Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 04:15
General
-
Target
JaffaCakes118_9e98829ed3c219d5487f0672d63a1d310cb95144a8e01e3b755992d265579f0a.exe
-
Size
1.3MB
-
MD5
7b7f76517dd933f2d78d915cdf528859
-
SHA1
dd6ab480aa661e221d960fe07a28c6fa1d70360a
-
SHA256
9e98829ed3c219d5487f0672d63a1d310cb95144a8e01e3b755992d265579f0a
-
SHA512
0859a35edb60a59e43b51c662fb62e09758e5bcb921ce203c27f6ab4c6e40709031013a3900aaf36803ae400ed0fa197f6ef5c1d1b1d29bc96da3167d6f19961
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 27 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 27 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9e98829ed3c219d5487f0672d63a1d310cb95144a8e01e3b755992d265579f0a.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9e98829ed3c219d5487f0672d63a1d310cb95144a8e01e3b755992d265579f0a.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Pictures\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Uninstall Information\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Games\Multiplayer\Backgammon\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Office\Document Themes 14\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\tdsUuMkZC5.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uVa8TbDE3p.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\XaHtVPtwVH.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\F5GJdikwFG.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xc1v93Hoh1.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\v9lJjcBPjH.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\X5pWA5YIY7.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LW19r029AS.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PfMhC4n1i0.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3j9hYFnRH7.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\0rnbwo7iYS.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 6 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 12 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Users\Public\Pictures\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Public\Pictures\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Pictures\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\MSOCache\All Users\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Uninstall Information\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Uninstall Information\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Uninstall Information\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Portable Devices\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Photo Viewer\fr-FR\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Games\Multiplayer\Backgammon\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files\Microsoft Games\Multiplayer\Backgammon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files\Microsoft Games\Multiplayer\Backgammon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Microsoft Office\Document Themes 14\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5d8814b6858fdb185903d0da28e5541d2
SHA102d614392a7ffcbb59451c8b703715064ccfa8b1
SHA25668878ccaed65d156974b5cdf8aa03e33e3916be88c821779817788befb1050d6
SHA512896a2d859a41585b7992a68a1c5317838996f408491c37d1a57e277fca7dd03ea332fda075fe10287d9700303c4df460f326aefb353d7e44e78ded20093f06c1
-
Filesize
342B
MD57c9158f54598271a8ad92ac0decb3fe9
SHA1b0ac282080b167144f5d20e3d61e1241f36c2a77
SHA25635a2f3c7ac62c41e0ac9033e78c98221e7621deb415a0b49140955aea9f86b1e
SHA5120a57dc0d55e0692643031dba7cc1b9f96cbf649602aa7aa573227c4874e5062f0449ef9cde6827269853ce027ea7356451fbc4d10ccc0045e83589e855d33f30
-
Filesize
342B
MD524a10f8818dee59380e2c014c83a84d8
SHA1548e4c4c02fc3a014160220dbffa744dd97cde30
SHA256355d707d93aad2354e76526fd9027292ff1a6e823b7d6048f0f29ce79f40c329
SHA512aa1b66adca2869b184cdec01c91b106ab50e2e1e939d32940e794749645f90a7cec77771b96bc1659eb11992363905547128138936ef75850b6ade387817d1d6
-
Filesize
342B
MD58868e29c10780df4dca6d4331196b18f
SHA1396a9baaa2382be95c9c7a14e2bfc1c14213e2b1
SHA256a7a4c895585467751ef9bdefaf115730b00f9eb99ac1599fe8c888239d2318a4
SHA5126da212f6420cc10a69989672efd7b8c982a6d3923d6dac9b6f3ca3e42a083f8b9d80d60869c83b4fa5c768a877badc984ff3673ba802aaffaf88cb3465ef07a3
-
Filesize
342B
MD5cab3570048736227b239088b87ce115e
SHA18a6a922563e0b682fc6bea7c3b763899e3e996d1
SHA256fc4ad40edf32af715c7ff679928739f1a96bf8ad9b99e901c06db3b7043671b2
SHA512e7731b6c0237c94485ecc6c03c561561a8f5a45ef5a2d444cfa03b7b0c1e9d8226c43d2d83fa7a17bb89a93c290af8bb34d56e271e2d06b65bb315dcb8cd33de
-
Filesize
342B
MD5213d5431ddc9d8846cb76b984db8317d
SHA12208cc8449aabd5babd63d4335db69cbf0591320
SHA25607751a3cfa6a5c21e5834eda52321694373c95dab78af21a54fe0a65ee7a371f
SHA512c2552532706e0565ae8290035364b677f525e79498f01f3857603e952f16d9b36cf871e94b0d916062d91ae5469127be5695b888ec105e1da1903be25bbae8ee
-
Filesize
342B
MD5d5f847f4a06be9d6351c5b862beb68ee
SHA15bc783e969aa007b447e665cb2d010f2dad1719a
SHA256c3667e31e9e142439be02ed323d8dd2082725cd48346bb14890c7444a90fc87b
SHA512cfd18132ff88029b1c7c6f2fe071f576f55c07ab2f9d9ce2fd9cba40fd734e9aece86b93433f22588efa55e301861332fcbc2f879049ac7fd0a9496db032fb0d
-
Filesize
342B
MD55f1baa2247a9f2aeb06e694e09696183
SHA1e914efbedbfa719a7225de221f35eb34674db8bc
SHA256f9481ee5cf886dc3e008f84fd73ab8f3b0038850f602ed1a395498fbd035e273
SHA51217ba0fba3abafa64e0b98b3daba23a971e565d7825b1aaccf144e3e319361158bd97392421dce873aa91d7bcc426677a078f782e2ecc90c238dcf95f065693d0
-
Filesize
342B
MD5155f5a40567520e85c7ad53e74734bb2
SHA11d824eb426ebec04e75c95cbdaa187aee3582847
SHA2569d01c98fb3fd32de9c093058bfec52d68d34cacbf2fb11186fbfb280c38b17d1
SHA512da5f80f434b44564c74653c5ce8e53459b8b61a20a0f0c9b611f1e7a799b152b3a01c04d44372725123c8869c155aa47027dda02531fc83aba23db5939c7ddfe
-
Filesize
224B
MD5d3b445950b9a461d028448bae1782c18
SHA1fe430f560b6c50ecc1808ef6b981dc7dcc412b51
SHA2561da77232e49895130d9184ba970c00bf23ceb9a00b24a30e646a8f9dd05280f7
SHA512c2e58d0cb9688dbbf314bd4b003dc962dc524cc40874b20bdefa77944809e530541b880ee976774b8f94a491dc72d562d3867c902e20bf8d9f0253f463f05e80
-
Filesize
224B
MD594a9d1659aa096dfa58fa240737c4453
SHA1084de8276272183d1ef21d6db02f9749ace24a40
SHA256dcf89532809695e7f6e488fca4899049bf4983856166dc522058b0f89d62c7fe
SHA5126ca662b47238edc009c77a07a2821b74b7b7ac86a2de955eed7944a7850d7be89b6e4dea4cb97abd050955590a0da7170b3c6fb28421258ee13c7aaad09329f4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
224B
MD570c99ca154f028c75af6891917dd4f9b
SHA1216ebe7072f83450749da234702c5fb3b3ab9d73
SHA256f64d83fdcf58d04b9a41b6e3f6f0e32b6a1437df9751d8afb4ce0eccc909d5e6
SHA512d3c2fb0a6cb5d5a093524ee79f6e3bf0222ebaaa33fc22805ca05ff4cccfa6b1d62df0e0e933738ff50410361997ac3bdf512d9c99271567e76679aa6d90c92a
-
Filesize
224B
MD50ff1e92106f67cfac710f11c3fc24a3c
SHA1a0fe95e450a9299a6ed55110171cfd530f4a9d04
SHA25607d9de584afbe7cd757e8930520bc150a0d1b67d0e1c5ede8404a20e3cfcae02
SHA512e0183dd34eeeda7151b613a84fbb6c58f7d11c823f00d64686bd36afd5d364ef14239290b966c888a2bfc8ed8561ed9b41169b539f5ad390daac7541d9dd4730
-
Filesize
224B
MD5f525719dfd299489551ef7174ac023fe
SHA1e6361b72db1d66a3de05507412f988b7a630e720
SHA256efeb65e6556858969594c08138c1c6cf898c8eec2aa850448af8ecaea753aa2f
SHA512bbfacf2d5852febfcb255bb17015cb2677c70eb7a8cacff4b39a79601ad4ac1c9cd997891945667d35ccba32030fe5b9b5c8cf50675e80b81934db8d40827d72
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
224B
MD5a8b80403d50f3a883b1faa3bc559058b
SHA11cd12f7dd37466ce0c8dcd257fba12dd98b3bf91
SHA256d52a0fe8fdedc2dfb3d66adce62ebdf0bce3645f70f8ba36a4e01fefe09829cf
SHA51257e1845608a69fc5294e09d64a5785c284f2d3ea98d644f7e19c07c3728f2317b2bf6e13bc434a33374b988f0633b875e6432f40c2988beccfed795e4e351e1f
-
Filesize
224B
MD58dc5b02ff9d66414bbcef9c54dc0f909
SHA193cad814a27ab98ddabc4e5fb186ae28fabdae6e
SHA256c9055827320692906467a80c158c646f51518d0ca35fa970458c9335c917193b
SHA5127bc9c5a09f45ced17a5825bd5bf32af8e4d1db09a286fa1cb0f267e2809e1e50abe4b7a85be511932a5f5c579f341fb2f9d4fcf72f1cd707cd6ef224d7714717
-
Filesize
224B
MD5384966582207a736882e956e99160478
SHA1a7af31fd1303303e1daf526fc302a1dc833a3ad3
SHA2561bb53a26e69d383a20b3645d00b564fd006140096390e0ab154171abd00311b9
SHA512c5bca34b61e4bdc043612c2046aa0f1ca433d86c33566ba202ab7d24d23d95ccb6730341238362b4802c28c14bebf2e6a7c63ecace8e4ed185733f64542596e6
-
Filesize
224B
MD5f5cc970fbe0a2d96119231a4226fd9ff
SHA1e5c0a9b731997432bfe395d75682bb3d1bfc330c
SHA25610bfebbd0fd2d03460cc074a355170bd76af2a54f6f0e4eb02fdc722af4bfcea
SHA5123de1a1baec8fd019347d447df5da255ff754e58bd5a9becebdf78fbc2dd96933b1ff7c1ee66a988baff1b0b36fc84176f519f58680cfa2bf807120f8d35711ba
-
Filesize
224B
MD52ad9016c929c73939b246e19c24e4f1c
SHA13ee83c143874aa0bf8be1848ed7a8d16f3a4600d
SHA2561583e99cf968249a54048cad215980f30146462149cff6299dd1f623645fb78b
SHA512b64233359f4d215301a3d0e505f72af6e82b1182bcc8db27beedfa27d2bd32bfd7c869fd61c0e09d066b8669d551099da59cb9c173e4491b6c3d47754e4f3aa4
-
Filesize
224B
MD5d86e69d362113b431f5640d050fc94a3
SHA1ebf73fa6d70d1f33e77d992ed620c91f36a58b81
SHA2569ad1bcb0c3e7f9beb8cd23f24cae11c269b3a1c869e8911f10f5e08a4223ebd8
SHA512c58d2d3da36d5d4c015ab265839d8c9da425258c5b894c5cba3c50a5ab29dbd8a97c4f4b75b678fa3ae631d5b8607d03f0e3f12142db835e670dc365efa6048f
-
Filesize
7KB
MD516d3679b2e00ad2cff266db173f0e29d
SHA1891ff292547416b230ead871d933d9e2dd43930d
SHA256476f37e5ad78502dbbc9f6e934ccf973f720196defba3401b6dfe3bdf53fc7c7
SHA512e195055c174f56a1f668fa99eaa6f8eeb43ffcf3251eea488793b9e3e42a5e3f03bf4d4b69fb59e0503379b6b859944aa28e79d4536ac428d19f8c5cf9ef3f6b
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB