Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 03:52
General
-
Target
JaffaCakes118_92108455f0bc33617a1ba442d3a1c4b9a4c94f27f73be8a9f750b79bd25bd141.exe
-
Size
1.3MB
-
MD5
c309f95125a4e151ba25e97df06d34c7
-
SHA1
7125635025558f86badae2a688b14075fc02e07d
-
SHA256
92108455f0bc33617a1ba442d3a1c4b9a4c94f27f73be8a9f750b79bd25bd141
-
SHA512
c78000f7d511c1f4cc20da889a135ff76f7d04121cc2179fdc611d145c28b13b780919969781505ca4fe624394c823ad6e3fb3be8ee0749989ec37e1b17e6632
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 30 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 10 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 11 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
-
Drops file in Program Files directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 30 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_92108455f0bc33617a1ba442d3a1c4b9a4c94f27f73be8a9f750b79bd25bd141.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_92108455f0bc33617a1ba442d3a1c4b9a4c94f27f73be8a9f750b79bd25bd141.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\de-DE\smss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Photo Viewer\de-DE\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Uninstall Information\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\MSBuild\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\JGN3MoCgVZ.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UWQnaEvoMY.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Pkopelt31u.bat"10⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IJ9EkrtYDM.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Ph8sa6VtQm.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\V61H6ynXXY.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0ZxjVk2zv8.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\zKs2Tjd9zb.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fELEOgu8eF.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 8 /tr "'C:\providercommon\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\providercommon\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\providercommon\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 13 /tr "'C:\Program Files\Internet Explorer\de-DE\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\de-DE\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 11 /tr "'C:\Program Files\Internet Explorer\de-DE\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Photo Viewer\de-DE\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files\Windows Photo Viewer\de-DE\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Photo Viewer\de-DE\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 8 /tr "'C:\MSOCache\All Users\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Program Files\MSBuild\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files\MSBuild\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\Program Files\MSBuild\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\MSOCache\All Users\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 6 /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 10 /tr "'C:\Recovery\1f4ba082-69f6-11ef-a143-62cb582c238c\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5609e21d9d5256c30d5e8b61d607885a5
SHA1835837d7a2ab344db4efee0c23789b97e9912fa8
SHA25698fa0daee00012b2b2be079096ddd77bffb478ba83361d0f2b74a1234c30d4ad
SHA51288be745b6a4cf708bf8fc666a793bf0533c8ec908544825730587acdbe35110f8a26a9c24ddd36da09916896615c33956c12770bbcbe074367c14714fecb5c7f
-
Filesize
342B
MD52356888700a51e34fbcceddbad292cb4
SHA16c9a5fbbc752abeb59648e750e5a1bbf0fbea5b0
SHA2561845b3307bdfbb1641f10cd574df7671733d9df03fc458e3f54dc5b6d4e23b8b
SHA512507d89ef66745570569d9eecafeaf82e0a3cdfbe2b05faf04055bc3479415b3949fcc62fa1efc0dd6f0bd1c3ba251632cedd230916d3ce839e072b809b169d00
-
Filesize
342B
MD5c90aac0e7e979138cc10358ddbcb407e
SHA1c243adf76d372ae5d643af503620390734d6316d
SHA25636ee40a3bf9bee77edc99e9075b48448ae574cb77262c93eb2a5bc72d4ce3eef
SHA512d3c0d904927dcf59936d57d7cbc9625672fdc4b505901b1e28259534f0abafac303a43767a8aeae543c50f0baf43a7c4251ee926219791aea3447f3b033f7286
-
Filesize
342B
MD5992eeb170b56dc8528a6ac1879f8bb7a
SHA1f34ebcc5acf13bbc46bc8554d7cc4859f08859ef
SHA25653c36ed7a1049482234143b1724ad6b31b770ab7e6165c08aaf4e72a7e300c9e
SHA512b0c471a2d849e5055c1b2184a09b6515738831512988da44216ed492712cd6bb2cb50b8d0352a2306bbbeeed992ea983201b8422b93816727961e8e7aba09251
-
Filesize
342B
MD571dbab0b01d7ab4b0db39a029bd0fb12
SHA18aa3572a3ba97f100b54b55fa4ee88344587550a
SHA256532d8456ca918cbba316c0833051bdb5ecffdb326c16ea6f8f91ab21d063963a
SHA5121ce960960af83855eb0cd761746438bd39a30405d79b5c4f92d9603f0fb34dbec1d55791054dae7685cbf3df16cfda1b65a6246a0db44c0536e6314d1f37527f
-
Filesize
342B
MD577e94f20f02a6b99ebdefe91fb06fa74
SHA1aa5a6dfe739ec2dc7725724bf9d316a8363c4e9f
SHA256524bc15a7e7dec89b87eee6d67326ddacb3feeb543adb8c119b3f8fa36462763
SHA512d143e01e461d89a3e6fd2489adb09f4b6bbd6e443652d1484ef13575174bbe7b02ebfc32df188d5b875f5035142f0771b1cf6a11dbc1b1a4221a00b33f310049
-
Filesize
342B
MD5b9255832524d6df66bf4513a3b8a35c7
SHA14b5e8e33486dba165aecf458d47128e89bfd3b4c
SHA256363cdf1720be9857f70cbf2ddc357f6597d8d028a38a3b928eab8c2e34abbf8f
SHA512eeb6440c75a69a66278797cae8eadca859daa0ae1c8863aefa8d83174b646ccea89f1bc50a7ce7c9ee68fec73c6ad93a20c19b2b7d59d10ab54a332de75ea6ec
-
Filesize
342B
MD56c1ba4ce0b66c99e5ffbfc70b4f72624
SHA1ea51c4ddca3c353059944c350d8260c79eb23580
SHA25689b9269b4f0e37c696286e0edabadd5682e2d0874369dce43cc41363685e84a4
SHA512f84abb3ef8412212a77086e1d8b20cdcf654f8a0a0e480d989d122aa87aa9a0605660ae09e5f5f4c63322bdcab716d8f05ad52e2ca4d93c1303c2e7a22ea76cf
-
Filesize
243B
MD56fb3f288f0aeca3173209f68d30845b1
SHA14498927cb2d669642d2c71397e61140b17c78eb9
SHA2565f656dd7cafd7bbfbd4daf35cee513c94b1408a874e048ddf7b099d933ad7c93
SHA512c56397af32597b03efa6b9d46647c099ae16b087cb62ed3f462bffed1923dd93e67edd03e2d9a87302554af9d0ab3e326a65c2ed118d352e0b6f61ba1de82a46
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
243B
MD5e9fe9bdb250be8968ab1f5966b14162c
SHA14c75271c85af9885ec11a70be069968fbc400d94
SHA25610fc08045227336b3bc5ce25df4c5f157507c96a00e069a54f89aa3f44dcc4a0
SHA512665d70c870f00fdb40ce20774530ea99166b889f5546bd2660661931a6d8d4a4e24f1e56e430ef16a5304d7dfd1ee8dfe91b9aadffcecb34b66e28b5fbda8a7e
-
Filesize
243B
MD523d5643a76295d90d041bac800578e28
SHA15041d7e27c500013a1a7f3369e7ad9bb9f8132d2
SHA25653668af590adf3f24b7e90fd5ba0fc2f39990592dacf448077aad96df6ab3a4a
SHA512bc6cc3ea7b9856dcb06602033bd0ad0f32537a48bc816d1e668e61a549336891e57d3f9dea3eedbde10d7e41cc446d2bc67060c494b023d6c3fcd60248fbe643
-
Filesize
243B
MD5a5bd41fd4ad33b2fe3beb1c0d88bad66
SHA1b6e85a29576d66bd7b195a64c150775ba9026429
SHA2563fcff18207f5a034cc5472deea814c9252e4d376b74b62fdafce9be1d7ff263b
SHA512511e1e0201b9ee15fc9239476168de9fe7fb9987c1e76b81f83ea48fe02f587b83903bf124d1015b3562301d61a4c0777a428d6576923cb4fccca84d9de99eb6
-
Filesize
243B
MD5cb0a46fe650342bf19e29bc81b36f887
SHA170b2a04b21eb1f2d92b54d7008e00d482d4825e6
SHA256f3e9a888bbb728701186377ff18ff1006f7b5b0522785088bdad77d508c1463d
SHA512724afa762a39c479df2ecedaedbc24c6ab9a340434ba7d4f633abbb33a0160586beca523ab808eafac4257fe6c8525b6efef6053feb74ba287c9e5e1501ba22f
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
243B
MD5ea5b735bae55f24f4f3d01e6c18a2243
SHA10023ba82cbd7add452aca835c119ea41dd537cfb
SHA2561975d6027df78cb3c031439fb1fbbc0c38c72f3e442f79795d909689947a893c
SHA512eca968249d7a0a0b05c9cebc6676c8174c8e92ea5a4a5b9465623964feae02075bbc580cd8e28fd9867702acf65ff7e4dc486f63a4bc224537977a6a64741455
-
Filesize
243B
MD5544a60836503d9e6983d26e40fa5c818
SHA1b9f1953d1009623ceec5881bf1777495674025ee
SHA2567331db2b3697c8e7d8fbc1a9dcce32d972ce3358be5f4680ee88cfb0f6e5dd9a
SHA512af1c298f26dae069c29d3675bf81253bd9f257c61ab80cf2f6b23fab2dc47e8b0695752466574e85df30ca889d9a627398a6def3bb4c55e8ba5599c62803333b
-
Filesize
243B
MD5b229084f6e3da68137a58ee51fa9d28b
SHA17193db9eefdd6a00f8553851bf456344e6b531e0
SHA2566660331c7bf8171d2b7ae31193ae19dce7c493c257bd53b0911f07f1e6aef5c9
SHA51214369ec9d80306c1c38459f3018a37b2ff6ee417c72feeaead7daf5ed93dfb99fde5ac057a054235c1b4f63e4305aff92a40e6430dd64e79204c4d025c7433cd
-
Filesize
243B
MD5b0e7432ef42512b1f5f7469a1a7bc969
SHA1d9b5a5cb7bdbf148c0844052551bd9971c82bb82
SHA256e9b0d6b9ae9263104fc847ad48bad8e3446f484f056fc5644d14fd41ce38666e
SHA512937f70eb03bedfc0fd11f886cdb3f87ff97f950ae82c39fc8a42b08c313e28b777bac5c371b7deb11ff2f16ba652dc4e08326daaa0c45ec270cba6eae547ad3f
-
Filesize
7KB
MD5feb745b01f958c35a04b9391e6002504
SHA1eb1411bb04add19392366699c8f3d913994946f4
SHA256295e44403a4ae77e089854311bf012999fd1cb12a7cca87236e155cc513ad411
SHA512f7a0c498ab6eac4e8ebf992329849b7d74bde02259877b132ecb36c35a8a7b2e3f84778867a0d7fae44f7fd28acd5c5f1ae328af1fcd42579103b8a26fde8990
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB