Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 20:48
General
-
Target
JaffaCakes118_c91f21622352ba61629030a62ae9fe55b26222eb4fdb8d300b8783c02b43a05b.exe
-
Size
1.3MB
-
MD5
f0d4b365ddb351b02f761d2fa85ad09d
-
SHA1
c8b246f3cafdc536d2231639ac08b6bb2bd5513b
-
SHA256
c91f21622352ba61629030a62ae9fe55b26222eb4fdb8d300b8783c02b43a05b
-
SHA512
2b8510de4ae41ccc1498bd1e076dcdff36ab5996e25e07d32901e9b8dac78d63060fb681002a38da620d832af56f2c970d31ee4df60cf85e1ed640ec21705d06
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 6 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c91f21622352ba61629030a62ae9fe55b26222eb4fdb8d300b8783c02b43a05b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c91f21622352ba61629030a62ae9fe55b26222eb4fdb8d300b8783c02b43a05b.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Common Files\Services\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\8t4fMT0wY0.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3IH1xDWFpP.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\NYP5fOsMgV.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VDNADHaqjn.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\RgqsKqwwLg.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Pi2dGiCBJ7.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\N7XO3McAFn.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Common Files\Services\conhost.exe"C:\Program Files\Common Files\Services\conhost.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tGPC7CVf0d.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 6 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\providercommon\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\providercommon\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\providercommon\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 12 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 5 /tr "'C:\Users\Admin\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Users\Admin\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 5 /tr "'C:\Users\Admin\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 8 /tr "'C:\Program Files\Common Files\Services\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Common Files\Services\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\Services\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 11 /tr "'C:\providercommon\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\providercommon\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 10 /tr "'C:\providercommon\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5556d666333be047e5cc95339147d08bb
SHA19530ea28a4a6458ba2cdbfb7fdc4e614607cf593
SHA2567dcb5512e8e90be47b209ca7487a596189b4f9c97a9557461db5bd1686751749
SHA512a9a26544445e4cfbe58eaef5e7c49844be33c9e4a980dafc7f0ee0fbdd508cbdcca101de92540f60ca89c8720c84c9fcf4692681ff2b75136a9ee49cf91a0468
-
Filesize
342B
MD520104f5b5fe0ff71c5d4e15d2f966fb4
SHA1b350e5f4ff2e2e4cc98d5779bfaa92b6c5421fed
SHA256d6cc6ad9208e18bbcb5a3eb13243a7175f783c9e60b10174a5a3847a20df3d0c
SHA512b74377fe21294e96d6c7a2adf6263b55f17b4e4e49e64f763751762d4608d39aea44773b68a2732941adf21bed694a103cd937a27ab91fc8eb42d4bfa9629a17
-
Filesize
342B
MD598a77c7acf73afa1b4c3fb1eeb844fd0
SHA1554d46fa814e77a3a2beda7576e3f27174de773a
SHA25636c616a86a95ad39be943dae8be709c7eb6af969d94ff152ea69e3d631eb144c
SHA512c31262232e00c830280c0db1d6e4323beb16635adcbf4119fcebd717a15ff5a8dde6b60fbbb084c3836aca472559af017e920b864e45fb9009fad53afb56d7dc
-
Filesize
342B
MD500c24bf74b0fdfb0f19f044a554517d7
SHA143816a1452fde4c41389b80b374303e09cf2ef19
SHA2563146cf4402d1c76e16209fa65ec1787fb29e4e68b8db49d150b0486b9728727b
SHA5123352384c35090bfb467c925173522784bc2ca90f810d01aedeea387253c3bd2b868b7f1ce5dfcb8e2bca8c3cb1840ad47ff358ee9573a7c9a14f56f34dfb5ec8
-
Filesize
342B
MD5770d11ec2b8a3430dd34c98ab808be50
SHA1d055ab0d725b94ef9241cbed47bbb3a7042138ef
SHA256cced4b16aae41fec1f75f1fea3e08c9715d30c00cd1f443856b30d79d29f243f
SHA512176a1fe25282dccb64e91320f724fe2076c3decb26d5606acd6ad3913b161e77eae4c45e998bbb2cba0bc7b70cfe3f28bffacef657ed40c3be35cca455b616e4
-
Filesize
342B
MD51d0d4f44ffe60d0e5f6226156798cd82
SHA1eface4dec676a98cd066d96bd367206f5bd269c5
SHA25620ccc5f82cfabac2e3990b836eaa3c52d825c2d2c312dad1eea15217e710a128
SHA51235f659ab91a9f4b852444631262ad6b1ff2d2270a9c1dd261b1ff93f608280c1ee78162bcdeeb7de546c20485208ec64f1c46f955364eb0d40817e83b128b657
-
Filesize
342B
MD5566f339603f0c344ddfb72ac68547fb3
SHA13a90dcdffa382d0fb7d0a5709e4cd1e25cc38920
SHA2561cd73af82c4c30f9603d1fe07c3292eec834c9dae2350410d8ca7d134f5defcf
SHA512e981deeb9079a5db23ec604e2dadf1f9306daaa474861d9e31be1d12e3bf7de7f006d025b827cb1ffeb6680c256385b06b1484f594dbaeaef57d4715c8083401
-
Filesize
215B
MD58dc27a797ec779f9e5a4c5ec11618978
SHA13b2f89d345a34ebb4ab2223e2d97be068259fe49
SHA256cca314b9c1bb18224cfe9466d6bbb340da210557cf9660523539cbc8e1530ee7
SHA512a398503c222ce83486a42f1a8a940945e582a4629efa6ab121842809c9342a6cfa728566a9945e26c8e7375098a7875d9052cca1b40426dd2e2b5ef98e81d477
-
Filesize
215B
MD51878de368b50f4bab94d7b5682e7611d
SHA12ad10b6dde7223922db55257adf8bb3e1db4673d
SHA2569e19d54a14945ce627c2a44ee95bcd3383fb1957d563c6966ceeb2bf119cd3bd
SHA512833bcbf947fe1232d3fd46ab46f1fff3dd4b4ee48eea3243657199b4f5294e2a8af1b713376cfb92d02565d06d3d077e5993aaf853f0db90911ce07bfe6332ef
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
215B
MD57092f55d118625ec663e5bfe609f399b
SHA11feecaf1113fddc827336554fb94837e9a123449
SHA25672b11bf20148b9bdaf152883b47b97ca2b27f1d06f749b62ac44bdeb9427f285
SHA51204c623ac9c1657fc0abdac3e0b89d27892435f882dd14cf683832dfe62990f6a749416b0c2b3da05329336a8cca7df6f1c685af3f2120d4328b218b8c7cfbc41
-
Filesize
215B
MD567806c74a81bb3dcbaae19b2ea06ebd8
SHA16cae7ec227afd4fc43e6eba6aefb67a7bc4e8253
SHA256b02fbf1180d3fee728cb98880937f07c24c3a8a04ae6e63a175d708a56ff5e91
SHA512d31fdfba19c64b19614502a1be678f1fe8833546b04cc67f7352c39570c0367b5ff1331f0ef47cd925ecde753edf7cea68492a08b01352ef6ecd850bce2485df
-
Filesize
215B
MD51ae96c0b8e8d457b8b6b535d78f64534
SHA1ae6cff5f143578209a89b3b229ea2f3e2d0ef779
SHA2561ca1ccfcb18d88374a3cab4741056c27e827f0606417bbb9a9759009443c92f1
SHA51250e163c8c4f16e92dc88885a7ef50592384b0ff13be6c8fe5c14d93c76e5bc7ec046d75bff9a0e0c8a96f200428508af76cd5f82276e457ed0fdc2c73f50e5ba
-
Filesize
215B
MD54fa55642a84df0849ea1b3a048bfb87e
SHA12452644326f8c2a39e04888da6284086cb4c0292
SHA256934520487d4ca414c2f32482bbaca2987fa56dc0f6d3423d12932969b4578436
SHA5120e95880a980c9f606cd37ae0eabe101df907832b73d793faf4fd0989e3dfcd995b8eeef1a9aba49392ab52ade8c7e8d190f0d2ee0d5ca0b6063ee59a793f59b6
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
215B
MD589abfe5a6dc5c4102938d4e04b4df7db
SHA18fae4f0092b639ed1829885c9712b52663a9e12b
SHA256ab64f3054aaf69b9cea2771c889da39bdc78bc3d03711980be678017b3b1a167
SHA51224b48799dc77fb6626d414e6bb1f670d16fdde2bc6693e0dbfacc3fd2e2eb7be3f6b57ef3a0d9f671629465effeca2354c5015f772a93e6a682cbd26d3ee2f6d
-
Filesize
215B
MD53d92597968091c79f936758e278806bd
SHA185b51d1cf0d7b941ccd23d2ada616fca8586ce8e
SHA25660f4895e1c5aa90820323a3e8786bf9968995fb42425a294955a735b49a4fe82
SHA512ce9fc9ac720fbc32ca65912ba66dc44c4399da427b7cb3481ce27f3d6be60f470fdc40f17cb2cd6eec91d89b97275bd65f0c7387be089cb36cbae4a9cac56d5c
-
Filesize
7KB
MD50ce82af2074e6c5c1d748b8c841ed28e
SHA19e396b2b29fada290a813caf8a022bd34ee8d6e0
SHA256c5ba7b42a02e195e0b4d123a8637c69b882ccf916e9ff55d02348950d1de7849
SHA51216d688e6113750f91cdb2e657933e7e8bb4fb9bf6c92e546d8cf0d46b3b19cd8f39dc82bcd9f46075d2ac82151f32ffe212eb98ba93b5584a36eea0a56b5b1b4
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB