize
342B
MD5cfba1a6ab72f870373ae2f8295a4e485
SHA1456bf38ca18bbbb3bc6d4ca31066e87dbc08df2b
SHA256c36d88f4056baa8e74b397e51bed0c40c96c93a2f8b63afcbe62e68b02e30003
SHA512e1250bfba25230ba0bbcc86097fa42e7dc3157e47ea8b4052ae92c5f50a854806b671d614df1e7fd1bdf3412421fe7dff06a04078c6ba4d84a9340c1f8bc6074
-
Filesize
342B
MD54a5b81a81792008539b5ef58e7eb93da
SHA102d1538e531b97644ec09ba0882f54c77d9a4549
SHA25633c0e10c6e09ef81a73c6c34aabafbf29de4e744c6fc05c7db997f8a5e63472c
SHA512a608b487263460f02d0988477ced6fea62f32cc955b06cee0671a352a46eefaed0a2a911b854f53f7e6c381e36ab310fa2ec02fce98f6742b4a566bb64578aca
-
Filesize
210B
MD5222ba98477636b3c4f729677274a82c1
SHA1514f2819e942837540a33df9d48338197a8aa1e2
SHA25697c96d7c736e8ac31d53fb8fbaf330ff697bbe115621abe448b70e865922cf6f
SHA512b0408ce9737b6c41b9b9aadc64dd8071f50e660832974979df5445c794a1490271c4c8a4f2c686ab63ff6daced85f10b90b557af2bbc93c6b4a04cf3bcd37b8e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
210B
MD52e9e04bef51c01b9506d971b81ebf9fa
SHA192e63472fded0a42dfb7d5810bdab37cfb9cc812
SHA256cfbb67d4dd95405edac9d0e8737a082f787ef92b94af272efadbc1f63bd06ce5
SHA5122838c0606a5a137ce05a9c58460484a9dbbc587dae7cd09ff16c33a4f7c7446530b3ed696121d89475aea7f5c4878c88086922c8f549e47873fb64a6ed5bca5f
-
Filesize
210B
MD5660a2382033307dad7c3601971b766e0
SHA10b93a5413e5007cf1c292ac4376c00197568ac0c
SHA256ce3677c538cb11998f460df8b77be57e3b52ef75b9f7a312644a37543fd981fb
SHA512b6e6f7dbe077169a295964c2ab0b0e704dced006fe69aac319679bb6852cee876b3337a0dc50866baa4c0632627f172bce6384471afcec70b89034df1831d423
-
Filesize
210B
MD5144fbe68b332ae7142ee79ff8c67fdf5
SHA1efcf0dd45679787fe668f79957b5947be4da9646
SHA2563b441d3d982df9b884e0c5e05d49c23c81e815f10d16fab809d9843387faefdd
SHA512f8237e9cc755e0c9d812fb60e2339bedf23b26b41d233b5fba83ebb3e6b39ef570a7e385419395f7b6e1ae981ca8cb98aa48cefb6c6fb68812acbc3f31704ffe
-
Filesize
210B
MD54c652581a635e54c27f4fd8f812e38c8
SHA138f5e37d6b270ec2a380d839b98c21b5a19dea78
SHA256cb7444e7585b37a107b96a765a8281aa32b2f7b3db386004b2e9f56f851790f8
SHA512c4a2279cef82a826fcc95eb13cd192d45b8670f698057445fb22177a9dc0053cdc665b3852e2ecadc3bc92e3bf0df5253c9825e34634241b32baeebba3d03f9d
-
Filesize
210B
MD58bda09e1a57709bd59967efdfc4fa697
SHA13ca6463fd7d13959c6c1fd8806efe57149ee9f21
SHA2566c4591612cd3cd347943e99fb5cfa83004198fa5ae86a32b4670a9860da4790a
SHA512d90d216212ca0d7f701e5f3c054d89aa46520e9e6da63d3c673ca6983ba9ec69bd26b3579c14fc7879007ae5a211d163e8c75efff4a3f9b9f58372986cd17bf8
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
210B
MD555d5733ffd7ee82d2c648eadbc87e42a
SHA139ee21a2ee561a7d90f1887a02e03f0a6696fe5c
SHA2561f2988f45cefd067a27d02034d2ecb354b34da89a337cf92eefe5377a836ca72
SHA5121820ae40d56be9be5b7855c1ae576420adc05734a44d4c913c5493bcbda4b431f861007e4ff8252d933bb9ca6f2278c3a22f35ff0a26fc4dbd6fe27607b4c664
-
Filesize
210B
MD54c931992a220e81f9e06d1de32db8319
SHA16f4ebda736812a7f6d431328d82f0094b7ffa67a
SHA25662516be28d890f1edb929a447a71334e46c9525f6b0c8c52102a6c8756473761
SHA5120db1aa687f993c2842edfd2628e63e023c60b1e208c4007a82a48e2de3f6b12a31dc54a5cb4a1783cfbd86b7fba65843e18a460044770a5ff6a4b80b0d7d3541
-
Filesize
210B
MD533b5b66d5aa8f91224df06da6d0b4f81
SHA15397d24baf1dee5864e48de192e997e6e12323b6
SHA25643d792d938204ef2b922385ac463b9141e57a6debea6e3251715fc7929846e2c
SHA51229b4a4b72ee3cf1762edc09d335370888a9a2a4b5b416fe3da49b675d3f236125a344ea15b39bbee2d59a53e393b14d1d781f02838021443918783192b2ad8c2
-
Filesize
210B
MD5eed119e59c32a4187c35280fbb9f950f
SHA1eb93646139fc617373c8662211b71dfdacd8cf1b
SHA2565c818bc81b007853ce9fdb049d1164f9e7a70516623a053fd99f603b2ee9e253
SHA512a5cfdd1eb4c5782b4b4779721e6a693b6bb1006630c11d73a118e895ab809dc343cf3912a35fc1b4860d5da66d91f7f9351cdd665778752ac1782490838f5ed5
-
Filesize
210B
MD58a01e5d6c3937e1cf31298822408f3f3
SHA1acd3a367b5badf0e0e1369af5553e8c335c5a7bc
SHA256e4b20267fffcc72b03cd54bc2f02884a53223bd339b03f231caaa4c1ca6b344e
SHA512351227c7a8e47dbd2fc8e9573587511c94f7e1441bc4eb449beaf47fe744d711443c5a7828fd433578c88915bae2f26fc6f5c45c1f2398233e2a0362fe780e2b
-
Filesize
7KB
MD5752df5f69173e93782741c322e901909
SHA14cfc71cd3fc4f400055c87a4cce4ad4cf879abff
SHA256d55e1d757cc6b6bb72d28464ec10f97f89a28762175aeb6f77e67d8397a93188
SHA512f759acd4d5e6637f39a2868f56c0599d4dd155982600bb2bc697680cff48abe2a131d97cb8eea7bca4d69fe3c4b8f5448242bfb18f2beae3721950961965f6d8
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
2.9MB