Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
22/12/2024, 08:36
General
-
Target
JaffaCakes118_07552345be47f967de3ae8c87d775ae88bc214f916c342deee72237a3bdb43ac.exe
-
Size
1.3MB
-
MD5
7011425b7e59e4e60969bcae2114043a
-
SHA1
93f425436377ed798351f9e4b8c8222cc455ce3b
-
SHA256
07552345be47f967de3ae8c87d775ae88bc214f916c342deee72237a3bdb43ac
-
SHA512
1ac93e9c03fa7ec638d394e0d5a5c11899be29b337b81edf27fdd857b7b156913d042059a43703567e0933d4356ba0d30911105f8e59e0bceabd30d72bd7ca49
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 33 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 10 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 33 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07552345be47f967de3ae8c87d775ae88bc214f916c342deee72237a3bdb43ac.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07552345be47f967de3ae8c87d775ae88bc214f916c342deee72237a3bdb43ac.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\7-Zip\Lang\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft.NET\RedistList\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\8cdd6da2-3d81-11ef-9400-f2a3cf4ad94f\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\wininit.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Analysis Services\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Links\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\PrintHood\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\s9ou3sO5CJ.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\L59TFxmxil.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\arqkgCRh4V.bat"9⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\v9lJjcBPjH.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OvjOVLkpjd.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\79RMekxjZd.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Z4XVup0LT1.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\InhrPXXuGB.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ZcfpJnj91J.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IxigaWiN4Z.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 14 /tr "'C:\providercommon\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\providercommon\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 10 /tr "'C:\providercommon\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 7 /tr "'C:\Program Files\7-Zip\Lang\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 6 /tr "'C:\Program Files\7-Zip\Lang\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 14 /tr "'C:\providercommon\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\providercommon\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 11 /tr "'C:\providercommon\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Recovery\8cdd6da2-3d81-11ef-9400-f2a3cf4ad94f\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Recovery\8cdd6da2-3d81-11ef-9400-f2a3cf4ad94f\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Recovery\8cdd6da2-3d81-11ef-9400-f2a3cf4ad94f\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 14 /tr "'C:\providercommon\wininit.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\providercommon\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\providercommon\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Microsoft Analysis Services\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Analysis Services\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Microsoft Analysis Services\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 5 /tr "'C:\Users\Default\Links\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Users\Default\Links\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 7 /tr "'C:\Users\Default\Links\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\providercommon\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\providercommon\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\providercommon\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5113d3332cf5b7c24ffec6b3f84e3d0c7
SHA1e213d4e1f211f2a2c0956cdfebf229b619ceb412
SHA256764cb4fb7e0e1dd5a4f6c0ee1ef1c2009a5a78b68a57031cb953aeb1693b48d6
SHA5122a9495037d8f62b1b23cfe40b85cd8f5e6e9021ad00ab1a58c4e6e4d60f0d5b0781871b96e5c833f767b7d19c6229c49aea9f6079d56289821556e01a6a7ed09
-
Filesize
342B
MD591eea6f354a673a8a3bf70937a2d1fec
SHA1e864c04d1bc2fb5ea3267a23aff0753f401b58b2
SHA256ffac51b0cb1dc02e20f690d4a4c6266db25da7eafc08a9720c7e7f20241b4580
SHA512c55d10816f940110705b7c68b4889ed1230d5fc4d03d787ea45fead3cd117938591b88d808d39ceb11ded883c8ec33509288013d0b253cbec636ca67045f91f5
-
Filesize
342B
MD5d43ab386f3c90bfd019d2145085fe385
SHA1235e6cb5e596676d84db42209491efa2f24feddb
SHA2564b6d7a86fde14788e1a7d81e2b5e1b0eb6750c62445d9ceebe238fdbe5448439
SHA51254cdc6d3d556ab6799dd8e43418887f972f058cd055ae7cd85d6e752875c6493361f5856d9b0503e9c559824f361037b2ad169473af5283852ea58f1c2852fc5
-
Filesize
342B
MD59ccfd207e163d4a3a103e4210cd01b28
SHA1552ede82bd665d20bdab09bb2911477d0dfac60d
SHA2561f7659d14ac2306433e642375cd88bc4fd97a2f177dc1b0e3a6c4c8ad97c2d84
SHA51288c7d257bf3156592449452b3dce7c2e5f252dfc1efcedf5a0fc277aaee92d4642ac3852a1371a190f412fd19f95694464dd00ec9be36768c8e9e8ff2c0b9d59
-
Filesize
342B
MD5d9bd83e57a2d6eb6851a478bed8d7d5e
SHA18eca88ba00029009bf8a9a512c48ac5e04854ee7
SHA25679e9089c1b300eecd24eb7565119ec6890e4333020c46fbecb4d33dc4617e781
SHA5123fe45cf33e73ec4aeda214c0364cd323512bf62f9ff3fce6c9932e1b92e030734193a80eb3d39465820e407ee395fcfe30668e57c278e760c221e9291468b26f
-
Filesize
342B
MD594e696aa8aca8ad7533372d3bc1efbd5
SHA106c8874b2be09abe3421fdca42b31e04a9472e3f
SHA25653006c72b50da81de1d1748ca8f91bce924e9bc9a9ddacae8954a44787c197c1
SHA512379de9ee3cae3ae3e06b7b5650a1958d293c854c1f66006174a20b81ad063a21e4bcf758bbe91adaaac102bd148d33d8775ed8e35c6b5806d0efe5699840e2fa
-
Filesize
342B
MD595f2863fa39d6ea690cbf4c5a8f597ec
SHA1c8e30f0c0e1b9044e4ca605fd6a5ac49f62303ae
SHA2567b2f30ee2b949c64ad7fa6b725de460f0801a213476ff9a433dd4dcb6dd60ecd
SHA5124606b3d20a8a80cab1d74e0067c61d637d2df6e0496f167cd91cc465b7206f51a0a29c0e3d3852e133090f1ae9824592cbb0ea732705f7db218da9dbcaff7161
-
Filesize
342B
MD5560cb794663e32b762f7f0025dbba82f
SHA12e8edb3a109103a97da5df573af35ea5751a1274
SHA256766f389f449bd17b8a968677770343539519d608e18ebaab7d1d92aa0db556e7
SHA512be90b5383739ed9a978966c39d80c0f0ae8c27163e400b6a47f237ceaebba2475814bc26cfad9ebef43e2ecd8c3140ded11d0d48f0ff45c4906e49c045da700e
-
Filesize
194B
MD5e7e7f0fed719956134cd154fc19e1c86
SHA17f5d032857cdb23a29fed7404dba953bea797a77
SHA2566673027fc316d89b9c1501e1f5c8c2872a10fd9a739897148caa4b319d91d4d3
SHA512f7698c9cab8423ac444c6b6ead1fa2c6008a5d0a6370dc5ef3969e118413e5df1f4b2d84d096fd6c475229eca0d0665a97d8ee01aabf6ecac491336387cea907
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
194B
MD5a41b0545dbccce2aea3407ea7117ac47
SHA1e74436dde961fe75f70346ac8b252bccbd923342
SHA2561da54b70f6cdeda93aff6be83187999d536c0bb3117b74541a9feca331c5db91
SHA51249507baeaafc9a46665045f7ebd972c6773c4332bddfbdfac4ca32009ceb3428ab11479bc5b95d2be1a322806b268d0629a3eab4e05b90233ac0859050dd1e90
-
Filesize
194B
MD533e30ec78dffdf050f99c165f4915fd6
SHA1fe74925bbf94b1b1d4d6b317ec6ce38a70e778e1
SHA25637da16f3e4b616a630a6f47b091c6018c32ba389fe493a78d918112cb1d7fb2b
SHA5120c5e47136826c1ad0c0bca44ed7e5d938a7869ba6944f63b27daa68870e3bfa1e91b8320a8ede05c0f534e3dcf47e963727ee5ccee6f9254a5e75bea5269265d
-
Filesize
194B
MD51981118962ba6d81488b744c68f6089c
SHA1a4a8ff6a7ece6ff08eab430bc2a8c0b763f89dd4
SHA256da18f5f183d3b428db9a2736d423f8164abb5aa315df7285e775fd7e6a026f1a
SHA512b785eec2dccff25962e2505ce9ca9fa172e8e8e85454967b77fade8f8083b5ab1888b39435f950a49e79d0fc16bc31977a20d1bd8a4075fde3f104b3212520a3
-
Filesize
194B
MD51291fde6a30e10ac8936a54fd0f9e002
SHA1f07d450d1f725716546fde72ea69fb1b3232aeb4
SHA256c48fbe1b96ed563fcf3883e1852f84bbabf5177672dfd1b89c43bf8e86e17302
SHA512b6eaa922899dd29b6f58f19d624cf6cc7a296245b1d14dab3af6d5576d1c517b610d972c572d5ae393a85592e93ac6e84aa87bee4a8155914905c146c25d2e64
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
194B
MD5ddaf6a1f39236b3e25a3ec8374020adc
SHA1c8ed7e6e856b1bd6fd2406aa5f4e4b0118a9227d
SHA256dea0d27414e80f91b4f31ecf7a6766b89d186115dde319d2d6ce55beaf097858
SHA51251e755e6004c067c97d11f01ce586420ed1a22a12e5b60b2c6ad4b3a3cb7d41633a9b25b12919bda063bccebda56d3ba70f0c42699883fa1822b100c921e8634
-
Filesize
194B
MD559b495741613c2563b6356ffdae31711
SHA1976d59410b419fefe6ccf3f7130232044bc58fa5
SHA256a3df13fa6b2229ee077d1587e880d86921dd4dd8a43c2286a0095c49b080a97a
SHA51202f984cd3bda2736bf51467b0d77dfb39c6c820c53fca769d4fd39f1a5d06272a6edb201131fb48a3fb89d5a12bd8f6981c4ff3936c5d2dfd464ad31fef4b99f
-
Filesize
194B
MD555c588537e04878b9dcc4fadc5ec907c
SHA1b450fee8247b69dfed774c2ed96dee6fe973b9c6
SHA256b9203274d34a31abe08d3e0a786e6aac73a186845f3a136af90318f2d018406d
SHA512a6a7be6a38437dc05b6f5557aaa9a73dd14ca25c5b290e006ca539c9cae4e78fdf66282754500be3ed8161e3dc9ede8b3458c104b5b38294261b84553d87b3be
-
Filesize
194B
MD54b4d2c99110747471caeb46079e2a742
SHA1ff421701d2e2b9d9b959675b99ec88c8ac32f7a6
SHA25651953fbb813c078121c0387b54fc2dce10da0e8afec206ac8aae7b9ca4f19c02
SHA512e886ce436d210561fee4983dbca02b8fae79d6175a36bfa4ef3c4cb842defaf2850e5f1c590323d0427d8e31a9f6a5e4434417cf721346293599717636865f1e
-
Filesize
194B
MD5fe903826e184c49b24300012aa7987fb
SHA185cbceee10704f8fb7223d58d672f75fda6e93a9
SHA2561769a84d915dc80106ec66effce006d1fcd501233f5f319c9653573f3a7ea673
SHA51269a45d4e4464580dae9231bdb38387b3285519c212bd67d3c0ae04a49145d3972336e11ff51bd7d7409e1716188299356ebf33d7dd9430f677ed7cd2961657c7
-
Filesize
7KB
MD53c2318df474f69d06589d862f7d1402d
SHA1e602b218e030e17ee7968098ffc987fb8462be30
SHA256caabe57b854fc4899a6b0c416d0a8831c5cc4989de478f7bb3ebef45899c3bf5
SHA5124db184d7f4a7bac2113fa08caa0bc954ff34642f5f94213381619bb60d05469c0af394ea3f44f51066ebfb533acb5fae70f7132c57c7d15932e1a78370612a1b
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB